SlideShare a Scribd company logo

Analytics-Driven Security - How to Start and Continue the Journey

Splunk
Splunk

Regardless of how experienced you are when it comes to SIEM, you should constantly be looking for new security use cases and insights to maintain high levels of protection in your environment. However, the landscape is changing so quickly that this needs to be supported with an analytics-driven approach to ensure you are ahead of adversaries and are prioritizing the right threats. At the moment, you might be following best-practice frameworks, such as CIS20, or implementing the kill-chain model. This webinar will run through one of the recent analytics stories published by the Splunk Security Research team that map to these processes, providing you with insights on how to continue your analytics security journey through the “Brand Monitoring” Story and related searches. This will demonstrate how you can customize your environment to detect attempts to fool employees or customers into interacting with malicious infrastructure. Watch our webinar to learn : - What Analytic Stories are and what they look like - How you can begin adopting Analytic Stories in your environment - What tactics and techniques adversaries use when attempting to abuse your brand - How you can implement and customize the brand-monitoring analytic story in your environment - How you can further operationalize the Analytic Stories with Splunk Enterprise Security View the recording here: https://www.splunk.com/en_us/form/analytics-driven-security.html

Technology
1 of 41
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Analytics-Driven Security How to start and continue the journey? But How and Where? Paul Bryant, Field Product Manager Matthias Maier, Director Security Product Marketing
© 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
© 2017 SPLUNK INC. Analytics- Driven Security Where to start and how? Threat Surface How adversary's fool your employees and customers Getting started with Analytics- Driven Security Brand Monitoring Next Steps What you will learn
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Spelunking: to explore underground caves Our Mission:
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Exploring different caves with the same equipment Why buying new each time?
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Analytics-Driven Security RISK-BASED CONTEXT AND INTELLIGENCE CONNECTING DATA AND PEOPLE
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Security Nerve Center Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
© 2017 SPLUNK INC. Collaborative SOC Solve across multiple domains Establish security operations Specific problem Nerve center for security
© 2017 SPLUNK INC. Analytics-Driven Security: Portfolio Premium Solution Enterprise Security 3rd Party Apps & Add-ons (590+) Premium Solution User Behavior Analytics Search and Investigate Monitoring & Alerting Dashboards and Reports Incident & Breach Response Splunk Security Apps & Add-ons Network data RDBMS (any) data Windows host data Exchange data Analytics for Hadoop PCI ComplianceSecurity Essentials App for AWS ML Toolkit Google Cloud Microsoft Cloud Windows Infrastructure Discover Anomalous Behavior Detect Unknown Threats Automation & Orchestration Threat Detection Security Operations Platform for Operational Intelligence
© 2017 SPLUNK INC. Adaptive Defense at Machine Speed Extend Data Platform and Analytics Actionable Detect and Response Content Pre-packaged, Targeted Apps CONTINUOUS INNOVATION
© 2017 SPLUNK INC. Collaborative SOC Solve across multiple domains Establish security operations Specific problem Nerve center for security Poll: Where are you in the journey currently?
© 2017 SPLUNK INC. Analytics- Driven Security Where to start and how? Threat Surface How adversary's fool your employees and customers Getting started with Analytics- Driven Security Brand Monitoring Next steps Q&A Agenda
© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY. What tactics and techniques are adversaries using to abuse your brand Fool your employees and customers
© 2017 SPLUNK INC. …..typosquatting is the practise of creating a url which is similar to a known url for the purposes of deception…. …..spelunk.com vs. splunk.com…. Typosquatting
© 2017 SPLUNK INC. …..url hijacking is the practice of creating a url which contains a trusted value for the purposes of deception…. …..splunk-pwny.com vs. splunk.com…. Url Hijacking
© 2017 SPLUNK INC. ▶ Typo-Generation Models given a target domain (e.g. www.splunk.com), the following five typo-generation models are commonly used (1): • Missing-dot typos: this typo happens when the dot following “www” is forgotten, e.g., wwwsplunk.com • Character-omission typos - e.g. www.splnk.com • Character-permutation typos - e.g., www.spulnk.com • Character-substitution typos - e.g., www.solunk.com • Character-duplication typos - e.g., www.spllunk.com ▶ ▶ Homograph Attacks: the homograph attack relies on the visual similarity of letters or strings that might be confused with one another • For example splunk.com vs. spiunk.com • Or in Sans Serif splunk.com vs. spIunk.com ▶ Keyword Similarity attacks: used to confuse customers into believing a site is legitimate by referencing the original site: • For example - www.pwny-splunk.com ▶ TLD Manipulation / Subdomains • www.splunk.om • sp.lunk.com Reference (1): Y. Wang, D. Beck, and J. Wang. Strider typo-patrol: discovery and analysis of systematic typo-squatting. USENIX SRUTI, 2006. Typosquatting/URL Hijacking Science
© 2017 SPLUNK INC. ▶ Against You! •Typo opportunism for employees •Phishing or Spear- phishing email sources •Web Location employee deception ▶ For profit! •Domain Parking •Click Fraud •Extortion •Spam Delivery ▶ Against your Customers! •Typo opportunism for customers/consumers •Phishing email sources •Web Location for customer deception Uses of Typosquatting
© 2017 SPLUNK INC. Why Typosquatting • Gain Credentials • Collect information • Install malware Attacker Objective • Phishing or Spear-phishing to convince employees to interact with fake system • Link to interesting internal company blog Attacker Methods • Email Account Enumeration • Credentials for an account • Exploited Machine in your estate • Gain financial information for fraud or resell Attacker has gained
© 2017 SPLUNK INC. Paypal Reference (2) https://umbrella.cisco.com/blog/2015/02/11/paypal-phishing-sophistication-growing/ Using Typosquatting and Url Hijacking Techniques an attack creates the following domains: URL Method security-paypal-center[.]com Keyword Similarity paypai[.]com Character Substitution www[.]paypal[.]com-webapps-cgi- bin-webscr-login-access[.]com Subdomain Fake Site Real Site
© 2017 SPLUNK INC. SAAS Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which the user clicks User visits fake site on seemingly trusted domain User enters credentials to login to SAAS service which are stored User is redirected to original site and notices nothing
© 2017 SPLUNK INC. SAAS Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which the user clicks User visits fake site on seemingly trusted domain User enters credentials to login to SAAS service which are stored User is redirected to original site and notices nothing DNS Traffic Email Data Web Traffic Data Sources
© 2017 SPLUNK INC. Exploitation Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which the user clicks User visits site on seemingly trusted domain Users system is compromised and attack gains access Attack elevates privilege or steals data of choice
© 2017 SPLUNK INC. Exploitation Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which the user clicks User visits site on seemingly trusted domain Users system is compromised and attack gains access Attack elevates privilege or steals data of choice Data Sources Email Data DNS Traffic Web Traffic Endpoint Data
© 2017 SPLUNK INC. ▶ Using Typosquatting and Url Hijacking Techniques an attack creates the following domains: Google Drive Attack Reference (3) https://researchcenter[.]paloaltonetworks[.]com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/ URL Method microsoftserve[.]com Character Omission gooledriveservice[.]com Character Omission logitechwkgame[.]com Keyword Similarity
© 2017 SPLUNK INC. Online Storage Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which points to online document store User visits site on seemingly trusted domain Users system is compromised and attack gains access Command and Control uses Typosquatting Domains/URL Hijacking Techniques
© 2017 SPLUNK INC. Online Storage Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which points to online document store User visits site on seemingly trusted domain Users system is compromised and attack gains access Command and Control uses Typosquatting Domains/URL Hijacking Techniques Data Sources Email Data DNS Traffic Web Traffic Endpoint Data
© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY. Getting started with analytics driven security Fool your employees or customers
© 2017 SPLUNK INC. It’s not just detection….
© 2017 SPLUNK INC. ….nowadays it’s about understanding
© 2017 SPLUNK INC. Where to start? What tactics are attackers using? How to detect them without constant pattern updates? What machine data is needed? What context might be required for better judgement? What questions raise for investigations of a triggered alert? How does this effort map into my existing security strategy? Guidance
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Walking Guide
© 2017 SPLUNK INC.© 2017 SPLUNK INC. That knowledge is put into what we call a Analytics Story
© 2017 SPLUNK INC.© 2017 SPLUNK INC. ES CONTENT UPDATE Form factor: Splunk App Updates: Bi-Weekly Your Influence: Communicate with the team to get your Ideas in the productionised back Compatible: Splunk Enterprise & Cloud, Data in CIM Format + operationalize with ES Cost: Free in the first year
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Demo “Brand Monitoring” Analytic Story How to implement and operationalize
© 2017 SPLUNK INC. Investigation Story Line Probability of being an incident “Totally Scoped” • Alert • ... need more info ...25% • "Ah ok! Very Interesting" • ... need more info ... 50% • "Right. This is an issue." • ... need more info ...75% • Totally Scoped100%
© 2017 SPLUNK INC. Investigation Story Line Probability of being an incident “Totally Scoped” • Detection Search • ... need more info ...25% • Investigation Search • Contextualization Search 50% • Supporting Search • Contextualization Search75% • Automated Action100%
© 2017 SPLUNK INC. ▶ DNS Twist your SAAS providers and monitor for access of them •Googledrive •Box •Dropbox •Office 365 •Cloud Providers ▶ Use DNS Twist domains to get Whois info if they are registered for more context Future Actions
© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY. Next Steps Q&A
© 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ Download ES Content Update ▶ https://splunkbase.splunk.co m/app/3449/ ▶ Select and Implement the first use case ▶ Provide Feedback Try now!
© 2017 SPLUNK INC. Hear: How Travis Perkins built a SOC in the Cloud blogs.splunk.com Hear: Three Tips from Cisco’s CSIRT using Splunk isc2.org Read: Incident Response and Computer Forensics amazon.com Learn: Operationalizing Machine Learning to Detect Malicious Domain Names splunk.com
© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY. Thank You Q&A Please help us to improve our webinars and give us feedback in the survey monkey which pops up when you leave.

Recommended

Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Splunk
 
Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
The Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopThe Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopSplunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunk
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunk
 

Recommended

Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Splunk
 
Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
The Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopThe Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopSplunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunk
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunk
 
SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and AlertsSplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and AlertsSplunk
 
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
Splunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk
 
Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunk
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceSplunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsSplunk
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunk
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunk
 
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova Splunk
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPLSplunk
 
Power of SPL Workshop
Power of SPL WorkshopPower of SPL Workshop
Power of SPL WorkshopSplunk
 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsSplunk
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarSplunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
 

More Related Content

What's hot

SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and AlertsSplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and AlertsSplunk
 
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
Splunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk
 
Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunk
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceSplunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsSplunk
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunk
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunk
 
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova Splunk
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPLSplunk
 
Power of SPL Workshop
Power of SPL WorkshopPower of SPL Workshop
Power of SPL WorkshopSplunk
 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsSplunk
 

What's hot (20)

SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and AlertsSplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
SplunkLive! Zurich 2017 - Splunk Add-ons and Alerts
 
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
 
Splunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops Session
 
Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
 
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk EnterpriseSplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
SplunkLive! Zurich 2017 - Data Obfuscation in Splunk Enterprise
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service Intelligence
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security Operations
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy Users
 
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova
SplunkLive! Stockholm 2018 - Customer presentation: Bonnier Books Nova
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability Management
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
 
Power of SPL Workshop
Power of SPL WorkshopPower of SPL Workshop
Power of SPL Workshop
 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
 

Similar to Analytics-Driven Security - How to Start and Continue the Journey

Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarSplunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsSplunk
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Adam Tice
 
Build a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureBuild a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureSplunk
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunk
 
Security investigation hands on workshop 2018-05
Security investigation hands on workshop 2018-05Security investigation hands on workshop 2018-05
Security investigation hands on workshop 2018-05YoungCho50
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018YoungCho50
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARSplunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaSplunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunk
 
stackArmor Security MicroSummit - AWS Security with Splunk
stackArmor Security MicroSummit - AWS Security with SplunkstackArmor Security MicroSummit - AWS Security with Splunk
stackArmor Security MicroSummit - AWS Security with SplunkGaurav "GP" Pal
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunk
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 

Similar to Analytics-Driven Security - How to Start and Continue the Journey (20)

Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
 
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
Build a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureBuild a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security Posture
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics Methods
 
Security investigation hands on workshop 2018-05
Security investigation hands on workshop 2018-05Security investigation hands on workshop 2018-05
Security investigation hands on workshop 2018-05
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
 
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics Methods
 
stackArmor Security MicroSummit - AWS Security with Splunk
stackArmor Security MicroSummit - AWS Security with SplunkstackArmor Security MicroSummit - AWS Security with Splunk
stackArmor Security MicroSummit - AWS Security with Splunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Analytics-Driven Security - How to Start and Continue the Journey

  • 1. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Analytics-Driven Security How to start and continue the journey? But How and Where? Paul Bryant, Field Product Manager Matthias Maier, Director Security Product Marketing
  • 2. © 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 3. © 2017 SPLUNK INC. Analytics- Driven Security Where to start and how? Threat Surface How adversary's fool your employees and customers Getting started with Analytics- Driven Security Brand Monitoring Next Steps What you will learn
  • 4. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Spelunking: to explore underground caves Our Mission:
  • 5. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Exploring different caves with the same equipment Why buying new each time?
  • 6. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Analytics-Driven Security RISK-BASED CONTEXT AND INTELLIGENCE CONNECTING DATA AND PEOPLE
  • 7. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Security Nerve Center Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
  • 8. © 2017 SPLUNK INC. Collaborative SOC Solve across multiple domains Establish security operations Specific problem Nerve center for security
  • 9. © 2017 SPLUNK INC. Analytics-Driven Security: Portfolio Premium Solution Enterprise Security 3rd Party Apps & Add-ons (590+) Premium Solution User Behavior Analytics Search and Investigate Monitoring & Alerting Dashboards and Reports Incident & Breach Response Splunk Security Apps & Add-ons Network data RDBMS (any) data Windows host data Exchange data Analytics for Hadoop PCI ComplianceSecurity Essentials App for AWS ML Toolkit Google Cloud Microsoft Cloud Windows Infrastructure Discover Anomalous Behavior Detect Unknown Threats Automation & Orchestration Threat Detection Security Operations Platform for Operational Intelligence
  • 10. © 2017 SPLUNK INC. Adaptive Defense at Machine Speed Extend Data Platform and Analytics Actionable Detect and Response Content Pre-packaged, Targeted Apps CONTINUOUS INNOVATION
  • 11. © 2017 SPLUNK INC. Collaborative SOC Solve across multiple domains Establish security operations Specific problem Nerve center for security Poll: Where are you in the journey currently?
  • 12. © 2017 SPLUNK INC. Analytics- Driven Security Where to start and how? Threat Surface How adversary's fool your employees and customers Getting started with Analytics- Driven Security Brand Monitoring Next steps Q&A Agenda
  • 13. © 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY. What tactics and techniques are adversaries using to abuse your brand Fool your employees and customers
  • 14. © 2017 SPLUNK INC. …..typosquatting is the practise of creating a url which is similar to a known url for the purposes of deception…. …..spelunk.com vs. splunk.com…. Typosquatting
  • 15. © 2017 SPLUNK INC. …..url hijacking is the practice of creating a url which contains a trusted value for the purposes of deception…. …..splunk-pwny.com vs. splunk.com…. Url Hijacking
  • 16. © 2017 SPLUNK INC. ▶ Typo-Generation Models given a target domain (e.g. www.splunk.com), the following five typo-generation models are commonly used (1): • Missing-dot typos: this typo happens when the dot following “www” is forgotten, e.g., wwwsplunk.com • Character-omission typos - e.g. www.splnk.com • Character-permutation typos - e.g., www.spulnk.com • Character-substitution typos - e.g., www.solunk.com • Character-duplication typos - e.g., www.spllunk.com ▶ ▶ Homograph Attacks: the homograph attack relies on the visual similarity of letters or strings that might be confused with one another • For example splunk.com vs. spiunk.com • Or in Sans Serif splunk.com vs. spIunk.com ▶ Keyword Similarity attacks: used to confuse customers into believing a site is legitimate by referencing the original site: • For example - www.pwny-splunk.com ▶ TLD Manipulation / Subdomains • www.splunk.om • sp.lunk.com Reference (1): Y. Wang, D. Beck, and J. Wang. Strider typo-patrol: discovery and analysis of systematic typo-squatting. USENIX SRUTI, 2006. Typosquatting/URL Hijacking Science
  • 17. © 2017 SPLUNK INC. ▶ Against You! •Typo opportunism for employees •Phishing or Spear- phishing email sources •Web Location employee deception ▶ For profit! •Domain Parking •Click Fraud •Extortion •Spam Delivery ▶ Against your Customers! •Typo opportunism for customers/consumers •Phishing email sources •Web Location for customer deception Uses of Typosquatting
  • 18. © 2017 SPLUNK INC. Why Typosquatting • Gain Credentials • Collect information • Install malware Attacker Objective • Phishing or Spear-phishing to convince employees to interact with fake system • Link to interesting internal company blog Attacker Methods • Email Account Enumeration • Credentials for an account • Exploited Machine in your estate • Gain financial information for fraud or resell Attacker has gained
  • 19. © 2017 SPLUNK INC. Paypal Reference (2) https://umbrella.cisco.com/blog/2015/02/11/paypal-phishing-sophistication-growing/ Using Typosquatting and Url Hijacking Techniques an attack creates the following domains: URL Method security-paypal-center[.]com Keyword Similarity paypai[.]com Character Substitution www[.]paypal[.]com-webapps-cgi- bin-webscr-login-access[.]com Subdomain Fake Site Real Site
  • 20. © 2017 SPLUNK INC. SAAS Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which the user clicks User visits fake site on seemingly trusted domain User enters credentials to login to SAAS service which are stored User is redirected to original site and notices nothing
  • 21. © 2017 SPLUNK INC. SAAS Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which the user clicks User visits fake site on seemingly trusted domain User enters credentials to login to SAAS service which are stored User is redirected to original site and notices nothing DNS Traffic Email Data Web Traffic Data Sources
  • 22. © 2017 SPLUNK INC. Exploitation Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which the user clicks User visits site on seemingly trusted domain Users system is compromised and attack gains access Attack elevates privilege or steals data of choice
  • 23. © 2017 SPLUNK INC. Exploitation Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which the user clicks User visits site on seemingly trusted domain Users system is compromised and attack gains access Attack elevates privilege or steals data of choice Data Sources Email Data DNS Traffic Web Traffic Endpoint Data
  • 24. © 2017 SPLUNK INC. ▶ Using Typosquatting and Url Hijacking Techniques an attack creates the following domains: Google Drive Attack Reference (3) https://researchcenter[.]paloaltonetworks[.]com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/ URL Method microsoftserve[.]com Character Omission gooledriveservice[.]com Character Omission logitechwkgame[.]com Keyword Similarity
  • 25. © 2017 SPLUNK INC. Online Storage Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which points to online document store User visits site on seemingly trusted domain Users system is compromised and attack gains access Command and Control uses Typosquatting Domains/URL Hijacking Techniques
  • 26. © 2017 SPLUNK INC. Online Storage Attack Demo What does an attack look like? User ffff User Receives Email from seemingly trusted source User Email Contains an embedded link which points to online document store User visits site on seemingly trusted domain Users system is compromised and attack gains access Command and Control uses Typosquatting Domains/URL Hijacking Techniques Data Sources Email Data DNS Traffic Web Traffic Endpoint Data
  • 27. © 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY. Getting started with analytics driven security Fool your employees or customers
  • 28. © 2017 SPLUNK INC. It’s not just detection….
  • 29. © 2017 SPLUNK INC. ….nowadays it’s about understanding
  • 30. © 2017 SPLUNK INC. Where to start? What tactics are attackers using? How to detect them without constant pattern updates? What machine data is needed? What context might be required for better judgement? What questions raise for investigations of a triggered alert? How does this effort map into my existing security strategy? Guidance
  • 31. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Walking Guide
  • 32. © 2017 SPLUNK INC.© 2017 SPLUNK INC. That knowledge is put into what we call a Analytics Story
  • 33. © 2017 SPLUNK INC.© 2017 SPLUNK INC. ES CONTENT UPDATE Form factor: Splunk App Updates: Bi-Weekly Your Influence: Communicate with the team to get your Ideas in the productionised back Compatible: Splunk Enterprise & Cloud, Data in CIM Format + operationalize with ES Cost: Free in the first year
  • 34. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Demo “Brand Monitoring” Analytic Story How to implement and operationalize
  • 35. © 2017 SPLUNK INC. Investigation Story Line Probability of being an incident “Totally Scoped” • Alert • ... need more info ...25% • "Ah ok! Very Interesting" • ... need more info ... 50% • "Right. This is an issue." • ... need more info ...75% • Totally Scoped100%
  • 36. © 2017 SPLUNK INC. Investigation Story Line Probability of being an incident “Totally Scoped” • Detection Search • ... need more info ...25% • Investigation Search • Contextualization Search 50% • Supporting Search • Contextualization Search75% • Automated Action100%
  • 37. © 2017 SPLUNK INC. ▶ DNS Twist your SAAS providers and monitor for access of them •Googledrive •Box •Dropbox •Office 365 •Cloud Providers ▶ Use DNS Twist domains to get Whois info if they are registered for more context Future Actions
  • 38. © 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY. Next Steps Q&A
  • 39. © 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ Download ES Content Update ▶ https://splunkbase.splunk.co m/app/3449/ ▶ Select and Implement the first use case ▶ Provide Feedback Try now!
  • 40. © 2017 SPLUNK INC. Hear: How Travis Perkins built a SOC in the Cloud blogs.splunk.com Hear: Three Tips from Cisco’s CSIRT using Splunk isc2.org Read: Incident Response and Computer Forensics amazon.com Learn: Operationalizing Machine Learning to Detect Malicious Domain Names splunk.com
  • 41. © 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2016 SPLUNK INC. CONFIDENTIAL. INTERNAL USE ONLY. Thank You Q&A Please help us to improve our webinars and give us feedback in the survey monkey which pops up when you leave.