Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Better Threat Analytics: From Getting Started to Cloud Security Analytics and Machine Learning Algorithms

181 views

Published on

Fighting the Eternal Challenge: Dealing with Alert Fatigue and Getting Insights into Security Productivity.
Lessons for a Fast Start in Automation and Orchestration.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Better Threat Analytics: From Getting Started to Cloud Security Analytics and Machine Learning Algorithms

  1. 1. © 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Better Threat Analytics: From Getting Started to Cloud Security Analytics and Machine Learning Algorithms Security Breakout
  2. 2. © 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Fighting the Eternal Challenge: Dealing with Alert Fatigue and Getting Insights into Security Productivity Security Breakout
  3. 3. © 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Lessons for a Fast Start in Automation and Orchestration Security Breakout
  4. 4. During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Data-to-Everything, D2E, and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved. Forward- Looking Statements © 2 0 2 0 S P L U N K I N C .
  5. 5. © 2 0 2 0 S P L U N K I N C . What Indicators of compromise should I look for? What data do I need? What about cloud services, they work differently? What about insider threat and compromised accounts? How can behavioural techniques / ML help and how difficult is it? Key Challenges Where do I start?
  6. 6. © 2 0 2 0 S P L U N K I N C . Key Takeaways Where to find and how to use Splunk Content aligned to MITRE? Multi Cloud Threat Detection is ready to go with Splunk Machine Learning & Data Science can boost your SOC 1 2 3
  7. 7. © 2 0 2 0 S P L U N K I N C . Customer Delivery Other Data Lakes CLOUDON-PREM HYBRID WITH BROKERS Platform for Machine DataPlatform Applications Future Splunk Solutions 3rd Party Plug-ins Solutions Mission Control Cloud-Based Unified Security Operations + Security Operations Suite Architecture SecurityUseCaseContent Enterprise Security User Behavior Analytics + Phantom
  8. 8. © 2 0 2 0 S P L U N K I N C . IngestDetect Predict Automate OrchestrateRecommend Collaborate Investigate Manage Cases Report Content Machine Learning
  9. 9. © 2 0 2 0 S P L U N K I N C . Splunk Security Content Detection made easier
  10. 10. © 2 0 2 0 S P L U N K I N C . Splunk Security Threat Detection Content Where to find it Security Essentials ES Content Update UBA Inventory of all content + guidance and reporting Bi weekly release Inc MLTK ML and Graph Analysis
  11. 11. © 2 0 2 0 S P L U N K I N C . Splunk Security Essentials • Common use cases and examples to get started • Data onboarding guides for top data sources • Understand use case needed to improve your security • Use cases & Playbooks ready for operationalization in Splunk ES, UBA & Phantom https://splunkbase.splunk.com/app/3435/
  12. 12. © 2 0 2 0 S P L U N K I N C . Prescriptive Content What to do next? SSE understands what data you have, and what content you already use. It uses that to recommend what to do next.
  13. 13. © 2 0 2 0 S P L U N K I N C . Includes Maps and Content from Splunk Premium Solutions Splunk ES Content Update
  14. 14. © 2 0 2 0 S P L U N K I N C . How to Find Content, By Use Case, Data Source, Threat Actor, MITRE ATT&CK Tactic, and Track Your Coverage Demo
  15. 15. © 2 0 2 0 S P L U N K I N C . Analytics Supporting Multi Cloud
  16. 16. © 2 0 2 0 S P L U N K I N C . You All* Have a Cloud Strategy
  17. 17. © 2 0 2 0 S P L U N K I N C . Centralised SOC view of all cloud security Platform for Machine Data Mission Control Cloud-Based Unified Security Operations +Enterprise Security User Behavior Analytics + Phantom
  18. 18. © 2 0 2 0 S P L U N K I N C . Analytics on Cloud Data is Hard?
  19. 19. © 2 0 2 0 S P L U N K I N C . Single Use Cases across Multiple Cloud
  20. 20. © 2 0 2 0 S P L U N K I N C . More Multi Cloud Security Usecases You’re ingesting advanced data sources and running better investigations.
  21. 21. © 2 0 2 0 S P L U N K I N C . Cloud Data Model – Coming Soon Now on GitHub!
  22. 22. © 2 0 2 0 S P L U N K I N C . What About Orchestration and Automation?
  23. 23. © 2 0 2 0 S P L U N K I N C . Advanced Detection & Machine Learning
  24. 24. © 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Using the power of Splunk for Security Machine Learning MLTK First Time Behavior STATS Security Analytics Correlation Time Series Spike Analysis STDEV Unsupervised ML & Graph Analysis OTB Splunk UBA
  25. 25. © 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Target, enrich, and prioritize with ES frameworks Asset and Identity Correlation Risk-Based Alerting Threat Intelligece
  26. 26. © 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Showcase Demo
  27. 27. © 2 0 2 0 S P L U N K I N C . SplunkUser Behavior Analytics • Multi-entity behavior profiling • Comprehensive unsupervised Machine Learning algorithms OTB • Multi-dimensional identity correlation • Continuous UBA content updates • Open SDK for Data Scientists
  28. 28. © 2 0 2 0 S P L U N K I N C . How Does Splunk UBA Work? 65+ Anomaly Classifications 25+ Threat Classifications Machine Learning Suspicious Data Movement Unusual Machine Access Flight Risk User Unusual Network Activity Machine Generated Beacon Lateral Movement Suspicious Behavior Compromised User Account Data Exfiltration Malware Activity Application logs Network logs Endpoint logs Server logs Identity logs Machine Learning & Graph Analysis 7 Use Cases
  29. 29. © 2 0 2 0 S P L U N K I N C . Trinity Reference?
  30. 30. © 2 0 2 0 S P L U N K I N C . Takeaways Where to find it Detection Content Ready for ES Threat Detection in Multi Cloud Out of the Box ML Capabilities
  31. 31. © 2 0 2 0 S P L U N K I N C . You! Thank

×