The document provides an overview of best practices for scoping infections and disrupting breaches using Splunk software. It discusses collecting data from various sources like network logs, endpoint data, threat intelligence, and access/identity systems. It emphasizes connecting these different data types to understand the full scope of an infection or breach. The document also demonstrates how to identify disruption opportunities by mapping stages of an attack to collected data that could provide insights.
Medical Device Threat Modeling with TemplatesPriyanka Aash
Modern medical devices contain many software components and are growing exponentially in complexity. Medical device engineering has typically struggled to threat model while the practice has become standard procedure for software systems. To help solve the problem for their engineers, GE Healthcare created a template that combines the software and medical device threat modeling specifics together.
Learning Objectives:
1: Understand the unique and common aspects of medical device technology.
2: See how to use a medical device threat model template.
3: Learn how the model presented may apply in any IoT environment.
(Source: RSA Conference USA 2018)
Evolve or Die, How to Stop Getting Slaughtered Due to Bad Vulnerability Manag...Priyanka Aash
In the last year, we’ve seen numerous attacks with global consequences leveraging exploits against well-publicized vulnerabilities with available patches. This presentation will provide Forrester’s perspective on the challenges clients face in the vuln management space and make recommendations for improving how we prioritize and communicate vulnerability risk within our organizations.
Learning Objectives:
1: Outline a long-term strategy for evolving vulnerability risk practices.
2: Use industry examples to demonstrate effective VM prioritization.
3: Provide immediate takeaways to start improving VM processes tomorrow.
(Source: RSA Conference USA 2018)
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Brian Kelly
Rick Holland of Forrester Research shares the results of his investigation into why targeted attacks on employees of businesses are increasing despite there being more information security products than ever.
Presented by Duo Security with guests Forrester Research and University of Tennessee, Knoxville
Agenda and Presenters
* How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication
Rick Holland, Principal Analyst, Forrester Research
* How Duo Helps You Avoid “Expense In Depth”
Brian Kelly, Principal Product Marketing Manager , Duo Security
* A Case for Multi-factor Authentication
Bob Hillhouse, Associate CIO and CISO University of Tennessee, Knoxville
Medical Device Threat Modeling with TemplatesPriyanka Aash
Modern medical devices contain many software components and are growing exponentially in complexity. Medical device engineering has typically struggled to threat model while the practice has become standard procedure for software systems. To help solve the problem for their engineers, GE Healthcare created a template that combines the software and medical device threat modeling specifics together.
Learning Objectives:
1: Understand the unique and common aspects of medical device technology.
2: See how to use a medical device threat model template.
3: Learn how the model presented may apply in any IoT environment.
(Source: RSA Conference USA 2018)
Evolve or Die, How to Stop Getting Slaughtered Due to Bad Vulnerability Manag...Priyanka Aash
In the last year, we’ve seen numerous attacks with global consequences leveraging exploits against well-publicized vulnerabilities with available patches. This presentation will provide Forrester’s perspective on the challenges clients face in the vuln management space and make recommendations for improving how we prioritize and communicate vulnerability risk within our organizations.
Learning Objectives:
1: Outline a long-term strategy for evolving vulnerability risk practices.
2: Use industry examples to demonstrate effective VM prioritization.
3: Provide immediate takeaways to start improving VM processes tomorrow.
(Source: RSA Conference USA 2018)
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Brian Kelly
Rick Holland of Forrester Research shares the results of his investigation into why targeted attacks on employees of businesses are increasing despite there being more information security products than ever.
Presented by Duo Security with guests Forrester Research and University of Tennessee, Knoxville
Agenda and Presenters
* How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication
Rick Holland, Principal Analyst, Forrester Research
* How Duo Helps You Avoid “Expense In Depth”
Brian Kelly, Principal Product Marketing Manager , Duo Security
* A Case for Multi-factor Authentication
Bob Hillhouse, Associate CIO and CISO University of Tennessee, Knoxville
IIC IoT Security Maturity Model: Description and Intended UseKaspersky
How to ensure that security implemented in IoT devices and systems is up to the provider's requirements and yet don't mean over-spending on unnecessary mechanisms? That's what the Security Maturity Model, developed by Industrial Internet Consortium with our contribution, is about.
Read more at http://iiconsortium.org/.
Security Fact & Fiction: Three Lessons from the HeadlinesDuo Security
Real-word breaches are often caused by simple lapses of judgment.
Hollywood movies and some of the media representations of data breaches are sensationalized and over-complicated compared to reality.
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
Watch this insightful and witty discussion between two old pals, Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype on the state of application security today. They share their perspectives on the changing landscape of application development and how this is impacting common application security approaches. They agree the dramatic shift from source code to component based development has created an open source security gap. With component vulnerabilities becoming national news, Heartbleed, Struts and the promise of more to come, now is the time to stop using components with known vulnerabilities.
To learn more about Heartbleed and what it means for your company please visit http://www.sonatype.com/clm/spotlight-on-heartbleed
Holy Threat Intelligence AMPman! We Need Endpoint Security!Force 3
Some men just want to watch the network burn.
With malware on the rise and hackers attacking government agencies from every angle, federal agencies face an uphill battle. In the Malware Universe, federal networks need a hero, one who wages a never-ending fight for truth, justice and American data.
Are you ready to be the hero your network deserves?
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
Executive Summary
No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider (explicitly or implicitly) up to hundreds of millions of branches of a complex attack tree modelling of cyberattacks interaction with cyber, physical, safety and protection equipment and processes. This paper was written to assist cyber professionals to understand and communicate the results of such risk assessments to non-technical business decision-makers.
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyberattacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
We look at what is a Capture the Flag Event and how it can provide a great training opportunity for anyone interested or working in Cyber Security... for free! We also look at some examples of thinking outside the box challenges
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
Join Cenzic’s Chris Harget for an overview of the essentials of Web Application Security, including the risks, practices and tools that improve security at every stage of the application lifecycle.
The numbers are shocking: 69% of enterprise security executives report having experienced insider threats over one year. At the same time, 62% of business users report having access to data they should not see. Making matters worse? 43% of business say it takes at least a month (if not longer) to detect employees viewing files and emails they’re not authorized to access.*
With its comprehensive suite of flexible, simple, efficient solutions, Cisco Security offers a seamless approach designed to ease the burden on your IT team while strengthening your security posture. That includes Cisco Stealthwatch, a network visibility and security analytics system. Using NetFlow, Stealthwatch helps you use your network as a security sensor and enforcer to detect and remediate attacks, ultimately improving your threat defense—including time to detection and response.
Today, nearly a third of organizations lack the ability to prevent or deter insider threats.* Don’t let your agency be one of them.
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongDuo Security
If you're like many IT security professionals, you're on a quest to do a better job of authenticating users in the face of new security and business challenges.
Have you gotten caught up in one of five authentication traps, like many of your peers?
Full replay of the recording is available online:
https://go.duosecurity.com/Forrester_Webinar_Signs_Youre_Doing_Authentication_Wrong.html
In this webinar, you will learn:
* Five signs you're doing authentication wrong
* Forrester research on key trends and generational shifts in the authentication market
* How to assess solution usability, deployability and security
* Will it ever be truly possible to "kill the password?"
Join the following guest speakers as they comment on the virtues of a thoughtfully deployed authentication solution.
* Eve Maler, Forrester Research
* Brian Kelly, Duo Security
* Daniel Frye, CedarCrestone
Continuous Monitoring for Web Application SecurityCenzic
In a world with constantly changing and increasingly complex attacks on web applications, security practices are evolving to stay ahead of the threats. Dave Shackleford, IANS Research application security faculty member, and Bala Venkat, Cenzic CMO, explain how government agencies can benefit from continuous security monitoring.
These are the slides from "Continuous Monitoring for Web App Security," a Cenzic and IANS webinar that originally aired on 10 September 2013. The video recording is available at info.cenzic.com (free, registration required).
In the webinar, Dave and Bala discuss the types of attacks currently seen in the wild, what attackers are focused on, and how they are compromising web applications, systems and data. We'll explore the most pressing compliance and regulatory challenges for government agencies and commercial businesses. Finally, we'll show how continuous monitoring tactics and tools can improve your security posture.
Who is responsible for security in the enterprise? Every company takes a different approach, but in many cases, accountability and authority do not reside in the same role. When this happens, it’s hard to tell who is responsible for securing digital assets. No wonder executives are worried.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, and early detection and prevention of events. See a live demonstration that will showcase how to operationalize those resources so that your organization can reap the maximum benefit.
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
To successfully prevent infections from becoming a data breach, security analysts need the ability to continuously collect, analyse, correlate and investigate a diverse set of data.
Join this webinar to hear Matthias Maier, Splunk Security Product Marketing Manager and Filip Wijnholds, Splunk Senior Systems Engineer, discuss the specific data sources and capabilities required to determine the scope of an infection before it turns into a breach.
During this session, you'll learn:
- The capabilities required to distinguish an infection from a breach
- The specific analysis steps to understand the scope of an attack
- The data sources required to gain deep and broad visibility
- What to look for from network and endpoint data sources
We also demonstrate a live incident investigation using this approach, you can view the recording here:
https://splunkevents.webex.com/splunkevents/lsr.php?RCID=cab764b0457c615aa5f02ddfd351fe9f
IIC IoT Security Maturity Model: Description and Intended UseKaspersky
How to ensure that security implemented in IoT devices and systems is up to the provider's requirements and yet don't mean over-spending on unnecessary mechanisms? That's what the Security Maturity Model, developed by Industrial Internet Consortium with our contribution, is about.
Read more at http://iiconsortium.org/.
Security Fact & Fiction: Three Lessons from the HeadlinesDuo Security
Real-word breaches are often caused by simple lapses of judgment.
Hollywood movies and some of the media representations of data breaches are sensationalized and over-complicated compared to reality.
Lessons Learned From Heartbleed, Struts, and The Neglected 90%Sonatype
Watch this insightful and witty discussion between two old pals, Wendy Nather, Security Research Director at 451 Research and Josh Corman, CTO at Sonatype on the state of application security today. They share their perspectives on the changing landscape of application development and how this is impacting common application security approaches. They agree the dramatic shift from source code to component based development has created an open source security gap. With component vulnerabilities becoming national news, Heartbleed, Struts and the promise of more to come, now is the time to stop using components with known vulnerabilities.
To learn more about Heartbleed and what it means for your company please visit http://www.sonatype.com/clm/spotlight-on-heartbleed
Holy Threat Intelligence AMPman! We Need Endpoint Security!Force 3
Some men just want to watch the network burn.
With malware on the rise and hackers attacking government agencies from every angle, federal agencies face an uphill battle. In the Malware Universe, federal networks need a hero, one who wages a never-ending fight for truth, justice and American data.
Are you ready to be the hero your network deserves?
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
Executive Summary
No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. Evaluating cyber risk in industrial control system (ICS) networks is difficult, considering their complex nature. For example, an evaluation can consider (explicitly or implicitly) up to hundreds of millions of branches of a complex attack tree modelling of cyberattacks interaction with cyber, physical, safety and protection equipment and processes. This paper was written to assist cyber professionals to understand and communicate the results of such risk assessments to non-technical business decision-makers.
This paper proposes that cyber risk be communicated as a Design Basis Threat (DBT) line drawn through a representative “Top 20” set of cyberattacks spread across a spectrum of attack sophistication. These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. Many industrial cyber risk practitioners will find the list useful as-is, while expert practitioners may choose to adapt the list to their more detailed understanding of their own sites’ circumstances.
We look at what is a Capture the Flag Event and how it can provide a great training opportunity for anyone interested or working in Cyber Security... for free! We also look at some examples of thinking outside the box challenges
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
Join Cenzic’s Chris Harget for an overview of the essentials of Web Application Security, including the risks, practices and tools that improve security at every stage of the application lifecycle.
The numbers are shocking: 69% of enterprise security executives report having experienced insider threats over one year. At the same time, 62% of business users report having access to data they should not see. Making matters worse? 43% of business say it takes at least a month (if not longer) to detect employees viewing files and emails they’re not authorized to access.*
With its comprehensive suite of flexible, simple, efficient solutions, Cisco Security offers a seamless approach designed to ease the burden on your IT team while strengthening your security posture. That includes Cisco Stealthwatch, a network visibility and security analytics system. Using NetFlow, Stealthwatch helps you use your network as a security sensor and enforcer to detect and remediate attacks, ultimately improving your threat defense—including time to detection and response.
Today, nearly a third of organizations lack the ability to prevent or deter insider threats.* Don’t let your agency be one of them.
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongDuo Security
If you're like many IT security professionals, you're on a quest to do a better job of authenticating users in the face of new security and business challenges.
Have you gotten caught up in one of five authentication traps, like many of your peers?
Full replay of the recording is available online:
https://go.duosecurity.com/Forrester_Webinar_Signs_Youre_Doing_Authentication_Wrong.html
In this webinar, you will learn:
* Five signs you're doing authentication wrong
* Forrester research on key trends and generational shifts in the authentication market
* How to assess solution usability, deployability and security
* Will it ever be truly possible to "kill the password?"
Join the following guest speakers as they comment on the virtues of a thoughtfully deployed authentication solution.
* Eve Maler, Forrester Research
* Brian Kelly, Duo Security
* Daniel Frye, CedarCrestone
Continuous Monitoring for Web Application SecurityCenzic
In a world with constantly changing and increasingly complex attacks on web applications, security practices are evolving to stay ahead of the threats. Dave Shackleford, IANS Research application security faculty member, and Bala Venkat, Cenzic CMO, explain how government agencies can benefit from continuous security monitoring.
These are the slides from "Continuous Monitoring for Web App Security," a Cenzic and IANS webinar that originally aired on 10 September 2013. The video recording is available at info.cenzic.com (free, registration required).
In the webinar, Dave and Bala discuss the types of attacks currently seen in the wild, what attackers are focused on, and how they are compromising web applications, systems and data. We'll explore the most pressing compliance and regulatory challenges for government agencies and commercial businesses. Finally, we'll show how continuous monitoring tactics and tools can improve your security posture.
Who is responsible for security in the enterprise? Every company takes a different approach, but in many cases, accountability and authority do not reside in the same role. When this happens, it’s hard to tell who is responsible for securing digital assets. No wonder executives are worried.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, and early detection and prevention of events. See a live demonstration that will showcase how to operationalize those resources so that your organization can reap the maximum benefit.
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
To successfully prevent infections from becoming a data breach, security analysts need the ability to continuously collect, analyse, correlate and investigate a diverse set of data.
Join this webinar to hear Matthias Maier, Splunk Security Product Marketing Manager and Filip Wijnholds, Splunk Senior Systems Engineer, discuss the specific data sources and capabilities required to determine the scope of an infection before it turns into a breach.
During this session, you'll learn:
- The capabilities required to distinguish an infection from a breach
- The specific analysis steps to understand the scope of an attack
- The data sources required to gain deep and broad visibility
- What to look for from network and endpoint data sources
We also demonstrate a live incident investigation using this approach, you can view the recording here:
https://splunkevents.webex.com/splunkevents/lsr.php?RCID=cab764b0457c615aa5f02ddfd351fe9f
Splunk's Minister of Defense and security guru, Monzy Merza, shows how to use the Splunk App for Enterprise Security to detect, respond to and mitigate advanced malware through various phases of the threat's lifecycle chain.
In this presentation we will look at the cause and effect of the problem, analyze preparedness and learn how you can better prepare, detect, respond and recover from cyber-attacks.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
In this security insight brief, 21CT researchers look at the malicious network behaviors that concern organizations the most, and how to use security analytics to find them before damage is done. Understanding these 12 indicators of compromise are critical to identifying a network breach.
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
Best Practices for Scoping Infections and Disrupting BreachesSplunk
o successfully prevent infections from becoming a data breach, security analysts need the ability to continuously collect, analyse, correlate and investigate a diverse set of data.
Join this webinar to hear Matthias Maier, Splunk Security Product Marketing Manager, discuss the specific data sources and capabilities required to determine the scope of an infection before it turns into a breach.
During this session, you'll learn:
- The capabilities required to distinguish an infection from a breach
- The specific analysis steps to understand the scope of an attack
- The data sources required to gain deep and broad visibility
- What to look for from network and endpoint data sources
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Conozca como tener una completa visibilidad para identificar e investigar los ataques, detecte y analice ataques avanzados, antes que afecten al negocio, gestione los incidentes más importantes, permitiéndole combinar Logs con otros tipos de datos como tráfico en la red, información end point y datos en la nube.
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
Attackers are using increasingly sophisticated methods to access your most sensitive data, and at the same time cloud, mobile and other innovations expand the perimeter you need to protect. This keynote discusses how to build a more secure enterprise with real-time analytics and behavior-based activity monitoring.
Advanced Security Intelligence tools store, correlate and analyze millions of events and flows daily to identify critical incidents your security team needs to investigate. The volume, variety and velocity involved clearly defines Security as a “Big Data challenge.”
Learn how advanced predictive analytics and incident forensics help defend against advanced attacks and respond to and remediate incidents quickly and effectively.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
7. Turning Machine Data Into Business Value
7
Index Untapped Data: Any Source, Type, Volume
Online
Services Web
Services
Servers
Security GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
ApplicationsMessaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
RFID
On-
Premises
Private
Cloud
Public
Cloud
Ask Any Question
Application Delivery
Security, Compliance,
and Fraud
IT Operations
Business Analytics
Industrial Data and
the Internet of Things
8. Phases of Operational Intelligence
Reactive
Search
and
Investigate
Proactive
Monitoring
and Alerting
Operational
Visibility
Proactive
Real-time
Business
Insight
9. IT
Operations
Application
Delivery
Developer Platform (REST API, SDKs)
Business
Analytics
Industrial Data
and Internet of
Things
Delivers Value Across IT and the Business
9
Business
Analytics
Industrial Data
and Internet of
Things
Security,
Compliance,
and Fraud
10. Platformfor ApplicationDeliveryand IT Operations
10
ROOT CAUSE
AND ISSUE
RESOLUTION
PROACTIVE
MONITORING
AND REAL-TIME
ALERTING
DELIVER BETTER
QUALITY CODE
FASTER
CLOUD APP AND
INFRASTRUCTURE
MONITORING
MOBILE APP
TROUBLESHOOTING
USER & USAGE
ANALYTICS
13. Best Practices for Scoping Infections & Disrupting Breaches
13
Best Practices for
Scoping Infections &
Disrupting Breaches
14. 14
Source: Mandiant M-Trends Report 2012/2013/2014
67%
Victims notified
by external
entity
100%
Valid credentials
were used
229
Median # of
days before
detection
The Ever-changing Threat Landscape
18. Capabilities - Scoping Infections and Breach
18
Report
and
analyze
Custom
dashboards
Monitor
and alert
Ad hoc
search
Threat
Intelligenc
e
Asset
& CMDB
Employee
Info
Data
Store
s
Applicatio
ns
Raw Events
Online
Services
Web
Services
Security
GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
Applications
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
Firewall
Authentication
Threat
Intelligence
Servers
Endpoint
19. Capabilities - Scoping Infections and Breach
19
Analytics Context &
Intelligence
Connecting Data
and People
20. Adversary Perspective- Attack Kill Chain
20
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and
Control (C2)
Actions on
Objectives
http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/
LM-White-Paper-Intel-Driven-Defense.pdf
22. Kill Chain – Breach Example
22
http (web) session to
command & control
server
Remote control
Steal data
Persist in company
Rent as botnet
WEB
Delivery Exploitation Installation C2 Actions on Objectives
.pdf
.pdf executes & unpacks malware
overwriting and running “allowed” programs
Svchost.exeCalc.exe
Attacker creates
malware, embed in .pdf,
emails
to the target
MAIL
Read email, open attachment
Threat intelligence
Access/Identity
Endpoint
Network
25. Best Practices – Breach Response Posture
Bring in data from (minimum at least one from each category):
25
• Bringin datafrom(minimumat leastone fromeachcategory):
• Network– nextgen firewallor web proxy,email,dns
• Endpoint– windowslogs,registrychanges,file changes
• ThreatIntelligence– open sourceor subscriptionbased
• Accessand Identity– authenticationevents,machine-usermapping
• Employa securityintelligenceplatformso analystscan:
• Contextualizeevents,analyticsand alerts
• Automatetheiranalysisandexploration
• Sharetechniquesand resultsto learnand improve
26. Breach Example – Disruption Opportunities
26
http (web) session to
command & control
server
Remote control
Steal data
Persist in company
Rent as botnet
WEB
Delivery Exploitation Installation C2 Actions on Objectives
.pdf
.pdf executes & unpacks malware
overwriting and running “allowed” programs
Svchost.exeCalc.exe
Attacker creates
malware, embed in .pdf,
emails
to the target
MAIL
Read email, open attachment
Threat intelligence
Access/Identity
Endpoint
Network
27. Breach Example – Disruption Opportunities
28
http (web) session to
command & control
server
Remote control
Steal data
Persist in company
Rent as botnet
WEB
Delivery Exploitation Installation C2 Actions on Objectives
.pdf
.pdf executes & unpacks malware
overwriting and running “allowed” programs
Svchost.exeCalc.exe
Attacker creates
malware, embed in .pdf,
emails
to the target
MAIL
Read email, open attachment
Threat intelligence
Access/Identity
Endpoint
Network
38. The 6th Annual Splunk Worldwide Users’ Conference
September 21-24, 2015 The MGM Grand Hotel, Las Vegas
• 50+ Customer Speakers
• 50+ Splunk Speakers
• 35+ Apps in Splunk Apps Showcase
• 65 Technology Partners
• 4,000+ IT & Business Professionals
• 2 Keynote Sessions
• 3 days of technical content (150+ Sessions)
• 3 days of Splunk University
– Get Splunk Certified
– Get CPE credits for CISSP, CAP, SSCP, etc.
– Save thousands on Splunk education!
39
Register at: conf.splunk.com
39. WeWant to Hear yourFeedback!
After the Breakout Sessions conclude
Text Splunk to 878787
And be entered for a chance to win a $100AMEX gift card!
40. • Info, case study, analyst reports:
• Splunk.com > Solutions > Security & Fraud
• Try Splunk Enterprise for free!
• Download Splunk http://www.splunk.com/download
• Splunk.com > Community > Documentation > Search Tutorial
• In 30 minutes: imported data, run searches, created reports
• Free apps at Splunk.com > Community > Apps
• Contact sales team at Splunk.com > About Us > Contact
Next Steps
41
Traditional SIEMSplunk
That’s where we come in. Spunk’s mission is to make machine data accessible, usable, and valuable to everyone.
At it’s core, the Splunk platform enables you to:
Collect data from anywhere – with universal forwarding and indexing technology.
Search and analyze across all your data – with powerful search and schema-on-the-fly technology.
Rapidly deliver real-time insights to IT and business people
This is what we call Operational Intelligence.
What would you do if you could install software, point it at your data – all of it, then ask any questions you have?
That’s the power of Splunk!
Designed to be downloaded and installed in minutes. The same software that’s a free download scales to hundreds of terabytes of data per day, and enables you to ask questions across your entire infrastructure—even across data silos.
And as you add more data, you receive more insights.
Splunk collects and indexes machine data, from a single source to tens of thousands of sources. All in real time.
Once in Splunk Enterprise, you can search, analyze, report-on and derive insights across all your data.
Customers use Splunk across application troubleshooting, IT infrastructure monitoring, security, business analytics, and internet of things
Our Splunk Cloud offering delivers Splunk Enterprise as a cloud-based Software-as-a-service – essentially empowering you with Operational Intelligence without any operational effort.
Reactive – Proactive in a security context
Search and Investigate as part of breach response
The way you move is to get more organized in your data sources capabilities
Security use case example – forensics, alerting, situaational awareness, sharing and collaboration, internal threat intel development, actor tracking
Thanks Nate…
The cool thing about Splunk is that both IT and business professionals can analyze machine data to get real-time visibility and operational intelligence.
With our platform for machine data, organizations can improve their performance in a wide range of areas.
With Splunk software and cloud services, you can quickly identify and pinpoint code-level issues at any stage of the development and release process. You can find and fix bugs quickly so you can ship product faster, gain insights into application usage and user behavior and get real time, mission-critical visibility into every step, system and process involved in building, testing and shipping new products to your customers.
Splunk’s universal machine data platform empowers you to consolidate all information within a unified console to find the root-cause of issues, proactively manage events and incidents and reduce resolution times. You can quickly create alerts to proactively monitor your distributed infrastructure and complex applications/services.
With Splunk MINT, our Mobile Intelligence solution, we’re now extending Operational Intelligence to Mobile Applications. With Splunk MINT, you are enabled to deliver reliable, better performing mobile apps with end-to-end visibility across mobile applications and their supporting application infrastructure. You can combine and correlate mobile app data with data from other channels such as web or desktop to gain cross-channel user and usage analytics with the Splunk platform.
We have many apps that monitor cloud applications. The Splunk App for Stream enables the capture of real-time streaming wire data, across distributed infrastructures including private, public and hybrid Clouds. This enables visibility into application, business and user activity without the need for instrumentation, enhancing various operational use cases across IT, security and the business.
Splunk is a Security Intelligence Platform and we can address a number of security use cases. We’re more flexible than a SIEM and can be used for non-security use cases. Splunk software can complement or replace existing SIEM deployments, while also addressing more complex security use cases, such as supporting fraud detection and finding insider threats.
Splunk is a Security Intelligence Platform and we can address a number of security use cases. We’re more flexible than a SIEM and can be used for non-security use cases. Splunk software can complement or replace existing SIEM deployments, while also addressing more complex security use cases, such as supporting fraud detection and finding insider threats.
There are three numbers in the cyber security statistics are very telling, and we should pay close attention to:
100% of breaches are done using valid credentials;
And it still takes average 229 days to detect a breach;
With all security technologies deployed in the enterprises, there are still 67% of , which represents 2 out 3, breaches are first reported to the enterprise by a 3rd parties (FBI, SS)
You want visibility where the adversary manifests itself. Imagine a malicious email that gives delivered. what are the places you can detect it ? And respond to the breach ?
Network – network based attack, lateral movement, exfiltration
Endpoint – malware exploitation – data gathering, launch point
Authentication – the basis of lateral movement and access to assets, intellectual property
Threat intel – External context to be fused with all these data sources, in advance of the attack or post breach
You derive this rationale from the activity in your in your environment. Fusing it with the knowledge of those who have broader vantage points. And then contextualizing it with business information. Lets talk about each of these. Many of you in this room have told us that this is what works. And indeed, this has been my own experience. Before I came to splunk, I was a splunk customer…. And this strategy works… Lets dive into this…
The capabilities required to distinguish an infection from a breach
Why is it important to preserve an event?
Risk Based Analytics to Align Security Operations With the Business
Risk scoring framework enhances decision making by applying risk score to any data
Quickly and easily assign any KSI or KPI to any event to produce risk scores
Expose the contributing factors of a risk score for deeper insights
Visualize and Discover Relationships for Faster Detection and Investigation
Visually fuse data, context and threat-intel across the stack and time to discern any context
Pre-built correlations, alerts and dashboards for detection, investigation and compliance
Workflow actions and automated lookups enhance context building
Enrich Security Analysis with Threat Intelligence
Automatically apply threat intelligence from any number of providers
Apply threat intelligence to event data as well as wire data
Conduct historical analysis using new threat intelligence across all data
The adversary’s success lies in a deliberate methodology.
Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
Exploitation != Gameover when you have analysts that can use the analytics ability and contextualize it
Use the animation to talk to the Zeus attack scenario described in the Zeus demo.
Reconn – find vulnerability, find method most likely to gain access – locate vulnerable server with .pdf
Reconn - Attacker attacks an extranet portal (vulnerable server) and steals a known good document (.pdf)
Weaponization - Attacker creates malware and packages up in pdf and names it the same document as that on the portal (look like a good document)
Delivery - Attacker spoofs (use technique to send email that looks like it’s coming from an employee of the company) a company employee email and sends to several targets at the company
Exploitation – User (all it takes is one) reads email, open the attachment, exploits a vulnerable in a document reader that allows programs to run
Installation – program installs several programs that over-write “good” programs on the computer – the calculator program – calc.exe
Installation – calc.exe spans svchost.exe, a generic program on windows machines
Command and Control – svchost.exe establishes communication to remote command and control server.
Point out – this came from a real example. The left shows the different defensive technologies that might have seen something.
Lets take a look at two examples. Lets see how we can do continuous monitoring for vulnerarbilities. And then lets take a look at how we can investigate an alert.
Contextualization and exploration is automatic – you saw this in the field discovery menu
Raw events without modification or changes – so you can auto-extract and search adhoc and tie things together as you see fit
Nothing to join
Create a search
Use the animation to talk to the Zeus attack scenario described in the Zeus demo.
Reconn – find vulnerability, find method most likely to gain access – locate vulnerable server with .pdf
Reconn - Attacker attacks an extranet portal (vulnerable server) and steals a known good document (.pdf)
Weaponization - Attacker creates malware and packages up in pdf and names it the same document as that on the portal (look like a good document)
Delivery - Attacker spoofs (use technique to send email that looks like it’s coming from an employee of the company) a company employee email and sends to several targets at the company
Exploitation – User (all it takes is one) reads email, open the attachment, exploits a vulnerable in a document reader that allows programs to run
Installation – program installs several programs that over-write “good” programs on the computer – the calculator program – calc.exe
Installation – calc.exe spans svchost.exe, a generic program on windows machines
Command and Control – svchost.exe establishes communication to remote command and control server.
Point out – this came from a real example. The left shows the different defensive technologies that might have seen something.
Use the animation to talk to the Zeus attack scenario described in the Zeus demo.
Reconn – find vulnerability, find method most likely to gain access – locate vulnerable server with .pdf
Reconn - Attacker attacks an extranet portal (vulnerable server) and steals a known good document (.pdf)
Weaponization - Attacker creates malware and packages up in pdf and names it the same document as that on the portal (look like a good document)
Delivery - Attacker spoofs (use technique to send email that looks like it’s coming from an employee of the company) a company employee email and sends to several targets at the company
Exploitation – User (all it takes is one) reads email, open the attachment, exploits a vulnerable in a document reader that allows programs to run
Installation – program installs several programs that over-write “good” programs on the computer – the calculator program – calc.exe
Installation – calc.exe spans svchost.exe, a generic program on windows machines
Command and Control – svchost.exe establishes communication to remote command and control server.
Point out – this came from a real example. The left shows the different defensive technologies that might have seen something.
Use the animation to talk to the Zeus attack scenario described in the Zeus demo.
Reconn – find vulnerability, find method most likely to gain access – locate vulnerable server with .pdf
Reconn - Attacker attacks an extranet portal (vulnerable server) and steals a known good document (.pdf)
Weaponization - Attacker creates malware and packages up in pdf and names it the same document as that on the portal (look like a good document)
Delivery - Attacker spoofs (use technique to send email that looks like it’s coming from an employee of the company) a company employee email and sends to several targets at the company
Exploitation – User (all it takes is one) reads email, open the attachment, exploits a vulnerable in a document reader that allows programs to run
Installation – program installs several programs that over-write “good” programs on the computer – the calculator program – calc.exe
Installation – calc.exe spans svchost.exe, a generic program on windows machines
Command and Control – svchost.exe establishes communication to remote command and control server.
Point out – this came from a real example. The left shows the different defensive technologies that might have seen something.
Risk-Based Analytics to Align Security Operations With the Business
Risk scoring framework enhances decision making by applying risk scores to any data
Quickly and easily assign any KSI or KPI to any event to align with your current priorities
Expose the contributing factors of a risk score for deeper insights
Visualize and Discover Relationships for Faster Detection and Investigation
Visually fuse data, context and threat-intel across the stack and time to discern relationships
Pre-built correlations, alerts and dashboards for detection, investigation and compliance
Workflow actions and automated lookups enhance context building
Enrich Security Analysis with Threat Intelligence
Automatically apply threat intelligence from any number of providers
Apply threat intelligence to event data as well as wire data
All of this rich capability is delivered through Pre-built searches, dashboards, reports and workflows.
Your analysts are enable to investigate alerts, maintain a continuous monitoring posture and hunt for unusual activity
Manage and investigate incidents by correlating event data and contextual information from any data source
Pre-built statistical capabilities identify unusual activity and reduce false positives
Automated Threat Intel Integration ensures that new information is rapidly integrated into alerts and investigations
Enterprise Security delivers pre-built reports, dashboards, workflows across all security domains. Including wire data, end points, network, access and identity management
Over 2500 security/compliance customers worldwide. Customers cover all sizes and verticals, and are all over the world. While not listed here, hundreds of SMBs and individuals also use for security/compliance.
We are humbled by your trust. You have confirmed to us that in partnering with you – our customers we deliver a world class security intelligence platform.
Thank you!
Before we jump into questions. Some important .conf announcements…
Splunk has an active community:
There is an emerging ecosystem of new companies building apps on top of Splunk. They are taking advantage of open APIs and new platform capabilities to create an entirely new generation of applications.
Splunk Answers is the go-to place for your questions – and answers. Our technical support is consistently rated as industry leading and Splunk Answers has answers to thousands of questions.
You can participate in meet-ups and User Groups, contribute to our forums, or attend local SplunkLive events (like this one) to hear from you peers.
----- Meeting Notes (4/22/15 10:47) -----
Splunk Apptitude is live and open.
You've got 90 days.
To win more than $150,000 in cash and prizes.
Last day to submit is July 20th, 2015.
We'll announce the winners at Black Hat in August.
Good luck!
And finally, I would like to encourage all of you to attend our user conference in September.
The energy level and passion that our customers bring to this event is simply electrifying.
Combined with inspirational keynotes and 150+ breakout session across all areas of operational intelligence,
It is simply the best forum to bring our Splunk community together, to learn about new and advanced Splunk offerings, and most of all to learn from one another.