Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Haiyan Song
SVP of Security Markets
SPLUNK FOR SECURITY
MONZY MERZA
Digital Transformation = [ Security transformation ]
Security Transformation = Imagine & Adapt
Transforming Security
Alert Based
Timestamp Monitor Event Result
08.07.2015 … SMTP 465 @ smtp.gmail … Can not connect to p...
Transforming Security
Attack Based
Timestamp Monitor Event Result
08.07.2015 … SMTP 465 @ smtp.gmail … Can not connect to ...
Transforming Security
Only Human Authoring
Transforming Security
Human - Machine Learning
Transforming Security
Monitoring Center
Transforming Security
Command Center
Share
Block
Context
Detect
Transforming Security
Siloed Approach
Internal
Network
SecurityNetwork
Context &
Intelligence Identity AppFirewall Endpoin...
Internal
Network
Security
Network
Context &
Intelligence
Identity
App
Firewall
Endpoints
Run Book
Internal
Network
Security
Network
Context &
Intelligence
Identity
App
Firewall
Endpoints
Run Book
Firewall
Context &
Intelligence
Internal
Network
Security
Network
Context &
Intelligence
Identity
App
Firewall
Endpoints
Run Book
Adaptive Response Initiative Traction
Feb 2016
Adaptive Response Initiative Traction
Feb 2016 Sept 2016
+
Delivering the Nerve Center
TechnologyEcosystem
Internal
Network
Security
Network
Context &
Intelligence
Identity
App
Fire...
Security &
Compliance
Reporting
Incident
Investigations
& Forensics
Monitoring
of Known
Threats
Advanced
Threat
Detection
...
Security Monitoring,
Detection & Alerting
Incident & Breach
Response
Automation &
Orchestration
Splunk for Enterprise Security
Optimize your SOC Team and Augment/Replace your SIEM
Risk-Based
Analytics
Incident
Investig...
F E AT U R E D
25
Splunk Enterprise Security
Introducing Splunk Enterprise Security 4.5
Adaptive
Response
Enhanced Visual
Analytics
Improved...
D E M O
30
D E M O
Glass Table
32
Splunk Enterprise Security
Introducing Splunk Enterprise Security 4.5
Adaptive Response
Glass Tables
Improved Threat
Detec...
Splunk User Behavior Analytics
Packaged Advanced & Behavioral Analytics
Behavior-Based
Threat Detection
Kill Chain Detecti...
Splunk User Behavior Analytics
Peer Group
Analytics
Content
Updates
Customizable Threats and
Anomalies
Announcing User Beh...
D E M O
37
Splunk User Behavior Analytics
Peer Group
Analytics
Content
Updates
Customizable Threats and
Anomalies
Announcing User Beh...
Enterprise Security
Adaptive Response
Glass Table
User Behavior Analytics
Content Subscription
Customizable Threats
Intern...
THANK YOU
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
Upcoming SlideShare
Loading in …5
×

SplunkLive! Utrecht - Splunk for Security - Monzy Merza

620 views

Published on

Splunk for Security presentation from SplunkLive! Utrecht

Published in: Technology

SplunkLive! Utrecht - Splunk for Security - Monzy Merza

  1. 1. Haiyan Song SVP of Security Markets SPLUNK FOR SECURITY MONZY MERZA
  2. 2. Digital Transformation = [ Security transformation ]
  3. 3. Security Transformation = Imagine & Adapt
  4. 4. Transforming Security Alert Based Timestamp Monitor Event Result 08.07.2015 … SMTP 465 @ smtp.gmail … Can not connect to port 08.07.2015 … POP 110 @ pop.gmail.co … Can not connect to port 08.07.2015 … IMAP 143 @ imap.gmail. … Can not connect to port 08.07.2015 … Check DNS (53) @ Code … Success 08.07.2015 … Ping my new device @ M … Average roundtrip time is … 08.07.2015 … Physical memory usage l … Used physical memory p …
  5. 5. Transforming Security Attack Based Timestamp Monitor Event Result 08.07.2015 … SMTP 465 @ smtp.gmail … Can not connect to port 08.07.2015 … POP 110 @ pop.gmail.co … Can not connect to port 08.07.2015 … IMAP 143 @ imap.gmail. … Can not connect to port 08.07.2015 … Check DNS (53) @ Code … Success 08.07.2015 … Ping my new device @ M … Average roundtrip time is … 08.07.2015 … Physical memory usage l … Used physical memory p …
  6. 6. Transforming Security Only Human Authoring
  7. 7. Transforming Security Human - Machine Learning
  8. 8. Transforming Security Monitoring Center
  9. 9. Transforming Security Command Center Share Block Context Detect
  10. 10. Transforming Security Siloed Approach Internal Network SecurityNetwork Context & Intelligence Identity AppFirewall EndpointsRun Book
  11. 11. Internal Network Security Network Context & Intelligence Identity App Firewall Endpoints Run Book
  12. 12. Internal Network Security Network Context & Intelligence Identity App Firewall Endpoints Run Book
  13. 13. Firewall
  14. 14. Context & Intelligence
  15. 15. Internal Network Security Network Context & Intelligence Identity App Firewall Endpoints Run Book
  16. 16. Adaptive Response Initiative Traction Feb 2016
  17. 17. Adaptive Response Initiative Traction Feb 2016 Sept 2016 +
  18. 18. Delivering the Nerve Center TechnologyEcosystem Internal Network Security Network Context & Intelligence Identity App Firewall Endpoints Run Book
  19. 19. Security & Compliance Reporting Incident Investigations & Forensics Monitoring of Known Threats Advanced Threat Detection Fraud Detection Insider Threat Our Vision
  20. 20. Security Monitoring, Detection & Alerting Incident & Breach Response Automation & Orchestration
  21. 21. Splunk for Enterprise Security Optimize your SOC Team and Augment/Replace your SIEM Risk-Based Analytics Incident Investigation & Response Enrich Security Analysis with Threat Intelligence
  22. 22. F E AT U R E D
  23. 23. 25
  24. 24. Splunk Enterprise Security Introducing Splunk Enterprise Security 4.5 Adaptive Response Enhanced Visual Analytics Improved Threat Detection / UBA + ES Integration
  25. 25. D E M O
  26. 26. 30
  27. 27. D E M O Glass Table
  28. 28. 32
  29. 29. Splunk Enterprise Security Introducing Splunk Enterprise Security 4.5 Adaptive Response Glass Tables Improved Threat Detection / UBA + ES Integration
  30. 30. Splunk User Behavior Analytics Packaged Advanced & Behavioral Analytics Behavior-Based Threat Detection Kill Chain Detection and Attack Vector Discovery Self-Learning and Tuning
  31. 31. Splunk User Behavior Analytics Peer Group Analytics Content Updates Customizable Threats and Anomalies Announcing User Behavior Analytics 3.0
  32. 32. D E M O
  33. 33. 37
  34. 34. Splunk User Behavior Analytics Peer Group Analytics Content Updates Customizable Threats and Anomalies Announcing User Behavior Analytics 3.0
  35. 35. Enterprise Security Adaptive Response Glass Table User Behavior Analytics Content Subscription Customizable Threats Internal Network Security Network Context & Intelligence Identity App Firewall Endpoints Run Book
  36. 36. THANK YOU

×