This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
2. 2
2
> Anurag Gurtu agurtu@splunk.com
• 1 year at Splunk – Director, Product Marketing, Splunk
Behavioral Analytics
• 15 years in Security (Caspida, FireEye, Cisco, Tripwire,
Computer Associates) in following roles: Product
Management, Technical Marketing, R&D, Software
Development and Professional Services.
• CISSP and a few Cisco Certifications (Firewall, IPS, Routing,
and Switching)
Who Am I (1/2)
3. 3
3
> Daniel Phaneuf dphaneuf@splunk.com
• 1 year at Splunk – Senior Systems Engineer
• Based in Montreal
• 25 years in IT in following roles: SE, Sysadmin, Network
management and Security, Software and Hardware
development
• Not a security expert, Splunk expert
Who Am I (2/2)
4. 4
Legal Notices
During the course of this presentation, we may make forward-looking statements regarding future
events or the expected performance of the company. We caution you that such statements reflect our
current expectations and estimates based on factors currently known to us and that actual events or
results could differ materially. For important factors that may cause actual results to differ from those
contained in our forward-looking statements, please review our filings with the SEC. The forward-
looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or
accurate information. We do not assume any obligation to update any forward-looking statements
we may make. In addition, any information about our roadmap outlines our general product direction
and is subject to change at any time without notice. It is for informational purposes only and shall
not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to
develop the features or functionality described or to include any such feature or functionality in a
future release.
13. 13
Behavioral Analytics Brought to SIEM Workflow
• All UBA anomalies available in ES
• Manager – UBA Reporting within ES – pre-built, customizable
• SOC analyst – UBA Anomaly data available for correlation – alerts, threat intel, domain data
• Hunter/Investigator- Perform ad-hoc searching/pivoting for Incident Response and Breach Analysis
13
ES 4.1 and UBA 2.2
Detect and Investigate faster using ML integrated with SIEM
17. 17
Replacing a SIEM @ Cisco
Challenges
• SIEM could not meet security needs
• Very difficult to index non-security or custom app log data
• Serious scale and speed issues. 10GB/day and searches took > 6 minutes
• Difficult to customize, reliance on pre-built rules which generated false positives
Splunk Solution
• Easy to index any type of machine data from any source
• Over 60 simultaneous users, correlations, reporting, advanced threat detection
• Use all data + flexible searches and reporting = empowered team
• 900 GB/day and searches take < minute. 7 global data centers with 350TB store
• Estimated that Splunk is 25% the cost of a traditional SIEM
“We moved to Splunk
from traditional SIEM
as Splunk is designed
and engineered for “big
data” use cases. Our
previous SIEM was not
and simply could not
scale to the data
volumes we have. “
- Gavin Reid, Leader,
Cisco Computer
Security Incident
Response Team
30. 30
What Customers Have To Say About Splunk UBA
Splunk UBA is unique in its data-science driven approach to automatically finding hidden threats rather than
the traditional rules-based approaches that doesn’t scale. We are pleased with the efficacy and efficiency of this
solution as it makes the life of our SOC analysts’ way better.
Mark Grimse, VP IT Security, Rambus
A layered defense architecture is necessary to combat modern-day threats such as cyberattacks and insider
threats, and it’s crucial to use a data science driven approach in order to find unknown patterns. I found Splunk
UBA to be oneof themost advanced technologies within thebehavioralanalytics space.
Randolph Barr, CSO, Saba
33. 33
SEPT 26-29, 2016
WALT DISNEY WORLD, ORLANDO
SWAN AND DOLPHIN RESORTS
• 5000+ IT & Business Professionals
• 3 days of technical content
• 165+ sessions
• 80+ Customer Speakers
• 35+ Apps in Splunk Apps Showcase
• 75+ Technology Partners
• 1:1 networking: Ask The Experts and Security
Experts, Birds of a Feather and Chalk Talks
• NEW hands-on labs!
• Expanded show floor, Dashboards Control
Room & Clinic, and MORE!
The 7th Annual Splunk Worldwide Users’ Conference
PLUS Splunk University
• Three days: Sept 24-26, 2016
• Get Splunk Certified for FREE!
• Get CPE credits for CISSP, CAP, SSCP
• Save thousands on Splunk education!