SlideShare a Scribd company logo

The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018

Download as PPTX, PDF
Splunk
Splunk

From event to automated incident response. Presentation by Angelo Brancato, Security Specialist, EMEA and Juerg Fischer, Senior Sales Engineer - Splunk.

1 of 58
Downloaded 154 times
© 2018 SPLUNK INC.© 2018 SPLUNK INC. from: >event to: >automated incident response The Splunk AISecOps Initiative Angelo Brancato, Security Specialist, EMEA Juerg Fischer, Senior Sales Engineer 12.12.2018 / Version 1.0
© 2018 SPLUNK INC. ▶ 13:45 - Welcome ▶ 14:00 - End to End Security Operations with Splunk >Portfolio ▶ How to get from machine data to correlation to automation and collaboration to efficiently defend the attacker ▶ 15:15 - Break ▶ 15:30 - Splunk Security Products Roadmap update - and latest .Conf 2018 Innovation Highlights ▶ 16:30 - End to End Security Operations with Splunk >Demo ▶ 17:15 - Close & Christmas Apero Agenda
© 2018 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2018 Splunk Inc. All rights reserved. Forward-Looking Statements
© 2017 SPLUNK INC. Todays Challenges in Security Investigation Splunk Security Products Portfolio Enjoy the journey from the event to an automated Incident Management System Agenda
© 2018 SPLUNK INC. ▶ The Whiteboard frame- work will be used to have a focused, personalized, and differentiated discussion about the Splunk journey. ▶ It allows to explain the journey in a consistent way and integrate the proof points including initiatives and expectations. Turn machine data into answers
© 2018 SPLUNK INC. © 2018 SPLUNK INC. OUR MISSION
© 2017 SPLUNK INC. Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases O F T H E Same Data D I F F E R E N T People A S K I N G D I F F E R E N T Questions
THREATS ARE MORE COMPLEX AND FAR REACHING NOT CLOSING THE SKILLS GAP SECURITY TO ENABLE BUSINESS AND THE MISSION
T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
© 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
© 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps 125+ Examples, with 180+ Searches Data Onboarding Guides Content Mapping (MITRE ATT&CK, Killchain etc.) Mapping to Premium Apps On-Prem, Cloud, SaaS or Hybrid Performance at Scale Open Ecosystem Native ML/AI Integration
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps ... Many great, free Apps to solve a specific Problem
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data ASSET AND IDENTITY CORRELATION NOTABLE EVENT & INVESTIGATION THREAT INTELLIGENCE RISK ANALYSIS ADAPTIVE RESPONSE CONTENT UPDATE +
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + ANALYTICS DRIVEN SECURITY MATHMATICAL STATISTICAL CALCULATION ANOMALIES / PREDICTION with ML Correlations and notable events EVENT & INFORMATION CORRELATION RISK
© 2017 SPLUNK INC. Bad Likely Bad Looks Bad Could Be Bad What is actionable? Events from security tools Typically low fidelity (“could be bad”) and not intrinsically actionable Correlated Events Typically medium fidelity (“looks bad”) and most of the time not actionable Behavior-based Correlated Events High fidelity (“likely bad”) and requires attention Behavior- & Risk-based Correlated Events High fidelity (“bad”) and requires action
© 2017 SPLUNK INC. Bad Likely Bad Looks Bad Could Be Bad What is actionable?My Team is overwhelmed! Facts : • Not enough time to review alerts • Not enough staff to review alerts Results : • Critical Incidents not reviewed • Breaches and damages Events from security tools Typically low fidelity (“could be bad”) and not intrinsically actionable Correlated Events Typically medium fidelity (“looks bad”) and most of the time not actionable Behavior-based Correlated Events High fidelity (“likely bad”) and requires attention Behavior- & Risk-based Correlated Events High fidelity (“bad”) and requires action
© 2017 SPLUNK INC. Bad Likely Bad Looks Bad Could Be Bad What is actionable?My Team’s Focus should be here! What’s Needed? • Instead of “Matching Events”, need to detect changes with objects and groups How? • Analytics + Risk based approach • Calculate risks using analytics Events from security tools Typically low fidelity (“could be bad”) and not intrinsically actionable Correlated Events Typically medium fidelity (“looks bad”) and most of the time not actionable Behavior-based Correlated Events High fidelity (“likely bad”) and requires attention Behavior- & Risk-based Correlated Events High fidelity (“bad”) and requires action
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + +
© 2017 SPLUNK INC. How Does Splunk UEBA Work? Anomaly classifications and Custom Anomalies Threat Classifications Machine Learning Suspicious Data Movement Unusual Machine Access Flight Risk User Unusual Network Activity Machine Generated Beacon Machine Learning Lateral Movement Suspicious Behavior Compromised Account Data Exfiltration Malware Activity PROXY SERVER FIREWALL DNS, DHCP ACTIVE DIRECTORY / DOMAIN CONTROLLER Optional: VPN, Endpoint, DLP … … Specialized Threat Models Kill-chain Analysis Graph Analysis Custom Threats Batch Models Streaming Models
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + +
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Optional Optional
Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
© 2017 SPLUNK INC. What is the analytics driven approach in security? MATHMATICAL STATISTICAL CALCULATION ANOMALIES / PREDICTION with ML ANALYTICS DRIVEN SECURITY Correlations and notable events EVENT & INFORMATION CORRELATION RISK AUTOMATION
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
© 2017 SPLUNK INC. Splunk Positioned as a Leader in Gartner 2018 Magic Quadrant for Security Information and Event Management* ▶ Six Years in a Row as a Leader ▶ Highest Overall in “Ability to Execute” Gartner disclaimer: Gartner, Inc., 2018 Magic Quadrant for Security Information and Event Management, and Critical Capabilities for Security Information and Event Management, Kelly M. Kavanagh, Toby Bussa. 10 August 2018. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Splunk. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
© 2018 SPLUNK INC. Splunk in a Security Operation Center
© 2018 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Response & Analytics Driven Security & Splunk as the Security Nerve Center
© 2018 SPLUNK INC. Power a Collaborative SOC AUTOMATION AND ORCHESTRATION INTERCONNECTED SECURITY STACK MACHINE LEARNING TO AUGMENT HUMAN SKILLS Adaptive Response ML
© 2018 SPLUNK INC. SOC Playbooks Splunk for the SOC - Overview Machine Data Monitor Detect Investigate Respond Schema-On-Read Enterprise On-Premise, Cloud, Hybrid Universal Indexing Tier 1 - Alert Analyst Notable Event Triage Tier 2 - Incident Responder Tier 3 - SME / Hunter Process People Technology
© 2018 SPLUNK INC. LIVE DEMO  Splunk Sear c h  Same data differ ent lens es
© 2018 SPLUNK INC. Avoid the “Medienbruch” Drawing from independent.co.uk, modified
© 2018 SPLUNK INC. Avoid the “Medienbruch” Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access Drawing from independent.co.uk, modified
© 2018 SPLUNK INC. Starting with a SIEM solution Pre-built searches, alerts, reports, dashboards, threat intel feeds and workflow. Dashboards & Reports Incident Investigations and Management Statistical Outliers & Risk Scoring Asset & Identity Aware • Correlation- and Notable Event Framework • Risk Scoring Framework • Out of the box key Security Metrics, Dashboards, Use Cases & Analytic Stories • Incident Investigation workflow • Adaptive Response • Glass Tables, • etc… Detect, Investigate & Response
© 2018 SPLUNK INC. Splunk UBA is an out-of-the-box solution that helps organizations find unknown threats and anomalous behavior with the use of machine learning What’s about anomalous behavior? critical and actionable unknown threats
© 2018 SPLUNK INC. Enhanced Investigation with Splunk Drill down into triggering events Investigation starts in UBA and continues in core Targeted hunting using automated SPL Leverages anomaly data from users and assets Collect more supporting evidence Further your investigation with focused timestamps View relationships across data sources Map models and anomalies to generated threat Identify missing data sources Gain additional scope and context of threats Drill down into raw events
© 2018 SPLUNK INC. • Account Takeover • Suspicious Behavior • Lateral Movement • Cloud Security • External Alarm • Find malware • Identify malware patient zero • Investigating zero-day activity • Find data exfiltration • Detect suspicious activity • Monitor threat activity • 120+ Security Controls Target external attackers and insider threat • Scales from small to massive companies • Can sends results to ES/UBA Splunk Use Cases Faster detection with field proved use cases and analytic stories UBA Enterprise Security Security Essentials
© 2018 SPLUNK INC. • Risky behavior detection • Entity profiling, scoring • Kill chain, graph analysis Detect, Investigate & Respond Investigate Realm of Known Human-driven Detect Realm of Unknown Machine Learning -driven • Log aggregation • Rules, statistics, correlation • Ad hoc searches and data pivot Investigation and Detection >better together Beyond the Known to the Unknown • Centralized view • Security Metrics • Adaptive Response • Collaboration • Risk Analysis
© 2018 SPLUNK INC. SOC Playbooks Splunk for the SOC - Overview Machine Data Monitor Detect Investigate Respond Schema-On-Read Enterprise On-Premise, Cloud, Hybrid Universal Indexing Tier 1 - Alert Analyst Notable Event Triage Tier 2 - Incident Responder Tier 3 - SME / Hunter Process People Technology
© 2017 SPLUNK INC. LIVE DEMO  Notable Event Framework  Event Correlation  Risk Framework
© 2018 SPLUNK INC. ….and what’s about the repetitive tasks?
© 2018 SPLUNK INC. SOC Playbooks Splunk for the SOC - Overview Machine Data Adaptive Response / SOAR Monitor Detect Investigate Respond Schema-On-Read Universal Indexing Tier 1 - Alert Analyst Notable Event Triage Tier 2 - Incident Responder Tier 3 - SME / Hunter Process People Technology 1. 2. 3. i.e. i.e. calculate command length standard deviation - stdev Enterprise On-Premise, Cloud, Hybrid
© 2018 SPLUNK INC. SOC Playbooks Splunk for the SOC - Overview Machine Data Monitor Detect Investigate Respond Universal Indexing Tier 1 - Alert Analyst Notable Event Triage Tier 2 - Incident Responder Tier 3 - SME / Hunter Orchestrate / Automate 1 2 3 1 Detection - Correlation - Statistics - Machine Learning - Risk 2 Investigation - Manual: Forensics / SPL - Auto: Phantom SOAR Playbook automation 3 Response - Basic: Workflow Actions / ES Adaptive Response - Advanced: Phantom SOAR - Collaboration: Ticketing/ Collaboration Tool Enterprise On-Premise, Cloud, Hybrid
© 2018 SPLUNK INC. INEFFICIENT & INCONSISTENT PROCESS STAFFING CHALLENGES INCREASING EXPOSURE Security Operations Challenges BEFORE PHANTOM SITUATION • Limited & stretched resources • Complex infrastructure with wide range of technologies from multiple security vendors • Alert fatigue • Expanding/changing attack surface EFFICIENCY REPEATABLE & AUDITABLE DECREASING DWELL TIMES Outcomes with Phantom AFTER PHANTOM SITUATION • Resources can focus on strategic security activities • Faster investigations across complex infrastructure • Increase SecOps process and team efficiency • Reduce the attack surface risk through automation ▶ Reduced alert investigation times from 30-45 minutes to less than one minute ▶ Applied a consistent approach to alert management and investigation, eliminating human error ▶ Increased resource efficiency by turning manual, repetitive tasks into automated processes The SOAR solution
© 2018 SPLUNK INC. Enterprise SecurityUBA Notable Events Triage & Event CockpitSplunk Scheduled Searches SOAR High level Architecture ITSM Monitoring Use Case 1 Monitoring Use Case 2 Monitoring Use Case 3 Ticketing System Splunk Native Email SPAM Malware Monitoring Use Case SOAR Platform Phantom Sec. Event >Case Management Operation Procedures as “human workflow” Cockpits, Reporting & KPI SOC Event Handling CERT Incident Handling
© 2018 SPLUNK INC. Enterprise SecurityUBA Notable Events Triage & Event CockpitSplunk Scheduled Searches SOAR High level Architecture Monitoring Use Case 1 Monitoring Use Case 2 Monitoring Use Case 3 SOAR Platform Phantom Sec. Event >Case Management Operation Procedures as “human workflow” Cockpits, Reporting & KPI SOC Event Handling CERT Incident Handling IMAP Escalation Case/Incident Drill Down Analysis & Correlation - ServiceNow - Remedy3 Splunk Native Email SPAM Malware Monitoring Use Case 4 run playbooks lookups and enrichment Control workload in analysts teamuse events to analyze Create and maintain cases generate reports and metrics Container for Events Playbooks Ticket-System Back to Splunk ITSM Ticketing System
© 2018 SPLUNK INC. ▶ App’s are being used to ingest Data ▶ And App’s are used to respond / connect to a target System for interaction as Incident Respond. Phantom APP concept Data Source External Data & analytic tools SIEM Threat intel platform Email Data lake APP process Poll Normalize data Phantom Orchestration & decision making Playbook / action execution APP process Invoke action Return data Assets Security tools & action targets Firewall Endpoint Malware sandbox Reputation service https://www.phantom.us/apps/
© 2018 SPLUNK INC. Security Use Case Study – Full Automation Monitor Detect 1 2 3 4 5 6 7 8 9 10 detonate file url reputation ip reputation query other recipients check user profile update notable event potential phishing create ticketcollaboration response Investigate Respond
© 2018 SPLUNK INC. Phantom Automation Insights Container Label: xx Container Label: xx Container Label: xx Container Label: splunk Container Label: siem Container to ingest events Run playbook Notable Event / Alert playbook sample Enrichment with Actions and Apps User Input or Approval Action are based on configured Apps Action could include create or change Ticket Number of containers can reflect tenants Containers can be based on data sources Notable Event / Alert Notable Event / Alert
© 2018 SPLUNK INC. LIVE DEMO  Automation and Orchestration  Collaboration
© 2018 SPLUNK INC. How to collaborate?
© 2018 SPLUNK INC.
© 2018 SPLUNK INC.
© 2018 SPLUNK INC. LIVE DEMO  Orchestration & Collaboration
© 2018 SPLUNK INC. Summary ▶ Incident Response is getting more challenging because the attacks are more sophisticated ▶ Security processes have to be improved to a higher maturity ▶ A holistic view is the key ▶ Automation is necessary for SOC/CERT to solve the simple Investigations in seconds Think about “AISecOPS”
© 2018 SPLUNK INC. Thank you
Ad

Recommended

ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
CloudVillage
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 
Getting started with Splunk
Getting started with SplunkGetting started with Splunk
Getting started with Splunk
Splunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
Elasticsearch
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
DNIF
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Edureka!
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
Splunk
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
Ad

More Related Content

What's hot (20)

Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
DNIF
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Edureka!
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
Splunk
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
DNIF
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Splunk in 60 Minutes | Splunk Tutorial For Beginners | Splunk Training | Splu...
Edureka!
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
Splunk
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
Splunk Architecture
Splunk ArchitectureSplunk Architecture
Splunk Architecture
Kishore Chaganti
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
AlienVault
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
Splunk
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
Sameer Paradia
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 

Similar to The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018 (20)

Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Rene Aguero
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
NiketNilay
 
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Splunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Splunk
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
Georg Knon
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
Splunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
Splunk
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
Splunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Rene Aguero
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
NiketNilay
 
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Splunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Splunk
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
Georg Knon
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
Splunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
Splunk
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
Splunk
 
Ad

More from Splunk (20)

Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public SectorBuilding Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
IT-Lagebild: Observability for Resilience (SVA)IT-Lagebild: Observability for Resilience (SVA)
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Praktische Erfahrungen mit dem Attack Analyser (gematik)Praktische Erfahrungen mit dem Attack Analyser (gematik)
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Security - Mit Sicherheit zum Erfolg (Telekom)Security - Mit Sicherheit zum Erfolg (Telekom)
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
One Cisco - Splunk Public Sector Summit Germany April 2025One Cisco - Splunk Public Sector Summit Germany April 2025
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public SectorBuilding Resilience with Energy Management for the Public Sector
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
IT-Lagebild: Observability for Resilience (SVA)IT-Lagebild: Observability for Resilience (SVA)
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Praktische Erfahrungen mit dem Attack Analyser (gematik)Praktische Erfahrungen mit dem Attack Analyser (gematik)
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Security - Mit Sicherheit zum Erfolg (Telekom)Security - Mit Sicherheit zum Erfolg (Telekom)
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
One Cisco - Splunk Public Sector Summit Germany April 2025One Cisco - Splunk Public Sector Summit Germany April 2025
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
 
Ad

Recently uploaded (20)

Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
 
"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko
Fwdays
 
Leading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael JidaelLeading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael Jidael
Michael Jidael
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Learn the Basics of Agile Development: Your Step-by-Step Guide
Learn the Basics of Agile Development: Your Step-by-Step GuideLearn the Basics of Agile Development: Your Step-by-Step Guide
Learn the Basics of Agile Development: Your Step-by-Step Guide
Marcel David
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Automation Hour 1/28/2022: Capture User Feedback from Anywhere
Automation Hour 1/28/2022: Capture User Feedback from AnywhereAutomation Hour 1/28/2022: Capture User Feedback from Anywhere
Automation Hour 1/28/2022: Capture User Feedback from Anywhere
Lynda Kane
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Salesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docxSalesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docx
José Enrique López Rivera
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical DebtBuckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Lynda Kane
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
 
"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko
Fwdays
 
Leading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael JidaelLeading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael Jidael
Michael Jidael
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Learn the Basics of Agile Development: Your Step-by-Step Guide
Learn the Basics of Agile Development: Your Step-by-Step GuideLearn the Basics of Agile Development: Your Step-by-Step Guide
Learn the Basics of Agile Development: Your Step-by-Step Guide
Marcel David
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Automation Hour 1/28/2022: Capture User Feedback from Anywhere
Automation Hour 1/28/2022: Capture User Feedback from AnywhereAutomation Hour 1/28/2022: Capture User Feedback from Anywhere
Automation Hour 1/28/2022: Capture User Feedback from Anywhere
Lynda Kane
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Salesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docxSalesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docx
José Enrique López Rivera
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical DebtBuckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Lynda Kane
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 

The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018

  • 1. © 2018 SPLUNK INC.© 2018 SPLUNK INC. from: >event to: >automated incident response The Splunk AISecOps Initiative Angelo Brancato, Security Specialist, EMEA Juerg Fischer, Senior Sales Engineer 12.12.2018 / Version 1.0
  • 2. © 2018 SPLUNK INC. ▶ 13:45 - Welcome ▶ 14:00 - End to End Security Operations with Splunk >Portfolio ▶ How to get from machine data to correlation to automation and collaboration to efficiently defend the attacker ▶ 15:15 - Break ▶ 15:30 - Splunk Security Products Roadmap update - and latest .Conf 2018 Innovation Highlights ▶ 16:30 - End to End Security Operations with Splunk >Demo ▶ 17:15 - Close & Christmas Apero Agenda
  • 3. © 2018 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2018 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 4. © 2017 SPLUNK INC. Todays Challenges in Security Investigation Splunk Security Products Portfolio Enjoy the journey from the event to an automated Incident Management System Agenda
  • 5. © 2018 SPLUNK INC. ▶ The Whiteboard frame- work will be used to have a focused, personalized, and differentiated discussion about the Splunk journey. ▶ It allows to explain the journey in a consistent way and integrate the proof points including initiatives and expectations. Turn machine data into answers
  • 6. © 2018 SPLUNK INC. © 2018 SPLUNK INC. OUR MISSION
  • 7. © 2017 SPLUNK INC. Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases O F T H E Same Data D I F F E R E N T People A S K I N G D I F F E R E N T Questions
  • 8. THREATS ARE MORE COMPLEX AND FAR REACHING NOT CLOSING THE SKILLS GAP SECURITY TO ENABLE BUSINESS AND THE MISSION
  • 9. T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
  • 10. © 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
  • 11. © 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4
  • 12. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps 125+ Examples, with 180+ Searches Data Onboarding Guides Content Mapping (MITRE ATT&CK, Killchain etc.) Mapping to Premium Apps On-Prem, Cloud, SaaS or Hybrid Performance at Scale Open Ecosystem Native ML/AI Integration
  • 13. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps ... Many great, free Apps to solve a specific Problem
  • 14. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data ASSET AND IDENTITY CORRELATION NOTABLE EVENT & INVESTIGATION THREAT INTELLIGENCE RISK ANALYSIS ADAPTIVE RESPONSE CONTENT UPDATE +
  • 15. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + ANALYTICS DRIVEN SECURITY MATHMATICAL STATISTICAL CALCULATION ANOMALIES / PREDICTION with ML Correlations and notable events EVENT & INFORMATION CORRELATION RISK
  • 16. © 2017 SPLUNK INC. Bad Likely Bad Looks Bad Could Be Bad What is actionable? Events from security tools Typically low fidelity (“could be bad”) and not intrinsically actionable Correlated Events Typically medium fidelity (“looks bad”) and most of the time not actionable Behavior-based Correlated Events High fidelity (“likely bad”) and requires attention Behavior- & Risk-based Correlated Events High fidelity (“bad”) and requires action
  • 17. © 2017 SPLUNK INC. Bad Likely Bad Looks Bad Could Be Bad What is actionable?My Team is overwhelmed! Facts : • Not enough time to review alerts • Not enough staff to review alerts Results : • Critical Incidents not reviewed • Breaches and damages Events from security tools Typically low fidelity (“could be bad”) and not intrinsically actionable Correlated Events Typically medium fidelity (“looks bad”) and most of the time not actionable Behavior-based Correlated Events High fidelity (“likely bad”) and requires attention Behavior- & Risk-based Correlated Events High fidelity (“bad”) and requires action
  • 18. © 2017 SPLUNK INC. Bad Likely Bad Looks Bad Could Be Bad What is actionable?My Team’s Focus should be here! What’s Needed? • Instead of “Matching Events”, need to detect changes with objects and groups How? • Analytics + Risk based approach • Calculate risks using analytics Events from security tools Typically low fidelity (“could be bad”) and not intrinsically actionable Correlated Events Typically medium fidelity (“looks bad”) and most of the time not actionable Behavior-based Correlated Events High fidelity (“likely bad”) and requires attention Behavior- & Risk-based Correlated Events High fidelity (“bad”) and requires action
  • 19. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + +
  • 20. © 2017 SPLUNK INC. How Does Splunk UEBA Work? Anomaly classifications and Custom Anomalies Threat Classifications Machine Learning Suspicious Data Movement Unusual Machine Access Flight Risk User Unusual Network Activity Machine Generated Beacon Machine Learning Lateral Movement Suspicious Behavior Compromised Account Data Exfiltration Malware Activity PROXY SERVER FIREWALL DNS, DHCP ACTIVE DIRECTORY / DOMAIN CONTROLLER Optional: VPN, Endpoint, DLP … … Specialized Threat Models Kill-chain Analysis Graph Analysis Custom Threats Batch Models Streaming Models
  • 21. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + +
  • 22. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Optional Optional
  • 23. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
  • 24. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
  • 25. © 2017 SPLUNK INC. What is the analytics driven approach in security? MATHMATICAL STATISTICAL CALCULATION ANOMALIES / PREDICTION with ML ANALYTICS DRIVEN SECURITY Correlations and notable events EVENT & INFORMATION CORRELATION RISK AUTOMATION
  • 26. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center
  • 27. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
  • 28. © 2017 SPLUNK INC. Splunk Positioned as a Leader in Gartner 2018 Magic Quadrant for Security Information and Event Management* ▶ Six Years in a Row as a Leader ▶ Highest Overall in “Ability to Execute” Gartner disclaimer: Gartner, Inc., 2018 Magic Quadrant for Security Information and Event Management, and Critical Capabilities for Security Information and Event Management, Kelly M. Kavanagh, Toby Bussa. 10 August 2018. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Splunk. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
  • 29. © 2018 SPLUNK INC. Splunk in a Security Operation Center
  • 30. © 2018 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Response & Analytics Driven Security & Splunk as the Security Nerve Center
  • 31. © 2018 SPLUNK INC. Power a Collaborative SOC AUTOMATION AND ORCHESTRATION INTERCONNECTED SECURITY STACK MACHINE LEARNING TO AUGMENT HUMAN SKILLS Adaptive Response ML
  • 32. © 2018 SPLUNK INC. SOC Playbooks Splunk for the SOC - Overview Machine Data Monitor Detect Investigate Respond Schema-On-Read Enterprise On-Premise, Cloud, Hybrid Universal Indexing Tier 1 - Alert Analyst Notable Event Triage Tier 2 - Incident Responder Tier 3 - SME / Hunter Process People Technology
  • 33. © 2018 SPLUNK INC. LIVE DEMO  Splunk Sear c h  Same data differ ent lens es
  • 34. © 2018 SPLUNK INC. Avoid the “Medienbruch” Drawing from independent.co.uk, modified
  • 35. © 2018 SPLUNK INC. Avoid the “Medienbruch” Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access Drawing from independent.co.uk, modified
  • 36. © 2018 SPLUNK INC. Starting with a SIEM solution Pre-built searches, alerts, reports, dashboards, threat intel feeds and workflow. Dashboards & Reports Incident Investigations and Management Statistical Outliers & Risk Scoring Asset & Identity Aware • Correlation- and Notable Event Framework • Risk Scoring Framework • Out of the box key Security Metrics, Dashboards, Use Cases & Analytic Stories • Incident Investigation workflow • Adaptive Response • Glass Tables, • etc… Detect, Investigate & Response
  • 37. © 2018 SPLUNK INC. Splunk UBA is an out-of-the-box solution that helps organizations find unknown threats and anomalous behavior with the use of machine learning What’s about anomalous behavior? critical and actionable unknown threats
  • 38. © 2018 SPLUNK INC. Enhanced Investigation with Splunk Drill down into triggering events Investigation starts in UBA and continues in core Targeted hunting using automated SPL Leverages anomaly data from users and assets Collect more supporting evidence Further your investigation with focused timestamps View relationships across data sources Map models and anomalies to generated threat Identify missing data sources Gain additional scope and context of threats Drill down into raw events
  • 39. © 2018 SPLUNK INC. • Account Takeover • Suspicious Behavior • Lateral Movement • Cloud Security • External Alarm • Find malware • Identify malware patient zero • Investigating zero-day activity • Find data exfiltration • Detect suspicious activity • Monitor threat activity • 120+ Security Controls Target external attackers and insider threat • Scales from small to massive companies • Can sends results to ES/UBA Splunk Use Cases Faster detection with field proved use cases and analytic stories UBA Enterprise Security Security Essentials
  • 40. © 2018 SPLUNK INC. • Risky behavior detection • Entity profiling, scoring • Kill chain, graph analysis Detect, Investigate & Respond Investigate Realm of Known Human-driven Detect Realm of Unknown Machine Learning -driven • Log aggregation • Rules, statistics, correlation • Ad hoc searches and data pivot Investigation and Detection >better together Beyond the Known to the Unknown • Centralized view • Security Metrics • Adaptive Response • Collaboration • Risk Analysis
  • 41. © 2018 SPLUNK INC. SOC Playbooks Splunk for the SOC - Overview Machine Data Monitor Detect Investigate Respond Schema-On-Read Enterprise On-Premise, Cloud, Hybrid Universal Indexing Tier 1 - Alert Analyst Notable Event Triage Tier 2 - Incident Responder Tier 3 - SME / Hunter Process People Technology
  • 42. © 2017 SPLUNK INC. LIVE DEMO  Notable Event Framework  Event Correlation  Risk Framework
  • 43. © 2018 SPLUNK INC. ….and what’s about the repetitive tasks?
  • 44. © 2018 SPLUNK INC. SOC Playbooks Splunk for the SOC - Overview Machine Data Adaptive Response / SOAR Monitor Detect Investigate Respond Schema-On-Read Universal Indexing Tier 1 - Alert Analyst Notable Event Triage Tier 2 - Incident Responder Tier 3 - SME / Hunter Process People Technology 1. 2. 3. i.e. i.e. calculate command length standard deviation - stdev Enterprise On-Premise, Cloud, Hybrid
  • 45. © 2018 SPLUNK INC. SOC Playbooks Splunk for the SOC - Overview Machine Data Monitor Detect Investigate Respond Universal Indexing Tier 1 - Alert Analyst Notable Event Triage Tier 2 - Incident Responder Tier 3 - SME / Hunter Orchestrate / Automate 1 2 3 1 Detection - Correlation - Statistics - Machine Learning - Risk 2 Investigation - Manual: Forensics / SPL - Auto: Phantom SOAR Playbook automation 3 Response - Basic: Workflow Actions / ES Adaptive Response - Advanced: Phantom SOAR - Collaboration: Ticketing/ Collaboration Tool Enterprise On-Premise, Cloud, Hybrid
  • 46. © 2018 SPLUNK INC. INEFFICIENT & INCONSISTENT PROCESS STAFFING CHALLENGES INCREASING EXPOSURE Security Operations Challenges BEFORE PHANTOM SITUATION • Limited & stretched resources • Complex infrastructure with wide range of technologies from multiple security vendors • Alert fatigue • Expanding/changing attack surface EFFICIENCY REPEATABLE & AUDITABLE DECREASING DWELL TIMES Outcomes with Phantom AFTER PHANTOM SITUATION • Resources can focus on strategic security activities • Faster investigations across complex infrastructure • Increase SecOps process and team efficiency • Reduce the attack surface risk through automation ▶ Reduced alert investigation times from 30-45 minutes to less than one minute ▶ Applied a consistent approach to alert management and investigation, eliminating human error ▶ Increased resource efficiency by turning manual, repetitive tasks into automated processes The SOAR solution
  • 47. © 2018 SPLUNK INC. Enterprise SecurityUBA Notable Events Triage & Event CockpitSplunk Scheduled Searches SOAR High level Architecture ITSM Monitoring Use Case 1 Monitoring Use Case 2 Monitoring Use Case 3 Ticketing System Splunk Native Email SPAM Malware Monitoring Use Case SOAR Platform Phantom Sec. Event >Case Management Operation Procedures as “human workflow” Cockpits, Reporting & KPI SOC Event Handling CERT Incident Handling
  • 48. © 2018 SPLUNK INC. Enterprise SecurityUBA Notable Events Triage & Event CockpitSplunk Scheduled Searches SOAR High level Architecture Monitoring Use Case 1 Monitoring Use Case 2 Monitoring Use Case 3 SOAR Platform Phantom Sec. Event >Case Management Operation Procedures as “human workflow” Cockpits, Reporting & KPI SOC Event Handling CERT Incident Handling IMAP Escalation Case/Incident Drill Down Analysis & Correlation - ServiceNow - Remedy3 Splunk Native Email SPAM Malware Monitoring Use Case 4 run playbooks lookups and enrichment Control workload in analysts teamuse events to analyze Create and maintain cases generate reports and metrics Container for Events Playbooks Ticket-System Back to Splunk ITSM Ticketing System
  • 49. © 2018 SPLUNK INC. ▶ App’s are being used to ingest Data ▶ And App’s are used to respond / connect to a target System for interaction as Incident Respond. Phantom APP concept Data Source External Data & analytic tools SIEM Threat intel platform Email Data lake APP process Poll Normalize data Phantom Orchestration & decision making Playbook / action execution APP process Invoke action Return data Assets Security tools & action targets Firewall Endpoint Malware sandbox Reputation service https://www.phantom.us/apps/
  • 50. © 2018 SPLUNK INC. Security Use Case Study – Full Automation Monitor Detect 1 2 3 4 5 6 7 8 9 10 detonate file url reputation ip reputation query other recipients check user profile update notable event potential phishing create ticketcollaboration response Investigate Respond
  • 51. © 2018 SPLUNK INC. Phantom Automation Insights Container Label: xx Container Label: xx Container Label: xx Container Label: splunk Container Label: siem Container to ingest events Run playbook Notable Event / Alert playbook sample Enrichment with Actions and Apps User Input or Approval Action are based on configured Apps Action could include create or change Ticket Number of containers can reflect tenants Containers can be based on data sources Notable Event / Alert Notable Event / Alert
  • 52. © 2018 SPLUNK INC. LIVE DEMO  Automation and Orchestration  Collaboration
  • 53. © 2018 SPLUNK INC. How to collaborate?
  • 56. © 2018 SPLUNK INC. LIVE DEMO  Orchestration & Collaboration
  • 57. © 2018 SPLUNK INC. Summary ▶ Incident Response is getting more challenging because the attacks are more sophisticated ▶ Security processes have to be improved to a higher maturity ▶ A holistic view is the key ▶ Automation is necessary for SOC/CERT to solve the simple Investigations in seconds Think about “AISecOPS”
  • 58. © 2018 SPLUNK INC. Thank you