SlideShare a Scribd company logo

Analytics-Driven Security and SOAR

Download as PPTX, PDF
Splunk
Splunk

Presentation from the Partner Executive Summit, Frankfurt, 21. November 2018

Technology
1 of 25
© 2017 SPLUNK INC. Analytics-Driven Security und Security Orchestration Automation And Response Angelo Brancato CISSP, CISM, CCSK | Security Specialist, EMEA NOVEMBER 21ST, FRANKFURT AM MAIN
© 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
© 2017 SPLUNK INC. Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases O F T H E Same Data D I F F E R E N T People A S K I N G D I F F E R E N T Questions
© 2017 SPLUNK INC. Splunk was built for change from the beginning Send unstructured data from all systems, devices and people Splunk doesn’t structure your data until you start to ask it questions Suite of tools empower you to investigate, monitor and act on any data, anywhere Ideal to detect everchanging cyber attacks
THREATS ARE MORE COMPLEX AND FAR REACHING NOT CLOSING THE SKILLS GAP SECURITY TO ENABLE BUSINESS AND THE MISSION
T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
© 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
© 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps 125+ Examples, with 180+ Searches Data Onboarding Guides Content Mapping (MITRE ATT&CK, Killchain etc.) Mapping to Premium Apps On-Prem, Cloud, SaaS or Hybrid Performance at Scale Open Ecosystem Native ML/AI Integration
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps ... Many great, free Apps to solve a specific Problem
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data ASSET AND IDENTITY CORRELATION NOTABLE EVENT & INVESTIGATION THREAT INTELLIGENCE RISK ANALYSIS ADAPTIVE RESPONSE CONTENT UPDATE +
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + MATHMATICAL STATISTICAL CALCULATION ANOMALIES / PREDICTION ANALYTICS DRIVEN SECURITY Correlations and notable events EVENT & INFORMATION CORRELATION RISK
© 2017 SPLUNK INC. Event Sequencing to optimize threat detection and accelerate investigation Use Case Library for faster detection and incident response Updated Investigation Workbench to reduce time to contain and remediate .Conf2018 Release Splunk Enterprise Security 5.2
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Realm of Known Realm of Unknown
© 2017 SPLUNK INC. Splunk-to-Kafka UBA ingestion for enhanced performance and reliability User Feedback Learning to improve threat detection and anomaly customization Native UBA SSO authentication support for IAM tools .Conf2018 Release Splunk User Behavior Analytics 4.2
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + +
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Optional Optional
Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
© 2017 SPLUNK INC. SplunkSANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT Automated Malware Investigation “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” Adam Fletcher CISO, Blackstone A Phantom Case Study
© 2017 SPLUNK INC. Clustering support for scale, performance and redundancy Indicator View for improved threat analysis and hunting Integrated Splunk Search, the only SOAR platform with this capability ANNOUNCING Splunk Phantom 4.1
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
© 2017 SPLUNK INC. SPLUNK User Behavior Analytics 4.2 SPLUNK Enterprise Security 5.2 SPLUNK Phantom 4.1 Event Sequencing Accelerate Investigation User Feedback Targeted Hunting Indicator View Faster Remediation Use Case Library Container-Based Architecture Clustering Support User Management UI SECURITY PREMIUM APPS – Conf18 Releases
© 2017 SPLUNK INC. THANK YOU!

Recommended

Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaSplunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTPartner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTSplunk
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeSplunk
 
Splunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office Splunk
 
Partner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsPartner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsSplunk
 

Recommended

Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaSplunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTPartner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTSplunk
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeSplunk
 
Splunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office Splunk
 
Partner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsPartner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsSplunk
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys Splunk
 
SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia Splunk
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
Clear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkClear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkSplunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunk
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunk
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocRene Aguero
 

More Related Content

What's hot

How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys Splunk
 
SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia Splunk
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
Clear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkClear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkSplunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunk
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunk
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk
 

What's hot (20)

How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
 
SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
 
Clear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkClear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and Logs
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability Management
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
 

Similar to Analytics-Driven Security and SOAR

SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocRene Aguero
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Adam Tice
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsSplunk
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarSplunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningDigital Transformation EXPO Event Series
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunk
 

Similar to Analytics-Driven Security and SOAR (20)

SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security Session
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security Operations
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learning
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy Users
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Analytics-Driven Security and SOAR

  • 1. © 2017 SPLUNK INC. Analytics-Driven Security und Security Orchestration Automation And Response Angelo Brancato CISSP, CISM, CCSK | Security Specialist, EMEA NOVEMBER 21ST, FRANKFURT AM MAIN
  • 2. © 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 3. © 2017 SPLUNK INC. Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases O F T H E Same Data D I F F E R E N T People A S K I N G D I F F E R E N T Questions
  • 4. © 2017 SPLUNK INC. Splunk was built for change from the beginning Send unstructured data from all systems, devices and people Splunk doesn’t structure your data until you start to ask it questions Suite of tools empower you to investigate, monitor and act on any data, anywhere Ideal to detect everchanging cyber attacks
  • 5. THREATS ARE MORE COMPLEX AND FAR REACHING NOT CLOSING THE SKILLS GAP SECURITY TO ENABLE BUSINESS AND THE MISSION
  • 6. T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
  • 7. © 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
  • 8. © 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4
  • 9. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps 125+ Examples, with 180+ Searches Data Onboarding Guides Content Mapping (MITRE ATT&CK, Killchain etc.) Mapping to Premium Apps On-Prem, Cloud, SaaS or Hybrid Performance at Scale Open Ecosystem Native ML/AI Integration
  • 10. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps ... Many great, free Apps to solve a specific Problem
  • 11. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data ASSET AND IDENTITY CORRELATION NOTABLE EVENT & INVESTIGATION THREAT INTELLIGENCE RISK ANALYSIS ADAPTIVE RESPONSE CONTENT UPDATE +
  • 12. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + MATHMATICAL STATISTICAL CALCULATION ANOMALIES / PREDICTION ANALYTICS DRIVEN SECURITY Correlations and notable events EVENT & INFORMATION CORRELATION RISK
  • 13. © 2017 SPLUNK INC. Event Sequencing to optimize threat detection and accelerate investigation Use Case Library for faster detection and incident response Updated Investigation Workbench to reduce time to contain and remediate .Conf2018 Release Splunk Enterprise Security 5.2
  • 14. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Realm of Known Realm of Unknown
  • 15. © 2017 SPLUNK INC. Splunk-to-Kafka UBA ingestion for enhanced performance and reliability User Feedback Learning to improve threat detection and anomaly customization Native UBA SSO authentication support for IAM tools .Conf2018 Release Splunk User Behavior Analytics 4.2
  • 16. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + +
  • 17. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Optional Optional
  • 18. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
  • 19. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
  • 20. © 2017 SPLUNK INC. SplunkSANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT Automated Malware Investigation “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” Adam Fletcher CISO, Blackstone A Phantom Case Study
  • 21. © 2017 SPLUNK INC. Clustering support for scale, performance and redundancy Indicator View for improved threat analysis and hunting Integrated Splunk Search, the only SOAR platform with this capability ANNOUNCING Splunk Phantom 4.1
  • 22. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center
  • 23. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
  • 24. © 2017 SPLUNK INC. SPLUNK User Behavior Analytics 4.2 SPLUNK Enterprise Security 5.2 SPLUNK Phantom 4.1 Event Sequencing Accelerate Investigation User Feedback Targeted Hunting Indicator View Faster Remediation Use Case Library Container-Based Architecture Clustering Support User Management UI SECURITY PREMIUM APPS – Conf18 Releases
  • 25. © 2017 SPLUNK INC. THANK YOU!