Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Make Your SOC Work Smarter, Not Harder

174 views

Published on

The volume and complexities of today’s security incidents can tax even the largest security teams. This leaves big gaps in incident detection and response workflows that can put organisations at great risk. Your team can’t scale to manually catch and address every incident, so which ones should you focus on and which ones should you ignore? You shouldn’t be forced to make a choice. In this session, find out how Splunk’s SIEM and SOAR technologies deliver security analytics, machine learning, and automation capabilities to increase the efficiency of security teams and reduce the enterprise’s exposure to risk. Learn how to achieve big results from intelligently streamlined incident detection and response workflows—accelerating your actions, scaling your resources, and optimizing your security operations.

Published in: Technology
  • My special guest's 3-Step "No Product Funnel" can be duplicated to start earning a significant income online. ➤➤ http://dwz1.cc/G9GauKYg
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Real Money Streams ~ Create multiple streams of wealth from your home! ◆◆◆ https://tinyurl.com/y4urott2
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Make Your SOC Work Smarter, Not Harder

  1. 1. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Make Your SOC Work Smarter, Not Harder with Splunk Security Operations Suite Robert Farnod | Security Specialist David Gamer | Senior Sales Engineer June 2019
  2. 2. © 2019 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward-Looking Statements
  3. 3. © 2019 SPLUNK INC. Agenda z Accelerate your detection and response workflows Optimize your security operations Scale your resources
  4. 4. © 2019 SPLUNK INC. Security Operations Today
  5. 5. © 2019 SPLUNK INC. Today’s SOC ! ! ! ! ! ! ! !! !! ! ! ! ! ! ! ! ! ! ! ! ! !! !! !
  6. 6. © 2019 SPLUNK INC. Today’s Security Operations Workflow A process that doesn’t scale FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION TIER 1 TIER 2 NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SIEM
  7. 7. © 2019 SPLUNK INC. Experience Needed ► Hard & Soft Skills TIER 1 TIER 2 • Security Knowledge • Networking • Application Layer Protocols • Database and Query Languages • Unix • Windows • Basic Parsing • Command Line Familiarity • Security Monitoring Tools • Coding/Scripting • Regulatory Compliance • Vulnerability Scanning • Investigations • Troubleshooting • Security Clearance • Communication & Writing • Critical Thinking • Creativity & Curiosity
  8. 8. © 2019 SPLUNK INC. But…security people are hard to find… SKILL SHORTAGE 3.5 Million Unfilled cybersecurity jobs by 2021 75% YOY increases Cybersecurity Ventures, Cybersecurity Jobs Report, 2017
  9. 9. © 2019 SPLUNK INC. Optimizing Security Operations
  10. 10. © 2019 SPLUNK INC. Shifting Focus and Role for SOCs Situational Awareness LEGACY Operation / Monitoring Center Human Authored Human Speed Operations Analysis and Decision-Making REQUIRED Nerve Center / Command Center Human — Machine Learning Machine-Speed Cycle Times
  11. 11. © 2019 SPLUNK INC. TIER 1 TIER 2 FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION SIEM SOAR Security Operations Workflow NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES
  12. 12. © 2019 SPLUNK INC. Investigate Analyze Monitor Act Security Nerve Center Endpoints Threat Intelligence Network Web Proxy Firewall Identity and Access WAF and App Security Cloud Security Mobile SOAR SIEM
  13. 13. © 2019 SPLUNK INC. Security Operations Suite P L A T F O R M D A T A S O U R C E S U S E C A S E S A P P L I C A T I O N S Security ContentUpdates Security Monitoring Logs Business Context Threat Intelligence + Compliance & Data Privacy Advanced Threat Detection Incident Investigation & Forensics Insider Threat Detection Incident Response Fraud Analytics & Detection SOC Automation
  14. 14. © 2019 SPLUNK INC. How it Works
  15. 15. © 2019 SPLUNK INC. Combat Threats with Advanced Analytics Powered by Security Information Event Management (SIEM) NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SECURITY ANALYTICS SIEM Correlate and Sequence Events Validate Alerts Prioritize, Review and Investigate Decide Best Path to Resolution Monitor Security Activity
  16. 16. © 2019 SPLUNK INC. Splunk Enterprise Security (ES) Analytics-Driven Security Information Event Management (SIEM)  Know Your Security Posture  Investigate with Speed and Flexibility  Scale to Petabytes of Data
  17. 17. © 2019 SPLUNK INC. Augment your SIEM with Behavioral Analytics Powered by Machine Learning Network Activity Application Activity Login Attempts Removable Media Badge Scans Printer Activity User’s activity Departmental activity Region’s activity Company’s activity Data Analyzed Baselining (and more…) Threat Score: 8 Examples: • Data Exfiltration by Suspicious User or Device • Data Storage Attached by Unusual Number of Times • Unusual Printer Usage • Privilege Escalation • Multiple Failed Login Attempts • Malware • Blacklisted IP Address • Compromised Account 4Threat Score: (and more…) Correlation & Detection
  18. 18. © 2019 SPLUNK INC. Splunk User Behavior Analytics (UBA) Detect unknown threats and anomalous user behavior using machine learning  Enhance Threat Visibility  Accelerate Investigation  Increase Productivity
  19. 19. © 2019 SPLUNK INC. Automate Your Incident Response Powered by Security Orchestration, Automation, and Response (SOAR) SECURITY ANALYTICS AUTOMATION ORCHESTRATION SIEM SOAR FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION ML-BASED BEHAVIORAL ANALYTICS UEBA + NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES
  20. 20. © 2019 SPLUNK INC. Splunk Phantom Integrate and Scale Your Team, Processes, and Tools  Respond Faster  Work Smarter  Strengthen Your Defenses
  21. 21. © 2019 SPLUNK INC. Adaptive Operations Framework
  22. 22. © 2019 SPLUNK INC. Security Content Updates  Pre-packaged Searches  Algorithms  Dashboards  Playbooks  …and more! Available for: Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom
  23. 23. © 2019 SPLUNK INC. New Roles in Security Operations Security Content Developer Automation Engineer
  24. 24. © 2019 SPLUNK INC. Security Operations in 2020 90% T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D 50% T I M E S P E N T O P T I M I Z I N G D E T E C T I O N & R E S P O N S E L O G I C
  25. 25. © 2019 SPLUNK INC. Beyond the Security Operations (SOC) Splunk Enterprise for Security  Compliance  Data Privacy  Fraud  Risk
  26. 26. © 2019 SPLUNK INC. Splunk in Action
  27. 27. © 2019 SPLUNK INC. City of Los Angeles ▶ Prompt responses to cyberthreats with real-time situational awareness of citywide infrastructure ▶ Timely intelligence sharing with local, state and national law enforcement ▶ Reduced total cost of ownership Sharing Security Intel Across 40+ Agencies
  28. 28. © 2019 SPLUNK INC. Aflac ▶ Blocked over two million security threats ▶ Orchestrated threat intelligence across 20 security technologies sitting within its internal Threat Intelligence System ▶ Automated threat hunting and 90% of its security metrics process in just two months Automating Threat Intelligence System
  29. 29. © 2019 SPLUNK INC. Blackstone ▶ Reduced alert investigation times from 30-45 minutes to less than one minute ▶ Applied a consistent approach to alert management and investigation, eliminating human error ▶ Increased resource efficiency by turning manual, repetitive tasks into automated processes Automating Malware Investigation
  30. 30. © 2019 SPLUNK INC. *Gartner and Forrester are all trademarks from their respective companies. *Gartner, Magic Quadrant for Security Information and Event Management, Kelly Kavanagh | Toby Bussa, Dec. 4, 2017. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. *The Gartner Peer Insights Customer Choice Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customer Choice Awards are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights and overall ratings for a given vendor in the market, as further described here http://www.gartner.com/reviews-pages/peer-insights-customer-choice-awards/ and are not intended in any way to represent the views of Gartner or its affiliates. By Industry Analysts By End Users Recognized in Security Named a Leader in Gartner’s Magic Quadrant for Security Information and Event Management Designated a 2018 Customer’s Choice for Security Information and Event Management
  31. 31. © 2019 SPLUNK INC. Key Takeaways z Accelerate your detection and response workflows Optimize your security operations Scale your resources
  32. 32. © 2019 SPLUNK INC. ► Three real-world scenarios that an analyst might face during the course of the day ► Workshop Logistics • In Your Organization • 3+ Participants • 3-4 Hours, Modular • Ask Your Splunk Contact Person. Don‘t know? Inquery: sales@splunk.com and we will route Want to learn more? Hands-On Workshop: Advanced APT Hunting Enterprise Security Hands-On Workshop
  33. 33. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Thank You. Don’t forget to rate this session in the SplunkLive! mobile app

×