SlideShare a Scribd company logo

Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03

Download as PPTX, PDF
N
NiketNilay

Splunk Enterprise Security Demo by Niket Nilay at Splunk Bengaluru User Group virtual meeting for October 2020.

Technology
1 of 31
https://conf.splunk.com/
© 2020 SPLUNK INC. https://www.youtube.com/watch?v=C8UzEaF2OwQ https://conf.splunk.com/
© 2020 SPLUNK INC. https://www.youtube.com/watch?v=C0DQQhXkvao
Bengaluru User Group 03rd Oct 2020 Splunk> Like an F-18, bro Looking for trouble Take the sh out of IT Because Ninjas are too busy Find your Achilles' heel, before a Trojan does Because you can't always blame Canada Can you SPL? Cloud control Counter errorism I like big Data and I cannot lie I see dead servers I'm ESXi and I know it Finding your faults, just like mom Let my people know Not your mom's MoM More brain, less surgery A petabyte of data is a terrible thing to waste Ready. AMI. Fire. REST for the wicked Weapon of a Security Warrior See the forest *and* the trees See your world. Maybe wish you hadn't. Sensor SenseiPut that in your | and Splunk it. Stop chasing your tail -f search WTF | report FTW | alert WFH Don't be a SOAR loser. End of meh-trics. Turing down for what?!
Housekeeping Join #splunk_bengaluru_usergroup on Slack http://splk.it/slack Use #splunk_bengaluru_usergroup for Q&A during the session Please keep your lines muted when not speaking Slides, recording & feedback form will be posted to the Events page Splunk Bengaluru User Group https://usergroups.splunk.com/bengaluru-splunk-user-group/
© 2019 SPLUNK INC. Niket Nilay Sales Engineer @ Splunk Splunk Enterprise Security Demo 3rd Oct 2020 Splunker since version 6.0 for 7+ years. @Splunk for 7 months. Out of 7 sessions of Bengaluru User Group, this is my 3rd 
During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2 0 1 9 S P L U N K I N C .
© 2020 SPLUNK INC. Today’s Security Operations Workflow A process that doesn’t scale FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION TIER 1 TIER 2 NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SIEM
© 2020 SPLUNK INC. Shifting Focus and Role for SOCs Situational Awareness LEGACY Operation / Monitoring Center Human Authored Human Speed Operations Analysis and Decision-Making REQUIRED Nerve Center / Command Center Human — Machine Learning Machine-Speed Cycle Times
© 2020 SPLUNK INC. TIER 1 TIER 2 FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION SIEM SOAR Security Operations Workflow NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES
© 2020 SPLUNK INC. Act Security Nerve Center Endpoints Threat Intelligence Network Web Proxy Firewall Identity and Access WAF and App Security Cloud Security Mobile SOAR SIEM Analyze Monitor Investigate
© 2 0 1 9 S P L U N K I N C . The only integrated suite with industry-leading SIEM, UEBA and SOAR solutions that utilize a market-proven, scalable big data platform, continually augmented with actionable use case content. Splunk modernizes security operations by acting as their security nerve center, turning data into detections, and insights into actions, across all security use cases, teams, and functions. Splunk drives the Data, Analytics, and Operations layers for the SOC to enable security teams to function at its highest level of performance. AOF Data Sources Content Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom+ Splunk Security Operations Suite Modernize your security operations AOF = Adaptive Operations Framework - our ecosystem of apps and security partner integrations. Content = Pre-packaged security content (searches, detection models, automation playbooks) from the Splunk Research Team. Stay current with latest threat landscape.
© 2020 SPLUNK INC. Combat Threats with Advanced Analytics Powered by Security Information Event Management (SIEM) NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SECURITY ANALYTICS SIEM Correlate and Sequence Events Validate Alerts Prioritize, Review and Investigate Decide Best Path to Resolution Monitor Security Activity
© 2020 SPLUNK INC. Splunk Enterprise Security (ES) Analytics-Driven Security Information Event Management (SIEM) ▪ Know Your Security Posture ▪ Investigate with Speed and Flexibility ▪ Scale to Petabytes of Data
© 2 0 1 9 S P L U N K I N C . Demo
© 2020 SPLUNK INC. *Gartner and Forrester are all trademarks from their respective companies. *Gartner, Magic Quadrant for Security Information and Event Management, Kelly Kavanagh | Toby Bussa, Dec. 4, 2017. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. *The Gartner Peer Insights Customer Choice Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customer Choice Awards are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights and overall ratings for a given vendor in the market, as further described here http://www.gartner.com/reviews-pages/peer-insights-customer-choice-awards/ and are not intended in any way to represent the views of Gartner or its affiliates. By Industry Analysts Named a Leader in Gartner’s Magic Quadrant for Security Information and Event Management Designated a 2018 Customer’s Choice for Security Information and Event Management By End Users
© 2020 SPLUNK INC. Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall + Splunk Adaptive Operations Framework
© 2020 SPLUNK INC. Security Content Updates ▪ Pre-packaged Searches ▪ Algorithms ▪ Dashboards ▪ Playbooks ▪ …and more! Available for: Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom
© 2020 SPLUNK INC. Security Operations in 2020 TIER 1 ANALYST WORK WILL BE AUTOMATED TIME SPENT OPTIMIZING DETECTION & RESPONSE LOGIC
© 2020 SPLUNK INC. Beyond the Security Operations (SOC) Splunk Enterprise for Security ▪ Compliance ▪ Data Privacy ▪ Fraud ▪ Risk
© 2 0 1 9 S P L U N K I N C . Appendix
© 2020 SPLUNK INC. References  Splunk ES Content Update  Splunk Common Information Model (CIM)  Splunk Machine Learning Toolkit  Splunk Security Essentials  Splunk Security Essentials for Ransomware  Splunk Security Essentials for Fraud Detection  Splunk Essentials for ICS Monitoring and Diagnostics Splunkbase Apps
© 2020 SPLUNK INC. Aflac  Blocked over two million security threats  Orchestrated threat intelligence across 20 security technologies sitting within its internal Threat Intelligence System  Automated threat hunting and 90% of its security metrics process in just two months Automating Threat Intelligence System
© 2020 SPLUNK INC. Blackstone  Reduced alert investigation times from 30-45 minutes to less than one minute  Applied a consistent approach to alert management and investigation, eliminating human error  Increased resource efficiency by turning manual, repetitive tasks into automated processes Automating Malware Investigation
© 2020 SPLUNK INC. Key Takeaways Accelerate detection and response Optimize security operations Scale human resources
© 2020 SPLUNK INC. Q&A Raise hand to be unmuted Post questions in WebEx Chat Join Slack for Q&A http://splk.it/slack
© 2020 SPLUNK INC. Contribute, Collaborate and win #splunk_bengaluru_usergroup • Token of appreciation for the Speakers in the Community event NA • Monthly reward for winners of Challenges posted in Slack NA http://splk.it/slack
© 2020 SPLUNK INC. Challenges on Slack #splunk_bengaluru_usergroup Rule for participation* • Must have attended User Group Session and Checked In. • In the Slack thread only mention challenge# attempted (do not answer in Slack chat). • Send personal note on Slack with actual answer or email. • Winner will be based on first one to get max. correct answer. • If you have already won previously in last 12 sessions, preference will be given to second best answer. • Answers to challenges from August Bengaluru User Group session posted on Slack. • Challenges from September session posted on Slack. • India geography only. http://splk.it/slack
© 2020 SPLUNK INC. Community Resources Splunk Community Resources (Both Official and Unofficial) Splunk > Clara-fication: Splunk Community: https://www.splunk.com/en_us/blog/tips- and-tricks/splunk-clara-fication-splunk-community.html
We plan to meet 1st Saturday of every month at 14:00 PM IST. Please provide feedback for : • Sessions and improvements. • Topics to be covered in future sessions. • Let us know if you are interested in presenting in User Group. Keep the comradery through Slack and Splunk Answers> What’s Next http://splk.it/slack http://community.splunk.com https://conf.splunk.com Splunk .Conf 2020 registrations are open: Oct 20th and 21st (Virtual)
Thank You

Recommended

Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group MeetupSplunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetupkamlesh2410
 
Splunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
Splunk Dashboard Studio | September Bengaluru Splunk User Group MeetupSplunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
Splunk Dashboard Studio | September Bengaluru Splunk User Group Meetupkamlesh2410
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 
Splunk bangalore user group 2020 09 01
Splunk bangalore user group 2020 09 01Splunk bangalore user group 2020 09 01
Splunk bangalore user group 2020 09 01NiketNilay
 
Detection as code splunk user group dec 2020
Detection as code splunk user group dec 2020Detection as code splunk user group dec 2020
Detection as code splunk user group dec 2020Ulf Thornander
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Splunk
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in ActionSplunk
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01NiketNilay
 

Recommended

Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group MeetupSplunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetupkamlesh2410
 
Splunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
Splunk Dashboard Studio | September Bengaluru Splunk User Group MeetupSplunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
Splunk Dashboard Studio | September Bengaluru Splunk User Group Meetupkamlesh2410
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 
Splunk bangalore user group 2020 09 01
Splunk bangalore user group 2020 09 01Splunk bangalore user group 2020 09 01
Splunk bangalore user group 2020 09 01NiketNilay
 
Detection as code splunk user group dec 2020
Detection as code splunk user group dec 2020Detection as code splunk user group dec 2020
Detection as code splunk user group dec 2020Ulf Thornander
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Splunk
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in ActionSplunk
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01NiketNilay
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-onShannon Cuthbertson
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best ofSplunk
 
Splunk4Leaders
Splunk4Leaders Splunk4Leaders
Splunk4Leaders Splunk
 
SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! OverviewGeorg Knon
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for SplunkMickey Perre
 
Using BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJSUsing BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJSStephen Feather
 
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16AppDynamics
 
Service intelligence hands on workshop
Service intelligence hands on workshopService intelligence hands on workshop
Service intelligence hands on workshopMegan Shippy
 
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour StockholmTop Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour StockholmAppDynamics
 
How To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonHow To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonAppDynamics
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderSplunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation PrasadThorat23
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Splunk
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 

More Related Content

What's hot

Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-onShannon Cuthbertson
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best ofSplunk
 
Splunk4Leaders
Splunk4Leaders Splunk4Leaders
Splunk4Leaders Splunk
 
SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! OverviewGeorg Knon
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for SplunkMickey Perre
 
Using BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJSUsing BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJSStephen Feather
 
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16AppDynamics
 
Service intelligence hands on workshop
Service intelligence hands on workshopService intelligence hands on workshop
Service intelligence hands on workshopMegan Shippy
 
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour StockholmTop Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour StockholmAppDynamics
 
How To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonHow To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonAppDynamics
 

What's hot (10)

Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best of
 
Splunk4Leaders
Splunk4Leaders Splunk4Leaders
Splunk4Leaders
 
SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! Overview
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for Splunk
 
Using BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJSUsing BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJS
 
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
 
Service intelligence hands on workshop
Service intelligence hands on workshopService intelligence hands on workshop
Service intelligence hands on workshop
 
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour StockholmTop Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
 
How To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonHow To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour London
 

Similar to Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03

SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderSplunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Splunk
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsSplunk
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML Splunk
 
Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunk
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunk
 

Similar to Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03 (20)

SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior Analytics
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML
 
Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and Logs
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
 

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03

  • 2. © 2020 SPLUNK INC. https://www.youtube.com/watch?v=C8UzEaF2OwQ https://conf.splunk.com/
  • 3. © 2020 SPLUNK INC. https://www.youtube.com/watch?v=C0DQQhXkvao
  • 4. Bengaluru User Group 03rd Oct 2020 Splunk> Like an F-18, bro Looking for trouble Take the sh out of IT Because Ninjas are too busy Find your Achilles' heel, before a Trojan does Because you can't always blame Canada Can you SPL? Cloud control Counter errorism I like big Data and I cannot lie I see dead servers I'm ESXi and I know it Finding your faults, just like mom Let my people know Not your mom's MoM More brain, less surgery A petabyte of data is a terrible thing to waste Ready. AMI. Fire. REST for the wicked Weapon of a Security Warrior See the forest *and* the trees See your world. Maybe wish you hadn't. Sensor SenseiPut that in your | and Splunk it. Stop chasing your tail -f search WTF | report FTW | alert WFH Don't be a SOAR loser. End of meh-trics. Turing down for what?!
  • 5. Housekeeping Join #splunk_bengaluru_usergroup on Slack http://splk.it/slack Use #splunk_bengaluru_usergroup for Q&A during the session Please keep your lines muted when not speaking Slides, recording & feedback form will be posted to the Events page Splunk Bengaluru User Group https://usergroups.splunk.com/bengaluru-splunk-user-group/
  • 6. © 2019 SPLUNK INC. Niket Nilay Sales Engineer @ Splunk Splunk Enterprise Security Demo 3rd Oct 2020 Splunker since version 6.0 for 7+ years. @Splunk for 7 months. Out of 7 sessions of Bengaluru User Group, this is my 3rd 
  • 7. During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2 0 1 9 S P L U N K I N C .
  • 8. © 2020 SPLUNK INC. Today’s Security Operations Workflow A process that doesn’t scale FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION TIER 1 TIER 2 NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SIEM
  • 9. © 2020 SPLUNK INC. Shifting Focus and Role for SOCs Situational Awareness LEGACY Operation / Monitoring Center Human Authored Human Speed Operations Analysis and Decision-Making REQUIRED Nerve Center / Command Center Human — Machine Learning Machine-Speed Cycle Times
  • 10. © 2020 SPLUNK INC. TIER 1 TIER 2 FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION SIEM SOAR Security Operations Workflow NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES
  • 11. © 2020 SPLUNK INC. Act Security Nerve Center Endpoints Threat Intelligence Network Web Proxy Firewall Identity and Access WAF and App Security Cloud Security Mobile SOAR SIEM Analyze Monitor Investigate
  • 12. © 2 0 1 9 S P L U N K I N C . The only integrated suite with industry-leading SIEM, UEBA and SOAR solutions that utilize a market-proven, scalable big data platform, continually augmented with actionable use case content. Splunk modernizes security operations by acting as their security nerve center, turning data into detections, and insights into actions, across all security use cases, teams, and functions. Splunk drives the Data, Analytics, and Operations layers for the SOC to enable security teams to function at its highest level of performance. AOF Data Sources Content Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom+ Splunk Security Operations Suite Modernize your security operations AOF = Adaptive Operations Framework - our ecosystem of apps and security partner integrations. Content = Pre-packaged security content (searches, detection models, automation playbooks) from the Splunk Research Team. Stay current with latest threat landscape.
  • 13. © 2020 SPLUNK INC. Combat Threats with Advanced Analytics Powered by Security Information Event Management (SIEM) NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SECURITY ANALYTICS SIEM Correlate and Sequence Events Validate Alerts Prioritize, Review and Investigate Decide Best Path to Resolution Monitor Security Activity
  • 14. © 2020 SPLUNK INC. Splunk Enterprise Security (ES) Analytics-Driven Security Information Event Management (SIEM) ▪ Know Your Security Posture ▪ Investigate with Speed and Flexibility ▪ Scale to Petabytes of Data
  • 15. © 2 0 1 9 S P L U N K I N C . Demo
  • 16. © 2020 SPLUNK INC. *Gartner and Forrester are all trademarks from their respective companies. *Gartner, Magic Quadrant for Security Information and Event Management, Kelly Kavanagh | Toby Bussa, Dec. 4, 2017. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. *The Gartner Peer Insights Customer Choice Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customer Choice Awards are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights and overall ratings for a given vendor in the market, as further described here http://www.gartner.com/reviews-pages/peer-insights-customer-choice-awards/ and are not intended in any way to represent the views of Gartner or its affiliates. By Industry Analysts Named a Leader in Gartner’s Magic Quadrant for Security Information and Event Management Designated a 2018 Customer’s Choice for Security Information and Event Management By End Users
  • 17. © 2020 SPLUNK INC. Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall + Splunk Adaptive Operations Framework
  • 18. © 2020 SPLUNK INC. Security Content Updates ▪ Pre-packaged Searches ▪ Algorithms ▪ Dashboards ▪ Playbooks ▪ …and more! Available for: Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom
  • 19. © 2020 SPLUNK INC. Security Operations in 2020 TIER 1 ANALYST WORK WILL BE AUTOMATED TIME SPENT OPTIMIZING DETECTION & RESPONSE LOGIC
  • 20. © 2020 SPLUNK INC. Beyond the Security Operations (SOC) Splunk Enterprise for Security ▪ Compliance ▪ Data Privacy ▪ Fraud ▪ Risk
  • 21. © 2 0 1 9 S P L U N K I N C . Appendix
  • 22. © 2020 SPLUNK INC. References  Splunk ES Content Update  Splunk Common Information Model (CIM)  Splunk Machine Learning Toolkit  Splunk Security Essentials  Splunk Security Essentials for Ransomware  Splunk Security Essentials for Fraud Detection  Splunk Essentials for ICS Monitoring and Diagnostics Splunkbase Apps
  • 23. © 2020 SPLUNK INC. Aflac  Blocked over two million security threats  Orchestrated threat intelligence across 20 security technologies sitting within its internal Threat Intelligence System  Automated threat hunting and 90% of its security metrics process in just two months Automating Threat Intelligence System
  • 24. © 2020 SPLUNK INC. Blackstone  Reduced alert investigation times from 30-45 minutes to less than one minute  Applied a consistent approach to alert management and investigation, eliminating human error  Increased resource efficiency by turning manual, repetitive tasks into automated processes Automating Malware Investigation
  • 25. © 2020 SPLUNK INC. Key Takeaways Accelerate detection and response Optimize security operations Scale human resources
  • 26. © 2020 SPLUNK INC. Q&A Raise hand to be unmuted Post questions in WebEx Chat Join Slack for Q&A http://splk.it/slack
  • 27. © 2020 SPLUNK INC. Contribute, Collaborate and win #splunk_bengaluru_usergroup • Token of appreciation for the Speakers in the Community event NA • Monthly reward for winners of Challenges posted in Slack NA http://splk.it/slack
  • 28. © 2020 SPLUNK INC. Challenges on Slack #splunk_bengaluru_usergroup Rule for participation* • Must have attended User Group Session and Checked In. • In the Slack thread only mention challenge# attempted (do not answer in Slack chat). • Send personal note on Slack with actual answer or email. • Winner will be based on first one to get max. correct answer. • If you have already won previously in last 12 sessions, preference will be given to second best answer. • Answers to challenges from August Bengaluru User Group session posted on Slack. • Challenges from September session posted on Slack. • India geography only. http://splk.it/slack
  • 29. © 2020 SPLUNK INC. Community Resources Splunk Community Resources (Both Official and Unofficial) Splunk > Clara-fication: Splunk Community: https://www.splunk.com/en_us/blog/tips- and-tricks/splunk-clara-fication-splunk-community.html
  • 30. We plan to meet 1st Saturday of every month at 14:00 PM IST. Please provide feedback for : • Sessions and improvements. • Topics to be covered in future sessions. • Let us know if you are interested in presenting in User Group. Keep the comradery through Slack and Splunk Answers> What’s Next http://splk.it/slack http://community.splunk.com https://conf.splunk.com Splunk .Conf 2020 registrations are open: Oct 20th and 21st (Virtual)