SlideShare a Scribd company logo

SOC, Amore Mio! | Security Webinar

Splunk
Splunk

.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own. Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo. So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including: Top challenges faced in improving security posture Key KPIs implemented in order to measure success Strategies and approaches applied in the SOC How MITRE ATT&CK and Splunk Enterprise Security were utilised Next steps in their maturity journey ahead

1 of 31
Download to read offline
© 2022 SPLUNK INC.
Following .italo's Tracks to a More
Mature SOC
SOC, Amore Mio!
© 2022 SPLUNK INC.
Who am I
• I am currently working as CISO at Italo. In my previous experience, I
worked as Manager for PwC and Deloitte for several clients as
Poste Italiane, Technogym and Gamenet and before that as a
Security Engineer for Ferrovie dello Stato.
My Role
• I started in Italo in 2018 as IT Security Manager. After 1 year, Italo
established the Cyber Security Function and appointed me as CISO
with the aim to significantly increase the maturity level of cyber
security through the onboarding of both new talents as well as
outsourced security platforms and services.
My Mission
• I have been working with Splunk since I was in Ferrovie and now I
finally have the opportunity to replace the shared SIEM provided by
our external SOC with Splunk technology.
When I met Splunk
Enrico
Maresca
© 2022 SPLUNK INC.
Italo – Anniversary
Italo is an Italy OES (i.e., Operator of an Essential
Service) for high-speed rail, and the first operator in the
world to use Alstom’s new AGV train, holder of the world
speed record for wheeled rail vehicles.
PASSENGERS
100 mln
CITIES CONNECTED TO
ITALO’S NETWORK
48
STATIONS CONNECTED TO
ITALO’S NETWORK
53
DAILY CONNECTIONS
116
ITALO’S FLEET (AGV and
EVO)
51
© 2022 SPLUNK INC.
Our Corporate Security IT: people, and frameworks
Insource Outsource
IT Security Italo Layer
© 2022 SPLUNK INC.
The Italo main IT Initiatives
- Modernization and Resilience of key digital “channels” (e.g., Web
Portal, Mobile App, Ticketing Machines, ..) that are strategic for the
Italo business
- Implementation of the new CRM – MS Dynamics on Cloud
- Because of Italo must be Compliant with the NIS Directive,
implementation of a framework based on the NIST Cybersecurity
Framework and ISO 27001
© 2022 SPLUNK INC.
Our challenges to improve the Security posture
Alert noise and fatigue that, with the number of people of the Security team, make higher the
Risk to not take care of real Threats that can impact the company business
False Positive incidents versus False Negative ones that, with classic alert correlation-rules,
make Security people to spend time on not real Threats (i.e., false positive) while potential
Attacks are not detected (i.e., false negative)
Relevant Security Information access from collected Log data for Alert investigation (i.e., attack
perimeter identification, manual correlation with other generated Alerts, ..) that, with a legacy
SIEM data investigation features, make Security visibility hard to achieve quickly while this
must be maintained through ad-hoc customization
Risk protection and exposure measurement that, with technology-based Security controls,
make difficulty to report internally where we’re and where to invest (i.e., our Security roadmap)
to improve Security posture according to company industry and related attacks (e.g., MITRE
ATT&CK Security framework controls-based approach)

Recommended

Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkLeveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkSplunk
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 

More Related Content

What's hot

Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
SplunkLive! Splunk for Security
SplunkLive! Splunk for SecuritySplunkLive! Splunk for Security
SplunkLive! Splunk for SecuritySplunk
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 

What's hot (20)

Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept Overview
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilient
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
SplunkLive! Splunk for Security
SplunkLive! Splunk for SecuritySplunkLive! Splunk for Security
SplunkLive! Splunk for Security
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Soc
SocSoc
Soc
 

Similar to SOC, Amore Mio! | Security Webinar

.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of TrustDefCamp
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementAleksey Lukatskiy
 
Symantec's London vision 2014 event more details emerge on the company split
Symantec's London vision 2014 event more details emerge on the company splitSymantec's London vision 2014 event more details emerge on the company split
Symantec's London vision 2014 event more details emerge on the company splitLluis Altes
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionMarketingArrowECS_CZ
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
F_DR_Dark Reading Editorial Report_March 2022.pdf
F_DR_Dark Reading Editorial Report_March 2022.pdfF_DR_Dark Reading Editorial Report_March 2022.pdf
F_DR_Dark Reading Editorial Report_March 2022.pdfjosbjs
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud servicesComarch_Services
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?NetEnrich, Inc.
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessSplunk
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit   la transformación digital y el nuevo rol del cisoCsa summit   la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuNixu Corporation
 
Securing the Digital Lifelines: Telecom Cybersecurity Strategies
Securing the Digital Lifelines: Telecom Cybersecurity StrategiesSecuring the Digital Lifelines: Telecom Cybersecurity Strategies
Securing the Digital Lifelines: Telecom Cybersecurity StrategiesSecurityGen1
 

Similar to SOC, Amore Mio! | Security Webinar (20)

Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal template
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness Measurement
 
Symantec's London vision 2014 event more details emerge on the company split
Symantec's London vision 2014 event more details emerge on the company splitSymantec's London vision 2014 event more details emerge on the company split
Symantec's London vision 2014 event more details emerge on the company split
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Security as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud AdoptionSecurity as an Accelerator for Cloud Adoption
Security as an Accelerator for Cloud Adoption
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
F_DR_Dark Reading Editorial Report_March 2022.pdf
F_DR_Dark Reading Editorial Report_March 2022.pdfF_DR_Dark Reading Editorial Report_March 2022.pdf
F_DR_Dark Reading Editorial Report_March 2022.pdf
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud services
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit   la transformación digital y el nuevo rol del cisoCsa summit   la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
 
Securing the Digital Lifelines: Telecom Cybersecurity Strategies
Securing the Digital Lifelines: Telecom Cybersecurity StrategiesSecuring the Digital Lifelines: Telecom Cybersecurity Strategies
Securing the Digital Lifelines: Telecom Cybersecurity Strategies
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 
IT Sicherheitsgesetz 2.0
 IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0Splunk
 
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungRisikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 
IT Sicherheitsgesetz 2.0
 IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
 
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungRisikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
 

Recently uploaded

ERC Research Showcase Introduction Mark Hart
ERC Research Showcase Introduction Mark HartERC Research Showcase Introduction Mark Hart
ERC Research Showcase Introduction Mark Hartenterpriseresearchcentre
 
Construction Documents Guide: Types and Significance in 2024
Construction Documents Guide: Types and Significance in 2024Construction Documents Guide: Types and Significance in 2024
Construction Documents Guide: Types and Significance in 2024caddrafting1
 
SARomics Biostructures 2024 Company Presentation
SARomics Biostructures 2024 Company PresentationSARomics Biostructures 2024 Company Presentation
SARomics Biostructures 2024 Company PresentationSalam Al-Karadaghi
 
Suau, Lucas Project and portfolio 1 assigment 1 February 12,2024.pdf
Suau, Lucas Project and portfolio 1 assigment 1 February 12,2024.pdfSuau, Lucas Project and portfolio 1 assigment 1 February 12,2024.pdf
Suau, Lucas Project and portfolio 1 assigment 1 February 12,2024.pdfluxsuau
 
Diageo Strategy Presentation made in February 2024 CAGNY
Diageo Strategy Presentation made in February 2024 CAGNYDiageo Strategy Presentation made in February 2024 CAGNY
Diageo Strategy Presentation made in February 2024 CAGNYNeil Kimberley
 
Bloomerang - Get More Major Gifts From Donors Already Around You.pdf
Bloomerang - Get More Major Gifts From Donors Already Around You.pdfBloomerang - Get More Major Gifts From Donors Already Around You.pdf
Bloomerang - Get More Major Gifts From Donors Already Around You.pdfBloomerang
 
EAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfEAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfDarryl_Carr
 
PUBLISHING AND LITERARY NETWORKS IN THE SOUTH WEST_EBOOK_WCOVER.pdf
PUBLISHING AND LITERARY NETWORKS IN THE SOUTH WEST_EBOOK_WCOVER.pdfPUBLISHING AND LITERARY NETWORKS IN THE SOUTH WEST_EBOOK_WCOVER.pdf
PUBLISHING AND LITERARY NETWORKS IN THE SOUTH WEST_EBOOK_WCOVER.pdfUniversity of Exeter MA Publishing
 
02.22.2024 Email Options in Bloomerang.pdf
02.22.2024 Email Options in Bloomerang.pdf02.22.2024 Email Options in Bloomerang.pdf
02.22.2024 Email Options in Bloomerang.pdfBloomerang
 
Firms’ response to climate change and digital technologies – insights from an...
Firms’ response to climate change and digital technologies – insights from an...Firms’ response to climate change and digital technologies – insights from an...
Firms’ response to climate change and digital technologies – insights from an...enterpriseresearchcentre
 
Bloomerang Scaling New Heights_ Tailored Strategies for Securing Your Next-Le...
Bloomerang Scaling New Heights_ Tailored Strategies for Securing Your Next-Le...Bloomerang Scaling New Heights_ Tailored Strategies for Securing Your Next-Le...
Bloomerang Scaling New Heights_ Tailored Strategies for Securing Your Next-Le...Bloomerang
 
Rural SMEs, environmental action, and perceived opportunities - Kevin Mole
Rural SMEs, environmental action, and perceived opportunities - Kevin MoleRural SMEs, environmental action, and perceived opportunities - Kevin Mole
Rural SMEs, environmental action, and perceived opportunities - Kevin Moleenterpriseresearchcentre
 
Let’s get moving! Setting some goals Optimizing your workflow
Let’s get moving! Setting some goals Optimizing your workflowLet’s get moving! Setting some goals Optimizing your workflow
Let’s get moving! Setting some goals Optimizing your workflowngothuyanct
 
Entrepreneurship Skills, Attitude & Behavior Development
Entrepreneurship Skills, Attitude & Behavior DevelopmentEntrepreneurship Skills, Attitude & Behavior Development
Entrepreneurship Skills, Attitude & Behavior DevelopmentVisionPublisher
 
January’s Producer Price Index increases to 4.7%
January’s Producer Price Index increases to 4.7%January’s Producer Price Index increases to 4.7%
January’s Producer Price Index increases to 4.7%SABC News
 
How do UK firms make export decisions?  Eugenie Golubova
How do UK firms make export decisions?  Eugenie GolubovaHow do UK firms make export decisions?  Eugenie Golubova
How do UK firms make export decisions?  Eugenie Golubovaenterpriseresearchcentre
 
ZEOTAR EV Prince Team English Presentation
ZEOTAR EV Prince Team English PresentationZEOTAR EV Prince Team English Presentation
ZEOTAR EV Prince Team English PresentationKings Reddys
 
Lucas Ernesto Chacon-Ruiz Personal Brand
Lucas Ernesto Chacon-Ruiz Personal BrandLucas Ernesto Chacon-Ruiz Personal Brand
Lucas Ernesto Chacon-Ruiz Personal Brandlchacon2023
 
The Penta Model of Strategic Choices (summary)
The Penta Model of Strategic Choices (summary)The Penta Model of Strategic Choices (summary)
The Penta Model of Strategic Choices (summary)Mihai Ionescu
 
Monthly Social Media Update February 2024.pptx
Monthly Social Media Update February 2024.pptxMonthly Social Media Update February 2024.pptx
Monthly Social Media Update February 2024.pptxAndy Lambert
 

Recently uploaded (20)

ERC Research Showcase Introduction Mark Hart
ERC Research Showcase Introduction Mark HartERC Research Showcase Introduction Mark Hart
ERC Research Showcase Introduction Mark Hart
 
Construction Documents Guide: Types and Significance in 2024
Construction Documents Guide: Types and Significance in 2024Construction Documents Guide: Types and Significance in 2024
Construction Documents Guide: Types and Significance in 2024
 
SARomics Biostructures 2024 Company Presentation
SARomics Biostructures 2024 Company PresentationSARomics Biostructures 2024 Company Presentation
SARomics Biostructures 2024 Company Presentation
 
Suau, Lucas Project and portfolio 1 assigment 1 February 12,2024.pdf
Suau, Lucas Project and portfolio 1 assigment 1 February 12,2024.pdfSuau, Lucas Project and portfolio 1 assigment 1 February 12,2024.pdf
Suau, Lucas Project and portfolio 1 assigment 1 February 12,2024.pdf
 
Diageo Strategy Presentation made in February 2024 CAGNY
Diageo Strategy Presentation made in February 2024 CAGNYDiageo Strategy Presentation made in February 2024 CAGNY
Diageo Strategy Presentation made in February 2024 CAGNY
 
Bloomerang - Get More Major Gifts From Donors Already Around You.pdf
Bloomerang - Get More Major Gifts From Donors Already Around You.pdfBloomerang - Get More Major Gifts From Donors Already Around You.pdf
Bloomerang - Get More Major Gifts From Donors Already Around You.pdf
 
EAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdfEAPJ Vol VIII February 2024.pdf
EAPJ Vol VIII February 2024.pdf
 
PUBLISHING AND LITERARY NETWORKS IN THE SOUTH WEST_EBOOK_WCOVER.pdf
PUBLISHING AND LITERARY NETWORKS IN THE SOUTH WEST_EBOOK_WCOVER.pdfPUBLISHING AND LITERARY NETWORKS IN THE SOUTH WEST_EBOOK_WCOVER.pdf
PUBLISHING AND LITERARY NETWORKS IN THE SOUTH WEST_EBOOK_WCOVER.pdf
 
02.22.2024 Email Options in Bloomerang.pdf
02.22.2024 Email Options in Bloomerang.pdf02.22.2024 Email Options in Bloomerang.pdf
02.22.2024 Email Options in Bloomerang.pdf
 
Firms’ response to climate change and digital technologies – insights from an...
Firms’ response to climate change and digital technologies – insights from an...Firms’ response to climate change and digital technologies – insights from an...
Firms’ response to climate change and digital technologies – insights from an...
 
Bloomerang Scaling New Heights_ Tailored Strategies for Securing Your Next-Le...
Bloomerang Scaling New Heights_ Tailored Strategies for Securing Your Next-Le...Bloomerang Scaling New Heights_ Tailored Strategies for Securing Your Next-Le...
Bloomerang Scaling New Heights_ Tailored Strategies for Securing Your Next-Le...
 
Rural SMEs, environmental action, and perceived opportunities - Kevin Mole
Rural SMEs, environmental action, and perceived opportunities - Kevin MoleRural SMEs, environmental action, and perceived opportunities - Kevin Mole
Rural SMEs, environmental action, and perceived opportunities - Kevin Mole
 
Let’s get moving! Setting some goals Optimizing your workflow
Let’s get moving! Setting some goals Optimizing your workflowLet’s get moving! Setting some goals Optimizing your workflow
Let’s get moving! Setting some goals Optimizing your workflow
 
Entrepreneurship Skills, Attitude & Behavior Development
Entrepreneurship Skills, Attitude & Behavior DevelopmentEntrepreneurship Skills, Attitude & Behavior Development
Entrepreneurship Skills, Attitude & Behavior Development
 
January’s Producer Price Index increases to 4.7%
January’s Producer Price Index increases to 4.7%January’s Producer Price Index increases to 4.7%
January’s Producer Price Index increases to 4.7%
 
How do UK firms make export decisions?  Eugenie Golubova
How do UK firms make export decisions?  Eugenie GolubovaHow do UK firms make export decisions?  Eugenie Golubova
How do UK firms make export decisions?  Eugenie Golubova
 
ZEOTAR EV Prince Team English Presentation
ZEOTAR EV Prince Team English PresentationZEOTAR EV Prince Team English Presentation
ZEOTAR EV Prince Team English Presentation
 
Lucas Ernesto Chacon-Ruiz Personal Brand
Lucas Ernesto Chacon-Ruiz Personal BrandLucas Ernesto Chacon-Ruiz Personal Brand
Lucas Ernesto Chacon-Ruiz Personal Brand
 
The Penta Model of Strategic Choices (summary)
The Penta Model of Strategic Choices (summary)The Penta Model of Strategic Choices (summary)
The Penta Model of Strategic Choices (summary)
 
Monthly Social Media Update February 2024.pptx
Monthly Social Media Update February 2024.pptxMonthly Social Media Update February 2024.pptx
Monthly Social Media Update February 2024.pptx
 

SOC, Amore Mio! | Security Webinar

  • 1. © 2022 SPLUNK INC. Following .italo's Tracks to a More Mature SOC SOC, Amore Mio!
  • 2. © 2022 SPLUNK INC. Who am I • I am currently working as CISO at Italo. In my previous experience, I worked as Manager for PwC and Deloitte for several clients as Poste Italiane, Technogym and Gamenet and before that as a Security Engineer for Ferrovie dello Stato. My Role • I started in Italo in 2018 as IT Security Manager. After 1 year, Italo established the Cyber Security Function and appointed me as CISO with the aim to significantly increase the maturity level of cyber security through the onboarding of both new talents as well as outsourced security platforms and services. My Mission • I have been working with Splunk since I was in Ferrovie and now I finally have the opportunity to replace the shared SIEM provided by our external SOC with Splunk technology. When I met Splunk Enrico Maresca
  • 3. © 2022 SPLUNK INC. Italo – Anniversary Italo is an Italy OES (i.e., Operator of an Essential Service) for high-speed rail, and the first operator in the world to use Alstom’s new AGV train, holder of the world speed record for wheeled rail vehicles. PASSENGERS 100 mln CITIES CONNECTED TO ITALO’S NETWORK 48 STATIONS CONNECTED TO ITALO’S NETWORK 53 DAILY CONNECTIONS 116 ITALO’S FLEET (AGV and EVO) 51
  • 4. © 2022 SPLUNK INC. Our Corporate Security IT: people, and frameworks Insource Outsource IT Security Italo Layer
  • 5. © 2022 SPLUNK INC. The Italo main IT Initiatives - Modernization and Resilience of key digital “channels” (e.g., Web Portal, Mobile App, Ticketing Machines, ..) that are strategic for the Italo business - Implementation of the new CRM – MS Dynamics on Cloud - Because of Italo must be Compliant with the NIS Directive, implementation of a framework based on the NIST Cybersecurity Framework and ISO 27001
  • 6. © 2022 SPLUNK INC. Our challenges to improve the Security posture Alert noise and fatigue that, with the number of people of the Security team, make higher the Risk to not take care of real Threats that can impact the company business False Positive incidents versus False Negative ones that, with classic alert correlation-rules, make Security people to spend time on not real Threats (i.e., false positive) while potential Attacks are not detected (i.e., false negative) Relevant Security Information access from collected Log data for Alert investigation (i.e., attack perimeter identification, manual correlation with other generated Alerts, ..) that, with a legacy SIEM data investigation features, make Security visibility hard to achieve quickly while this must be maintained through ad-hoc customization Risk protection and exposure measurement that, with technology-based Security controls, make difficulty to report internally where we’re and where to invest (i.e., our Security roadmap) to improve Security posture according to company industry and related attacks (e.g., MITRE ATT&CK Security framework controls-based approach)
  • 7. © 2022 SPLUNK INC. An operationalizable strategy for a new desired state Alert noise and fatigue minimize both while maintaining current Security team False Positive, False Negative reduce number of positive ones while improving detection Security Information access increase threat insights view from collected Log data Risk protection and exposure drive and measure current / future Security controls according to retail industry real-World (e.g., MITRE ATT&CK) observed cyber attacks q MTTA (Mean Time to Acknowledge) q MTTC (Mean Time to Contain) q MTTR (Mean Time to Resolve) q MTTC (Mean Time to Contain) q MTTD (Mean Time to Detect) q MTTC (Mean Time to Contain) q MTTR (Mean Time to Resolve) ü TTP (Tactics, Techniques, and Procedures) ü KSI (Key Security Indicators) min 50% of improvement
  • 8. © 2022 SPLUNK INC. Why it’s so hard and challenging? Complex IT Landscape collecting data from X technologies we have to protect is complex Data Quality ensuring that the RIGHT data for analytics is arriving from the source is key Trust but Verify we want to consume out-of-the-box analytics - but we want to be able to understand it, adjust it and verify the logic is the right one for our environment Nosy MITRE ATT&CK Techniques some techniques used by hackers are very noisy - prioritization and response strategy needed
  • 9. © 2022 SPLUNK INC. The Solution to improve Italo Security Italo SOC Team
  • 10. © 2022 SPLUNK INC. MITRE ATT&CK • ATT&CK: Adversarial Tactics, Techniques, and Common Knowledge. • Tactics: represent the “why” of an ATT&CK technique or sub-technique. It is the adversary’s tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access. (ROWs in ATT&CK matrix) • Techniques: represent “how” an adversary achieves a tactical goal by performing an action. For example, an adversary may dump credentials to achieve credential access. (COLUMNs in ATT&CK matrix) • Sub-techniques: are a more specific description of the adversarial behaviour used to achieve a goal. They describe behaviour at a lower level than a technique. For example, an adversary may dump credentials by accessing the Local Security Authority (LSA) Secrets. Few things you need to know
  • 12. © 2022 SPLUNK INC. https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technical-s05-att&cking-fin7.pdf
  • 13. © 2022 SPLUNK INC. Techniques used by APT Groups in ATT&CK I can’t spend 3 million Euros on writing detections for all these different attacks.
  • 14. © 2022 SPLUNK INC. Operationalization of MITRE framework to Detect Cyber Threat, and to Measure the company Risk exposure
  • 15. © 2022 SPLUNK INC. Risk Exposure: Manufacturing Analysis What should I care about, if I am a Manufacturing customer?
  • 16. © 2022 SPLUNK INC. Evil Corp Log Sources Firewall Logs Proxy Logs Windows Server Logs Router & Switch Logs Linux Server Logs Other 40% 18% 12% 10% 10% 10% > 5% Detections 50% Detections 15% Detections > 1% Detections 10% Detections Windows Server Logs DNS Logs Proxy Logs Linux Server Logs Firewall Logs Other 40% 18% 12% 10% 10% 10% Log Sources based on Detection Strategy. Makes Sense.
  • 17. © 2022 SPLUNK INC. Goal Contextualized Detection Strategy N Data source is targeted by uses logged in is detected by is needed for I think I can present that Detection Strategy to the Board. Transportation Industry Y Techniqu e Z Detection s X Group s
  • 18. © 2022 SPLUNK INC. Leveraging MITRE ATT&CK with Splunk MITRE Att&ck Tactics and Techniques Data Sources Detection Rules
  • 19. © 2022 SPLUNK INC. Operationalization of MITRE ATT&CK with Splunk The “Security Consultant” of SSE on top of Splunk ES
  • 20. © 2022 SPLUNK INC. Built-in Filtering
  • 21. © 2022 SPLUNK INC. Stop the attacks at the beginning of the chain Visibility in case of attacks that had success
  • 22. © 2022 SPLUNK INC. Windows Security Drill down Data introspection of SSE to drive Alerts activation based on coming Log quality
  • 23. © 2022 SPLUNK INC. Network communication Drill down Data introspection of SSE to drive Alerts activation based on coming Log quality
  • 24. © 2022 SPLUNK INC. Cyber Threat Detection filtered for the Transportation Industry and used for the Splunk ES pilot
  • 25. © 2022 SPLUNK INC. Extended Data Sources selection for Transportation Industry, and its Risk-protection coverage
  • 26. © 2022 SPLUNK INC. Benefit of Risk-based alerting provided by Splunk
  • 28. © 2022 SPLUNK INC. Aggregated view of all elements of an alert
  • 29. © 2022 SPLUNK INC. Italo Executive Security view, Risk exposure metrics
  • 30. © 2022 SPLUNK INC. Wrap Up & Key Benefits • Tailored solution: Splunk SIEM design based on real MITRE ATT&CK context specific to the transportation industry, leveraging the native MITRE framework integration in Splunk • Clear risk exposure: in any moment in time the real risk exposure is represented in clear and measurable shape, by dedicated dashboard views, in order to drive the right business decisions in a timely manner • SOC Efficiency : SOC Analyst aren’t overwhelmed by hundreds of alerts per day by leveraging the Risk Based Alerting feature of Splunk, which provide smart aggregation and scoring to bring only the high-fidelity Alerts to the Analyst attention • Time Efficiency: Splunk SIEM and MITRE framework design grant NTV Security Team the ability to take the most effective decisions in timely manner, drastically reducing the MTTD/MTTR from hours/days to minutes
  • 31. © 2022 SPLUNK INC. Our journey with the support of Splunk Monitoring IT Operations MITRE approach to SIEM Security SOC evolution with Splunk SOAR Security Evolution Today