SlideShare a Scribd company logo

Splunk Security Session - .conf Go Köln

Splunk
Splunk

Here are the slides from Splunk's security session at .conf Go Köln.

1 of 54
Download to read offline
© 2022 SPLUNK INC.
Security
Session
15. November, Köln
© 2022 SPLUNK INC.
© 2019 SPLUNK INC.
Matthias Maier
Product Marketing Director for Security in EMEA
Experience
• Since 02.2013 @Splunk
• Former LogLogic/TIBCO, McAfee/Intel Security
• CEH, CISSP, CISM
© 2022 SPLUNK INC.
Agenda
Cyber Security
Trends
Trends in Security
Operations
The Splunk
Approach
Security Product &
Solution Update
My Top 3
Security
Breakouts
Next Steps!
© 2022 SPLUNK INC.
© 2022 SPLUNK INC.
Double
Triple Extortion
Ransomware
(Dreifach Bestrafung)
1989; Mid 2000 until Today
Finland Mental Health Triple Extortion
Allianz Global Corporate & Speciality

Recommended

Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...More Than Monitoring: How Observability Takes You From Firefighting to Fire P...
More Than Monitoring: How Observability Takes You From Firefighting to Fire P...DevOps.com
 
Splunk for Enterprise Security and User Behavior Analytics
 Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 

More Related Content

What's hot

Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical OverviewDavid Lutz
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & OrchestrationSplunk
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...Splunk
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overviewAlex Fok
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Elastic Observability
Elastic Observability Elastic Observability
Elastic Observability FaithWestdorp
 
Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Splunk
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)Nadim Kadiwala
 

What's hot (20)

Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEM
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
Splunk Architecture overview
Splunk Architecture overviewSplunk Architecture overview
Splunk Architecture overview
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
Elastic Observability
Elastic Observability Elastic Observability
Elastic Observability
 
Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?Do You Really Need to Evolve From Monitoring to Observability?
Do You Really Need to Evolve From Monitoring to Observability?
 
Apache Metron: Community Driven Cyber Security
Apache Metron: Community Driven Cyber Security Apache Metron: Community Driven Cyber Security
Apache Metron: Community Driven Cyber Security
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)
 

Similar to Splunk Security Session - .conf Go Köln

Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfUlf Thornander
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunk
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group   2020-06-01Splunk bangalore user group   2020-06-01
Splunk bangalore user group 2020-06-01NiketNilay
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessSplunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderSplunk
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Splunk
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Erin Sweeney
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03NiketNilay
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 

Similar to Splunk Security Session - .conf Go Köln (20)

Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group   2020-06-01Splunk bangalore user group   2020-06-01
Splunk bangalore user group 2020-06-01
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk Discovery Köln - 17-01-2020 - Willkommen!
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOps
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 
IT Sicherheitsgesetz 2.0
 IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0Splunk
 
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungRisikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 
IT Sicherheitsgesetz 2.0
 IT Sicherheitsgesetz 2.0 IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
 
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der AngriffserkennungRisikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
 

Recently uploaded

02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdfBloomerang
 
flutter_bootcamp_MUGDSC_Presentation.pptx
flutter_bootcamp_MUGDSC_Presentation.pptxflutter_bootcamp_MUGDSC_Presentation.pptx
flutter_bootcamp_MUGDSC_Presentation.pptxRakshaAgrawal21
 
Cracking the Leadership Shadow Code.pptx
Cracking the Leadership Shadow Code.pptxCracking the Leadership Shadow Code.pptx
Cracking the Leadership Shadow Code.pptxWorkforce Group
 
SD-WAN_MoD.pptx for SD WAN networks connectivity
SD-WAN_MoD.pptx for SD WAN networks connectivitySD-WAN_MoD.pptx for SD WAN networks connectivity
SD-WAN_MoD.pptx for SD WAN networks connectivitybayusch
 
Session 1 Intro & InoVet it - JAX Bridges
Session 1 Intro & InoVet it - JAX BridgesSession 1 Intro & InoVet it - JAX Bridges
Session 1 Intro & InoVet it - JAX BridgesAnamaria Contreras
 
SYY CAGNY 2024 PRESENTATION (February 20, 2024)
SYY CAGNY 2024 PRESENTATION (February 20, 2024)SYY CAGNY 2024 PRESENTATION (February 20, 2024)
SYY CAGNY 2024 PRESENTATION (February 20, 2024)SYYIR
 
Ivan Verkalets: The Relevance of ISO 9001 & 27001 for Outsourcing Excellence ...
Ivan Verkalets: The Relevance of ISO 9001 & 27001 for Outsourcing Excellence ...Ivan Verkalets: The Relevance of ISO 9001 & 27001 for Outsourcing Excellence ...
Ivan Verkalets: The Relevance of ISO 9001 & 27001 for Outsourcing Excellence ...Lviv Startup Club
 
02.22.2024 Email Options in Bloomerang.pdf
02.22.2024 Email Options in Bloomerang.pdf02.22.2024 Email Options in Bloomerang.pdf
02.22.2024 Email Options in Bloomerang.pdfBloomerang
 
FICCI Monthly Bulletin February 2024.pdf
FICCI  Monthly Bulletin February 2024.pdfFICCI  Monthly Bulletin February 2024.pdf
FICCI Monthly Bulletin February 2024.pdfsubarnamostafa1
 
Miller Coors Presentation at CAGNY Feb 2024
Miller Coors Presentation at CAGNY Feb 2024Miller Coors Presentation at CAGNY Feb 2024
Miller Coors Presentation at CAGNY Feb 2024Neil Kimberley
 
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...Supavadee(Noi) Tantiyanon
 
Your Expert Guide to CX Orchestration & Enhancing Customer Journeys
Your Expert Guide to CX Orchestration & Enhancing Customer JourneysYour Expert Guide to CX Orchestration & Enhancing Customer Journeys
Your Expert Guide to CX Orchestration & Enhancing Customer JourneysAggregage
 
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...TalentView
 
2024-02 Augusta Gold Corporate Presentation
2024-02 Augusta Gold Corporate Presentation2024-02 Augusta Gold Corporate Presentation
2024-02 Augusta Gold Corporate Presentationsimonecapitalcorp
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Construction Documents Guide: Types and Significance in 2024
Construction Documents Guide: Types and Significance in 2024Construction Documents Guide: Types and Significance in 2024
Construction Documents Guide: Types and Significance in 2024caddrafting1
 
SARomics Biostructures 2024 Company Presentation
SARomics Biostructures 2024 Company PresentationSARomics Biostructures 2024 Company Presentation
SARomics Biostructures 2024 Company PresentationSalam Al-Karadaghi
 
Questions to Answer to Prepare for Zero Budget Marketing .docx
Questions to Answer to Prepare for Zero Budget Marketing .docxQuestions to Answer to Prepare for Zero Budget Marketing .docx
Questions to Answer to Prepare for Zero Budget Marketing .docxPrecious Mvulane CA (SA),RA
 
Clean/Renewable Energy Virtual Investor Conference
Clean/Renewable Energy Virtual Investor ConferenceClean/Renewable Energy Virtual Investor Conference
Clean/Renewable Energy Virtual Investor ConferenceMarketing847413
 

Recently uploaded (20)

02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf02.20 Webinar - Online Giving Trends.pdf
02.20 Webinar - Online Giving Trends.pdf
 
flutter_bootcamp_MUGDSC_Presentation.pptx
flutter_bootcamp_MUGDSC_Presentation.pptxflutter_bootcamp_MUGDSC_Presentation.pptx
flutter_bootcamp_MUGDSC_Presentation.pptx
 
Cracking the Leadership Shadow Code.pptx
Cracking the Leadership Shadow Code.pptxCracking the Leadership Shadow Code.pptx
Cracking the Leadership Shadow Code.pptx
 
SD-WAN_MoD.pptx for SD WAN networks connectivity
SD-WAN_MoD.pptx for SD WAN networks connectivitySD-WAN_MoD.pptx for SD WAN networks connectivity
SD-WAN_MoD.pptx for SD WAN networks connectivity
 
Session 1 Intro & InoVet it - JAX Bridges
Session 1 Intro & InoVet it - JAX BridgesSession 1 Intro & InoVet it - JAX Bridges
Session 1 Intro & InoVet it - JAX Bridges
 
SYY CAGNY 2024 PRESENTATION (February 20, 2024)
SYY CAGNY 2024 PRESENTATION (February 20, 2024)SYY CAGNY 2024 PRESENTATION (February 20, 2024)
SYY CAGNY 2024 PRESENTATION (February 20, 2024)
 
Ivan Verkalets: The Relevance of ISO 9001 & 27001 for Outsourcing Excellence ...
Ivan Verkalets: The Relevance of ISO 9001 & 27001 for Outsourcing Excellence ...Ivan Verkalets: The Relevance of ISO 9001 & 27001 for Outsourcing Excellence ...
Ivan Verkalets: The Relevance of ISO 9001 & 27001 for Outsourcing Excellence ...
 
02.22.2024 Email Options in Bloomerang.pdf
02.22.2024 Email Options in Bloomerang.pdf02.22.2024 Email Options in Bloomerang.pdf
02.22.2024 Email Options in Bloomerang.pdf
 
FICCI Monthly Bulletin February 2024.pdf
FICCI  Monthly Bulletin February 2024.pdfFICCI  Monthly Bulletin February 2024.pdf
FICCI Monthly Bulletin February 2024.pdf
 
Miller Coors Presentation at CAGNY Feb 2024
Miller Coors Presentation at CAGNY Feb 2024Miller Coors Presentation at CAGNY Feb 2024
Miller Coors Presentation at CAGNY Feb 2024
 
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
Decoding Generative AI-AI Playbook for Marketing Students_UPower DUGA_Supavad...
 
2024 Calendar-eXperience MattersThailand
2024 Calendar-eXperience MattersThailand2024 Calendar-eXperience MattersThailand
2024 Calendar-eXperience MattersThailand
 
Your Expert Guide to CX Orchestration & Enhancing Customer Journeys
Your Expert Guide to CX Orchestration & Enhancing Customer JourneysYour Expert Guide to CX Orchestration & Enhancing Customer Journeys
Your Expert Guide to CX Orchestration & Enhancing Customer Journeys
 
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
Digital Demo Day : Mastering High Volume Recruitment: Leveraging Language Ass...
 
2024-02 Augusta Gold Corporate Presentation
2024-02 Augusta Gold Corporate Presentation2024-02 Augusta Gold Corporate Presentation
2024-02 Augusta Gold Corporate Presentation
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Construction Documents Guide: Types and Significance in 2024
Construction Documents Guide: Types and Significance in 2024Construction Documents Guide: Types and Significance in 2024
Construction Documents Guide: Types and Significance in 2024
 
SARomics Biostructures 2024 Company Presentation
SARomics Biostructures 2024 Company PresentationSARomics Biostructures 2024 Company Presentation
SARomics Biostructures 2024 Company Presentation
 
Questions to Answer to Prepare for Zero Budget Marketing .docx
Questions to Answer to Prepare for Zero Budget Marketing .docxQuestions to Answer to Prepare for Zero Budget Marketing .docx
Questions to Answer to Prepare for Zero Budget Marketing .docx
 
Clean/Renewable Energy Virtual Investor Conference
Clean/Renewable Energy Virtual Investor ConferenceClean/Renewable Energy Virtual Investor Conference
Clean/Renewable Energy Virtual Investor Conference
 

Splunk Security Session - .conf Go Köln

  • 1. © 2022 SPLUNK INC. Security Session 15. November, Köln
  • 3. © 2019 SPLUNK INC. Matthias Maier Product Marketing Director for Security in EMEA Experience • Since 02.2013 @Splunk • Former LogLogic/TIBCO, McAfee/Intel Security • CEH, CISSP, CISM
  • 4. © 2022 SPLUNK INC. Agenda Cyber Security Trends Trends in Security Operations The Splunk Approach Security Product & Solution Update My Top 3 Security Breakouts Next Steps!
  • 6. © 2022 SPLUNK INC. Double Triple Extortion Ransomware (Dreifach Bestrafung) 1989; Mid 2000 until Today Finland Mental Health Triple Extortion Allianz Global Corporate & Speciality
  • 7. © 2022 SPLUNK INC. Verletzung der Geheimhaltungs- u. Vertraulichkeits- vereinbarung von Verträgen Vorfall 1
  • 8. © 2022 SPLUNK INC. Akquise von Zugangsdaten von Mitarbeitern / Dienstleistern / Zeitarbeitern Vorfall 2
  • 9. © 2022 SPLUNK INC. Zerstörung einer Produktionsstätte Vorfall 3
  • 10. © 2022 SPLUNK INC. Gesetzliche Vorgaben und Empfehlungen Staatliche Instrumente BSI Mindeststandards IT Sicherheitsgesetz 2.0 KRITIS Sektoren basierte Standards
  • 11. © 2022 SPLUNK INC. BSI Mindeststandards Beispiel: Mindeststandard des BSI zur Protokollierung und Detektion von Cyber- Angriffen https://www.bsi.bund.de/DE/Themen/Oeffentliche-Verwaltung/Mindeststandards/PDCA/PDCA_node.html
  • 12. © 2022 SPLUNK INC. BSI Mindeststandards Beispiel: Mindeststandard des BSI zur Protokollierung und Detektion von Cyber- Angriffen https://www.bsi.bund.de/DE/Themen/Oeffentliche-Verwaltung/Mindeststandards/PDCA/PDCA_node.html
  • 13. © 2022 SPLUNK INC. §8a (1a) Angriffserkennung § 8a (3) Nachweise § 8b Meldepflicht § 8a Absatz 1 BSIG - Konkretisierung der KRITIS-Anforderungen
  • 14. © 2022 SPLUNK INC. Trends in Security Operations
  • 15. © 2022 SPLUNK INC. Typical SOC Function Triangle Modern SOC Modern Functional SOC Trend 1) The Evolution of SOC’s Monitoring & Detection Detection Engineering Incident Response Monitoring & Detection Detection Engineering Incident Response & Hunting Threat Intel Monitoring & Detection Detection Engineering Incident Response & Hunting Threat Intel Info Sec OT Sec NOC IOT Sec Source: Gartner
  • 16. © 2022 SPLUNK INC. Challenges today… Lack of Visibility Expanding Attack Surface Tooling Complexity Skilled Resource Constraints
  • 17. © 2022 SPLUNK INC. Trend 2) New Roles in Security Operations Security Content Developer/ Detection Engineer Automation Engineer
  • 18. © 2022 SPLUNK INC. Trend 3) Das datenzentrierte moderne SOC Erkennung, Untersuchung und Reaktion auf digitale Bedrohungen Data Platform Intelligence Management Threat Research Analytics Automation and Orchestration Detect/Correlate Predict/Prevent Discover/Prepar e Analyze/Investiga te Report/Comply Triage/Respond Unparalleled Ecosystem • Apps • Technical architectures • Connections • Partners • Community
  • 19. © 2022 SPLUNK INC. Security Product & Solution Update
  • 20. © 2022 SPLUNK INC. Unser Grundverständnis Sicherheit ist ein Datenproblem Ein Vorfall ist ein Vorfall Alle Daten sind sicherheitsrelevant
  • 21. © 2022 SPLUNK INC. Das datenzentrierte moderne SOC Erkennung, Untersuchung und Reaktion auf digitale Bedrohungen Splunk Platform Threat Intelligence Management Splunk Threat Research / SURGe Splunk Enterprise Security Splunk SOAR Splunkbase • 2,700+ integrations Detect/Correlate Predict/Prevent Discover/Prepare Analyze/Investigate Report/Comply Triage/Respond
  • 22. © 2022 SPLUNK INC. Splunk #1 Worldwide by Revenue in 2021 for SIEM • Splunk is the SIEM market share leader for 2021 capturing 30% of the global market • The Security market grew 23% YoY to $60B in 2021. SIEM market is now $4.1B growing 20% in 2021 • *Others = Vendors beyond the top 8 vendors in this space Chart created by Splunk based on Gartner research. Source: Gartner, Inc., Market Share: All Software Markets, Worldwide 2021; Neha Gupta; April 12, 2022. Splunk IBM Microsoft LogRhythm Micro Focus Exabeam RSA Securonix Other 30% 17% 11% 6% 5% 4% 4% 3% 21% Total Market $4.1B +20%
  • 23. © 2022 SPLUNK INC. Splunk Recognized as a Leader in the 2022 Magic Quadrant for Security Information and Event Management • Splunk named a Leader for the 9th time! • One of the longest running recognitions in the history of the SIEM market. • Splunk is in the top 3 vendors for Vision and Execution in the Leaders Quadrant, moving ahead of IBM in Vision and ahead of Exabeam and Securonix in Execution Gartner disclaimer: Gartner, Inc., 2022 Magic Quadrant for Security Information and Event Management, and Critical Capabilities for Security Information and Event Management, Pete Shoard, Andrew Davies, Mitchell Schneider. 11 October 2022. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Splunk. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
  • 24. © 2022 SPLUNK INC. 72.000 Leser haben abgestimmt Readers Choice PLATIN Erster Platz SIEM & SOAR
  • 25. © 2022 SPLUNK INC. Leveraging MITRE ATT&CK with Splunk MITRE Att&ck Tactics and Techniques Data Sources Detection Rules
  • 26. © 2022 SPLUNK INC. Splunk Security Essentials Browse, bookmark, and deploy 1100+ security detections and analytic stories ● Repository of Security Content for Splunk Cloud, Enterprise Security, UEBA, and SOAR ● Deploy security content within clicks ● Enrich notable events and run analytics with context from content library ● Stay up to date on ransomware + emerging threats
  • 27. © 2022 SPLUNK INC. Splunk Enterprise Security A data-centric, modern SIEM • Gain insight into your security posture and investigate with speed and flexibility • Reduce false positives by up to 80%, detect more sophisticated threats, and align security operations to industry frameworks • Use pre-built detection and investigation content to more easily secure your AWS, Azure, and Google Cloud Platform data • Scale to search and monitor terabytes of data per day
  • 28. © 2022 SPLUNK INC. Splunk Enterprise Security A data-centric, modern SIEM • Gain insight into your security posture and investigate with speed and flexibility • Reduce false positives by up to 80%, detect more sophisticated threats, and align security operations to industry frameworks • Use pre-built detection and investigation content to more easily secure your AWS, Azure, and Google Cloud Platform data • Scale to search and monitor terabytes of data per day
  • 29. © 2022 SPLUNK INC. Advanced Analytics ● 700+ detections with 100+ cloud- based detections ● 30% increase in true-positive alert rates with Risk-Based Alerting (RBA) ● Enrich and prioritize alerts with integrated threat intelligence (Splunk Intelligence Management) ● Align security operations to industry frameworks (MITRE ATT&CK, NIST, CIS 20, and Kill Chain) ● Dive deep with intuitive search and investigation capabilities Boost productivity
  • 30. © 2022 SPLUNK INC. Splunk SOAR • Effortless Automation through a Simplified Interface • Decreased dependence on custom code • Definable playbook inputs and outputs reduces automation development time • Scale Automation Efficiently and Quickly with Modular Playbooks Boost productivity
  • 31. © 2022 SPLUNK INC. Splunk SOAR • Effortless Automation through a Simplified Interface • Decreased dependence on custom code • Definable playbook inputs and outputs reduces automation development time • Scale Automation Efficiently and Quickly with Modular Playbooks Boost productivity
  • 32. © 2022 SPLUNK INC. My Must Watch Sessions There are many other good once! Got Assets? Defending Your Assets Part Two: You Asked for It! SEC1219B One App To Rule Them All: Applying Machine Learning To Find Them SEC1471B Build Detection as Code Like the Splunk Threat Research Team SEC1197C Threat Research Engineer Cyber Security Unit Manager Security Engineer Senior SOAR Engineer https://conf.splunk.com/watch/conf-online.html?search=SEC1219B#/ https://conf.splunk.com/watch/conf-online.html?search=SEC1471B#/ https://conf.splunk.com/watch/conf-online.html?search=SEC1197C#/
  • 33. © 2022 SPLUNK INC. Got Assets? Defending Your Assets Part Two: You Asked for It!
  • 34. © 2022 SPLUNK INC. Got Assets? Defending Your Assets Part Two: You Asked for It!
  • 35. © 2022 SPLUNK INC. Got Assets? Defending Your Assets Part Two: You Asked for It!
  • 36. © 2022 SPLUNK INC. Got Assets? Defending Your Assets Part Two: You Asked for It!
  • 37. © 2022 SPLUNK INC. Got Assets? Defending Your Assets Part Two: You Asked for It!
  • 38. © 2022 SPLUNK INC. Got Assets? Defending Your Assets Part Two: You Asked for It!
  • 39. © 2022 SPLUNK INC. One App To Rule Them All Applying Machine Learning To Find Them
  • 40. © 2022 SPLUNK INC. One App To Rule Them All Applying Machine Learning To Find Them
  • 41. © 2022 SPLUNK INC. One App To Rule Them All Applying Machine Learning To Find Them
  • 42. © 2022 SPLUNK INC. One App To Rule Them All Applying Machine Learning To Find Them
  • 43. © 2022 SPLUNK INC. One App To Rule Them All Applying Machine Learning To Find Them
  • 44. © 2022 SPLUNK INC. One App To Rule Them All Applying Machine Learning To Find Them
  • 45. © 2022 SPLUNK INC. Build Detection as Code Like the Splunk Threat Research Team
  • 46. © 2022 SPLUNK INC. Build Detection as Code Like the Splunk Threat Research Team
  • 47. © 2022 SPLUNK INC. Build Detection as Code Like the Splunk Threat Research Team
  • 48. © 2022 SPLUNK INC. Build Detection as Code Like the Splunk Threat Research Team
  • 49. © 2022 SPLUNK INC. Build Detection as Code Like the Splunk Threat Research Team
  • 50. © 2022 SPLUNK INC. Build Detection as Code Like the Splunk Threat Research Team
  • 51. © 2022 SPLUNK INC. My Must Watch Sessions There are many other good once! Got Assets? Defending Your Assets Part Two: You Asked for It! SEC1219B One App To Rule Them All: Applying Machine Learning To Find Them SEC1471B Build Detection as Code Like the Splunk Threat Research Team SEC1197C Threat Research Engineer Cyber Security Unit Manager Security Engineer Senior SOAR Engineer https://conf.splunk.com/watch/conf-online.html?search=SEC1219B#/ https://conf.splunk.com/watch/conf-online.html?search=SEC1471B#/ https://conf.splunk.com/watch/conf-online.html?search=SEC1197C#/
  • 52. © 2022 SPLUNK INC. Next Steps SecOps Journey a) Schedule inhouse for your team! b) Attend Online (https://events.splunk.com/EMEA_Security_Worksh ops)
  • 53. © 2022 SPLUNK INC. BOTS Platform https://bots.splunk.com 24x7 Access Login with Splunk.com account (just like Splunkbase) Used for all BOTS competition events More content to be added
  • 54. © 2022 SPLUNK INC. Thank You!