Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Drive More Value from your SOC Through Connecting Security to the Business

492 views

Published on

SOC investment strategies require not only significant funding but also the right combination or people, process and technology. Forward thinking organisations not only want to build leading edge monitoring, detection and response capabilities but next generation platforms to support wider business need and heightened connectivity to the business. Splunk will share considerations to leverage existing and emergent technologies to scale the reach of security operations past traditional security goals and help leaders demonstrate organisational value and ROI

Published in: Technology
  • ●●● https://tinyurl.com/y4urott2
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Drive More Value from your SOC Through Connecting Security to the Business

  1. 1. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Drive More Value from Your Security Operations: Connecting Security to the Business With Splunk James Hanlon | Director of Security Specialization, EMEA 13 June 2019
  2. 2. © 2019 SPLUNK INC. Who am I ▶ Director of Splunk Security Specialization for EMEA ▶ Work with many large & small Splunk security customers ▶ Provide customer security advisory services ▶ 17+ years in Security
  3. 3. © 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back What is value in security operations?
  4. 4. © 2019 SPLUNK INC. What is the value of Security in 2019? Even for some security teams, this can be hard to define
  5. 5. © 2019 SPLUNK INC. How much more valuable is a secure company worth than an insecure one? How much security is enough? How should security resources be invested and applied for optimal ROI? What is the impact of the threat?
  6. 6. © 2019 SPLUNK INC. Adequate Security (Risk Managed) Security ROI (SROI) Sufficient Security (Compliance Driven) Differentiated Security
  7. 7. © 2019 SPLUNK INC. © 2019 SPLUNK INC. ▶ Organizational Awareness ▶ Understanding the threat exposure & profile ▶ Demonstrating the value of Security Organizational Situational Awareness & Threat Profile © 2019 SPLUNK INC. ▶ Clarity of mission ▶ Known current and future state ▶ How to transform security The Security Mission © 2019 SPLUNK INC. ▶ Ownership ▶ Volume ▶ Technical know how Getting Data Visibility for the Security © 2019 SPLUNK INC. ▶ Legacy IT complexity ▶ Emergent Technology ▶ Consolidation drives & cost reduction IT Complexity and Emerging Digital Channels © 2019 SPLUNK INC. Security Operations Processes & Resources ▶ Hire ▶ Automate▶ Develop ▶ Optimize▶ Retain © 2019 SPLUNK INC. Prescriptive Security Operations Guidance What to do first, second and last (or not at all)? © 2019 SPLUNK INC. 416 78 ▶ MTTD ▶ MTTR ▶ Dwell Time ▶ TTV Time © 2019 SPLUNK INC. ▶ Security Analytics ▶ Machine Learning (AI) ▶ Automation ▶ Cloud based SecOps The Expansive & Emergent Security Technology Landscape
  8. 8. © 2019 SPLUNK INC. So, the value of security can often be characterized by the organizational strategy…and the barriers
  9. 9. © 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back
  10. 10. © 2019 SPLUNK INC. Translating the Value of Splunk Security Security Data Analytics Value: Gain full data visibility of any legacy or emergent technology or platform Driver: Risk mitigation Whether on-prem or cloud, Splunk data and non-Splunk data sources can easily be ingested into and segmented by the tool. Security Automation Value: lower human workloads, security process inefficiency & MTTR Driver: cost avoidance Security Machine Learning (AI) Value: Detect unknows / detect faster Driver: cost avoidance, risk mitigation Integrated Security Platform Value: Increase TTV through integrated, consolidated and contextual toolsets Driver: cost avoidance r on-prem or cloud, Splunk data and non-Splunk data sources can easily be ingested into and segmented by the tool. Flexible Visualisation & Reporting Value: Increase security visibility and organizational business insights Driver: Risk mitigation Prescriptive Security Content Value: be guided by industry led advice Driver: cost avoidance
  11. 11. © 2019 SPLUNK INC. NETWORK THREAT INTELLIGENCE MOBILE ENDPOINTS IDENTITY AND ACCESS CLOUD SECURITY WAF AND APP SECURITY WEB PROXY FIREWALL ANALYTICS ORCHESTRATION Observe Decide Orient Act Splunk’s Security Vision 90% TIER 1 ANALYST WORK WILL BE AUTOMATED 50% TIME NOW SPENT TUNING DETECTION AND RESPONSE LOGIC 1PLATFORM TO ORCHESTRATE THEM ALL
  12. 12. © 2019 SPLUNK INC. Splunk Security Operations Suite P L A T F O R M D A T A S O U R C E S U S E C A S E S A P P L I C A T I O N S Security ContentUpdates Security Monitoring Logs Business Context Threat Intelligence + Compliance & Data Privacy Advanced Threat Detection Incident Investigation & Forensics Insider Threat Detection Incident Response Fraud Analytics & Detection SOC Automation
  13. 13. © 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back Helping you unlock the value of Splunk Security
  14. 14. © 2019 SPLUNK INC. Introducing the Security Prescriptive Path Helping You Drive More from your Splunk Investment
  15. 15. © 2019 SPLUNK INC. > > Security Paths Value Paths Security Operations Compliance >Fraud  faster detection and triage of security alerts and insider threats  better discovery of targeted and advanced threats  faster investigation and remediation of security incidents  reduced risk of breach, disruption, damage and data leakage  reduction in compliance reporting time  reduction in potential compliance penalties  reduction in risk of fraud  reduction in fraud losses Compliance Fraud Monitoring and Investigation Insider Threat SOAR Security Investigation Security Monitoring Advanced Thread Incident Response & Forensics 3 Paths - 8 Security Use Cases - 70 Security Capabilities
  16. 16. © 2019 SPLUNK INC. Examples of how Customers have realized value Splunk Security “The How”
  17. 17. © 2019 SPLUNK INC. Addressing The Barriers to Value: Data Volume, Data Visibility & IT Complexity How Splunk Security Analytics Drives Value Any Data Analytics Investigative Platform
  18. 18. © 2019 SPLUNK INC. Investigation & Analytics with Splunk LEARN MORE
  19. 19. © 2019 SPLUNK INC. Addressing The Barriers to Value: Integrating Security Tooling | Industry Led Analytics Guidance How Splunk Security Analytics Drives Value Pre-built Security Workflows Guided Security Analytics
  20. 20. © 2019 SPLUNK INC. Triage & Investigation Workflows LEARN MORE
  21. 21. © 2019 SPLUNK INC. LEARN MORE Operationalizing Security Analytics Content Development
  22. 22. © 2019 SPLUNK INC. Addressing The Barriers to Value: Human Workload | Process Repeatability Automate Security Tasks Process Efficiency & Repeatability How Splunk Security Analytics Drives Value
  23. 23. © 2019 SPLUNK INC. Security Automation with Splunk LEARN MORE
  24. 24. © 2019 SPLUNK INC. Addressing The Barriers to Value: Reduce MTTD, MTTR I Connecting with the Business Machine Learning for Security How Splunk Security Analytics Drives Value Business & IT Risk Reporting
  25. 25. © 2019 SPLUNK INC. LEARN MORE Security Risk Reporting with Splunk
  26. 26. © 2019 SPLUNK INC.
  27. 27. © 2019 SPLUNK INC. Designed to help optimize value in your security operations  Increase security visibility, tackle IT complexity  Provide prescriptive guidance  Increase process efficiency, lower MTTD, MTTR  Enable business focused security risk reporting Security Mission
  28. 28. © 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back Using Analytics to Connect Security to the Business
  29. 29. © 2019 SPLUNK INC.
  30. 30. © 2019 SPLUNK INC. Gartner 2017 Analytics is Now A Foundational Security Operations Capability
  31. 31. © 2019 SPLUNK INC. Logs Wired DB Mobile IoT APIMetrics Any volume Any location Any type Machine Data Storage Silo 1 Storage Silo 2 Networ k Silo Proxy Silo App Silo VMs Silo SCADA Silo AWS Silo Azure Silo APM Silo more Silos Servers Silo Data sources IT OPERATIONS SECURITY Business AnalyticsDevOps/App analytics Use Cases IoT Different people asking different questions on the same data, in real time Splunkbase; 1900+ Free Apps/add-ons Splunk> MINT Splunk> Industrial Asset Management MQTT Modular Input Kepware IDF to Metrics Splunk> App for Infrastructure Splunk> Stream JMX JAVA Splunk> DB Connect Fast Time to Value Premium Apps AI / Machine Learning accelerators 30%↓ Risk* 4%↑ supply chain throughput ** 70%+↓ QA troubleshooting* 25%+↓ power/facility*** • 3rd Party (ServiceNow, CMDB, SIEM…) • Structured data > Automate > Collaborative incident response SAME DATA, MULTIPLE USE CASES Splunk Platform (Cloud / On-prem) DATA SOURCES CORRELATION Data to Answers Splunk> Machine Learning Toolkit 70% to 90%↓ MTTR* But an Analytics capability can do much more across across many IT domains
  32. 32. © 2019 SPLUNK INC. Converged Analytics for Business Value We call this..
  33. 33. © 2019 SPLUNK INC. Extracting Value Through Converged Data Analytics Security, IoT & Industrial Data Analytics
  34. 34. © 2019 SPLUNK INC. UCAS GDPR Compliance, IT Operations & Security
  35. 35. © 2019 SPLUNK INC. SecOps / SOC Strategy & Metrics (Operational Security) Adversary,Threat,Controls,Vulnerability orITRiskDrivenSOCstrategies Corporate/IT Initiative 1 Corporate Mission & Goals Corporate/IT Initiative 2 Corporate/IT Initiative 3 Corporate/IT Initiative N Reducing this gap provides business enabling alignment for Security & SOC teams Business Enabling Data & Security Insights (Data Analytics Enabled) Analytics Driven Approach to Connect Security to the Business
  36. 36. © 2019 SPLUNK INC. DEMO Splunk Security Prescriptive Value Path (PVP)
  37. 37. © 2019 SPLUNK INC. Realities that Worry Executives? Only 28 percent of companies use project performance techniques (PMI, 2017) Most organizations have a 70% project failure rate (4PM) Only 64% of projects meet their goals (Wrike) Executives need prescriptive plans to mitigate these risks
  38. 38. © 2019 SPLUNK INC. Introducing the Security Prescriptive Path Helping You Drive More from your Splunk Investment
  39. 39. © 2019 SPLUNK INC. > > Security Paths Value Paths Security Operations Compliance >Fraud  faster detection and triage of security alerts and insider threats  better discovery of targeted and advanced threats  faster investigation and remediation of security incidents  reduced risk of breach, disruption, damage and data leakage  reduction in compliance reporting time  reduction in potential compliance penalties  reduction in risk of fraud  reduction in fraud losses Compliance Fraud Monitoring and Investigation Insider Threat SOAR Security Investigation Security Monitoring Advanced Thread Incident Response & Forensics 3 Paths - 8 Security Use Cases - 70 Security Capabilities
  40. 40. © 2019 SPLUNK INC. Final Thoughts Takeaways
  41. 41. © 2019 SPLUNK INC. Splunk are committed to helping customer drive more value from their investments in Security Read how other customers have found value from their investments with Splunk Speak to your account team about conducting a prescriptive value path (PVP) assessment with Splunk Key Takeaways
  42. 42. © 2019 SPLUNK INC. Learn how others have found value with Splunk https://conf.splunk.com/
  43. 43. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Thank You. Don’t forget to rate this session in the SplunkLive! mobile app

×