SlideShare a Scribd company logo

SplunkLive! Munich 2018: Siemens Security Use Case

Splunk
Splunk

Presented by Oliver Kollenberg, Security Consultant at Siemens: Digitalization at Siemens Cybersecurity at Siemens The EAGLE DataCenter Using Splunk Summary, Key Benefits and Tips

Technology
1 of 20
Download to read offline
Security Use Cases Using Splunk for data center security siemens.com© Siemens AG 2018. All rights reserved.
Megatrends that are changing our world Digitalization By 2020, the global volume of data will soar to 44 zettabytes, and 50 billion devices will be connected. Page 2 March 2018 siemens.com Source: IDC, The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things, April 2014; Dave Evans (Cisco): The Internet of Things, How the Next Evolution of the Internet Is Changing Everything, April 2011
Digitalization at Siemens Siemens invests about €510 million each year in the training and education of employees. Maserati Ghibli: Virtual twin to create, simulate and test the car and its production. Realtime monitoring and diagnostics of the shop floor. It took 16 months to get to market with 30% less development time. And sometimes it‘s in the detail: Siemens, part of Splunk .conf2017 Dubai DXB T3 is one of the largest terminals with 1.5 mio m² Its baggage handling system has 90km conveyer belts, 10,702 drives, reaches speeds of 27km/h and moves up to 15.000 pieces per hour. Driven by Siemens products with an open API and data interface. Page 3 March 2018 siemens.com 1 to 2 Mio datapoints per locomotive each year. 100 locomotives produce 50 TB data from datapoints like axle bearings, hydraulic oils and brakes per year. Turned into Analytics in MindSphere Application Center for Rail in Allach.
Page 4 March 2018 siemens.com FY 2014 Research and development – we‘re investing more and sharpening our focus Cybersecurity Power electronics Autonomous robotics Additive manufacturing Distributed energy systems Software systems and processes Data analytics, artificialintelligence Connectivity and edge devices Simulation and digital twin Blockchain applications Connected (e)mobility Future of automation Energy storage Materials 4.0 5.2 ~5.6 FY 2017 FY 2018e R&D spending in billions of € ~+40%
© Siemens AG 2017 Page 26 November 2017 Cybersecurity at Siemens siemens.com Since 1986 grown to a community of ~1275 security experts: • Information Security and Governance • IT Audit and Penetration Testing • Product and Industrial Security • CERT and IT Operations Together with the international security community: • Charter of Trust • NATO Locked Shields ► An interdisciplanary community, to cover our whole product and service lifecycle
Page 6 March 2018 siemens.com Security in IT Operations – the EAGLE DataCenter
Page 7 March 2018 siemens.com EAGLE DataCenter in Numbers Since 10 years In 4 locations 8 Petabytes storage Net-zero carbon footprint Splunk as cooperate effort: IT Ops and Security 70 indexes 3,200 data sources 210 data types
Page 8 March 2018 siemens.com Responsibilities of EAGLE Security Team
Page 9 March 2018 siemens.com How do we do Security at EAGLE DataCenter? Security for us, is a Quality Assurance and Continuous Improvement Process: 1. Prevent 2. Detect 3. Respond 4. Improve
Page 10 March 2018 siemens.com The Security Role – Large Game Hunt, of course ;) We laugh in the face of danger: But honestly – 99.9% of the day is:
Page 11 March 2018 siemens.com Detect and find root cause – using Splunk Detect: What is the cause? Analyse issue, find and map root cause: NTP deviations
Page 12 March 2018 siemens.com Correlate to respond – using Splunk Respond: What do we need to do? Correlate for actionable oversight: Health of Firewall Log Connections FW LiveData „| tstats“ Poll AssetData from FW Mgmt ConfigData Splunk Forwarder ErrorLog FW_Id „| stats by FW_Id“ Done.
Page 13 March 2018 siemens.com Provide answers – using Splunk Report: What is the status? What is the progress? Security controls coverage: Critical Activities Spectre & Meltdown Checker: https://github.com/speed47/spectre-meltdown-checker
Page 14 March 2018 siemens.com Paint the full picture How can we include dynamic assets and edge cases in the baseline? Correlate AssetDB with configuration and live data: Machine generated network diagram Loadbalancer Router Network Server IP Network Network Network IP IP IP IP IP IP IP 1. Build List: „ObjName, IPName“ 2. „| custom_viz D3_Force_Graph“ Done. Firewall
Page 15 March 2018 siemens.com Use it all to improve Detect: How do we know if a port is really open, end to end? Let the live data tell the truth: Across complex Firewall rulesets, NAT and Loadbalancers Improve: Apply gained insights and measure success: E.g. closure of SMB Ports
Page 16 March 2018 siemens.com Detect & Prevent – A typical MS Windows credentials dump / lateral movement attack Server Server Attacker Corporate Perimeter Credentials dump to gather new credentials and widen reach, e.g. using Mimikatz Firewall SMB connection with RPC calls gained Remote Access 1. Connects as admin with stolen credentials 2. Installs PSExec 3. Schedules a job to dump credentials SecurityZone Perimeter
Page 17 March 2018 siemens.com Detect & Prevent – A typical MS Windows credentials dump / lateral movement attack Server Attacker Corporate Perimeter Credentials dump to gather new credentials and widen reach, e.g. using Mimikatz Firewall SMB connection with RPC calls 1. Connects as admin with stolen credentials 2. Installs PSExec 3. Schedules a job to dump credentials SecurityZone Perimeter Detect Report foreign entitlements Use Sysmon to detect signs of Meterpreter / Credentials Store access Check FW connections using SMB AppID named „ms-service-controller“ Correlate login privilege „Admin“ with Source IP Look for specific ServiceInstall EventSeries Check for „remotely created tasks“ Server gained Remote Access • LSASS Crossproc • Overlong Commandline • StreamPacker • FromBase64 • UnknownDLLinCallTrace
Page 18 March 2018 siemens.com Detect, Improve & Prevent – A typical MS Windows credentials dump / lateral movement attack Server Attacker Corporate Perimeter Credentials dump to gather new credentials and widen reach, e.g. using Mimikatz Firewall SMB connection with RPC calls 1. Connects as admin with stolen credentials 2. Installs PSExec 3. Schedules a job to dump credentials SecurityZone Perimeter Improve & Prevent Prohibit foreign entitlements Restrict SeDebugPrivilege Disallow AppID „ms-service-controller“ within SMB Restrict admin sources / establish unified admin access path Block PSExec alike service Server gained Remote Access
Page 19 March 2018 siemens.com Summary, Key Benefits and Tips Key benefits The community, open interfaces & Splunk mindset allows you to leapfrog ahead in content building Being able to drilldown and correlate data reduces time spent walking and talking Splunk allows for the fast iteration of ideas / rapid prototyping of use cases Top tips Get your domain knowledge experts to use Splunk Security girls and guys, be sure to support your local IT Ops teams. Be their hero once a day.
Page 20 March 2018 siemens.com Thank you for listening Oliver Kollenberg EAGLE DataCenter Siemens AG siemens.com

Recommended

IoT Strategy Pillars
IoT Strategy PillarsIoT Strategy Pillars
IoT Strategy Pillars
IBTECAR
 
Communications Technology Vision 2021
Communications Technology Vision 2021Communications Technology Vision 2021
Communications Technology Vision 2021
accenture
 
EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers
Schneider Electric
 
Cisco Meraki- Simplifying IT
Cisco Meraki- Simplifying ITCisco Meraki- Simplifying IT
Cisco Meraki- Simplifying IT
Cisco Canada
 
Accenture Communications Industry 2021 - Connected Consumer Platform
Accenture Communications Industry 2021 - Connected Consumer PlatformAccenture Communications Industry 2021 - Connected Consumer Platform
Accenture Communications Industry 2021 - Connected Consumer Platform
accenture
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of England
Splunk
 
Abb mv presentation 2012 master
Abb mv presentation 2012 masterAbb mv presentation 2012 master
Abb mv presentation 2012 master
Rahul Kumar
 
Delivering New Energy Experiences for Future Growth
Delivering New Energy Experiences for Future GrowthDelivering New Energy Experiences for Future Growth
Delivering New Energy Experiences for Future Growth
accenture
 

Recommended

IoT Strategy Pillars
IoT Strategy PillarsIoT Strategy Pillars
IoT Strategy Pillars
IBTECAR
 
Communications Technology Vision 2021
Communications Technology Vision 2021Communications Technology Vision 2021
Communications Technology Vision 2021
accenture
 
EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers
Schneider Electric
 
Cisco Meraki- Simplifying IT
Cisco Meraki- Simplifying ITCisco Meraki- Simplifying IT
Cisco Meraki- Simplifying IT
Cisco Canada
 
Accenture Communications Industry 2021 - Connected Consumer Platform
Accenture Communications Industry 2021 - Connected Consumer PlatformAccenture Communications Industry 2021 - Connected Consumer Platform
Accenture Communications Industry 2021 - Connected Consumer Platform
accenture
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of England
Splunk
 
Abb mv presentation 2012 master
Abb mv presentation 2012 masterAbb mv presentation 2012 master
Abb mv presentation 2012 master
Rahul Kumar
 
Delivering New Energy Experiences for Future Growth
Delivering New Energy Experiences for Future GrowthDelivering New Energy Experiences for Future Growth
Delivering New Energy Experiences for Future Growth
accenture
 
Schneider Electric Smart energy Presentation - Smart Gird domains
Schneider Electric Smart energy Presentation - Smart Gird domainsSchneider Electric Smart energy Presentation - Smart Gird domains
Schneider Electric Smart energy Presentation - Smart Gird domains
Schneider Electric India
 
The Digital Decoupling Journey | John Kriter, Accenture
The Digital Decoupling Journey | John Kriter, AccentureThe Digital Decoupling Journey | John Kriter, Accenture
The Digital Decoupling Journey | John Kriter, Accenture
HostedbyConfluent
 
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Future of digital identity programme summary - 19 mar 2019 lr
Future of digital identity programme summary - 19 mar 2019 lrFuture of digital identity programme summary - 19 mar 2019 lr
Future of digital identity programme summary - 19 mar 2019 lr
Future Agenda
 
Greece: With an AI to the future
Greece: With an AI to the futureGreece: With an AI to the future
Greece: With an AI to the future
accenture
 
How To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonHow To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour London
AppDynamics
 
The Smart Power Grid
The Smart Power GridThe Smart Power Grid
The Smart Power Grid
Stephen Lee
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart Manufacturing
Lukas Ott
 
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
Edge AI and Vision Alliance
 
BCG Digital Ventures - NOAH19 Berlin
BCG Digital Ventures - NOAH19 BerlinBCG Digital Ventures - NOAH19 Berlin
BCG Digital Ventures - NOAH19 Berlin
NOAH Advisors
 
EPLAN - Siemens
EPLAN - SiemensEPLAN - Siemens
EPLAN - Siemens
EPLAN Belgium
 
Reimagining the Agenda | Accenture
Reimagining the Agenda | AccentureReimagining the Agenda | Accenture
Reimagining the Agenda | Accenture
accenture
 
Digital transformation in the manufacturing industry
Digital transformation in the manufacturing industryDigital transformation in the manufacturing industry
Digital transformation in the manufacturing industry
Benji Harrison
 
FactoryTalk View SE - Building a Better View
FactoryTalk View SE - Building a Better ViewFactoryTalk View SE - Building a Better View
FactoryTalk View SE - Building a Better View
Tony Carrara
 
Smart Grid Deployment Experience and Utility Case Studies
Smart Grid Deployment Experience and Utility Case StudiesSmart Grid Deployment Experience and Utility Case Studies
Smart Grid Deployment Experience and Utility Case Studies
Tata Power Delhi Distribution Limited
 
A passwordless enterprise journey
A passwordless enterprise journeyA passwordless enterprise journey
A passwordless enterprise journey
accenture
 
Starting from Scratch: Build a New Business Case
Starting from Scratch: Build a New Business CaseStarting from Scratch: Build a New Business Case
Starting from Scratch: Build a New Business Case
Celonis
 
Using AIOps to reduce incidents volume
Using AIOps to reduce incidents volumeUsing AIOps to reduce incidents volume
Using AIOps to reduce incidents volume
Amazon Web Services
 
Industry 4.0 : Digital Reinvention in Manufacturing Industry
Industry 4.0 : Digital Reinvention in Manufacturing IndustryIndustry 4.0 : Digital Reinvention in Manufacturing Industry
Industry 4.0 : Digital Reinvention in Manufacturing Industry
Ethan Chee
 
AIOps: Your DevOps Co-Pilot
AIOps: Your DevOps Co-PilotAIOps: Your DevOps Co-Pilot
AIOps: Your DevOps Co-Pilot
DevOps.com
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
Amazon Web Services
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
Case IQ
 

More Related Content

What's hot

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Future of digital identity programme summary - 19 mar 2019 lr
Future of digital identity programme summary - 19 mar 2019 lrFuture of digital identity programme summary - 19 mar 2019 lr
Future of digital identity programme summary - 19 mar 2019 lr
Future Agenda
 
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
Edge AI and Vision Alliance
 
Digital transformation in the manufacturing industry
Digital transformation in the manufacturing industryDigital transformation in the manufacturing industry
Digital transformation in the manufacturing industry
Benji Harrison
 
Starting from Scratch: Build a New Business Case
Starting from Scratch: Build a New Business CaseStarting from Scratch: Build a New Business Case
Starting from Scratch: Build a New Business Case
Celonis
 

What's hot (20)

Schneider Electric Smart energy Presentation - Smart Gird domains
Schneider Electric Smart energy Presentation - Smart Gird domainsSchneider Electric Smart energy Presentation - Smart Gird domains
Schneider Electric Smart energy Presentation - Smart Gird domains
 
The Digital Decoupling Journey | John Kriter, Accenture
The Digital Decoupling Journey | John Kriter, AccentureThe Digital Decoupling Journey | John Kriter, Accenture
The Digital Decoupling Journey | John Kriter, Accenture
 
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Future of digital identity programme summary - 19 mar 2019 lr
Future of digital identity programme summary - 19 mar 2019 lrFuture of digital identity programme summary - 19 mar 2019 lr
Future of digital identity programme summary - 19 mar 2019 lr
 
Greece: With an AI to the future
Greece: With an AI to the futureGreece: With an AI to the future
Greece: With an AI to the future
 
How To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonHow To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour London
 
The Smart Power Grid
The Smart Power GridThe Smart Power Grid
The Smart Power Grid
 
Smart Manufacturing
Smart ManufacturingSmart Manufacturing
Smart Manufacturing
 
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
“Accelerating Newer ML Models Using the Qualcomm AI Stack,” a Presentation fr...
 
BCG Digital Ventures - NOAH19 Berlin
BCG Digital Ventures - NOAH19 BerlinBCG Digital Ventures - NOAH19 Berlin
BCG Digital Ventures - NOAH19 Berlin
 
EPLAN - Siemens
EPLAN - SiemensEPLAN - Siemens
EPLAN - Siemens
 
Reimagining the Agenda | Accenture
Reimagining the Agenda | AccentureReimagining the Agenda | Accenture
Reimagining the Agenda | Accenture
 
Digital transformation in the manufacturing industry
Digital transformation in the manufacturing industryDigital transformation in the manufacturing industry
Digital transformation in the manufacturing industry
 
FactoryTalk View SE - Building a Better View
FactoryTalk View SE - Building a Better ViewFactoryTalk View SE - Building a Better View
FactoryTalk View SE - Building a Better View
 
Smart Grid Deployment Experience and Utility Case Studies
Smart Grid Deployment Experience and Utility Case StudiesSmart Grid Deployment Experience and Utility Case Studies
Smart Grid Deployment Experience and Utility Case Studies
 
A passwordless enterprise journey
A passwordless enterprise journeyA passwordless enterprise journey
A passwordless enterprise journey
 
Starting from Scratch: Build a New Business Case
Starting from Scratch: Build a New Business CaseStarting from Scratch: Build a New Business Case
Starting from Scratch: Build a New Business Case
 
Using AIOps to reduce incidents volume
Using AIOps to reduce incidents volumeUsing AIOps to reduce incidents volume
Using AIOps to reduce incidents volume
 
Industry 4.0 : Digital Reinvention in Manufacturing Industry
Industry 4.0 : Digital Reinvention in Manufacturing IndustryIndustry 4.0 : Digital Reinvention in Manufacturing Industry
Industry 4.0 : Digital Reinvention in Manufacturing Industry
 
AIOps: Your DevOps Co-Pilot
AIOps: Your DevOps Co-PilotAIOps: Your DevOps Co-Pilot
AIOps: Your DevOps Co-Pilot
 

Similar to SplunkLive! Munich 2018: Siemens Security Use Case

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
Amazon Web Services
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
Case IQ
 
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Amazon Web Services
 
How T-Mobile Tamed Metron
How T-Mobile Tamed MetronHow T-Mobile Tamed Metron
How T-Mobile Tamed Metron
DataWorks Summit
 
Microservices: The Future-Proof Framework for IoT
Microservices: The Future-Proof Framework for IoTMicroservices: The Future-Proof Framework for IoT
Microservices: The Future-Proof Framework for IoT
Capgemini
 
How Can Edge Computing and IoT Transform Your Business?
How Can Edge Computing and IoT Transform Your Business?How Can Edge Computing and IoT Transform Your Business?
How Can Edge Computing and IoT Transform Your Business?
Amazon Web Services
 

Similar to SplunkLive! Munich 2018: Siemens Security Use Case (20)

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
 
Mindsphere: an open cloud-based IoT operating system for Industry
Mindsphere: an open cloud-based IoT operating system for IndustryMindsphere: an open cloud-based IoT operating system for Industry
Mindsphere: an open cloud-based IoT operating system for Industry
 
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
Computing at the Edge with AWS Greengrass and Amazon FreeRTOS, ft. Enel (IOT2...
 
How T-Mobile Tamed Metron
How T-Mobile Tamed MetronHow T-Mobile Tamed Metron
How T-Mobile Tamed Metron
 
AWS O&G Day - Ambyint and AWS
AWS O&G Day - Ambyint and AWSAWS O&G Day - Ambyint and AWS
AWS O&G Day - Ambyint and AWS
 
What happens in the Innovation of Things?
What happens in the Innovation of Things?What happens in the Innovation of Things?
What happens in the Innovation of Things?
 
Microservices: The Future-Proof Framework for IoT
Microservices: The Future-Proof Framework for IoTMicroservices: The Future-Proof Framework for IoT
Microservices: The Future-Proof Framework for IoT
 
The Internet of Things - IBM
The Internet of Things - IBMThe Internet of Things - IBM
The Internet of Things - IBM
 
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIsIncredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
Incredible Compute Density: Cisco DNA Center Platform: Digging Deeper with APIs
 
IBM Internet of Things Offerings
IBM Internet of Things OfferingsIBM Internet of Things Offerings
IBM Internet of Things Offerings
 
The value of the platform play in real world use cases Software AG cwin18 tou...
The value of the platform play in real world use cases Software AG cwin18 tou...The value of the platform play in real world use cases Software AG cwin18 tou...
The value of the platform play in real world use cases Software AG cwin18 tou...
 
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
Cloud Computing: Its Applications and Security Issues (A Major Challenge in C...
 
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
Integrate the AWS Cloud with Responsive Xilinx Machine Learning at the Edge (...
 
Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?Internet of Things (IoT) - in the cloud or rather on-premises?
Internet of Things (IoT) - in the cloud or rather on-premises?
 
Addressing the Complexity and Risks of M2M Projects - M2M World Congress Apri...
Addressing the Complexity and Risks of M2M Projects - M2M World Congress Apri...Addressing the Complexity and Risks of M2M Projects - M2M World Congress Apri...
Addressing the Complexity and Risks of M2M Projects - M2M World Congress Apri...
 
How Can Edge Computing and IoT Transform Your Business?
How Can Edge Computing and IoT Transform Your Business?How Can Edge Computing and IoT Transform Your Business?
How Can Edge Computing and IoT Transform Your Business?
 
5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium5 benefits that ai gives to cloud security venkat k - medium
5 benefits that ai gives to cloud security venkat k - medium
 
MindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano ManocchiaMindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
MindSphere: The cloud-based, open IoT operating system. Damiano Manocchia
 
IOT Based Smart City: Weather, Traffic and Pollution Monitoring System
IOT Based Smart City: Weather, Traffic and Pollution Monitoring System IOT Based Smart City: Weather, Traffic and Pollution Monitoring System
IOT Based Smart City: Weather, Traffic and Pollution Monitoring System
 

More from Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

SplunkLive! Munich 2018: Siemens Security Use Case

  • 1. Security Use Cases Using Splunk for data center security siemens.com© Siemens AG 2018. All rights reserved.
  • 2. Megatrends that are changing our world Digitalization By 2020, the global volume of data will soar to 44 zettabytes, and 50 billion devices will be connected. Page 2 March 2018 siemens.com Source: IDC, The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things, April 2014; Dave Evans (Cisco): The Internet of Things, How the Next Evolution of the Internet Is Changing Everything, April 2011
  • 3. Digitalization at Siemens Siemens invests about €510 million each year in the training and education of employees. Maserati Ghibli: Virtual twin to create, simulate and test the car and its production. Realtime monitoring and diagnostics of the shop floor. It took 16 months to get to market with 30% less development time. And sometimes it‘s in the detail: Siemens, part of Splunk .conf2017 Dubai DXB T3 is one of the largest terminals with 1.5 mio m² Its baggage handling system has 90km conveyer belts, 10,702 drives, reaches speeds of 27km/h and moves up to 15.000 pieces per hour. Driven by Siemens products with an open API and data interface. Page 3 March 2018 siemens.com 1 to 2 Mio datapoints per locomotive each year. 100 locomotives produce 50 TB data from datapoints like axle bearings, hydraulic oils and brakes per year. Turned into Analytics in MindSphere Application Center for Rail in Allach.
  • 4. Page 4 March 2018 siemens.com FY 2014 Research and development – we‘re investing more and sharpening our focus Cybersecurity Power electronics Autonomous robotics Additive manufacturing Distributed energy systems Software systems and processes Data analytics, artificialintelligence Connectivity and edge devices Simulation and digital twin Blockchain applications Connected (e)mobility Future of automation Energy storage Materials 4.0 5.2 ~5.6 FY 2017 FY 2018e R&D spending in billions of € ~+40%
  • 5. © Siemens AG 2017 Page 26 November 2017 Cybersecurity at Siemens siemens.com Since 1986 grown to a community of ~1275 security experts: • Information Security and Governance • IT Audit and Penetration Testing • Product and Industrial Security • CERT and IT Operations Together with the international security community: • Charter of Trust • NATO Locked Shields ► An interdisciplanary community, to cover our whole product and service lifecycle
  • 6. Page 6 March 2018 siemens.com Security in IT Operations – the EAGLE DataCenter
  • 7. Page 7 March 2018 siemens.com EAGLE DataCenter in Numbers Since 10 years In 4 locations 8 Petabytes storage Net-zero carbon footprint Splunk as cooperate effort: IT Ops and Security 70 indexes 3,200 data sources 210 data types
  • 8. Page 8 March 2018 siemens.com Responsibilities of EAGLE Security Team
  • 9. Page 9 March 2018 siemens.com How do we do Security at EAGLE DataCenter? Security for us, is a Quality Assurance and Continuous Improvement Process: 1. Prevent 2. Detect 3. Respond 4. Improve
  • 10. Page 10 March 2018 siemens.com The Security Role – Large Game Hunt, of course ;) We laugh in the face of danger: But honestly – 99.9% of the day is:
  • 11. Page 11 March 2018 siemens.com Detect and find root cause – using Splunk Detect: What is the cause? Analyse issue, find and map root cause: NTP deviations
  • 12. Page 12 March 2018 siemens.com Correlate to respond – using Splunk Respond: What do we need to do? Correlate for actionable oversight: Health of Firewall Log Connections FW LiveData „| tstats“ Poll AssetData from FW Mgmt ConfigData Splunk Forwarder ErrorLog FW_Id „| stats by FW_Id“ Done.
  • 13. Page 13 March 2018 siemens.com Provide answers – using Splunk Report: What is the status? What is the progress? Security controls coverage: Critical Activities Spectre & Meltdown Checker: https://github.com/speed47/spectre-meltdown-checker
  • 14. Page 14 March 2018 siemens.com Paint the full picture How can we include dynamic assets and edge cases in the baseline? Correlate AssetDB with configuration and live data: Machine generated network diagram Loadbalancer Router Network Server IP Network Network Network IP IP IP IP IP IP IP 1. Build List: „ObjName, IPName“ 2. „| custom_viz D3_Force_Graph“ Done. Firewall
  • 15. Page 15 March 2018 siemens.com Use it all to improve Detect: How do we know if a port is really open, end to end? Let the live data tell the truth: Across complex Firewall rulesets, NAT and Loadbalancers Improve: Apply gained insights and measure success: E.g. closure of SMB Ports
  • 16. Page 16 March 2018 siemens.com Detect & Prevent – A typical MS Windows credentials dump / lateral movement attack Server Server Attacker Corporate Perimeter Credentials dump to gather new credentials and widen reach, e.g. using Mimikatz Firewall SMB connection with RPC calls gained Remote Access 1. Connects as admin with stolen credentials 2. Installs PSExec 3. Schedules a job to dump credentials SecurityZone Perimeter
  • 17. Page 17 March 2018 siemens.com Detect & Prevent – A typical MS Windows credentials dump / lateral movement attack Server Attacker Corporate Perimeter Credentials dump to gather new credentials and widen reach, e.g. using Mimikatz Firewall SMB connection with RPC calls 1. Connects as admin with stolen credentials 2. Installs PSExec 3. Schedules a job to dump credentials SecurityZone Perimeter Detect Report foreign entitlements Use Sysmon to detect signs of Meterpreter / Credentials Store access Check FW connections using SMB AppID named „ms-service-controller“ Correlate login privilege „Admin“ with Source IP Look for specific ServiceInstall EventSeries Check for „remotely created tasks“ Server gained Remote Access • LSASS Crossproc • Overlong Commandline • StreamPacker • FromBase64 • UnknownDLLinCallTrace
  • 18. Page 18 March 2018 siemens.com Detect, Improve & Prevent – A typical MS Windows credentials dump / lateral movement attack Server Attacker Corporate Perimeter Credentials dump to gather new credentials and widen reach, e.g. using Mimikatz Firewall SMB connection with RPC calls 1. Connects as admin with stolen credentials 2. Installs PSExec 3. Schedules a job to dump credentials SecurityZone Perimeter Improve & Prevent Prohibit foreign entitlements Restrict SeDebugPrivilege Disallow AppID „ms-service-controller“ within SMB Restrict admin sources / establish unified admin access path Block PSExec alike service Server gained Remote Access
  • 19. Page 19 March 2018 siemens.com Summary, Key Benefits and Tips Key benefits The community, open interfaces & Splunk mindset allows you to leapfrog ahead in content building Being able to drilldown and correlate data reduces time spent walking and talking Splunk allows for the fast iteration of ideas / rapid prototyping of use cases Top tips Get your domain knowledge experts to use Splunk Security girls and guys, be sure to support your local IT Ops teams. Be their hero once a day.
  • 20. Page 20 March 2018 siemens.com Thank you for listening Oliver Kollenberg EAGLE DataCenter Siemens AG siemens.com