SlideShare a Scribd company logo

Detect and Prevent Cyber Attacks with Splunk and Palo Alto Networks

Splunk
Splunk
1 of 39
Download to read offline
Copyright  ©  2015  Splunk,  Inc.   Copyright  ©  2015  Splunk,  Inc.   Splunk  +  Palo  Alto   Networks  Present:       Mission:  Possible   Detect  and  Prevent   Cyber  AGacks  
Copyright  ©  2015  Splunk,  Inc.   Splunk  and  Palo  Alto  Networks   2   Next  Gen  Firewalls   w/  Next  Gen  Big  Data   AnalyMcs     Splunk  App  for  Palo   Alto  Networks   developed  in  2011   15,000+  cumulaMve   App  downloads   Strong  Alliance  since   2010   First  integraMon  to   offer  AcMve  Response   Today  –  App  is  in   version  4.2.1  4.x  
Copyright  ©  2015  Splunk,  Inc.   Today’s  Speakers   3   Joe  Goldberg   •  Product  MarkeMng,  Security  and  Compliance,  Splunk   Joerg  Sieber   •  Product  MarkeMng,  Palo  Alto  Networks    
Copyright  ©  2015  Splunk,  Inc.   Legal  NoMces   During  the  course  of  this  presentaMon,  we  may  make  forward-­‐looking  statements  regarding  future   events  or  the  expected  performance  of  the  company.  We  cauMon  you  that  such  statements  reflect  our   current  expectaMons  and  esMmates  based  on  factors  currently  known  to  us  and  that  actual  events  or   results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those   contained  in  our  forward-­‐looking  statements,  please  review  our  filings  with  the  SEC.    The  forward-­‐ looking  statements  made  in  this  presentaMon  are  being  made  as  of  the  Mme  and  date  of  its  live   presentaMon.    If  reviewed  a]er  its  live  presentaMon,  this  presentaMon  may  not  contain  current  or   accurate  informaMon.      We  do  not  assume  any  obligaMon  to  update  any  forward-­‐looking  statements   we  may  make.    In  addiMon,  any  informaMon  about  our  roadmap  outlines  our  general  product  direcMon   and  is  subject  to  change  at  any  Mme  without  noMce.    It  is  for  informaMonal  purposes  only  and  shall   not  be  incorporated  into  any  contract  or  other  commitment.    Splunk  and  Palo  Alto  Networks   undertake  no  obligaMon  either  to  develop  the  features  or  funcMonality  described  or  to  include  any   such  feature  or  funcMonality  in  a  future  release.   4  
Copyright  ©  2015  Splunk,  Inc.   Agenda   5   Palo  Alto   Networks   Overview     2   Demo  of   the  Splunk   for  Palo   Alto   Networks   App   3   Next  Steps   4   Splunk   Overview   1  
Copyright  ©  2015  Splunk,  Inc.   Advanced  Threats  in  the  Headlines     Cyber  Criminals   NaFon  States   Insider  Threats   “Another  Day,  Another  Retailer  in  a  Massive  Credit  Card  Breach”        –  Bloomberg  Businessweek,  March  2014   “Edward  Snowden  Tells  SXSW  He'd  Leak  Those  Secrets  Again”            –  NPR,  March  2014   “Iranian  hackers  compromised  airlines,  airports,  criMcal   infrastructure  firms”        –  Computerworld,  Dec  2014  
Copyright  ©  2015  Splunk,  Inc.   Mission  Impossible  to  Defeat?   7   100%     Valid  credenMals     were  used   40     Average  #  of  systems   accessed   205   Median  #  of  days     before  detecMon     69%   Of  vicMms  were  noMfied   by  external  enMty   Source:  Mandiant  M-­‐Trends  Report  2012,  2013,  2014,  2015  
Copyright  ©  2015  Splunk,  Inc.   Mission  Possible  to  Defeat!   8   Leading,  Next-­‐GeneraFon  Technologies   SIEM   Network/ Endpoint  
Copyright  ©  2015  Splunk,  Inc.   Splunk   9   1  
Copyright  ©  2015  Splunk,  Inc.   Thousands  of  Customers  and  Analyst  ValidaMon   10   Gartner  MQ   for  SIEM  2014  
Copyright  ©  2015  Splunk,  Inc.   Developer   PlaRorm   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Real-­‐Time   Splunk:  The  Plalorm  for  Machine  Data   11   Cloud   Infrastructure   Web   Proxy   Data  Loss   PrevenMon   Storage   Desktops   Packaged   ApplicaMons   Custom   ApplicaMons   Databases   DNS/   DHCP   Smartphones   and  Devices   Firewall   AuthenMcaMon   File   servers   Endpoint   Badging   records   Email   servers   VPN   Real-­‐Time   Threat   Intelligence   Asset     and  CMDB   Employee  /   HR  Info   Data   Stores   Network  Segments  /   Honeypots   External  Lookups   AnM   malware  Vuln   scans   IDS   Network   Flows   Any  amount,  any  locaMon,  any  source   Schema-­‐ on-­‐the-­‐fly   Universal   indexing   No     back-­‐end   RDBMS   No  need     to  filter   data  
Copyright  ©  2015  Splunk,  Inc.   Splunk  so]ware  complements,  replaces  and  goes  beyond  tradiMonal  SIEMs   Top  Splunk  Security  Use  Cases     SECURITY  AND                     COMPLIANCE   REPORTING   REAL-­‐TIME   MONITORING  OF   KNOWN  THREATS   MONITORING     OF  UNKNOWN   THREATS   INCIDENT   INVESTIGATIONS   AND  FORENSICS   FRAUD     DETECTION   INSIDER     THREAT   12  
Copyright  ©  2015  Splunk,  Inc.   Splunk  Product  Offerings     13   240+  SECURITY  APPS  SPLUNK  APP  FOR  ENTERPRISE   SECURITY   SPLUNK  ENTERPRISE  (CORE)   Stream  data   Windows  /   AD  /   Exchange   Palo  Alto     Networks   Bit9   Sans  DShield   DNS   OSSEC  Snort   Cisco  
Copyright  ©  2015  Splunk,  Inc.   Splunk  Key  DifferenMators  vs  TradiMonal  SIEMs   14 •  Single  product,  UI,  data  store   •  So]ware-­‐only;  install  on  commodity  hardware   •  Quick  deployment    +    ease-­‐of-­‐use    =    fast  Mme-­‐to-­‐value   •  Can  index  any  data  type   •  All  original/raw  data  indexed  and  searchable       •  Big  data  architecture  enables  scale  and  speed   •  Flexible  search  and  reporMng  enables  beGer/faster  threat   invesMgaMons  and  detecMon   •  Open  plalorm  with  API,  SDKs,  Apps   •  Use  cases  beyond  security/compliance  
Copyright  ©  2015  Splunk,  Inc.   IT   OperaMons   ApplicaMon   Delivery   Business   AnalyMcs   Industrial  Data   and  Internet  of   Things   15   Splunk  Is  Used  Across  IT  and  the  Business   Business   AnalyMcs   Industrial  Data   and  Internet  of   Things   Security,     Compliance   and  Fraud   Strong  ROI  and  facilitates  cross-­‐department  collabora7on  
Copyright  ©  2015  Splunk,  Inc.   Palo  Alto  Networks   16   2  
Copyright  ©  2015  Splunk,  Inc.   Pal  Alto  Networks  At-­‐a-­‐Glance   CORPORATE  HIGHLIGHTS   •  Founded in 2005; first customer shipment in 2007 •  Safely enabling applications and preventing cyber breaches •  Able to address all enterprise cybersecurity needs •  Exceptional ability to support global customers •  Experienced team of 2,300+ employees •  Q3 FY15: $234M revenue $0 $200 $400 $600 FY09 FY10 FY11 FY12 FY13 FY14 $MM REVENUES   ENTERPRISE  CUSTOMERS   4,700 9,000 13,500 19,000 0 4,000 8,000 12,000 16,000 20,000 Jul-11 Jul-12 Jul-13 Jul-14
Copyright  ©  2015  Splunk,  Inc.   Palo Alto Networks is proud to be named a Leader once again. We are now a four-time Magic Quadrant leader recognized for our ability to execute and completeness of vision. Gartner, Magic Quadrant for Enterprise Network Firewalls, Adam Hils, et al, April 22, 2015. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from go.paloaltonetworks.com/gartnermq2015. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 2015  Magic  Quadrant  for  Enterprise  Network  Firewalls  
Copyright  ©  2015  Splunk,  Inc.   Enabling  ApplicaMons,  Users  and  Content   19  
Copyright  ©  2015  Splunk,  Inc.   Failure  of  Legacy  Architectures   Anti-APT for port 80 APTs Anti-APT for port 25 APTs Endpoint AV DNS protection cloud Network AV DNS protection for outbound DNS Anti-APT cloud Internet Enterprise Network UTM/Blades Limited Visibility Manual ResponseLacks Integration Vendor 1 Vendor 2 Vendor 3 Vendor 4 Internet  ConnecMon   Malware  Intelligence   DNS Alert Endpoint Alert AV Alert SMTP Alert AV Alert Web Alert Web Alert SMTP Alert DNS Alert AV Alert DNS Alert Web Alert Endpoint Alert
Copyright  ©  2015  Splunk,  Inc.   Delivering  a  Next  GeneraMon  Security  Plalorm   NATIVELY   INTEGRATED   EXTENSIBLE   AUTOMATED   THREAT INTELLIGENCE CLOUD NEXT-­‐GENERATION   FIREWALL   ADVANCED  ENDPOINT   PROTECTION  
Copyright  ©  2015  Splunk,  Inc.   Threat  Intelligence  Cloud   THREAT INTELLIGENCE CLOUD WildFire Threat Prevention URL Filtering Automatically identified THE  UNKNOWN   REMEDIATION   Automatically prevented 192,000  AnM-­‐malware   protecMons  per  day     24,000  URL     protecMons  per  day     12,000  DNS     protecMons  per  day   192,000   24,000   12,000   ProtecMons  delivered  automaMcally   in     15  minutes       Rich  forensics              and  reporMng           for  quick,  detailed  invesMgaMon       15  minutes   forensics   reporMng   Forensics and Reporting
Copyright  ©  2015  Splunk,  Inc.   Safely  Enable  ApplicaMons   Visibility  into  all  applicaMons  and  users     on  the  network   Remove  threats  from  wanted  traffic   Cloud REDUCE  AND  CONTROL  RISK   FACILITATE  ACCESS   Allow  desired  applicaMons  by  user,     limit  high-­‐risk  features  
Copyright  ©  2015  Splunk,  Inc.   Demo  of  the  Splunk  for   Palo  Alto  Networks  App   24   3  
Copyright  ©  2015  Splunk,  Inc.   Splunk  for  Palo  Alto  Networks  App   25 •  Includes:  Technology  add-­‐on,  dashboards,  form  boxes,  custom  commands   •  Use  cases:  ReporMng,  trending,  incident  invesMgaMons,  interacMon  with  PAN  
Copyright  ©  2015  Splunk,  Inc.   Geung  the  App   •   Free  download  and  documentaMon  at  Splunk.com  >  Community  >   Apps  and  Add-­‐Ons   hGp://apps.splunk.com/app/491     •   Available  on  GitHub  for  cloning  and  forking   hGps://github.com/PaloAltoNetworks-­‐BD/SplunkforPaloAltoNetworks   26  
Copyright  ©  2015  Splunk,  Inc.   Architecture   27   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire  
Copyright  ©  2015  Splunk,  Inc.   Data  Flow  if  Just  Firewalls   28   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire   OR  
Copyright  ©  2015  Splunk,  Inc.   Data  Flow  if  also  Wildfire   29   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire  
Copyright  ©  2015  Splunk,  Inc.   Data  Flows  if  also  Traps   30   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire  
Copyright  ©  2015  Splunk,  Inc.   Data  Flows  from  Splunk  to  PAN   31   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire   OR  
Copyright  ©  2015  Splunk,  Inc.   Summary  /  Next  Steps   32   4  
Copyright  ©  2015  Splunk,  Inc.   Why  Splunk  Customers  Need  Palo  Alto  Networks   Layered   defenses  with   network  and   endpoint   security   Beder  APT   detecFon   with  WildFire   and  Traps     Rich  PAN  data   enables  more   SIEM/Splunk   value   33  
Copyright  ©  2015  Splunk,  Inc.   34 Layered   defenses  with   a  SIEM  and   non-­‐PAN  data   Beder  APT   detecFon  with   Splunk  anomaly   detecFon  and   correlaFons     Turn  PAN  IOCs   into  Splunk   searches     Why  Palo  Alto  Networks  Customers  Need  Splunk   Broader,   richer,  longer-­‐ term,  more   flexible   reporFng   …and  don’t  forget  network  monitoring,  IT  opera7ons,  app  mgmt  use  cases….  
Copyright  ©  2015  Splunk,  Inc.   35 Improved   security   Less  costs  and   revenue  loss   Synergies/Benefits  of  Joint  SoluMon   Integrated   funcFonality   with  Splunk  for   PAN  App  and   custom   commands  
Copyright  ©  2015  Splunk,  Inc.   TradiMonal  SIEM  Splunk   Learn  More  About  Splunk   •  If  new  user,  try  Splunk  for  free!   Ø  Download  free  Splunk  at  www.splunk.com   Ø  Splunk  Tutorial:   hGp://docs.splunk.com/DocumentaMon/Splunk/latest/SearchTutorial/ WelcometotheSearchTutorial   •  Download  Splunk  App  for  Palo  Alto  Networks:   hGps://splunkbase.splunk.com/app/491/   •  More  security  informaMon  at:     hGp://www.splunk.com/en_us/soluMons/soluMon-­‐areas/security-­‐and-­‐fraud.html   •  Contact  sales  team:  sales@splunk.com   36  
Copyright  ©  2015  Splunk,  Inc.   TradiMonal  SIEM  Splunk   Learn  More  About  Palo  Alto  Networks   •  Watch  On-­‐Demand  Demo  of  Next  GeneraMon  Firewall:   Paloaltonetworks.com  >  Resources  >  Demos   •  Schedule  an  Enterprise  Risk  Report:   hdp://connect.paloaltonetworks.com/avr-­‐alt   •  Contact  Sales  at:    Paloaltonetworks.com  >  Contact   37  
Copyright  ©  2015  Splunk,  Inc.   Thank  You!  
Copyright  ©  2015  Splunk,  Inc.   Geung  Data  in  to  the  App   • Add  Splunk  server  IP  as  syslog  receiver  in  PAN   • Add  an  inputs.conf  stanza  in  Splunk   • E.g.  If  you  configured  the  PAN  to  send  to  UDP  514   • Edit  $SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/local/inputs.conf     [udp://514]   index=  pan_logs   connection_host  =  ip   sourcetype  =  pan_log   no_appending_timestamp  =  true   39  

Recommended

Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionSplunk
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksGeorg Knon
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 

Recommended

Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Palo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionPalo Alto Networks Sponsor Session
Palo Alto Networks Sponsor SessionSplunk
 
Splunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto NetworksGeorg Knon
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Aujas
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.Teri Radichel
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMRapid7
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionDejan Jeremic
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! OverviewGeorg Knon
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationGeorg Knon
 

More Related Content

What's hot

Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Toolscentralohioissa
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Aujas
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.Teri Radichel
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMRapid7
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZscaler
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionDejan Jeremic
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 

What's hot (20)

Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
Jason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional ToolsJason Kent - AppSec Without Additional Tools
Jason Kent - AppSec Without Additional Tools
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
 
Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?Is SIEM really Dead ? OR Can it evolve into a Platform ?
Is SIEM really Dead ? OR Can it evolve into a Platform ?
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
 
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEMGet Real-Time Cyber Threat Protection with Risk Management and SIEM
Get Real-Time Cyber Threat Protection with Risk Management and SIEM
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Zenith Live - Security Lab - Phantom
Zenith Live - Security Lab - PhantomZenith Live - Security Lab - Phantom
Zenith Live - Security Lab - Phantom
 
Sasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protectionSasa milic, cisco advanced malware protection
Sasa milic, cisco advanced malware protection
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
 

Similar to Detect and Prevent Cyber Attacks with Splunk and Palo Alto Networks

SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! OverviewGeorg Knon
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationGeorg Knon
 
Splunk Überblick
Splunk ÜberblickSplunk Überblick
Splunk ÜberblickSplunk
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01NiketNilay
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsSplunk
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03NiketNilay
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk
 
Webinar: Neuigkeiten zu Splunk Enterprise 6.3
Webinar: Neuigkeiten zu Splunk Enterprise 6.3Webinar: Neuigkeiten zu Splunk Enterprise 6.3
Webinar: Neuigkeiten zu Splunk Enterprise 6.3Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...Splunk
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Thingsaliciasyc
 
Splunk - Splunk for Industrial Data and the Internet of Things
Splunk - Splunk for Industrial Data and the Internet of ThingsSplunk - Splunk for Industrial Data and the Internet of Things
Splunk - Splunk for Industrial Data and the Internet of ThingsAruj Thirawat
 

Similar to Detect and Prevent Cyber Attacks with Splunk and Palo Alto Networks (20)

SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! Overview
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident Investigation
 
Splunk Überblick
Splunk ÜberblickSplunk Überblick
Splunk Überblick
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior Analytics
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!
 
Webinar: Neuigkeiten zu Splunk Enterprise 6.3
Webinar: Neuigkeiten zu Splunk Enterprise 6.3Webinar: Neuigkeiten zu Splunk Enterprise 6.3
Webinar: Neuigkeiten zu Splunk Enterprise 6.3
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Things
 
Splunk - Splunk for Industrial Data and the Internet of Things
Splunk - Splunk for Industrial Data and the Internet of ThingsSplunk - Splunk for Industrial Data and the Internet of Things
Splunk - Splunk for Industrial Data and the Internet of Things
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Detect and Prevent Cyber Attacks with Splunk and Palo Alto Networks

  • 1. Copyright  ©  2015  Splunk,  Inc.   Copyright  ©  2015  Splunk,  Inc.   Splunk  +  Palo  Alto   Networks  Present:       Mission:  Possible   Detect  and  Prevent   Cyber  AGacks  
  • 2. Copyright  ©  2015  Splunk,  Inc.   Splunk  and  Palo  Alto  Networks   2   Next  Gen  Firewalls   w/  Next  Gen  Big  Data   AnalyMcs     Splunk  App  for  Palo   Alto  Networks   developed  in  2011   15,000+  cumulaMve   App  downloads   Strong  Alliance  since   2010   First  integraMon  to   offer  AcMve  Response   Today  –  App  is  in   version  4.2.1  4.x  
  • 3. Copyright  ©  2015  Splunk,  Inc.   Today’s  Speakers   3   Joe  Goldberg   •  Product  MarkeMng,  Security  and  Compliance,  Splunk   Joerg  Sieber   •  Product  MarkeMng,  Palo  Alto  Networks    
  • 4. Copyright  ©  2015  Splunk,  Inc.   Legal  NoMces   During  the  course  of  this  presentaMon,  we  may  make  forward-­‐looking  statements  regarding  future   events  or  the  expected  performance  of  the  company.  We  cauMon  you  that  such  statements  reflect  our   current  expectaMons  and  esMmates  based  on  factors  currently  known  to  us  and  that  actual  events  or   results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those   contained  in  our  forward-­‐looking  statements,  please  review  our  filings  with  the  SEC.    The  forward-­‐ looking  statements  made  in  this  presentaMon  are  being  made  as  of  the  Mme  and  date  of  its  live   presentaMon.    If  reviewed  a]er  its  live  presentaMon,  this  presentaMon  may  not  contain  current  or   accurate  informaMon.      We  do  not  assume  any  obligaMon  to  update  any  forward-­‐looking  statements   we  may  make.    In  addiMon,  any  informaMon  about  our  roadmap  outlines  our  general  product  direcMon   and  is  subject  to  change  at  any  Mme  without  noMce.    It  is  for  informaMonal  purposes  only  and  shall   not  be  incorporated  into  any  contract  or  other  commitment.    Splunk  and  Palo  Alto  Networks   undertake  no  obligaMon  either  to  develop  the  features  or  funcMonality  described  or  to  include  any   such  feature  or  funcMonality  in  a  future  release.   4  
  • 5. Copyright  ©  2015  Splunk,  Inc.   Agenda   5   Palo  Alto   Networks   Overview     2   Demo  of   the  Splunk   for  Palo   Alto   Networks   App   3   Next  Steps   4   Splunk   Overview   1  
  • 6. Copyright  ©  2015  Splunk,  Inc.   Advanced  Threats  in  the  Headlines     Cyber  Criminals   NaFon  States   Insider  Threats   “Another  Day,  Another  Retailer  in  a  Massive  Credit  Card  Breach”        –  Bloomberg  Businessweek,  March  2014   “Edward  Snowden  Tells  SXSW  He'd  Leak  Those  Secrets  Again”            –  NPR,  March  2014   “Iranian  hackers  compromised  airlines,  airports,  criMcal   infrastructure  firms”        –  Computerworld,  Dec  2014  
  • 7. Copyright  ©  2015  Splunk,  Inc.   Mission  Impossible  to  Defeat?   7   100%     Valid  credenMals     were  used   40     Average  #  of  systems   accessed   205   Median  #  of  days     before  detecMon     69%   Of  vicMms  were  noMfied   by  external  enMty   Source:  Mandiant  M-­‐Trends  Report  2012,  2013,  2014,  2015  
  • 8. Copyright  ©  2015  Splunk,  Inc.   Mission  Possible  to  Defeat!   8   Leading,  Next-­‐GeneraFon  Technologies   SIEM   Network/ Endpoint  
  • 9. Copyright  ©  2015  Splunk,  Inc.   Splunk   9   1  
  • 10. Copyright  ©  2015  Splunk,  Inc.   Thousands  of  Customers  and  Analyst  ValidaMon   10   Gartner  MQ   for  SIEM  2014  
  • 11. Copyright  ©  2015  Splunk,  Inc.   Developer   PlaRorm   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Real-­‐Time   Splunk:  The  Plalorm  for  Machine  Data   11   Cloud   Infrastructure   Web   Proxy   Data  Loss   PrevenMon   Storage   Desktops   Packaged   ApplicaMons   Custom   ApplicaMons   Databases   DNS/   DHCP   Smartphones   and  Devices   Firewall   AuthenMcaMon   File   servers   Endpoint   Badging   records   Email   servers   VPN   Real-­‐Time   Threat   Intelligence   Asset     and  CMDB   Employee  /   HR  Info   Data   Stores   Network  Segments  /   Honeypots   External  Lookups   AnM   malware  Vuln   scans   IDS   Network   Flows   Any  amount,  any  locaMon,  any  source   Schema-­‐ on-­‐the-­‐fly   Universal   indexing   No     back-­‐end   RDBMS   No  need     to  filter   data  
  • 12. Copyright  ©  2015  Splunk,  Inc.   Splunk  so]ware  complements,  replaces  and  goes  beyond  tradiMonal  SIEMs   Top  Splunk  Security  Use  Cases     SECURITY  AND                     COMPLIANCE   REPORTING   REAL-­‐TIME   MONITORING  OF   KNOWN  THREATS   MONITORING     OF  UNKNOWN   THREATS   INCIDENT   INVESTIGATIONS   AND  FORENSICS   FRAUD     DETECTION   INSIDER     THREAT   12  
  • 13. Copyright  ©  2015  Splunk,  Inc.   Splunk  Product  Offerings     13   240+  SECURITY  APPS  SPLUNK  APP  FOR  ENTERPRISE   SECURITY   SPLUNK  ENTERPRISE  (CORE)   Stream  data   Windows  /   AD  /   Exchange   Palo  Alto     Networks   Bit9   Sans  DShield   DNS   OSSEC  Snort   Cisco  
  • 14. Copyright  ©  2015  Splunk,  Inc.   Splunk  Key  DifferenMators  vs  TradiMonal  SIEMs   14 •  Single  product,  UI,  data  store   •  So]ware-­‐only;  install  on  commodity  hardware   •  Quick  deployment    +    ease-­‐of-­‐use    =    fast  Mme-­‐to-­‐value   •  Can  index  any  data  type   •  All  original/raw  data  indexed  and  searchable       •  Big  data  architecture  enables  scale  and  speed   •  Flexible  search  and  reporMng  enables  beGer/faster  threat   invesMgaMons  and  detecMon   •  Open  plalorm  with  API,  SDKs,  Apps   •  Use  cases  beyond  security/compliance  
  • 15. Copyright  ©  2015  Splunk,  Inc.   IT   OperaMons   ApplicaMon   Delivery   Business   AnalyMcs   Industrial  Data   and  Internet  of   Things   15   Splunk  Is  Used  Across  IT  and  the  Business   Business   AnalyMcs   Industrial  Data   and  Internet  of   Things   Security,     Compliance   and  Fraud   Strong  ROI  and  facilitates  cross-­‐department  collabora7on  
  • 16. Copyright  ©  2015  Splunk,  Inc.   Palo  Alto  Networks   16   2  
  • 17. Copyright  ©  2015  Splunk,  Inc.   Pal  Alto  Networks  At-­‐a-­‐Glance   CORPORATE  HIGHLIGHTS   •  Founded in 2005; first customer shipment in 2007 •  Safely enabling applications and preventing cyber breaches •  Able to address all enterprise cybersecurity needs •  Exceptional ability to support global customers •  Experienced team of 2,300+ employees •  Q3 FY15: $234M revenue $0 $200 $400 $600 FY09 FY10 FY11 FY12 FY13 FY14 $MM REVENUES   ENTERPRISE  CUSTOMERS   4,700 9,000 13,500 19,000 0 4,000 8,000 12,000 16,000 20,000 Jul-11 Jul-12 Jul-13 Jul-14
  • 18. Copyright  ©  2015  Splunk,  Inc.   Palo Alto Networks is proud to be named a Leader once again. We are now a four-time Magic Quadrant leader recognized for our ability to execute and completeness of vision. Gartner, Magic Quadrant for Enterprise Network Firewalls, Adam Hils, et al, April 22, 2015. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from go.paloaltonetworks.com/gartnermq2015. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 2015  Magic  Quadrant  for  Enterprise  Network  Firewalls  
  • 19. Copyright  ©  2015  Splunk,  Inc.   Enabling  ApplicaMons,  Users  and  Content   19  
  • 20. Copyright  ©  2015  Splunk,  Inc.   Failure  of  Legacy  Architectures   Anti-APT for port 80 APTs Anti-APT for port 25 APTs Endpoint AV DNS protection cloud Network AV DNS protection for outbound DNS Anti-APT cloud Internet Enterprise Network UTM/Blades Limited Visibility Manual ResponseLacks Integration Vendor 1 Vendor 2 Vendor 3 Vendor 4 Internet  ConnecMon   Malware  Intelligence   DNS Alert Endpoint Alert AV Alert SMTP Alert AV Alert Web Alert Web Alert SMTP Alert DNS Alert AV Alert DNS Alert Web Alert Endpoint Alert
  • 21. Copyright  ©  2015  Splunk,  Inc.   Delivering  a  Next  GeneraMon  Security  Plalorm   NATIVELY   INTEGRATED   EXTENSIBLE   AUTOMATED   THREAT INTELLIGENCE CLOUD NEXT-­‐GENERATION   FIREWALL   ADVANCED  ENDPOINT   PROTECTION  
  • 22. Copyright  ©  2015  Splunk,  Inc.   Threat  Intelligence  Cloud   THREAT INTELLIGENCE CLOUD WildFire Threat Prevention URL Filtering Automatically identified THE  UNKNOWN   REMEDIATION   Automatically prevented 192,000  AnM-­‐malware   protecMons  per  day     24,000  URL     protecMons  per  day     12,000  DNS     protecMons  per  day   192,000   24,000   12,000   ProtecMons  delivered  automaMcally   in     15  minutes       Rich  forensics              and  reporMng           for  quick,  detailed  invesMgaMon       15  minutes   forensics   reporMng   Forensics and Reporting
  • 23. Copyright  ©  2015  Splunk,  Inc.   Safely  Enable  ApplicaMons   Visibility  into  all  applicaMons  and  users     on  the  network   Remove  threats  from  wanted  traffic   Cloud REDUCE  AND  CONTROL  RISK   FACILITATE  ACCESS   Allow  desired  applicaMons  by  user,     limit  high-­‐risk  features  
  • 24. Copyright  ©  2015  Splunk,  Inc.   Demo  of  the  Splunk  for   Palo  Alto  Networks  App   24   3  
  • 25. Copyright  ©  2015  Splunk,  Inc.   Splunk  for  Palo  Alto  Networks  App   25 •  Includes:  Technology  add-­‐on,  dashboards,  form  boxes,  custom  commands   •  Use  cases:  ReporMng,  trending,  incident  invesMgaMons,  interacMon  with  PAN  
  • 26. Copyright  ©  2015  Splunk,  Inc.   Geung  the  App   •   Free  download  and  documentaMon  at  Splunk.com  >  Community  >   Apps  and  Add-­‐Ons   hGp://apps.splunk.com/app/491     •   Available  on  GitHub  for  cloning  and  forking   hGps://github.com/PaloAltoNetworks-­‐BD/SplunkforPaloAltoNetworks   26  
  • 27. Copyright  ©  2015  Splunk,  Inc.   Architecture   27   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire  
  • 28. Copyright  ©  2015  Splunk,  Inc.   Data  Flow  if  Just  Firewalls   28   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire   OR  
  • 29. Copyright  ©  2015  Splunk,  Inc.   Data  Flow  if  also  Wildfire   29   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire  
  • 30. Copyright  ©  2015  Splunk,  Inc.   Data  Flows  if  also  Traps   30   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire  
  • 31. Copyright  ©  2015  Splunk,  Inc.   Data  Flows  from  Splunk  to  PAN   31   Splunk  App  for   Enterprise  Security   Splunk  for  Palo  Alto     Networks  App   Splunk   Palo  Alto  Networks   Splunk  Enterprise   PAN  firewalls   Panorama   Traps  agent   Traps  server   Wildfire   OR  
  • 32. Copyright  ©  2015  Splunk,  Inc.   Summary  /  Next  Steps   32   4  
  • 33. Copyright  ©  2015  Splunk,  Inc.   Why  Splunk  Customers  Need  Palo  Alto  Networks   Layered   defenses  with   network  and   endpoint   security   Beder  APT   detecFon   with  WildFire   and  Traps     Rich  PAN  data   enables  more   SIEM/Splunk   value   33  
  • 34. Copyright  ©  2015  Splunk,  Inc.   34 Layered   defenses  with   a  SIEM  and   non-­‐PAN  data   Beder  APT   detecFon  with   Splunk  anomaly   detecFon  and   correlaFons     Turn  PAN  IOCs   into  Splunk   searches     Why  Palo  Alto  Networks  Customers  Need  Splunk   Broader,   richer,  longer-­‐ term,  more   flexible   reporFng   …and  don’t  forget  network  monitoring,  IT  opera7ons,  app  mgmt  use  cases….  
  • 35. Copyright  ©  2015  Splunk,  Inc.   35 Improved   security   Less  costs  and   revenue  loss   Synergies/Benefits  of  Joint  SoluMon   Integrated   funcFonality   with  Splunk  for   PAN  App  and   custom   commands  
  • 36. Copyright  ©  2015  Splunk,  Inc.   TradiMonal  SIEM  Splunk   Learn  More  About  Splunk   •  If  new  user,  try  Splunk  for  free!   Ø  Download  free  Splunk  at  www.splunk.com   Ø  Splunk  Tutorial:   hGp://docs.splunk.com/DocumentaMon/Splunk/latest/SearchTutorial/ WelcometotheSearchTutorial   •  Download  Splunk  App  for  Palo  Alto  Networks:   hGps://splunkbase.splunk.com/app/491/   •  More  security  informaMon  at:     hGp://www.splunk.com/en_us/soluMons/soluMon-­‐areas/security-­‐and-­‐fraud.html   •  Contact  sales  team:  sales@splunk.com   36  
  • 37. Copyright  ©  2015  Splunk,  Inc.   TradiMonal  SIEM  Splunk   Learn  More  About  Palo  Alto  Networks   •  Watch  On-­‐Demand  Demo  of  Next  GeneraMon  Firewall:   Paloaltonetworks.com  >  Resources  >  Demos   •  Schedule  an  Enterprise  Risk  Report:   hdp://connect.paloaltonetworks.com/avr-­‐alt   •  Contact  Sales  at:    Paloaltonetworks.com  >  Contact   37  
  • 38. Copyright  ©  2015  Splunk,  Inc.   Thank  You!  
  • 39. Copyright  ©  2015  Splunk,  Inc.   Geung  Data  in  to  the  App   • Add  Splunk  server  IP  as  syslog  receiver  in  PAN   • Add  an  inputs.conf  stanza  in  Splunk   • E.g.  If  you  configured  the  PAN  to  send  to  UDP  514   • Edit  $SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/local/inputs.conf     [udp://514]   index=  pan_logs   connection_host  =  ip   sourcetype  =  pan_log   no_appending_timestamp  =  true   39