SlideShare a Scribd company logo

Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response

Download as PPTX, PDF
Splunk
Splunk

Presentation slides from Splunk Discovery held in Köln on January 17th 2020.

Technology
1 of 39
© 2019 SPLUNK INC. Splunk Incident Response, Orchestrierung und Automation Splunk Discovery Köln 17. Januar 2020
During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2019 SPLUNK INC.
© 2019 SPLUNK INC. Beate Passul Senior Sales Engineer
© 2019 SPLUNK INC. Security Operations Practices Need to Change • Too Many Alerts • Not Enough Insights • Too Many • No Integration • Attracting • Training • Retaining Incident Response Tools Skills • Orchestration & Automation • Horizontal & Vertical Scale
© 2019 SPLUNK INC. Incident Response Challenge
© 2019 SPLUNK INC. Incident Response Takes Significant Time Source: SANS 2017 Incident Response Survey 1-3 months 2–7 days Time from Compromise To Detection Time from Detection To Containment Time from Containment To Remediation
© 2019 SPLUNK INC. Where Does Your Time Go? When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
© 2019 SPLUNK INC. Time-to-Contain + Time-to-Remediate = 86% When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
© 2019 SPLUNK INC. Tools
© 2019 SPLUNK INC. Poll #1 How many security tools and technologies does your company use? • < 10 • 10–25 • 26–50 • 51–75+
© 2019 SPLUNK INC. Tools and Technologies Galore TOO MANY TOOLS On average, organizations are using between 25 and 30 different security technologies and services. Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
© 2019 SPLUNK INC. Skills and Scale Orchestration and Automation
© 2019 SPLUNK INC. Orchestration vs. Automation Orchestration • Security Orchestration is the machine-based coordination of security actions across tools and technologies. • Brings together or integrates different technologies and tools • Provides the ability to coordinate informed decision making, formalize and automate responsive actions Automation • Security Automation is the machine-based execution of security actions. • Focus is on how to make machines do task-oriented "human work” • Improve repetitive work, with high confidence in the outcome • Allows multiple tasks or "playbooks" to potentially execute numerous tasks
© 2019 SPLUNK INC. Poll #2 Do you use Security Orchestration Automation and Response (SOAR)?
© 2019 SPLUNK INC. SOAR Maestro App actions App actions App actions App actions App actions App actions App actions App actions App actions App actions Playbook
© 2019 SPLUNK INC. Automation & Orchestration Adoption Growing Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
© 2019 SPLUNK INC. Security Nerve Center Overview
© 2019 SPLUNK INC. Security Nerve Center Orient Observe Decide Act Network Identity & Access Threat Intelligence Mobile EndpointsCloud Security WAF & App Security Web Proxy Firewall Analytics Orchestration
© 2019 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
© 2019 SPLUNK INC. Adaptive Operations Framework Mission • Deeply integrate with the best security technologies to improve cyber defenses and maximize operational efficiency. Approach • Gather, analyze, share, and take action using end-to-end context across across multiple security domains. Partner ecosystem enables the Security Nerve Center Network Identity & Access Threat Intelligence EndpointsCloud Security WAF & App Security Web Proxy Firewall Operations Data / Analytics Splunk Phantom Apps & Playbooks Splunk Enterprise Security Adaptive Response Actions Splunkbase Apps & Add-Ons 240+ Integrations / 1,200+ APIs
© 2019 SPLUNK INC. Phantom Security Operations
© 2019 SPLUNK INC. Operationalizing Security Integrate your team, processes, and tools together. • Work smarter by automating repetitive tasks allowing analysts to focus on more mission-critical tasks. • Respond faster and reduce dwell times with automated detection, investigation, and response. • Strengthen defenses by integrating existing security infrastructure together so that each part is an active participant. With Phantom Automation Event Management
© 2019 SPLUNK INC. Automation • Automate repetitive tasks to force multiply team efforts. • Execute automated actions in seconds versus hours. • Pre-fetch intelligence to support decision making. Automation Event Management
© 2019 SPLUNK INC. Orchestration • Coordinate complex workflows across your SOC. • 200+ Apps & growing • 1000+ API’s Automation Event Management
© 2019 SPLUNK INC. Case Management • Create case templates that replicate your SOPs. • Manage your response to threats with precision. • Embed automation within a case task. Automation Event Management
© 2019 SPLUNK INC. How it Works Automated Malware Investigation • “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” — Adam Fletcher, CISO A Phantom Case Study SANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT
© 2019 SPLUNK INC. Demo
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2 0 1 9 S P L U N K I N C . Splunk Phantom on your mobile device • Phantom on Splunk Mobile brings the power of Phantom security orchestration, automation, and response (SOAR) capabilities to your mobile device. • No need to open your laptop. Orchestrate security operations from the palm of your hand. • Respond faster than ever before, because you’re reachable from anywhere. • Run playbooks, triage events, and collaborate with colleagues – all on-the-go.
© 2019 SPLUNK INC. Key Takeaways Splunk offers options to accelerate incident response with orchestration and automation 1) Use Phantom with Splunk or Splunk Enterprise Security to accelerate Incident Investigation and Response 2) Use Adaptive Operations Framework to realize your security nerve center 3) Splunk offers market proven, comprehensive solutions for Incident Response 4) Use with all Security domains and related IT domains to solve incident response use cases and more
© 2019 SPLUNK INC. Join our community get access to playbooks and app integrations https://my.phantom.us
© 2019 SPLUNK INC. Agenda Splunk Discovery Köln 17. Januar 2020 09:00–10:30 Keynote und Demo – Die Data-to-Everything Plattform 10:30–11:00 Pause Tech Track (Jupiter I+II) Business Track (Saturn I+II) 11:00–11:45 Mit der Splunk Plattform Daten in Mehrwert umwandeln ROI in Datenprojekten (in English) 11:45–12:30 Abenteuer bei Monitoring und Troubleshooting Kunden Use Cases 12:30–13:30 Mittagessen 13:30–14:15 Security Analytics Methoden Die Zukunft von Security Operations 14:15–15:00 Splunk Incident Response, Orchestrierung und Automation Die Zukunft von ITOA – von Monitoring zu Observability 15:00–15:30 Pause 15:30–16:15 Kunden Use Case: TÜV Trust IT 16:15–17:00 Networking Drinks
Thank You © 2019 SPLUNK INC.

Recommended

Splunk Discovery Köln - 17-01-2020 - Splunk for ITOps
Splunk Discovery Köln - 17-01-2020 - Splunk for ITOpsSplunk Discovery Köln - 17-01-2020 - Splunk for ITOps
Splunk Discovery Köln - 17-01-2020 - Splunk for ITOpsSplunk
 
Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Splunk
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Splunk AI & Machine Learning Roundtable 2019 - Zurich
Splunk AI & Machine Learning Roundtable 2019 - ZurichSplunk AI & Machine Learning Roundtable 2019 - Zurich
Splunk AI & Machine Learning Roundtable 2019 - ZurichSplunk
 
Splunk Platform 2020 & Beyond
Splunk Platform 2020 & Beyond Splunk Platform 2020 & Beyond
Splunk Platform 2020 & Beyond Splunk
 
The Risks and Rewards of AI
The Risks and Rewards of AIThe Risks and Rewards of AI
The Risks and Rewards of AISplunk
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & OrchestrationSplunk
 

Recommended

Splunk Discovery Köln - 17-01-2020 - Splunk for ITOps
Splunk Discovery Köln - 17-01-2020 - Splunk for ITOpsSplunk Discovery Köln - 17-01-2020 - Splunk for ITOps
Splunk Discovery Köln - 17-01-2020 - Splunk for ITOpsSplunk
 
Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Splunk
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Splunk AI & Machine Learning Roundtable 2019 - Zurich
Splunk AI & Machine Learning Roundtable 2019 - ZurichSplunk AI & Machine Learning Roundtable 2019 - Zurich
Splunk AI & Machine Learning Roundtable 2019 - ZurichSplunk
 
Splunk Platform 2020 & Beyond
Splunk Platform 2020 & Beyond Splunk Platform 2020 & Beyond
Splunk Platform 2020 & Beyond Splunk
 
The Risks and Rewards of AI
The Risks and Rewards of AIThe Risks and Rewards of AI
The Risks and Rewards of AISplunk
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & OrchestrationSplunk
 
Machine Learning and Social Good
Machine Learning and Social GoodMachine Learning and Social Good
Machine Learning and Social GoodSplunk
 
Manufacturing Webinar AMS
Manufacturing Webinar AMSManufacturing Webinar AMS
Manufacturing Webinar AMSSplunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys Splunk
 
IoT Analytics @ splunk
IoT Analytics @ splunkIoT Analytics @ splunk
IoT Analytics @ splunkSplunk
 
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?Splunk
 
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business OutcomesSplunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business OutcomesSplunk
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk
 
The Top 10 Glasstable Design Principles to Boost Your Career and Your Business
The Top 10 Glasstable Design Principles to Boost Your Career and Your BusinessThe Top 10 Glasstable Design Principles to Boost Your Career and Your Business
The Top 10 Glasstable Design Principles to Boost Your Career and Your BusinessSplunk
 
How to justify the economic value of your data investment
How to justify the economic value of your data investmentHow to justify the economic value of your data investment
How to justify the economic value of your data investmentSplunk
 
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Splunk
 
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics MethodsSpliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics MethodsSplunk
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkLeveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkSplunk
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Splunk
 
Extending Splunk to Business Use Cases With Automated Process Mining
Extending Splunk to Business Use Cases With Automated Process MiningExtending Splunk to Business Use Cases With Automated Process Mining
Extending Splunk to Business Use Cases With Automated Process MiningSplunk
 
Turning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk PlatformTurning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk PlatformSplunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderSplunk
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseSplunk
 
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...Splunk
 
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationSplunk
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Splunk
 

More Related Content

What's hot

Machine Learning and Social Good
Machine Learning and Social GoodMachine Learning and Social Good
Machine Learning and Social GoodSplunk
 
Manufacturing Webinar AMS
Manufacturing Webinar AMSManufacturing Webinar AMS
Manufacturing Webinar AMSSplunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys Splunk
 
IoT Analytics @ splunk
IoT Analytics @ splunkIoT Analytics @ splunk
IoT Analytics @ splunkSplunk
 
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?Splunk
 
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business OutcomesSplunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business OutcomesSplunk
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk
 
The Top 10 Glasstable Design Principles to Boost Your Career and Your Business
The Top 10 Glasstable Design Principles to Boost Your Career and Your BusinessThe Top 10 Glasstable Design Principles to Boost Your Career and Your Business
The Top 10 Glasstable Design Principles to Boost Your Career and Your BusinessSplunk
 
How to justify the economic value of your data investment
How to justify the economic value of your data investmentHow to justify the economic value of your data investment
How to justify the economic value of your data investmentSplunk
 
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Splunk
 
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics MethodsSpliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics MethodsSplunk
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkLeveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkSplunk
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Splunk
 
Extending Splunk to Business Use Cases With Automated Process Mining
Extending Splunk to Business Use Cases With Automated Process MiningExtending Splunk to Business Use Cases With Automated Process Mining
Extending Splunk to Business Use Cases With Automated Process MiningSplunk
 
Turning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk PlatformTurning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk PlatformSplunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderSplunk
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseSplunk
 
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...Splunk
 

What's hot (20)

Machine Learning and Social Good
Machine Learning and Social GoodMachine Learning and Social Good
Machine Learning and Social Good
 
Manufacturing Webinar AMS
Manufacturing Webinar AMSManufacturing Webinar AMS
Manufacturing Webinar AMS
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
 
IoT Analytics @ splunk
IoT Analytics @ splunkIoT Analytics @ splunk
IoT Analytics @ splunk
 
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
 
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business OutcomesSplunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning Webinar
 
The Top 10 Glasstable Design Principles to Boost Your Career and Your Business
The Top 10 Glasstable Design Principles to Boost Your Career and Your BusinessThe Top 10 Glasstable Design Principles to Boost Your Career and Your Business
The Top 10 Glasstable Design Principles to Boost Your Career and Your Business
 
How to justify the economic value of your data investment
How to justify the economic value of your data investmentHow to justify the economic value of your data investment
How to justify the economic value of your data investment
 
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
 
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics MethodsSpliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkLeveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
 
Extending Splunk to Business Use Cases With Automated Process Mining
Extending Splunk to Business Use Cases With Automated Process MiningExtending Splunk to Business Use Cases With Automated Process Mining
Extending Splunk to Business Use Cases With Automated Process Mining
 
Turning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk PlatformTurning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk Platform
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
 
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
 

Similar to Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response

Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationSplunk
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Splunk
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Splunk
 
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und AutomationSplunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und AutomationSplunk
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecuritySplunk
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Splunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessSplunk
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019Rod Soto
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARSplunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in ActionSplunk
 

Similar to Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response (20)

Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
 
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und AutomationSplunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und Automation
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in Action
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response

  • 1. © 2019 SPLUNK INC. Splunk Incident Response, Orchestrierung und Automation Splunk Discovery Köln 17. Januar 2020
  • 2. During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2019 SPLUNK INC.
  • 3. © 2019 SPLUNK INC. Beate Passul Senior Sales Engineer
  • 4. © 2019 SPLUNK INC. Security Operations Practices Need to Change • Too Many Alerts • Not Enough Insights • Too Many • No Integration • Attracting • Training • Retaining Incident Response Tools Skills • Orchestration & Automation • Horizontal & Vertical Scale
  • 5. © 2019 SPLUNK INC. Incident Response Challenge
  • 6. © 2019 SPLUNK INC. Incident Response Takes Significant Time Source: SANS 2017 Incident Response Survey 1-3 months 2–7 days Time from Compromise To Detection Time from Detection To Containment Time from Containment To Remediation
  • 7. © 2019 SPLUNK INC. Where Does Your Time Go? When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
  • 8. © 2019 SPLUNK INC. Time-to-Contain + Time-to-Remediate = 86% When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
  • 9. © 2019 SPLUNK INC. Tools
  • 10. © 2019 SPLUNK INC. Poll #1 How many security tools and technologies does your company use? • < 10 • 10–25 • 26–50 • 51–75+
  • 11. © 2019 SPLUNK INC. Tools and Technologies Galore TOO MANY TOOLS On average, organizations are using between 25 and 30 different security technologies and services. Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
  • 12. © 2019 SPLUNK INC. Skills and Scale Orchestration and Automation
  • 13. © 2019 SPLUNK INC. Orchestration vs. Automation Orchestration • Security Orchestration is the machine-based coordination of security actions across tools and technologies. • Brings together or integrates different technologies and tools • Provides the ability to coordinate informed decision making, formalize and automate responsive actions Automation • Security Automation is the machine-based execution of security actions. • Focus is on how to make machines do task-oriented "human work” • Improve repetitive work, with high confidence in the outcome • Allows multiple tasks or "playbooks" to potentially execute numerous tasks
  • 14. © 2019 SPLUNK INC. Poll #2 Do you use Security Orchestration Automation and Response (SOAR)?
  • 15. © 2019 SPLUNK INC. SOAR Maestro App actions App actions App actions App actions App actions App actions App actions App actions App actions App actions Playbook
  • 16. © 2019 SPLUNK INC. Automation & Orchestration Adoption Growing Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
  • 17. © 2019 SPLUNK INC. Security Nerve Center Overview
  • 18. © 2019 SPLUNK INC. Security Nerve Center Orient Observe Decide Act Network Identity & Access Threat Intelligence Mobile EndpointsCloud Security WAF & App Security Web Proxy Firewall Analytics Orchestration
  • 19. © 2019 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
  • 20. © 2019 SPLUNK INC. Adaptive Operations Framework Mission • Deeply integrate with the best security technologies to improve cyber defenses and maximize operational efficiency. Approach • Gather, analyze, share, and take action using end-to-end context across across multiple security domains. Partner ecosystem enables the Security Nerve Center Network Identity & Access Threat Intelligence EndpointsCloud Security WAF & App Security Web Proxy Firewall Operations Data / Analytics Splunk Phantom Apps & Playbooks Splunk Enterprise Security Adaptive Response Actions Splunkbase Apps & Add-Ons 240+ Integrations / 1,200+ APIs
  • 21. © 2019 SPLUNK INC. Phantom Security Operations
  • 22. © 2019 SPLUNK INC. Operationalizing Security Integrate your team, processes, and tools together. • Work smarter by automating repetitive tasks allowing analysts to focus on more mission-critical tasks. • Respond faster and reduce dwell times with automated detection, investigation, and response. • Strengthen defenses by integrating existing security infrastructure together so that each part is an active participant. With Phantom Automation Event Management
  • 23. © 2019 SPLUNK INC. Automation • Automate repetitive tasks to force multiply team efforts. • Execute automated actions in seconds versus hours. • Pre-fetch intelligence to support decision making. Automation Event Management
  • 24. © 2019 SPLUNK INC. Orchestration • Coordinate complex workflows across your SOC. • 200+ Apps & growing • 1000+ API’s Automation Event Management
  • 25. © 2019 SPLUNK INC. Case Management • Create case templates that replicate your SOPs. • Manage your response to threats with precision. • Embed automation within a case task. Automation Event Management
  • 26. © 2019 SPLUNK INC. How it Works Automated Malware Investigation • “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” — Adam Fletcher, CISO A Phantom Case Study SANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT
  • 27. © 2019 SPLUNK INC. Demo
  • 35. © 2 0 1 9 S P L U N K I N C . Splunk Phantom on your mobile device • Phantom on Splunk Mobile brings the power of Phantom security orchestration, automation, and response (SOAR) capabilities to your mobile device. • No need to open your laptop. Orchestrate security operations from the palm of your hand. • Respond faster than ever before, because you’re reachable from anywhere. • Run playbooks, triage events, and collaborate with colleagues – all on-the-go.
  • 36. © 2019 SPLUNK INC. Key Takeaways Splunk offers options to accelerate incident response with orchestration and automation 1) Use Phantom with Splunk or Splunk Enterprise Security to accelerate Incident Investigation and Response 2) Use Adaptive Operations Framework to realize your security nerve center 3) Splunk offers market proven, comprehensive solutions for Incident Response 4) Use with all Security domains and related IT domains to solve incident response use cases and more
  • 37. © 2019 SPLUNK INC. Join our community get access to playbooks and app integrations https://my.phantom.us
  • 38. © 2019 SPLUNK INC. Agenda Splunk Discovery Köln 17. Januar 2020 09:00–10:30 Keynote und Demo – Die Data-to-Everything Plattform 10:30–11:00 Pause Tech Track (Jupiter I+II) Business Track (Saturn I+II) 11:00–11:45 Mit der Splunk Plattform Daten in Mehrwert umwandeln ROI in Datenprojekten (in English) 11:45–12:30 Abenteuer bei Monitoring und Troubleshooting Kunden Use Cases 12:30–13:30 Mittagessen 13:30–14:15 Security Analytics Methoden Die Zukunft von Security Operations 14:15–15:00 Splunk Incident Response, Orchestrierung und Automation Die Zukunft von ITOA – von Monitoring zu Observability 15:00–15:30 Pause 15:30–16:15 Kunden Use Case: TÜV Trust IT 16:15–17:00 Networking Drinks
  • 39. Thank You © 2019 SPLUNK INC.