More Related Content
Similar to Detect and Prevent Cyber Attacks with Splunk and Palo Alto Networks
Similar to Detect and Prevent Cyber Attacks with Splunk and Palo Alto Networks (20)
Detect and Prevent Cyber Attacks with Splunk and Palo Alto Networks
- 1. Copyright
©
2015
Splunk,
Inc.
Copyright
©
2015
Splunk,
Inc.
Splunk
+
Palo
Alto
Networks
Present:
Mission:
Possible
Detect
and
Prevent
Cyber
AGacks
- 2. Copyright
©
2015
Splunk,
Inc.
Splunk
and
Palo
Alto
Networks
2
Next
Gen
Firewalls
w/
Next
Gen
Big
Data
AnalyMcs
Splunk
App
for
Palo
Alto
Networks
developed
in
2011
15,000+
cumulaMve
App
downloads
Strong
Alliance
since
2010
First
integraMon
to
offer
AcMve
Response
Today
–
App
is
in
version
4.2.1
4.x
- 3. Copyright
©
2015
Splunk,
Inc.
Today’s
Speakers
3
Joe
Goldberg
• Product
MarkeMng,
Security
and
Compliance,
Splunk
Joerg
Sieber
• Product
MarkeMng,
Palo
Alto
Networks
- 4. Copyright
©
2015
Splunk,
Inc.
Legal
NoMces
During
the
course
of
this
presentaMon,
we
may
make
forward-‐looking
statements
regarding
future
events
or
the
expected
performance
of
the
company.
We
cauMon
you
that
such
statements
reflect
our
current
expectaMons
and
esMmates
based
on
factors
currently
known
to
us
and
that
actual
events
or
results
could
differ
materially.
For
important
factors
that
may
cause
actual
results
to
differ
from
those
contained
in
our
forward-‐looking
statements,
please
review
our
filings
with
the
SEC.
The
forward-‐
looking
statements
made
in
this
presentaMon
are
being
made
as
of
the
Mme
and
date
of
its
live
presentaMon.
If
reviewed
a]er
its
live
presentaMon,
this
presentaMon
may
not
contain
current
or
accurate
informaMon.
We
do
not
assume
any
obligaMon
to
update
any
forward-‐looking
statements
we
may
make.
In
addiMon,
any
informaMon
about
our
roadmap
outlines
our
general
product
direcMon
and
is
subject
to
change
at
any
Mme
without
noMce.
It
is
for
informaMonal
purposes
only
and
shall
not
be
incorporated
into
any
contract
or
other
commitment.
Splunk
and
Palo
Alto
Networks
undertake
no
obligaMon
either
to
develop
the
features
or
funcMonality
described
or
to
include
any
such
feature
or
funcMonality
in
a
future
release.
4
- 5. Copyright
©
2015
Splunk,
Inc.
Agenda
5
Palo
Alto
Networks
Overview
2
Demo
of
the
Splunk
for
Palo
Alto
Networks
App
3
Next
Steps
4
Splunk
Overview
1
- 6. Copyright
©
2015
Splunk,
Inc.
Advanced
Threats
in
the
Headlines
Cyber
Criminals
NaFon
States
Insider
Threats
“Another
Day,
Another
Retailer
in
a
Massive
Credit
Card
Breach”
–
Bloomberg
Businessweek,
March
2014
“Edward
Snowden
Tells
SXSW
He'd
Leak
Those
Secrets
Again”
–
NPR,
March
2014
“Iranian
hackers
compromised
airlines,
airports,
criMcal
infrastructure
firms”
–
Computerworld,
Dec
2014
- 7. Copyright
©
2015
Splunk,
Inc.
Mission
Impossible
to
Defeat?
7
100%
Valid
credenMals
were
used
40
Average
#
of
systems
accessed
205
Median
#
of
days
before
detecMon
69%
Of
vicMms
were
noMfied
by
external
enMty
Source:
Mandiant
M-‐Trends
Report
2012,
2013,
2014,
2015
- 8. Copyright
©
2015
Splunk,
Inc.
Mission
Possible
to
Defeat!
8
Leading,
Next-‐GeneraFon
Technologies
SIEM
Network/
Endpoint
- 10. Copyright
©
2015
Splunk,
Inc.
Thousands
of
Customers
and
Analyst
ValidaMon
10
Gartner
MQ
for
SIEM
2014
- 11. Copyright
©
2015
Splunk,
Inc.
Developer
PlaRorm
Report
and
analyze
Custom
dashboards
Monitor
and
alert
Ad
hoc
search
Real-‐Time
Splunk:
The
Plalorm
for
Machine
Data
11
Cloud
Infrastructure
Web
Proxy
Data
Loss
PrevenMon
Storage
Desktops
Packaged
ApplicaMons
Custom
ApplicaMons
Databases
DNS/
DHCP
Smartphones
and
Devices
Firewall
AuthenMcaMon
File
servers
Endpoint
Badging
records
Email
servers
VPN
Real-‐Time
Threat
Intelligence
Asset
and
CMDB
Employee
/
HR
Info
Data
Stores
Network
Segments
/
Honeypots
External
Lookups
AnM
malware
Vuln
scans
IDS
Network
Flows
Any
amount,
any
locaMon,
any
source
Schema-‐
on-‐the-‐fly
Universal
indexing
No
back-‐end
RDBMS
No
need
to
filter
data
- 12. Copyright
©
2015
Splunk,
Inc.
Splunk
so]ware
complements,
replaces
and
goes
beyond
tradiMonal
SIEMs
Top
Splunk
Security
Use
Cases
SECURITY
AND
COMPLIANCE
REPORTING
REAL-‐TIME
MONITORING
OF
KNOWN
THREATS
MONITORING
OF
UNKNOWN
THREATS
INCIDENT
INVESTIGATIONS
AND
FORENSICS
FRAUD
DETECTION
INSIDER
THREAT
12
- 13. Copyright
©
2015
Splunk,
Inc.
Splunk
Product
Offerings
13
240+
SECURITY
APPS
SPLUNK
APP
FOR
ENTERPRISE
SECURITY
SPLUNK
ENTERPRISE
(CORE)
Stream
data
Windows
/
AD
/
Exchange
Palo
Alto
Networks
Bit9
Sans
DShield
DNS
OSSEC
Snort
Cisco
- 14. Copyright
©
2015
Splunk,
Inc.
Splunk
Key
DifferenMators
vs
TradiMonal
SIEMs
14
• Single
product,
UI,
data
store
• So]ware-‐only;
install
on
commodity
hardware
• Quick
deployment
+
ease-‐of-‐use
=
fast
Mme-‐to-‐value
• Can
index
any
data
type
• All
original/raw
data
indexed
and
searchable
• Big
data
architecture
enables
scale
and
speed
• Flexible
search
and
reporMng
enables
beGer/faster
threat
invesMgaMons
and
detecMon
• Open
plalorm
with
API,
SDKs,
Apps
• Use
cases
beyond
security/compliance
- 15. Copyright
©
2015
Splunk,
Inc.
IT
OperaMons
ApplicaMon
Delivery
Business
AnalyMcs
Industrial
Data
and
Internet
of
Things
15
Splunk
Is
Used
Across
IT
and
the
Business
Business
AnalyMcs
Industrial
Data
and
Internet
of
Things
Security,
Compliance
and
Fraud
Strong
ROI
and
facilitates
cross-‐department
collabora7on
- 17. Copyright
©
2015
Splunk,
Inc.
Pal
Alto
Networks
At-‐a-‐Glance
CORPORATE
HIGHLIGHTS
• Founded in 2005; first customer
shipment in 2007
• Safely enabling applications and
preventing cyber breaches
• Able to address all enterprise
cybersecurity needs
• Exceptional ability to support global
customers
• Experienced team of 2,300+ employees
• Q3 FY15: $234M revenue
$0
$200
$400
$600
FY09 FY10 FY11 FY12 FY13 FY14
$MM
REVENUES
ENTERPRISE
CUSTOMERS
4,700
9,000
13,500
19,000
0
4,000
8,000
12,000
16,000
20,000
Jul-11 Jul-12 Jul-13 Jul-14
- 18. Copyright
©
2015
Splunk,
Inc.
Palo Alto Networks is proud to be named a
Leader once again. We are now a four-time
Magic Quadrant leader recognized for our
ability to execute and completeness of vision.
Gartner, Magic Quadrant for Enterprise Network Firewalls, Adam Hils, et al, April 22, 2015. This graphic was
published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of
the entire document. The Gartner document is available upon request from
go.paloaltonetworks.com/gartnermq2015.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not
advise technology users to select only those vendors with the highest ratings or other designation. Gartner
research publications consist of the opinions of Gartner's research organization and should not be
construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this
research, including any warranties of merchantability or fitness for a particular purpose.
2015
Magic
Quadrant
for
Enterprise
Network
Firewalls
- 20. Copyright
©
2015
Splunk,
Inc.
Failure
of
Legacy
Architectures
Anti-APT for port
80 APTs
Anti-APT for
port 25 APTs
Endpoint AV
DNS protection cloud
Network AV
DNS protection for
outbound DNS
Anti-APT cloud
Internet
Enterprise Network
UTM/Blades
Limited Visibility Manual ResponseLacks Integration
Vendor 1
Vendor 2
Vendor 3
Vendor 4
Internet
ConnecMon
Malware
Intelligence
DNS Alert
Endpoint Alert
AV Alert
SMTP Alert
AV Alert
Web Alert
Web Alert
SMTP Alert
DNS Alert
AV Alert
DNS Alert
Web Alert
Endpoint Alert
- 21. Copyright
©
2015
Splunk,
Inc.
Delivering
a
Next
GeneraMon
Security
Plalorm
NATIVELY
INTEGRATED
EXTENSIBLE
AUTOMATED
THREAT
INTELLIGENCE
CLOUD
NEXT-‐GENERATION
FIREWALL
ADVANCED
ENDPOINT
PROTECTION
- 22. Copyright
©
2015
Splunk,
Inc.
Threat
Intelligence
Cloud
THREAT INTELLIGENCE
CLOUD
WildFire
Threat
Prevention
URL Filtering
Automatically identified
THE
UNKNOWN
REMEDIATION
Automatically prevented
192,000
AnM-‐malware
protecMons
per
day
24,000
URL
protecMons
per
day
12,000
DNS
protecMons
per
day
192,000
24,000
12,000
ProtecMons
delivered
automaMcally
in
15
minutes
Rich
forensics
and
reporMng
for
quick,
detailed
invesMgaMon
15
minutes
forensics
reporMng
Forensics
and Reporting
- 23. Copyright
©
2015
Splunk,
Inc.
Safely
Enable
ApplicaMons
Visibility
into
all
applicaMons
and
users
on
the
network
Remove
threats
from
wanted
traffic
Cloud
REDUCE
AND
CONTROL
RISK
FACILITATE
ACCESS
Allow
desired
applicaMons
by
user,
limit
high-‐risk
features
- 24. Copyright
©
2015
Splunk,
Inc.
Demo
of
the
Splunk
for
Palo
Alto
Networks
App
24
3
- 25. Copyright
©
2015
Splunk,
Inc.
Splunk
for
Palo
Alto
Networks
App
25
• Includes:
Technology
add-‐on,
dashboards,
form
boxes,
custom
commands
• Use
cases:
ReporMng,
trending,
incident
invesMgaMons,
interacMon
with
PAN
- 26. Copyright
©
2015
Splunk,
Inc.
Geung
the
App
•
Free
download
and
documentaMon
at
Splunk.com
>
Community
>
Apps
and
Add-‐Ons
hGp://apps.splunk.com/app/491
•
Available
on
GitHub
for
cloning
and
forking
hGps://github.com/PaloAltoNetworks-‐BD/SplunkforPaloAltoNetworks
26
- 27. Copyright
©
2015
Splunk,
Inc.
Architecture
27
Splunk
App
for
Enterprise
Security
Splunk
for
Palo
Alto
Networks
App
Splunk
Palo
Alto
Networks
Splunk
Enterprise
PAN
firewalls
Panorama
Traps
agent
Traps
server
Wildfire
- 28. Copyright
©
2015
Splunk,
Inc.
Data
Flow
if
Just
Firewalls
28
Splunk
App
for
Enterprise
Security
Splunk
for
Palo
Alto
Networks
App
Splunk
Palo
Alto
Networks
Splunk
Enterprise
PAN
firewalls
Panorama
Traps
agent
Traps
server
Wildfire
OR
- 29. Copyright
©
2015
Splunk,
Inc.
Data
Flow
if
also
Wildfire
29
Splunk
App
for
Enterprise
Security
Splunk
for
Palo
Alto
Networks
App
Splunk
Palo
Alto
Networks
Splunk
Enterprise
PAN
firewalls
Panorama
Traps
agent
Traps
server
Wildfire
- 30. Copyright
©
2015
Splunk,
Inc.
Data
Flows
if
also
Traps
30
Splunk
App
for
Enterprise
Security
Splunk
for
Palo
Alto
Networks
App
Splunk
Palo
Alto
Networks
Splunk
Enterprise
PAN
firewalls
Panorama
Traps
agent
Traps
server
Wildfire
- 31. Copyright
©
2015
Splunk,
Inc.
Data
Flows
from
Splunk
to
PAN
31
Splunk
App
for
Enterprise
Security
Splunk
for
Palo
Alto
Networks
App
Splunk
Palo
Alto
Networks
Splunk
Enterprise
PAN
firewalls
Panorama
Traps
agent
Traps
server
Wildfire
OR
- 33. Copyright
©
2015
Splunk,
Inc.
Why
Splunk
Customers
Need
Palo
Alto
Networks
Layered
defenses
with
network
and
endpoint
security
Beder
APT
detecFon
with
WildFire
and
Traps
Rich
PAN
data
enables
more
SIEM/Splunk
value
33
- 34. Copyright
©
2015
Splunk,
Inc.
34
Layered
defenses
with
a
SIEM
and
non-‐PAN
data
Beder
APT
detecFon
with
Splunk
anomaly
detecFon
and
correlaFons
Turn
PAN
IOCs
into
Splunk
searches
Why
Palo
Alto
Networks
Customers
Need
Splunk
Broader,
richer,
longer-‐
term,
more
flexible
reporFng
…and
don’t
forget
network
monitoring,
IT
opera7ons,
app
mgmt
use
cases….
- 35. Copyright
©
2015
Splunk,
Inc.
35
Improved
security
Less
costs
and
revenue
loss
Synergies/Benefits
of
Joint
SoluMon
Integrated
funcFonality
with
Splunk
for
PAN
App
and
custom
commands
- 36. Copyright
©
2015
Splunk,
Inc.
TradiMonal
SIEM
Splunk
Learn
More
About
Splunk
• If
new
user,
try
Splunk
for
free!
Ø Download
free
Splunk
at
www.splunk.com
Ø Splunk
Tutorial:
hGp://docs.splunk.com/DocumentaMon/Splunk/latest/SearchTutorial/
WelcometotheSearchTutorial
• Download
Splunk
App
for
Palo
Alto
Networks:
hGps://splunkbase.splunk.com/app/491/
• More
security
informaMon
at:
hGp://www.splunk.com/en_us/soluMons/soluMon-‐areas/security-‐and-‐fraud.html
• Contact
sales
team:
sales@splunk.com
36
- 37. Copyright
©
2015
Splunk,
Inc.
TradiMonal
SIEM
Splunk
Learn
More
About
Palo
Alto
Networks
• Watch
On-‐Demand
Demo
of
Next
GeneraMon
Firewall:
Paloaltonetworks.com
>
Resources
>
Demos
• Schedule
an
Enterprise
Risk
Report:
hdp://connect.paloaltonetworks.com/avr-‐alt
• Contact
Sales
at:
Paloaltonetworks.com
>
Contact
37
- 39. Copyright
©
2015
Splunk,
Inc.
Geung
Data
in
to
the
App
• Add
Splunk
server
IP
as
syslog
receiver
in
PAN
• Add
an
inputs.conf
stanza
in
Splunk
• E.g.
If
you
configured
the
PAN
to
send
to
UDP
514
• Edit
$SPLUNK_HOME/etc/apps/SplunkforPaloAltoNetworks/local/inputs.conf
[udp://514]
index=
pan_logs
connection_host
=
ip
sourcetype
=
pan_log
no_appending_timestamp
=
true
39