SlideShare a Scribd company logo

Travis Perkins at Gartner Risk and Security Management Summit Europe

Download as PPTX, PDF
Splunk
Splunk

This document discusses Travis Perkins' transition from a legacy security operations center (SOC) to a lean SOC using Splunk software. It describes the challenges of Travis Perkins' complex IT environment and their goal of building security solutions for the cloud. The document outlines Travis Perkins' process for incrementally implementing their SOC using Splunk and focusing on incident handling, investigations, and compliance. It provides examples of how Travis Perkins uses risk-based alerting, incident response workflows, and analytics in Splunk to analyze security events.

Technology
1 of 21
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Building a ‘Lean SOC’ Over ‘Legacy SOC’ at Travis Perkins Matthias Maier | Product Marketing Director, Splunk Nick Bleech | Head of Information Security, Travis Perkins
© 2018 SPLUNK INC. Splunk Company Overview Global HQs San Francisco London Hong Kong 4,000+ Employees Globally NASDAQ: SPLK Annual Revenue $1.25B+ 89 of the Fortune 100 Rely on Splunk Across 110+ Countries Customers Range From Small Businesses to Large Organizations Largest License: 4+Petabytes/day 16,000+ Customers Splunk4Good $100 Million Commitment to Support Nonprofits, Research & Education
© 2017 SPLUNK INC. © 2018 SPLUNK INC. OUR MISSION
Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
© 2017 SPLUNK INC. Collaborative SOC Solve across multiple domains Establish security operations Specific problem Nerve center for security
© 2018 SPLUNK INC. Power a Collaborative SOC AUTOMATION AND ORCHESTRATION INTERCONNECTED SECURITY STACK MACHINE LEARNING TO AUGMENT HUMAN SKILLS ADAPTIVE RESPONSE Collaborative SOC multiple domains blish security operations fic problem Nerve center for security
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Building a ‘Lean SOC’ Over ‘Legacy SOC’ at Travis Perkins Nick Bleech | Head of Information Security, Travis Perkins
© 2018 SPLUNK INC. Nick Bleech and Travis Perkins Group • I’m currently the Head of Information Security for the Travis Perkins Group, the UK’s largest building materials merchants • Before Travis Perkins I was CISO at Rolls-Royce plc. o Served on the board of the Jericho Forum o Expert group which established core principles for Cloud Computing • My team at Travis Perkins Group tackles practical challenges including: o Security monitoring o Incident response o Data security o Driving governance to tackle Cloud Computing
© 2018 SPLUNK INC. Challenges – Travis Perkins Group • Complex IT - a mix of on-premise legacy systems / services and the cloud services progressively replacing them • ‘Cloud First’ - all new solutions must deploy into Cloud and work with on-premise as needed • SIEM business drivers balanced between incidents, investigations and compliance use cases – need flexible and adaptable technology
© 2018 SPLUNK INC. The beginning • The ‘Big Bang’: o Acquire SIEM hardware & software – one size fits all – ($$$$) o Connect as many sources as possible (Look Ma – all those connectors!) o No data source is too large or too complex – let’s not think too hard o This cloud thing’s coming – we’ll cross that bridge when we get there • When budget /time /resources run out: SIEM ‘mark one’ that was tagged ‘never again’ Oh dear...stop!
© 2018 SPLUNK INC. Critical Success factors for SIEM ‘mark two’ • Plan/Deliver incrementally – no ‘big bang’ • Hybrid – both cloud and on prem • ‘Lean’ SOC: Grow just enough SIEM architecture and SOC capability for required use-cases • Focus incident handling for maximum effectiveness • Don’t forget investigation / compliance use cases • Many potential data sources; both ‘agent-based’ & ‘agentless’ collection • Understand the characteristics of each data source • Acknowledge and meet multiple use-case and Enterprise Security Architectural needs SIEMData Sources Investment Case Sourcing Strategy Enterprise Security Arch SIEM Arch Use Cases
© 2018 SPLUNK INC. Organizational Incident Handling Process • Fire drills to test the incident response process • Exec wanted every 15m updates • How fast do you get questions out of the incident response process from the IT team? • It comes down to tools and technologies the team utilizes
© 2018 SPLUNK INC. Risk (Threat) Score Based Incident Alerting • An alert can be like a finger on a spray can: a little alert can trigger a lot of response if you put the right stuff in the can Extra Benefit: • Tunable – false positives - we’ve only had to adjust once so far Use intrinsic Splunk / ES risk scoring appropriately Asset / Identity Risk Score HR-Server01 1.000 • FireEye Alert +500 • Anti Virus Alert +100 • SIEM Anomaly + 500 • …
© 2018 SPLUNK INC. Incident Response Model Canned responses are 80% effective in the first instance and always provide some value by gathering additional information
© 2018 SPLUNK INC. Lean SOC Incident Process Risk score triggers alert for target OPs team responds, gathers info, claims notable events & updates them with info OPs team creates incidents for automated in- depth malware scans an/or automated forensics, updates events OPs team submits any binary samples from target to enterprise AV vendor, requests AC scan & cleanup Infosec confirm using Splunk & data collected by Ops that target is clean. If target is not clean, IS can request rebuild or access to target for more forensics
© 2018 SPLUNK INC. Splunk Incident Analysis
© 2018 SPLUNK INC. Splunk Incident Analysis: Contributing Events
© 2018 SPLUNK INC. SOC / SIEM Initial Build • We ran an on-prem pilot / proof of value using “found” hardware o Bore an uncanny resemblance to hardware from our previous SIEM… • We got a working solution, but speed, storage, and reliability issues arose • Analysts not good SysAdmins – so get better not minding infrastructure • Per our Cloud First strategy, we considered Splunk Cloud or host it on our own: o In terms of cost/benefit, Splunk Cloud option came out ahead • Migration took 2 days to get basic functionality up and running
© 2018 SPLUNK INC. SOC / SIEM Evolution 2015-2018 The Evolution decisions we considered / are considering 6,391.49 • Adaptive Response / SOAR • Behaviour Analytics / Machine Learning • Threat Hunting • Threat Intel services
© 2018 SPLUNK INC. Benefits Obtained and Future Roadmap • 1-2 days from ingesting new data to deliver meaningful reports/dashboards • Splunk CloudOps take pain out of managing host infrastructure • Intrinsic risk-scoring correlation in Splunk/ES focuses us on known-knowns • Architecture has proven to be robust; platform is reliable. 5-40+ sources • Splunk intrinsic Analytics & Machine Learning: 'Are we missing anything?' 'What's the impact?’ Our data science journey has just begun • We have future growth path should use cases and/or architecture so require
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You

Recommended

How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARSplunk
 
Splunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTPartner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTSplunk
 
SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office Splunk
 
Gartner Symposium 2018: BMW Group Presentation
Gartner Symposium 2018: BMW Group PresentationGartner Symposium 2018: BMW Group Presentation
Gartner Symposium 2018: BMW Group PresentationSplunk
 
Partner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsPartner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsSplunk
 

Recommended

How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARSplunk
 
Splunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTPartner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTSplunk
 
SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office Splunk
 
Gartner Symposium 2018: BMW Group Presentation
Gartner Symposium 2018: BMW Group PresentationGartner Symposium 2018: BMW Group Presentation
Gartner Symposium 2018: BMW Group PresentationSplunk
 
Partner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsPartner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsSplunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto Splunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
AIOps Roundtable Munich 2018: Intro to Splunk's ML Technologies
AIOps Roundtable Munich 2018: Intro to Splunk's ML TechnologiesAIOps Roundtable Munich 2018: Intro to Splunk's ML Technologies
AIOps Roundtable Munich 2018: Intro to Splunk's ML TechnologiesSplunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaSplunk
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at AirbusSplunk
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
SplunkLive! London 2017 - Travis Perkins
SplunkLive! London 2017 - Travis PerkinsSplunkLive! London 2017 - Travis Perkins
SplunkLive! London 2017 - Travis PerkinsSplunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg Splunk
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Splunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys Splunk
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Splunk
 

More Related Content

What's hot

SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto Splunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
AIOps Roundtable Munich 2018: Intro to Splunk's ML Technologies
AIOps Roundtable Munich 2018: Intro to Splunk's ML TechnologiesAIOps Roundtable Munich 2018: Intro to Splunk's ML Technologies
AIOps Roundtable Munich 2018: Intro to Splunk's ML TechnologiesSplunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaSplunk
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at AirbusSplunk
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
SplunkLive! London 2017 - Travis Perkins
SplunkLive! London 2017 - Travis PerkinsSplunkLive! London 2017 - Travis Perkins
SplunkLive! London 2017 - Travis PerkinsSplunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg Splunk
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Splunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys Splunk
 

What's hot (20)

SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
AIOps Roundtable Munich 2018: Intro to Splunk's ML Technologies
AIOps Roundtable Munich 2018: Intro to Splunk's ML TechnologiesAIOps Roundtable Munich 2018: Intro to Splunk's ML Technologies
AIOps Roundtable Munich 2018: Intro to Splunk's ML Technologies
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at Airbus
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability Management
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
 
SplunkLive! London 2017 - Travis Perkins
SplunkLive! London 2017 - Travis PerkinsSplunkLive! London 2017 - Travis Perkins
SplunkLive! London 2017 - Travis Perkins
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
 
Splunk for ITOA Breakout Session
Splunk for ITOA Breakout SessionSplunk for ITOA Breakout Session
Splunk for ITOA Breakout Session
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
 

Similar to Travis Perkins at Gartner Risk and Security Management Summit Europe

Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...Splunk
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecuritySplunk
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Splunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Adam Tice
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocRene Aguero
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayZivaro Inc
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...Splunk
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsSplunk
 

Similar to Travis Perkins at Gartner Risk and Security Management Summit Europe (20)

Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech Day
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Travis Perkins at Gartner Risk and Security Management Summit Europe

  • 1. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Building a ‘Lean SOC’ Over ‘Legacy SOC’ at Travis Perkins Matthias Maier | Product Marketing Director, Splunk Nick Bleech | Head of Information Security, Travis Perkins
  • 2. © 2018 SPLUNK INC. Splunk Company Overview Global HQs San Francisco London Hong Kong 4,000+ Employees Globally NASDAQ: SPLK Annual Revenue $1.25B+ 89 of the Fortune 100 Rely on Splunk Across 110+ Countries Customers Range From Small Businesses to Large Organizations Largest License: 4+Petabytes/day 16,000+ Customers Splunk4Good $100 Million Commitment to Support Nonprofits, Research & Education
  • 3. © 2017 SPLUNK INC. © 2018 SPLUNK INC. OUR MISSION
  • 4. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
  • 5. © 2017 SPLUNK INC. Collaborative SOC Solve across multiple domains Establish security operations Specific problem Nerve center for security
  • 6. © 2018 SPLUNK INC. Power a Collaborative SOC AUTOMATION AND ORCHESTRATION INTERCONNECTED SECURITY STACK MACHINE LEARNING TO AUGMENT HUMAN SKILLS ADAPTIVE RESPONSE Collaborative SOC multiple domains blish security operations fic problem Nerve center for security
  • 7. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Building a ‘Lean SOC’ Over ‘Legacy SOC’ at Travis Perkins Nick Bleech | Head of Information Security, Travis Perkins
  • 8. © 2018 SPLUNK INC. Nick Bleech and Travis Perkins Group • I’m currently the Head of Information Security for the Travis Perkins Group, the UK’s largest building materials merchants • Before Travis Perkins I was CISO at Rolls-Royce plc. o Served on the board of the Jericho Forum o Expert group which established core principles for Cloud Computing • My team at Travis Perkins Group tackles practical challenges including: o Security monitoring o Incident response o Data security o Driving governance to tackle Cloud Computing
  • 9. © 2018 SPLUNK INC. Challenges – Travis Perkins Group • Complex IT - a mix of on-premise legacy systems / services and the cloud services progressively replacing them • ‘Cloud First’ - all new solutions must deploy into Cloud and work with on-premise as needed • SIEM business drivers balanced between incidents, investigations and compliance use cases – need flexible and adaptable technology
  • 10. © 2018 SPLUNK INC. The beginning • The ‘Big Bang’: o Acquire SIEM hardware & software – one size fits all – ($$$$) o Connect as many sources as possible (Look Ma – all those connectors!) o No data source is too large or too complex – let’s not think too hard o This cloud thing’s coming – we’ll cross that bridge when we get there • When budget /time /resources run out: SIEM ‘mark one’ that was tagged ‘never again’ Oh dear...stop!
  • 11. © 2018 SPLUNK INC. Critical Success factors for SIEM ‘mark two’ • Plan/Deliver incrementally – no ‘big bang’ • Hybrid – both cloud and on prem • ‘Lean’ SOC: Grow just enough SIEM architecture and SOC capability for required use-cases • Focus incident handling for maximum effectiveness • Don’t forget investigation / compliance use cases • Many potential data sources; both ‘agent-based’ & ‘agentless’ collection • Understand the characteristics of each data source • Acknowledge and meet multiple use-case and Enterprise Security Architectural needs SIEMData Sources Investment Case Sourcing Strategy Enterprise Security Arch SIEM Arch Use Cases
  • 12. © 2018 SPLUNK INC. Organizational Incident Handling Process • Fire drills to test the incident response process • Exec wanted every 15m updates • How fast do you get questions out of the incident response process from the IT team? • It comes down to tools and technologies the team utilizes
  • 13. © 2018 SPLUNK INC. Risk (Threat) Score Based Incident Alerting • An alert can be like a finger on a spray can: a little alert can trigger a lot of response if you put the right stuff in the can Extra Benefit: • Tunable – false positives - we’ve only had to adjust once so far Use intrinsic Splunk / ES risk scoring appropriately Asset / Identity Risk Score HR-Server01 1.000 • FireEye Alert +500 • Anti Virus Alert +100 • SIEM Anomaly + 500 • …
  • 14. © 2018 SPLUNK INC. Incident Response Model Canned responses are 80% effective in the first instance and always provide some value by gathering additional information
  • 15. © 2018 SPLUNK INC. Lean SOC Incident Process Risk score triggers alert for target OPs team responds, gathers info, claims notable events & updates them with info OPs team creates incidents for automated in- depth malware scans an/or automated forensics, updates events OPs team submits any binary samples from target to enterprise AV vendor, requests AC scan & cleanup Infosec confirm using Splunk & data collected by Ops that target is clean. If target is not clean, IS can request rebuild or access to target for more forensics
  • 16. © 2018 SPLUNK INC. Splunk Incident Analysis
  • 17. © 2018 SPLUNK INC. Splunk Incident Analysis: Contributing Events
  • 18. © 2018 SPLUNK INC. SOC / SIEM Initial Build • We ran an on-prem pilot / proof of value using “found” hardware o Bore an uncanny resemblance to hardware from our previous SIEM… • We got a working solution, but speed, storage, and reliability issues arose • Analysts not good SysAdmins – so get better not minding infrastructure • Per our Cloud First strategy, we considered Splunk Cloud or host it on our own: o In terms of cost/benefit, Splunk Cloud option came out ahead • Migration took 2 days to get basic functionality up and running
  • 19. © 2018 SPLUNK INC. SOC / SIEM Evolution 2015-2018 The Evolution decisions we considered / are considering 6,391.49 • Adaptive Response / SOAR • Behaviour Analytics / Machine Learning • Threat Hunting • Threat Intel services
  • 20. © 2018 SPLUNK INC. Benefits Obtained and Future Roadmap • 1-2 days from ingesting new data to deliver meaningful reports/dashboards • Splunk CloudOps take pain out of managing host infrastructure • Intrinsic risk-scoring correlation in Splunk/ES focuses us on known-knowns • Architecture has proven to be robust; platform is reliable. 5-40+ sources • Splunk intrinsic Analytics & Machine Learning: 'Are we missing anything?' 'What's the impact?’ Our data science journey has just begun • We have future growth path should use cases and/or architecture so require
  • 21. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You