SlideShare a Scribd company logo
1 of 33
© 2022 SPLUNK INC.
Security
Session
October 4th, Zurich
© 2022 SPLUNK INC.
© 2022 SPLUNK INC.
Speaker
Security Advisor
Le-Khanh Au
Manager Sales Engineering | Alps
Security Spearhead
Juerg Fischer
© 2022 SPLUNK INC.
Agenda
Cyber Security
Resilience
PMI Story:
Application
Monitoring at
Scale
Top 3 CISO
priorities
Conclusion
© 2022 SPLUNK INC.
Cyber Security Resilience
Source: World Economic Forum
© 2022 SPLUNK INC.
The Data-Centric Modern SOC
Threat Detection, Investigation and Response
Data Platform
Intelligence Management
Threat Research
Analytics
Automation and Orchestration
Detect/Correlate
Predict/Prevent
Discover/Prepare
Analyze/Investigate
Report/Comply
Triage/Respond
Unparalleled
Ecosystem
• Apps
• Technical architectures
• Connections
• Partners
• Community
© 2022 SPLUNK INC.
Application
Monitoring at
Scale
© 2022 SPLUNK INC.
Threat Modeling
● Define Scope and Depth
● Identify and Prioritize Threats
● Structured Process
Identify Assets
Identify Threats &
Risk
Understand Line
of Business
Countermeasure
& Gap Analysis
Outline
Architecture
© 2022 SPLUNK INC.
Challenge
● Complex Process
● Lack of Engagement
● Asset Repository & Scoping
● Legacy Systems
© 2022 SPLUNK INC.
Security Monitoring Journey
● End-to-End Structured Process
● Improve Engagement
● Measurable Outcome
● Cloud Migration
● Automation
3
1 5
2 4 6
TM
Questionnaire
Feasibility
Assessment
Abuser
Detection
TM Sessions Log Ingestion Remediation
Playbook
Abuser
Monitoring
© 2022 SPLUNK INC.
Self-service Splunk Infrastructure
● Cloud-native Ingestion Pipelines
● Alert Creation/Management Pipelines
● Community Contribution
● Traceability
© 2022 SPLUNK INC.
● Structured Process
● Automation & Self-service Model
Take-aways
© 2022 SPLUNK INC.
Top 3 CISO
priorities
© 2022 SPLUNK INC.
CISO
Prio 1
© 2022 SPLUNK INC.
Risk Based Alerting
A true game changer
https://www.splunk.com/en_us/blog/security/risk-based-alerting-the-new-frontier-for-siem.html
© 2022 SPLUNK INC.
How Does This Look in Practice?
With risk-based alerting, these events become context that informs high-fidelity
alerts
Risk Incident Rule:
Generate alert for any user or system that
exceeds a risk score of 100 in a 24 hour
period
Aggregated user risk score >100
ALERT
With one click, view all
of the risk events that
contribute to the alert
Potential
spearphishing
observed
10 pts
Suspicious
command
disabling controls
15 pts
Suspicious Powershell
observed
20 pts
AWS ACLs opened
up all access
10 pts
AWS user
provisioning
observed
15 pts
AWS buckets
created
15 pts
AWS permanent
creation observed
20 pts
6:55AM 6:58AM 7:03AM 1:55PM 2:03PM 2:07PM 2:15PM
© 2022 SPLUNK INC.
CISO
Prio 2
© 2022 SPLUNK INC.
Use Case Development
CIS Top 20 Controls
Recommended set of actions for cyber
defense that provide specific and actionable
ways to stop today's most pervasive and
dangerous attacks
Different Frameworks/Process Flows
MITRE ATT&CK
MITRE ATT&CK® is a globally-accessible
knowledge base of adversary tactics and
techniques based on real-world
observations.
Customer specific use cases
To organize use cases, a use case
framework should be used. Such frame-
works enable control over use cases and
provide insight into identify how well an
organization is capable of defending
against cyber threats.
Content Description
01 - Inventory of
Authorized and
Unauthorized
Devices
Actively manage (inventory, track, and correct) all hardware
devices on the network so that only authorized devices are given
access, and unauthorized and unmanaged devices are found and
prevented from gaining access.
02 - Inventory of
Authorized and
Unauthorized
Software
Actively manage (inventory, track, and correct) all software on the
network so that only authorized software is installed and can
execute, and that unauthorized and unmanaged software is found
and prevented from installation or execution.
03 - Secure
Configurations
for Hardware and
Software
Establish, implement, and actively manage (track, report on,
correct) the security configuration of mobile devices, laptops,
servers, and workstations using a rigorous configuration
management and change control process in order to prevent
attackers from exploiting vulnerable services and settings.
© 2022 SPLUNK INC.
Security Content Repository
© 2022 SPLUNK INC.
Prescriptive
Content
​What To Do Next?
Security Essentials understands
what data you have, and what
content you already use. It uses
that to recommend
© 2022 SPLUNK INC.
Deliver IOC
to ES
Alert /
Inform
Employee
Change
Severity
Check EP
Search for
Mails
Approve
Block
Mails
Check
URL
Real Use Case: Phishing Mail
The Investigation Process to solve a Phishing Mail Incident
Core
Big Data
Platform
SIEM
Incident
Anaylst Handling
SOAR
Automation &
Orchestration
Ingest
Threat
Hunting
Check for
exiist. IOC
Check for
exist. User
OOTB content
Analyst driven
ML/AI driven
Ingest Event Create Ticket Check URL
Change
Severity
Check User
Endpoint
Search for
similar
Emails
(Human)
Approve
Process
Block
incoming Mail
Alert
Employes
Deliver to
Splunk
Core/ES
Ingest
Create
Ticket
Deliver
IOC to
Core
Block
Mails
Adaptive
Response
© 2022 SPLUNK INC.
Security PVP - Your Security Maturity
Index, Search, Monitor & Alert
Level 1
● Use of Pre-built Content
● Centralized Retention and
Visibility for all Data
● Security Monitoring
Dashboards
● Alerting
● Basic Reporting
● Ad-Hoc Investigation and
Incident Response
● Historical Data Analysis
55%
Normalize, Correlate & Risk
Level 2
● Data Normalization
● Security Use Case Library
● Risk Awareness and Alert
Prioritization
● Threat Intelligence
● Information and Event
Correlation
● Notable Event Management
● Triage & Investigation
Workflows
50%
Collaborate, Hunt & ML
Level 3
● Risk Based Alerting
● Insider Threat Detection
● Semi-Automated Playbooks
(Orchestration & Response)
● Pre-Built Machine Learning
security content
● Threat Hunting
● Continuous Use Case
development
● Incident Collaboration
26%
Simulate, Respond & Fully
Automate
Level 4
● Risk Reporting
● Full Playbook Automation
● Custom Machine Learning
security content
● Stream Processing and stream
Analytics
● Attack Simulation
● Effective collaboration &
integration with other teams or
tools
● Breach Response
36%
Security Maturity
Reactive
Proactive
42%
green - implemented | orange - to be implemented medium term | red - highly recommended for the security posture
xx% - Maturity today
© 2022 SPLUNK INC.
CISO
Prio 3
© 2022 SPLUNK INC.
A Day in the Life of
an Analyst
Before and after SOAR
© 2021 SPLUNK INC.
© 2022 SPLUNK INC.
97%agree that a SOAR allowed for
increased workload maintaining the
same number of staff
© 2022 SPLUNK INC.
Conclusion
© 2022 SPLUNK INC.
See Across Your Entire Organization
End-to-End visibility that starts with the power of the Splunk platform
© 2022 SPLUNK INC.
Cyber Security Resilience
Security
Logging &
Investigation
IT / OT
SOC
Automation
Security Nerve
Center
© 2022 SPLUNK INC.
© 2022 SPLUNK INC.
Monitoring Net/OS/Virt/App CPU/Mem/Disc
Events Logs Metrics
Application
Traces
Databases
Networks Servers Virtual
Machines
Smartphones
and Devices
Custom
Applications
Security
Web
Server
Sensors SAP Container IBM
OpenWhisk
AWS
Lambda
GCP
Functions
SIEM
SOAR
SOC/CERT Triage
EDR
NDR
XDR
UEBA
Security
Operation
and
Analytics
NOC OT
CMDB
Threat Intel
Use
Cases
ML
ML
Security Nerve Center
Search – Correlate - Investigate – Analyze - Act
© 2022 SPLUNK INC.
Databases
Networks Servers Virtual
Machines
Smartphones
and Devices
Custom
Applications
Security
Web
Server
Sensors SAP Container IBM
OpenWhisk
AWS
Lambda
GCP
Functions
SIEM
SOAR
SOC/CERT Triage
EDR
NDR
XDR
UEBA
Security
Operation
and
Analytics
NOC OT
CMDB
Threat Intel
Use
Cases
ML
ML
Security Nerve Center
Search – Correlate - Investigate – Analyze - Act
Monitoring Net/OS/Virt/App CPU/Mem/Disc
Events Logs Metrics
Application
Traces
© 2022 SPLUNK INC.
Databases
Networks Servers Virtual
Machines
Smartphones
and Devices
Custom
Applications
Security
Web
Server
Sensors SAP Container IBM
OpenWhisk
AWS
Lambda
GCP
Functions
SIEM
SOAR
SOC/CERT Triage
EDR
NDR
XDR
UEBA
Security
Operation
and
Analytics
NOC OT
CMDB
Threat Intel
Use
Cases
ML
ML
Security Nerve Center
Search – Correlate - Investigate – Analyze - Act
Monitoring Net/OS/Virt/App CPU/Mem/Disc
Events Logs Metrics
Application
Traces
© 2022 SPLUNK INC.
Monitoring Net/OS/Virt/App CPU/Mem/Disc
Events Logs Metrics
Application
Traces
Databases
Networks Servers Virtual
Machines
Smartphones
and Devices
Custom
Applications
Security
Web
Server
Sensors SAP Container IBM
OpenWhisk
AWS
Lambda
GCP
Functions
SIEM
SOAR
SOC/CERT Triage
EDR
NDR
XDR
UEBA
Security
Operation
and
Analytics
NOC OT
CMDB
Threat Intel
Use
Cases
ML
ML
Security Nerve Center
Search – Correlate - Investigate – Analyze - Act
© 2022 SPLUNK INC.
Thank You!

More Related Content

Similar to .conf Go Zurich 2022 - Security Session

Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Splunk for Enterprise Security and User Behavior Analytics
 Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Amazon Web Services
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Amazon Web Services
 

Similar to .conf Go Zurich 2022 - Security Session (20)

Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit  Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Splunk for Enterprise Security and User Behavior Analytics
 Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security Architecture
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
Gain visibility & real-time actionable security alerts with VPC Flow Logs & A...
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
Gain visibility and real-time security alerts with VPC Flow Logs & AWS - DEM0...
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 

Recently uploaded

Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 

Recently uploaded (20)

Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 

.conf Go Zurich 2022 - Security Session

  • 1. © 2022 SPLUNK INC. Security Session October 4th, Zurich
  • 3. © 2022 SPLUNK INC. Speaker Security Advisor Le-Khanh Au Manager Sales Engineering | Alps Security Spearhead Juerg Fischer
  • 4. © 2022 SPLUNK INC. Agenda Cyber Security Resilience PMI Story: Application Monitoring at Scale Top 3 CISO priorities Conclusion
  • 5. © 2022 SPLUNK INC. Cyber Security Resilience Source: World Economic Forum
  • 6. © 2022 SPLUNK INC. The Data-Centric Modern SOC Threat Detection, Investigation and Response Data Platform Intelligence Management Threat Research Analytics Automation and Orchestration Detect/Correlate Predict/Prevent Discover/Prepare Analyze/Investigate Report/Comply Triage/Respond Unparalleled Ecosystem • Apps • Technical architectures • Connections • Partners • Community
  • 7. © 2022 SPLUNK INC. Application Monitoring at Scale
  • 8. © 2022 SPLUNK INC. Threat Modeling ● Define Scope and Depth ● Identify and Prioritize Threats ● Structured Process Identify Assets Identify Threats & Risk Understand Line of Business Countermeasure & Gap Analysis Outline Architecture
  • 9. © 2022 SPLUNK INC. Challenge ● Complex Process ● Lack of Engagement ● Asset Repository & Scoping ● Legacy Systems
  • 10. © 2022 SPLUNK INC. Security Monitoring Journey ● End-to-End Structured Process ● Improve Engagement ● Measurable Outcome ● Cloud Migration ● Automation 3 1 5 2 4 6 TM Questionnaire Feasibility Assessment Abuser Detection TM Sessions Log Ingestion Remediation Playbook Abuser Monitoring
  • 11. © 2022 SPLUNK INC. Self-service Splunk Infrastructure ● Cloud-native Ingestion Pipelines ● Alert Creation/Management Pipelines ● Community Contribution ● Traceability
  • 12. © 2022 SPLUNK INC. ● Structured Process ● Automation & Self-service Model Take-aways
  • 13. © 2022 SPLUNK INC. Top 3 CISO priorities
  • 14. © 2022 SPLUNK INC. CISO Prio 1
  • 15. © 2022 SPLUNK INC. Risk Based Alerting A true game changer https://www.splunk.com/en_us/blog/security/risk-based-alerting-the-new-frontier-for-siem.html
  • 16. © 2022 SPLUNK INC. How Does This Look in Practice? With risk-based alerting, these events become context that informs high-fidelity alerts Risk Incident Rule: Generate alert for any user or system that exceeds a risk score of 100 in a 24 hour period Aggregated user risk score >100 ALERT With one click, view all of the risk events that contribute to the alert Potential spearphishing observed 10 pts Suspicious command disabling controls 15 pts Suspicious Powershell observed 20 pts AWS ACLs opened up all access 10 pts AWS user provisioning observed 15 pts AWS buckets created 15 pts AWS permanent creation observed 20 pts 6:55AM 6:58AM 7:03AM 1:55PM 2:03PM 2:07PM 2:15PM
  • 17. © 2022 SPLUNK INC. CISO Prio 2
  • 18. © 2022 SPLUNK INC. Use Case Development CIS Top 20 Controls Recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks Different Frameworks/Process Flows MITRE ATT&CK MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Customer specific use cases To organize use cases, a use case framework should be used. Such frame- works enable control over use cases and provide insight into identify how well an organization is capable of defending against cyber threats. Content Description 01 - Inventory of Authorized and Unauthorized Devices Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. 02 - Inventory of Authorized and Unauthorized Software Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution. 03 - Secure Configurations for Hardware and Software Establish, implement, and actively manage (track, report on, correct) the security configuration of mobile devices, laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.
  • 19. © 2022 SPLUNK INC. Security Content Repository
  • 20. © 2022 SPLUNK INC. Prescriptive Content ​What To Do Next? Security Essentials understands what data you have, and what content you already use. It uses that to recommend
  • 21. © 2022 SPLUNK INC. Deliver IOC to ES Alert / Inform Employee Change Severity Check EP Search for Mails Approve Block Mails Check URL Real Use Case: Phishing Mail The Investigation Process to solve a Phishing Mail Incident Core Big Data Platform SIEM Incident Anaylst Handling SOAR Automation & Orchestration Ingest Threat Hunting Check for exiist. IOC Check for exist. User OOTB content Analyst driven ML/AI driven Ingest Event Create Ticket Check URL Change Severity Check User Endpoint Search for similar Emails (Human) Approve Process Block incoming Mail Alert Employes Deliver to Splunk Core/ES Ingest Create Ticket Deliver IOC to Core Block Mails Adaptive Response
  • 22. © 2022 SPLUNK INC. Security PVP - Your Security Maturity Index, Search, Monitor & Alert Level 1 ● Use of Pre-built Content ● Centralized Retention and Visibility for all Data ● Security Monitoring Dashboards ● Alerting ● Basic Reporting ● Ad-Hoc Investigation and Incident Response ● Historical Data Analysis 55% Normalize, Correlate & Risk Level 2 ● Data Normalization ● Security Use Case Library ● Risk Awareness and Alert Prioritization ● Threat Intelligence ● Information and Event Correlation ● Notable Event Management ● Triage & Investigation Workflows 50% Collaborate, Hunt & ML Level 3 ● Risk Based Alerting ● Insider Threat Detection ● Semi-Automated Playbooks (Orchestration & Response) ● Pre-Built Machine Learning security content ● Threat Hunting ● Continuous Use Case development ● Incident Collaboration 26% Simulate, Respond & Fully Automate Level 4 ● Risk Reporting ● Full Playbook Automation ● Custom Machine Learning security content ● Stream Processing and stream Analytics ● Attack Simulation ● Effective collaboration & integration with other teams or tools ● Breach Response 36% Security Maturity Reactive Proactive 42% green - implemented | orange - to be implemented medium term | red - highly recommended for the security posture xx% - Maturity today
  • 23. © 2022 SPLUNK INC. CISO Prio 3
  • 24. © 2022 SPLUNK INC. A Day in the Life of an Analyst Before and after SOAR
  • 25. © 2021 SPLUNK INC. © 2022 SPLUNK INC. 97%agree that a SOAR allowed for increased workload maintaining the same number of staff
  • 26. © 2022 SPLUNK INC. Conclusion
  • 27. © 2022 SPLUNK INC. See Across Your Entire Organization End-to-End visibility that starts with the power of the Splunk platform
  • 28. © 2022 SPLUNK INC. Cyber Security Resilience Security Logging & Investigation IT / OT SOC Automation Security Nerve Center © 2022 SPLUNK INC.
  • 29. © 2022 SPLUNK INC. Monitoring Net/OS/Virt/App CPU/Mem/Disc Events Logs Metrics Application Traces Databases Networks Servers Virtual Machines Smartphones and Devices Custom Applications Security Web Server Sensors SAP Container IBM OpenWhisk AWS Lambda GCP Functions SIEM SOAR SOC/CERT Triage EDR NDR XDR UEBA Security Operation and Analytics NOC OT CMDB Threat Intel Use Cases ML ML Security Nerve Center Search – Correlate - Investigate – Analyze - Act
  • 30. © 2022 SPLUNK INC. Databases Networks Servers Virtual Machines Smartphones and Devices Custom Applications Security Web Server Sensors SAP Container IBM OpenWhisk AWS Lambda GCP Functions SIEM SOAR SOC/CERT Triage EDR NDR XDR UEBA Security Operation and Analytics NOC OT CMDB Threat Intel Use Cases ML ML Security Nerve Center Search – Correlate - Investigate – Analyze - Act Monitoring Net/OS/Virt/App CPU/Mem/Disc Events Logs Metrics Application Traces
  • 31. © 2022 SPLUNK INC. Databases Networks Servers Virtual Machines Smartphones and Devices Custom Applications Security Web Server Sensors SAP Container IBM OpenWhisk AWS Lambda GCP Functions SIEM SOAR SOC/CERT Triage EDR NDR XDR UEBA Security Operation and Analytics NOC OT CMDB Threat Intel Use Cases ML ML Security Nerve Center Search – Correlate - Investigate – Analyze - Act Monitoring Net/OS/Virt/App CPU/Mem/Disc Events Logs Metrics Application Traces
  • 32. © 2022 SPLUNK INC. Monitoring Net/OS/Virt/App CPU/Mem/Disc Events Logs Metrics Application Traces Databases Networks Servers Virtual Machines Smartphones and Devices Custom Applications Security Web Server Sensors SAP Container IBM OpenWhisk AWS Lambda GCP Functions SIEM SOAR SOC/CERT Triage EDR NDR XDR UEBA Security Operation and Analytics NOC OT CMDB Threat Intel Use Cases ML ML Security Nerve Center Search – Correlate - Investigate – Analyze - Act
  • 33. © 2022 SPLUNK INC. Thank You!