The document discusses Splunk's solutions for improving security operations, including threat detection and analytics using machine learning and orchestration. It outlines key challenges, strategies for integrating data from multiple cloud environments, and tools for effective incident response. Additionally, it emphasizes the importance of automated recommendations and content alignment with industry standards such as MITRE ATT&CK.

1. © 2 0 2 0 S P L U N K I N C .
© 2 0 2 0 S P L U N K I N C .
Better Threat Analytics:
From Getting Started to
Cloud Security Analytics
and Machine Learning
Algorithms
Security Breakout

2. © 2 0 2 0 S P L U N K I N C .
© 2 0 2 0 S P L U N K I N C .
Fighting the Eternal
Challenge: Dealing with
Alert Fatigue and Getting
Insights into Security
Productivity
Security Breakout

3. © 2 0 2 0 S P L U N K I N C .
© 2 0 2 0 S P L U N K I N C .
Lessons for a Fast
Start in Automation
and Orchestration
Security Breakout

4. During the course of this presentation, we may make forward‐looking statements regarding
future events or plans of the company. We caution you that such statements reflect our
current expectations and estimates based on factors currently known to us and that actual
events or results may differ materially. The forward-looking statements made in the this
presentation are being made as of the time and date of its live presentation. If reviewed after
its live presentation, it may not contain current or accurate information. We do not assume
any obligation to update any forward‐looking statements made herein.
In addition, any information about our roadmap outlines our general product direction and is
subject to change at any time without notice. It is for informational purposes only, and shall
not be incorporated into any contract or other commitment. Splunk undertakes no obligation
either to develop the features or functionalities described or to include any such feature or
functionality in a future release.
Splunk, Splunk>, Data-to-Everything, D2E, and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and
other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved.
Forward-
Looking
Statements
© 2 0 2 0 S P L U N K I N C .

5. © 2 0 2 0 S P L U N K I N C .
What Indicators of compromise should I look for?
What data do I need?
What about cloud services, they work differently?
What about insider threat and compromised
accounts?
How can behavioural techniques / ML help and how
difficult is it?
Key Challenges
Where do I start?

6. © 2 0 2 0 S P L U N K I N C .
Key Takeaways
Where to find and how to use Splunk Content aligned to MITRE?
Multi Cloud Threat Detection is ready to go with Splunk
Machine Learning & Data Science can boost your SOC
1
2
3

7. © 2 0 2 0 S P L U N K I N C .
Customer
Delivery
Other Data Lakes
CLOUDON-PREM HYBRID WITH BROKERS
Platform for Machine DataPlatform
Applications Future Splunk Solutions 3rd Party Plug-ins
Solutions
Mission Control
Cloud-Based Unified Security Operations
+
Security Operations Suite Architecture
SecurityUseCaseContent
Enterprise
Security
User Behavior
Analytics
+ Phantom

8. © 2 0 2 0 S P L U N K I N C .
IngestDetect
Predict Automate
OrchestrateRecommend
Collaborate Investigate
Manage Cases
Report
Content
Machine
Learning

9. © 2 0 2 0 S P L U N K I N C .
Splunk Security
Content
Detection made easier

10. © 2 0 2 0 S P L U N K I N C .
Splunk Security Threat Detection Content
Where to find it
Security
Essentials
ES Content
Update
UBA
Inventory of all content +
guidance and reporting
Bi weekly release
Inc MLTK
ML and Graph
Analysis

11. © 2 0 2 0 S P L U N K I N C .
Splunk Security
Essentials
• Common use cases and examples
to get started
• Data onboarding guides for top
data sources
• Understand use case needed to
improve your security
• Use cases & Playbooks ready for
operationalization in Splunk ES,
UBA & Phantom
https://splunkbase.splunk.com/app/3435/

12. © 2 0 2 0 S P L U N K I N C .
Prescriptive
Content
What to do next?
SSE understands what data
you have, and what content you
already use. It uses that to
recommend what to do next.

13. © 2 0 2 0 S P L U N K I N C .
Includes Maps and
Content from Splunk
Premium Solutions
Splunk ES
Content Update

14. © 2 0 2 0 S P L U N K I N C .
How to Find Content,
By Use Case, Data
Source, Threat Actor,
MITRE ATT&CK
Tactic, and Track
Your Coverage
Demo

15. © 2 0 2 0 S P L U N K I N C .
Analytics Supporting
Multi Cloud

16. © 2 0 2 0 S P L U N K I N C .
You All* Have a Cloud Strategy

17. © 2 0 2 0 S P L U N K I N C .
Centralised SOC view of all cloud security
Platform for Machine Data
Mission Control
Cloud-Based Unified Security Operations
+Enterprise
Security
User Behavior
Analytics
+ Phantom

18. © 2 0 2 0 S P L U N K I N C .
Analytics on
Cloud Data
is Hard?

19. © 2 0 2 0 S P L U N K I N C .
Single Use
Cases across
Multiple Cloud

20. © 2 0 2 0 S P L U N K I N C .
More Multi Cloud Security Usecases
You’re ingesting advanced data sources and running better investigations.

21. © 2 0 2 0 S P L U N K I N C .
Cloud Data
Model –
Coming Soon
Now on GitHub!

22. © 2 0 2 0 S P L U N K I N C .
What About Orchestration and Automation?

23. © 2 0 2 0 S P L U N K I N C .
Advanced Detection
& Machine Learning

24. © 2 0 2 0 S P L U N K I N C .
Advanced Threat Detection Techniques
Using the power of Splunk for Security
Machine
Learning
MLTK
First Time
Behavior
STATS
Security
Analytics
Correlation
Time Series
Spike Analysis
STDEV
Unsupervised
ML & Graph
Analysis OTB
Splunk UBA

25. © 2 0 2 0 S P L U N K I N C .
Advanced Threat Detection Techniques
Target, enrich, and prioritize with ES frameworks
Asset and
Identity
Correlation
Risk-Based
Alerting
Threat
Intelligece

26. © 2 0 2 0 S P L U N K I N C .
Advanced Threat
Detection Techniques
Showcase
Demo

27. © 2 0 2 0 S P L U N K I N C .
SplunkUser
Behavior
Analytics
• Multi-entity behavior profiling
• Comprehensive unsupervised
Machine Learning algorithms OTB
• Multi-dimensional identity
correlation
• Continuous UBA content updates
• Open SDK for Data Scientists

28. © 2 0 2 0 S P L U N K I N C .
How Does Splunk UBA Work?
65+ Anomaly
Classifications
25+ Threat
Classifications
Machine
Learning
Suspicious Data
Movement
Unusual Machine
Access
Flight Risk User
Unusual Network
Activity
Machine Generated
Beacon
Lateral Movement
Suspicious Behavior
Compromised User
Account
Data Exfiltration
Malware Activity
Application logs
Network logs
Endpoint logs
Server logs
Identity logs
Machine
Learning
& Graph
Analysis
7 Use Cases

29. © 2 0 2 0 S P L U N K I N C .
Trinity Reference?

30. © 2 0 2 0 S P L U N K I N C .
Takeaways
Where to find it
Detection Content
Ready for ES
Threat Detection
in Multi Cloud
Out of the Box ML
Capabilities

31. © 2 0 2 0 S P L U N K I N C .
You!
Thank