From a CIO perspective, a technology project that delivers on its pre-defined business goals is a job well done. But if a new deployment proves useful in supporting entirely new business needs as they arise, then that’s even better.
That has been the case this year at Heartland Jiffy Lube, in the company’s deployment of technology from machine log analytics specialist, Splunk. As diginomica has reported previously, executives at Splunk make much of the technology’s ability to spread within customer organizations that start out by deploying it primarily to address IT operations or IT security challenges. And as Splunk continues to track newer, business-focused use cases that its customers come up with, Heartland Jiffy Lube provides a great example of what Splunk executives like to call “Aha! moments.”
But first, a bit of background. Serving around 20 million customers annually and with more than 2,000 franchisee-owned locations nationwide, a local Jiffy Lube branch is the chosen destination of many US car owners when it comes to oil changes, battery replacements, tyre checks and other general maintenance services. Irving, Texas-based Heartland Automotive Services, meanwhile, is the brand’s largest franchisee, operating around 530 Jiffy Lube branches and serving some 5 million customers per year.
The big goal of Heartland Jiffy Lube’s Splunk implementation, carried out earlier this year, was to put in place a platform to support effective SIEM – security incident and event management, explains Chidi Alams, head of IT and information security at the company.
With that in mind, the company used Splunk Enterprise Security (ES) and Splunk User Behaviour Analytics (UBA) to deliver alerts about external and insider threats to data, respectively, and enable the company’s security analysts and engineers to initiate investigations and take appropriate action. Says Alams:
What we have as a result is a single pane of glass for SOC [security operations center] staff, through which they can view threats and alerts across the entire organization. I can maintain a smaller, more focused staff, because they’re hunting doesn’t need to extend beyond the boundaries of Splunk and because the technology is able to correlate events from different areas of the business and different systems to support advanced prioritization.
In other words, Splunk uses data science to apply risk ratings to potential security events and consider supporting evidence in order to bump the most serious of them up the SOC’s To Do list. More importantly, and unlike some SIEM systems, according to Alams, it de-prioritizes those that turn out to be less serious in an elegant way, and so avoids creating ‘black holes’ through overly heavy-handed, automatic de-prioritization of similar alerts that, in the end, turn out to be more critical.
Heartland Jiffy Lube has now improved its mean time to resolution (MTTR) rate for security incidents by over 60% since Splunk ES and UBA went live in April 2017.
New use cases
But beyond that, the technology looks pretty promising for other use cases in the business. In fact, Alams and his team are already working on one of these: an IoT (Internet of Things) project centering on battery testing operations. As Alams explains, the devices used by Heartland Jiffy Lube technicians collect a great deal of data during every test about battery capacity, performance and health. This data is stored locally on the tester before being transmitted to a centralized reporting server. Alams says:
The view that we get from this reporting server is valuable, but two-dimensional – so our big ‘Aha! moment’ came when we realized that this battery data from 500-plus stores could be brought into Splunk, allowing us to view and analyse it in any way we want to. That will mean that we won’t be constrained by the limitations of a proprietary reporting server and that’s what we’re working on right now.
The goal here, he explains, is to predict demand for battery testing and spot new-battery sales opportunities better, across regions and individual stores, based on numbers of visits, local weather conditions and so on. In future, he says, other areas of the business could also benefit from more agility when it comes to slicing and dicing machine data, primarily from customers’ cars. Alams concludes:
Industrial IoT for us is a reality. We’re not in manufacturing, clearly, but we are on the automotive aftermarket side of things, so we have a lot of vehicle data and a lot of opportunity to leverage that data to improve our business.
Image credit - Jiffy Lube