The document discusses how Splunk can provide analytics-driven security for higher education through ingesting and analyzing machine data. It outlines how advanced threats have evolved to be more coordinated and evasive. A new approach is needed that fuses technology, human intuition, and processes like collaboration to detect attackers through contextual behavioral analysis of all available data. Examples are provided of security questions that can be answered through Splunk analytics.
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.
Splunk Enterpise for Information Security Hands-OnSplunk
Splunk is the ultimate tool for the InfoSec hunter. In this unique session, we’ll dive straight into the Splunk search interface, and interact with wire data harvested from various interesting and hostile environments, as well as some web access logs. We’ll show how you can use Splunk Enterprise with a few free Splunk applications to hunt for attack patterns. We’ll also demonstrate some ways to add context to your data in order to reduce false positives and more quickly respond to information. Bring your laptop – you’ll need a web browser to access our demo systems!
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Splunk
Travis Perkins has a complex hybrid IT infrastructure and is in midst of migrating to the cloud. This session will outline the pitfalls from their initial infrastructure-heavy ‘legacy SOC’ approach with a legacy SIEM and the success they gained when they moved to a cloud-based, data-driven ‘lean SOC’.
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Building a Security Information and Event Management platform at Travis Per...Splunk
Faced with a complex, heterogeneous IT infrastructure and a ‘Cloud First’ instruction from the board, Nick Bleech, Head of Information Security at building supplies giant Travis Perkins, used Splunk Enterprise Security running on Splunk Cloud to deliver enhanced security for 27,000 employees.
Splunk allowed Travis Perkins to provide real-time security monitoring, faster incident resolution and improved data governance while delivering demonstrable business value to the board.
In this webinar, Nick Bleech discusses:
● The business and security drivers of deploying a cloud-based security incident and event management solution
● The overall benefits of the Splunk solution
● The project’s critical success factors
● How stakeholders and the overall project were managed
● The positive impact on the deployment on the IT operations and IT security teams
● The next steps in the development of a lightweight security operations centre
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.
Splunk Enterpise for Information Security Hands-OnSplunk
Splunk is the ultimate tool for the InfoSec hunter. In this unique session, we’ll dive straight into the Splunk search interface, and interact with wire data harvested from various interesting and hostile environments, as well as some web access logs. We’ll show how you can use Splunk Enterprise with a few free Splunk applications to hunt for attack patterns. We’ll also demonstrate some ways to add context to your data in order to reduce false positives and more quickly respond to information. Bring your laptop – you’ll need a web browser to access our demo systems!
Travis Perkins: Building a 'Lean SOC' over 'Legacy SOC'Splunk
Travis Perkins has a complex hybrid IT infrastructure and is in midst of migrating to the cloud. This session will outline the pitfalls from their initial infrastructure-heavy ‘legacy SOC’ approach with a legacy SIEM and the success they gained when they moved to a cloud-based, data-driven ‘lean SOC’.
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Building a Security Information and Event Management platform at Travis Per...Splunk
Faced with a complex, heterogeneous IT infrastructure and a ‘Cloud First’ instruction from the board, Nick Bleech, Head of Information Security at building supplies giant Travis Perkins, used Splunk Enterprise Security running on Splunk Cloud to deliver enhanced security for 27,000 employees.
Splunk allowed Travis Perkins to provide real-time security monitoring, faster incident resolution and improved data governance while delivering demonstrable business value to the board.
In this webinar, Nick Bleech discusses:
● The business and security drivers of deploying a cloud-based security incident and event management solution
● The overall benefits of the Splunk solution
● The project’s critical success factors
● How stakeholders and the overall project were managed
● The positive impact on the deployment on the IT operations and IT security teams
● The next steps in the development of a lightweight security operations centre
Come and learn from our experts on ways to improve you IT Operational Visibility by using Splunk for monitoring environment health. In this hands-on session we will cover recommended approaches for end to end monitoring, across applications, OSes, and devices. Topics will include: critical services to monitor, use of the Splunk Common Information Model (CIM) for cross-dataset normalization, commonly deployed apps and TAs to gather data for IT infrastructure uses, and use of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
If you’re just getting started with Splunk, this session will help you understand how to use Splunk software to turn your silos of data into insights that are actionable. In this session, we’ll dive right into a Splunk environment and show you how to use the simple Splunk search interface to quickly find the needle-in-the-haystack or multiple needles in multiple haystacks. We’ll demonstrate how to perform rapid ad-hoc searches to conduct routine investigations across your entire IT infrastructure in one place, whether physical, virtual or in the cloud. We’ll show you how to then convert these searches into real time alerts and dashboards, so you can proactively monitor for problems before they impact your end user. We’ll demonstrate how you can use Splunk to connect the dots across heterogeneous systems in your environment for cross-tier, cross-silo visibility. You’ll have access to a demo environment. So, don’t forget to bring your laptop and follow along for a hands-on experience.
Attend to learn from our experts about ways to improve you IT Operational Intelligence by using Splunk for troubleshooting, monitoring and service-level visibility. In this hands-on session we will cover recommended approaches for end-to-end troubleshooting and monitoring across applications, OSes, and devices to resolve problems faster, reduce downtime and improve user satisfaction and customer retention. Topics will include: monitoring critical services, using commonly deployed apps and TAs to gather data for IT infrastructure uses, and using of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
To successfully prevent infections from becoming a data breach, security analysts need the ability to continuously collect, analyse, correlate and investigate a diverse set of data.
Join this webinar to hear Matthias Maier, Splunk Security Product Marketing Manager and Filip Wijnholds, Splunk Senior Systems Engineer, discuss the specific data sources and capabilities required to determine the scope of an infection before it turns into a breach.
During this session, you'll learn:
- The capabilities required to distinguish an infection from a breach
- The specific analysis steps to understand the scope of an attack
- The data sources required to gain deep and broad visibility
- What to look for from network and endpoint data sources
We also demonstrate a live incident investigation using this approach, you can view the recording here:
https://splunkevents.webex.com/splunkevents/lsr.php?RCID=cab764b0457c615aa5f02ddfd351fe9f
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
Splunk Software ermöglicht den Interessierten unter uns, das anzusehen, was andere ignorieren - Maschinendaten - und das zu finden, was andere niemals sehen - wertvolle Einblicke, durch die Ihr Team und Unternehmen produktiver, profitabler, wettbewerbsfähiger und sicherer wird.
Sind Sie schon neugierig, welche Informationen in Ihren Maschinendaten stecken?
In diesem Webinar zeigen wir Ihnen, warum über 11 000 Unternehmen, Splunk Software für folgendes nutzen:
- Beseitigung von Applikationsproblemen und Investigation von Security-Vorfällen in Minutenschnelle
- Vermeidung von Service-Problemen oder Ausfällen
- Einhaltung von Compliance Vorschriften zu niedrigeren Kosten
- Neue Einblicke in die Geschäftstätigkeit
Nehmen Sie teil an dieser Operational Intelligence Demo-Session und erfahren Sie mehr darüber, wie Sie und Ihr Team effizienter und produktiver arbeiten können.
SplunkLive! Tampa: Splunk for Security - Hands-On SessionSplunk
Join our Security Expert and learn how to use the Splunk App for Enterprise Security (ES) in a live, hands-on session. We'll take a tour through Splunk's award-winning security offering to understand some of the unique capabilities in the product. Then, we'll use ES to work an incident and disrupt an adversary's Kill Chain by finding the Actions on Intent, Exploitation Methods, and Reconnaissance Tactics used against a simulated organization. Data investigated will include threat list intelligence feeds, endpoint activity logs, e-mail logs, and web access logs. This session is a must for all security experts!
Watch the video: https://content.pivotal.io/webinars/using-data-science-for-cybersecurity
Enterprise networks are under constant threat. While perimeter security can help keep some bad actors out, we know from experience that there is no 100%, foolproof way to prevent unwanted intrusions. In many cases, bad actors come from within the enterprise, meaning perimeter security methods are ineffective.
Enterprises, therefore, must enhance their cybersecurity efforts to include data science-driven methods for identifying anomalous and potentially nefarious user behavior taking place inside their networks and IT infrastructure.
Join Pivotal’s Anirudh Kondaveeti and Jeff Kelly in this live webinar on data science for cybersecurity. You’ll learn how to perform data-science driven anomalous user behavior using a two-stage framework, including using principal components analysis to develop user specific behavioral models. Anirudh and Jeff will also share examples of successful real-world cybersecurity efforts and tips for getting started.
About the Speakers:
Anirudh Kondaveeti is a Principal Data Scientist at Pivotal with a focus on Cybersecurity and spatio-temporal data mining. He has developed statistical models and machine learning algorithms to detect insider and external threats and "needle-in-the-hay-stack" anomalies in machine generated network data for leading industries.
Jeff Kelly is a Principal Product Marketing Manager at Pivotal.
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
Learn how to:
* Detect threats automatically and accurately
* Reduce threat response times from 7 days to 4 hour
* Ingest and process 100+TB per day for automated machine learning and behavior-based detection
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Come and learn from our experts on ways to improve you IT Operational Visibility by using Splunk for monitoring environment health. In this hands-on session we will cover recommended approaches for end to end monitoring, across applications, OSes, and devices. Topics will include: critical services to monitor, use of the Splunk Common Information Model (CIM) for cross-dataset normalization, commonly deployed apps and TAs to gather data for IT infrastructure uses, and use of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
If you’re just getting started with Splunk, this session will help you understand how to use Splunk software to turn your silos of data into insights that are actionable. In this session, we’ll dive right into a Splunk environment and show you how to use the simple Splunk search interface to quickly find the needle-in-the-haystack or multiple needles in multiple haystacks. We’ll demonstrate how to perform rapid ad-hoc searches to conduct routine investigations across your entire IT infrastructure in one place, whether physical, virtual or in the cloud. We’ll show you how to then convert these searches into real time alerts and dashboards, so you can proactively monitor for problems before they impact your end user. We’ll demonstrate how you can use Splunk to connect the dots across heterogeneous systems in your environment for cross-tier, cross-silo visibility. You’ll have access to a demo environment. So, don’t forget to bring your laptop and follow along for a hands-on experience.
Attend to learn from our experts about ways to improve you IT Operational Intelligence by using Splunk for troubleshooting, monitoring and service-level visibility. In this hands-on session we will cover recommended approaches for end-to-end troubleshooting and monitoring across applications, OSes, and devices to resolve problems faster, reduce downtime and improve user satisfaction and customer retention. Topics will include: monitoring critical services, using commonly deployed apps and TAs to gather data for IT infrastructure uses, and using of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
To successfully prevent infections from becoming a data breach, security analysts need the ability to continuously collect, analyse, correlate and investigate a diverse set of data.
Join this webinar to hear Matthias Maier, Splunk Security Product Marketing Manager and Filip Wijnholds, Splunk Senior Systems Engineer, discuss the specific data sources and capabilities required to determine the scope of an infection before it turns into a breach.
During this session, you'll learn:
- The capabilities required to distinguish an infection from a breach
- The specific analysis steps to understand the scope of an attack
- The data sources required to gain deep and broad visibility
- What to look for from network and endpoint data sources
We also demonstrate a live incident investigation using this approach, you can view the recording here:
https://splunkevents.webex.com/splunkevents/lsr.php?RCID=cab764b0457c615aa5f02ddfd351fe9f
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
Splunk Software ermöglicht den Interessierten unter uns, das anzusehen, was andere ignorieren - Maschinendaten - und das zu finden, was andere niemals sehen - wertvolle Einblicke, durch die Ihr Team und Unternehmen produktiver, profitabler, wettbewerbsfähiger und sicherer wird.
Sind Sie schon neugierig, welche Informationen in Ihren Maschinendaten stecken?
In diesem Webinar zeigen wir Ihnen, warum über 11 000 Unternehmen, Splunk Software für folgendes nutzen:
- Beseitigung von Applikationsproblemen und Investigation von Security-Vorfällen in Minutenschnelle
- Vermeidung von Service-Problemen oder Ausfällen
- Einhaltung von Compliance Vorschriften zu niedrigeren Kosten
- Neue Einblicke in die Geschäftstätigkeit
Nehmen Sie teil an dieser Operational Intelligence Demo-Session und erfahren Sie mehr darüber, wie Sie und Ihr Team effizienter und produktiver arbeiten können.
SplunkLive! Tampa: Splunk for Security - Hands-On SessionSplunk
Join our Security Expert and learn how to use the Splunk App for Enterprise Security (ES) in a live, hands-on session. We'll take a tour through Splunk's award-winning security offering to understand some of the unique capabilities in the product. Then, we'll use ES to work an incident and disrupt an adversary's Kill Chain by finding the Actions on Intent, Exploitation Methods, and Reconnaissance Tactics used against a simulated organization. Data investigated will include threat list intelligence feeds, endpoint activity logs, e-mail logs, and web access logs. This session is a must for all security experts!
Watch the video: https://content.pivotal.io/webinars/using-data-science-for-cybersecurity
Enterprise networks are under constant threat. While perimeter security can help keep some bad actors out, we know from experience that there is no 100%, foolproof way to prevent unwanted intrusions. In many cases, bad actors come from within the enterprise, meaning perimeter security methods are ineffective.
Enterprises, therefore, must enhance their cybersecurity efforts to include data science-driven methods for identifying anomalous and potentially nefarious user behavior taking place inside their networks and IT infrastructure.
Join Pivotal’s Anirudh Kondaveeti and Jeff Kelly in this live webinar on data science for cybersecurity. You’ll learn how to perform data-science driven anomalous user behavior using a two-stage framework, including using principal components analysis to develop user specific behavioral models. Anirudh and Jeff will also share examples of successful real-world cybersecurity efforts and tips for getting started.
About the Speakers:
Anirudh Kondaveeti is a Principal Data Scientist at Pivotal with a focus on Cybersecurity and spatio-temporal data mining. He has developed statistical models and machine learning algorithms to detect insider and external threats and "needle-in-the-hay-stack" anomalies in machine generated network data for leading industries.
Jeff Kelly is a Principal Product Marketing Manager at Pivotal.
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
Learn how to:
* Detect threats automatically and accurately
* Reduce threat response times from 7 days to 4 hour
* Ingest and process 100+TB per day for automated machine learning and behavior-based detection
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
A presentation given in April 2019 in London during ICS Cyber Security Conference. I discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.
Asset visibility and network baselining
Continuous network monitoring
Threat intelligence ingestion
Thorough incident response plans
Applied cognitive security complementing the security analyst Priyanka Aash
Security incidents are increasing dramatically and becoming more sophisticated, making it almost impossible for security analysts to keep up. A cognitive solution that can learn about security from structured and unstructured information sources is essential. It can be applied to empower security analysts with insights to qualify incidents and investigate risks quickly and accurately.
(Source : RSA Conference 2017)
Preparing for the Cybersecurity RenaissanceCloudera, Inc.
We are in the midst of a fundamental shift in the way in which organizations protect themselves from the modern adversary.
Traditional rules based cybersecurity applications of the past are not able to protect organizations in the new mobile, social, and hyper-connected world they now operate within. However, the convergence of big data technology, analytic advancements, and a variety of other factors have sparked a cybersecurity renaissance that will forever change the way in which organizations protect themselves.
Join Rocky DeStefano, Cloudera's Cybersecurity subject matter expert, as he explores how modern organizations are protecting themselves from more frequent, sophisticated attacks.
During this webinar you will learn about:
The current challenges cybersecurity professionals are facing today
How big data technologies are extending the capabilities of cybersecurity applications
Cloudera customers that are future proofing their cybersecurity posture with Cloudera’s next generation data and analytics management system
Big Data For Threat Detection & ResponseHarry McLaren
Slides used at the University of Edinburgh SIGINT group (cybersecurity society). Covering what is big data, the value for security use cases, hunting for threats/actions, using Splunk to detect and respond, SIEM use and some useful searches (which were demoed).
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
Splunk products provide a flexible and fast security intelligence platform that makes security personnel and processes more efficient by providing quick and flexible access to all of the data and information needed to detect, investigate and remediate threats. This presentation will discuss best practices for building out or enhancing an analytics based security strategy and how Splunk products can make people, process, and technology work better together. Presented at SplunkLive! Stockholm October 2015 for more information please visit http://live.splunk.com/stockholm
Webinar - Feel Secure with revolutionary OTM SolutionJK Tech
Learn how you can adopt to use the best Security Mechanisms which leverages unmatched combination of behavioral analysis, machine learning & dynamic threat intelligence to deliver comprehensive rich visibility, holistic threat detection & containment of threats in real-time.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
2. • Splunk
for
Security
(20
min)
• EDU
Case
Studies
(20
min)
• Demonstra<on
of
the
Splunk
App
for
Enterprise
Security
(15
min,
<me
permiKng)
• Q
&
A
Agenda
3. 3
Why
Splunk
for
Security?
Machine
Data
contains
a
DEFINITIVE
RECORD
of
all
Human
to
Machine
and
Machine
to
Machine
Interac<on.
Splunk
ingests,
stores,
and
analyzes
all
of
that
data
at
scale.
4. 4
Advanced
Threats
Are
Hard
to
Find
Cyber
Criminals
Na.on
States
Insider
Threats
4
Source:
Mandiant
M-‐Trends
Report
2012/2013/2014
100%
Valid
creden<als
were
used
40
Average
#
of
systems
accessed
229
Median
#
of
days
before
detec<on
67%
Of
vic<ms
were
no<fied
by
external
en<ty
5. 5
A`ackers
&
Threats
have
Changed
&
Matured
5
• Goal-‐oriented
• Human
directed
• Mul<ple
tools,
steps
&
ac<vi<es
• New
evasion
techniques
• Coordinated
• Dynamic,
adjust
to
changes
People
• Outsider
(organized
crime,
compe<tor,
na<on/state)
• Insiders
(contractor,
disgruntled
employee)
Technology
• Malware,
bots,
backdoors,
rootkits,
zero-‐day
• Exploit
kits,
password
dumper,
etc.
Threat
Process
• A`ack
Lifecycle,
mul<-‐stage,
remote
controlled
• Threat
marketplaces
–
buy
and
rent
6. 6
Modern
Security
Programs
Need
More
than
Technology
6
People
• Outsider
(organized
crime,
compe<tor,
na<on/state)
• Insiders
(contractor,
disgruntled
employee)
Technology
• Malware,
bots,
backdoors,
rootkits,
zero-‐day
• Exploit
kits,
password
dumper,
etc.
Threat
Technology
• Firewall,
An<-‐malware,
AV,
IPS,
etc.
• An<-‐spam,
etc.
Solu.on
Process
• A`ack
Lifecycle,
mul<-‐stage,
remote
controlled
• Threat
marketplaces
–
buy
and
rent
Human
Intui.on
and
Observa.on
Coordina.on,
Collabora.on
and
Counter
Measures
7. 7
New
approach
to
security
opera<ons
is
needed
7
• Goal-‐oriented
• Human
directed
• Mul<ple
tools
&
ac<vi<es
• New
evasion
techniques
• Coordinated
• Dynamic
(adjust
to
changes)
Threat
• Analyze
all
data
for
relevance
• Contextual
and
behavioral
• Rapid
learning
and
response
• Leverage
IOC
&
Threat
Intel
• Share
info
&
collaborate
• Fusion
of
technology,
people
&
process
11. • Who
is
working
on
Saturdays?
• Who
is
badging
into
areas
that
they’re
not
supposed
to
be
in?
• Who
accessed
that
server
with
admin
privs
over
the
past
year?
• What
countries
are
genera<ng
the
most
inbound
traffic?
Outbound?
• Which
firewalls
are
passing
ports
that
we’ve
never
seen
before?
• What
endpoints
are
exhibi<ng
beaconing
behavior?
• What
countries
are
we
communica<ng
with
that
we
don’t
do
business
in/have
students
registered
in?
• What
vulns
are
found
on
my
network
and
what’s
been
trying
to
exploit
them?
• Who’s
accessing
our
resources
with
the
same
creden<als
but
from
different
states
or
countries,
at
the
same
<me?
• Who
is
accessing
our
compe<tor
websites
and
what’s
the
risk
associated
with
that?
• Which
servers
are
querying
DNS
far
more
than
they
ever
normally
do
today?
• Which
users
have
downloaded
content
from
known
phishing
URLs?
• Whose
HR
data
has
changed
aper
being
infected
by
malware/visi<ng
a
phishing
link?
What
ques<ons
could
you
ask?
12. 12
From
Alert
Based
to
Analy<cs
Driven
Security
Tradi.onal
Alert-‐based
Approach
Time
&
Event
based
Data
reduc<on
Event
correla<on
Detect
a`acks
Needle
in
a
haystack
Power
Users,
Specialist
12
Addi.onal
Analysis
Approach
..and
phase,
loca<on,
more…
Data
inclusion
Mul<ple/dynamic
rela<onships
Detect
a`ackers
Hay
in
a
haystack
Everyone
-‐
Analy<cs-‐enabled
Team
14. 14
2013-‐08-‐09
16:21:38
10.11.36.29
98483
148
TCP_HIT
200
200
0
622
-‐
-‐
OBSERVED
GET
www.neverbeenseenbefore.com
HTTP/1.1
0
"Mozilla/4.0
(compa<ble;
MSIE
6.0;
Windows
NT
5.1;
SV1;
.NET
CLR
2.0.50727;
InfoPath.1;
MS-‐RTC
LM
8;
.NET
CLR
1.1.4322;
.NET
CLR
3.0.4506.2152;
)
User
John
Doe,"
08/09/2013
16:23:51.0128event_status="(0)The
opera<on
completed
successfully.
"pid=1300
process_image="John
DoeDeviceHarddiskVolume1WindowsSystem32neverseenbefore.exe“
registry_type
="CreateKey"key_path="REGISTRYMACHINESOFTWAREMicrosopWindows
NTCurrentVersion
Printers
PrintProviders
John
Doe-‐PCPrinters{}
NeverSeenbefore"
data_type""
2013-‐08-‐09T12:40:25.475Z,,exch-‐hub-‐den-‐01,,exch-‐mbx-‐cup-‐00,,,STOREDRIVER,DELIVER,
79426,<20130809050115.18154.11234@acme.com>,johndoe@acme.com,,685191,1,,,
hacker@neverseenbefore.com
,
Please
open
this
a`achment
with
payroll
informa<on,,
,
2013-‐08-‐09T22:40:24.975Z
Spear-‐phishing
–
Advanced
Analy<cs
Sources
Time
Range
Endpoint
Logs
Web
Proxy
Email
Server
All
three
occurring
within
a
24-‐hour
period
User
Name
User
Name
Rarely
seen
email
domain
Rarely
visited
web
site
User
Name
Rarely
seen
service
15. 15
Servers
Storage
Desktops
Email
Web
Transac<on
Records
Network
Flows
DHCP/
DNS
Hypervisor
Custom
Apps
Physical
Access
Badges
Threat
Intelligence
Mobile
CMDB
Intrusion
Detec<on
Firewall
Data
Loss
Preven<on
An<-‐
Malware
Vulnerability
Scans
Authen<ca<on
15
All
Machine
Data
is
Security
Relevant
16. 16
Servers
Storage
Desktops
Email
Web
Transac<on
Records
Network
Flows
DHCP/
DNS
Hypervisor
Custom
Apps
Physical
Access
Badges
Threat
Intelligence
Mobile
CMBD
Intrusion
Detec<on
Firewall
Data
Loss
Preven<on
An<-‐
Malware
Vulnerability
Scans
Authen<ca<on
16
All
Machine
Data
is
Security
Relevant
Tradi.onal
SIEM
17. 17
If
we
can
build
a
complete
picture,
we
disrupt
the
Kill
Chain,
we
disrupt
the
adversary
17
18. 18
Report
and
analyze
Custom
dashboards
Monitor
and
alert
Ad
hoc
search
18
Developer
PlaQorm
Machine
Data
Real-‐.me
or
Batch
Online
Services
Web
Services
Servers
Security
GPS
Loca<on
Storage
Desktops
Networks
Packaged
Applica<ons
Custom
Applica<ons
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call
Detail
Records
Smartphones
and
Devices
RFID
Datacenter
Private
Cloud
Public
Cloud
External
Lookups
Kill
Chain
Analysis
Across
Technology/Devices
Threat
Intelligence
Asset
&
CMDB
Employee
Info
Data
Stores
Applica.ons
19. 19
Connec<ng
the
“data-‐dots”
via
mul<ple/dynamic
rela<onships
Persist,
Repeat
Threat
intelligence
Auth
-‐
User
Roles
Host
Ac.vity/Security
Network
Ac.vity/Security
A`acker,
know
relay/C2
sites,
infected
sites,
IOC,
a`ack/campaign
intent
and
a`ribu<on
Where
they
went
to,
who
talked
to
whom,
a`ack
transmi`ed,
abnormal
traffic,
malware
download
What
process
is
running
(malicious,
abnormal,
etc.)
Process
owner,
registry
mods,
a`ack/malware
ar<facts,
patching
level,
a`ack
suscep<bility
Access
level,
privileged
users,
likelihood
of
infec<on,
where
they
might
be
in
kill
chain
Delivery,
exploit
installa.on
Gain
trusted
access
Exfiltra.on
Data
Gathering
Upgrade
(escalate)
Lateral
movement
Persist,
Repeat
19
21. EDU
Case
Studies
ASU
–
phishing
EDU1
–
DMCA
Duke
–
direct
deposit
EDU2
–
bomb
threat
22. 22
Where
did
this
info
come
from?
• ASU,
Duke,
and
[pres<gious
private
university
in
Boston]
have
all
acknowledged
use
of
Splunk
publicly
• Security
has
been
a
driving
factor
for
adop<on
for
all
three
• I
cannot
do
these
jus9ce
–
they
are
mere
highlights.
I
thank
the
Splunkers
from
these
universi9es
profusely
• NONE
OF
THESE
SCHOOLS
OFFICIALLY
ENDORSE
SPLUNK.
They
have
shared
this
informa9on
in
the
spirit
of
collabora9on.
• Visit
below
URL
for
slides
and
recordings:
h`p://conf.splunk.com
22
33. 33
33
• Wordstats
–
Search
for
data
that
has
significant
“shannon
entropy”
–
good
for
finding,
for
example,
DGA
domains
• Phishing
Lookup
–
Compare
URLs
found
in
data
for
known
phishing
sites
• Sen<ment
Analysis
–
Analyze
phrases
found
in
data
(such
as
tweets)
and
determine
if
they
are
posi<ve
or
nega<ve
• SPLICE
–
Consume
IOCs
in
STIX,
CybOX,
OpenIOC
formats
and
compare
your
data
to
filenames,
hashes,
domains,
URLs,
etc
found
within
Other
Li`le-‐Known
Security
Apps
39. 39
39
DMCA
Viola<on
Repor<ng
• DMCA
Viola<ons
regularly
sent
via
email
from
industry
representa<ves
• Use
Splunk
to
figure
out
who
had
that
IP
address
during
the
<mestamp
given
(dashboard
form
searches)
• Use
DB
Connect
or
API
query
of
student/
employee
database
to
match
IP
to
MAC,
and
iden<fy
system
owner
• No<fy
system
owner
of
copyright
viola<on
We
can
automate
much
of
this,
too.
65. 65
A
large
university
in
the
Northeast…
• Student
needed
more
<me
to
prep
for
an
exam,
so
decided
to
e-‐mail
in
a
bomb
threat
to
campus
security.
“I’m
going
to
blow
up
the
science
building…”
• He
did
this
via
Tor
so
as
to
remain
anonymous.
• Campus
security
worked
with
security
team
and
FBI
to
inves<gate,
using
Splunk.
How?
65
66. 66
Search
Ideas
• What
can
provide
us
with
what
students
are
searching?
• Proxy
logs,
Wire
Data
• Needle
in
a
haystack
–
who
has
been
searching
for
“anonymous
email”
over
the
past
week?
• Once
we
have
an
IP
or
a
MAC
or
both,
then
con<nue
inves<ga<on
–
we
will
use
DHCP
logs,
AP
logs,
and
correla<ng
with
several
structured
data
sources.
66
67. 67
Search
Terms
against
Wire
or
Proxy
Data
67
• Where
else
did
they
go?
If
we
see
them
“disappear”
perhaps
h`ps?
Tor?
68. 68
Search
Terms
against
Wire
or
Proxy
Data
68
• Downloaded
Tor.
But
we
have
a
MAC
address
and
an
IP
address…
let’s
use
those
to
dig
further…
69. 69
Search
Terms
against
DHCP
logs
69
• Use
MAC
to
get
a
hostname,
how
about
access
point
logs?
70. 70
Search
Terms
against
AP
logs
70
• Just
search
the
hostname
or
the
MAC
we
found
against
AP
logs.
We
can
link
to
residence
hall…
71. 71
Mapping
it
out
• Where
is
the
residence
hall?
Simple
lookup:
provide
Splunk
with
lat/lon
of
all
access
points…
71
72. 72
Who
is
it?
• All
users
of
campus
network
have
to
register
MAC
addresses,
so…use
Splunk
DB
Connect
(DBX)
to
a`ach
to
data
warehouse…
72
10:DD:B1:B7:EB:A8,jbombalot@myschool.edu,jbrodsky-‐mbp15,jb45478
73. 73
Who
is
it?
• Now
we
have
context
in
our
search
results.
73
• Let’s
correlate
network
ID
with
another
DB
of
student
info.
74. 74
In
sum…
• Proxy
logs
or
wire
data
allowed
us
to
look
for
suspicious
search
terms
and
find
an
IP
address
doing
those
searches.
• DHCP
logs
and
AP
logs
allowed
us
to
find
a
MAC
address
associated
with
those
searches.
• Linking
the
AP
logs
with
geographic
data
allows
us
to
see
where
the
user
was.
• Linking
the
MAC
address
with
registra<on
database
lets
us
find
a
“network
ID”
that
registered
the
device
doing
the
searching.
• Linking
network
ID
with
student
database
allows
us
to
see
informa<on
about
student.
74
79. Leverage
a
rich
Eco
System
79
Security
Intelligence
pla„orm
200+
SECURITY APPS/ADD-ONS
SPLUNK FOR
ENTERPRISE SECURITY
Cisco
WSA,
ESA,
ISE,
SF
Palo
Alto
Networks
FireEye
DShield
DNS
OSSEC
VENDOR COMMUNITY
CUSTOM APPS
Symantec
ADDITIONAL
SPLUNK APPS
…
Threat
Stream
80. Customer
and
Industry
Recogni<on
80
2800
Security
Customers
Leader
in
Gartner
SIEM
MQ
Splunk
Industry
Awards
81. 81
Analy<cs
Driven
Security
–
Empowering
People
and
Data
A
security
intelligence
pla„orm
should
enable
any
Security
Program
to
leverage
Technology,
Human
Exper<se,
and
Business/IT
Processes
in
the
most
effec<ve
way
to
deliver
on
security
81
82. 82
Why
Splunk?
Integrated,
Holis.c
&
Open
• Single
product
&
data
store
• All
original
machine
data
is
indexed
and
searchable
• Open
pla„orm
with
API,
SDKs,
+500
Apps
Flexible
&
Empowering
• Schema
on
read
• Search
delivers
accurate,
faster
inves<ga<ons
and
detec<on
• Powerful
visualiza<ons
and
analy<cs
help
iden<fy
outliers
Simplicity,
Speed
and
Scale
• Fast
deployment
+
ease-‐of-‐
use
=
rapid
<me-‐to-‐value
• Runs
on
commodity
hardware,
virtualized
and/or
in
the
cloud
• Scales
as
your
needs
grow
All
Your
Data
in
One
Place:
Increases
Collabora<on
and
Partnership,
Eliminates
Silos
&
Delivers
Proven
ROI
83. 83
83
Tradi<onal
SIEM
Splunk
Next
Steps
• Info,
data
sheets,
white
papers,
recorded
demos
at:
Ø Splunk.com
>
Solu<ons
>
Security
Ø Splunk.com
>
Solu<ons
>
Compliance
Ø conf.splunk.com
for
full
EDU
presenta<ons
• Try
Splunk
for
free!
Ø Download
Splunk
at
www.splunk.com
Ø Go
to
Splunk.com
>
Community
>
Documenta<on
>
Search
Tutorial
Ø In
30
minutes
will
have
imported
data,
run
searches,
created
reports
Ø Security
Apps
at
h`ps://apps.splunk.com/
• Contact
sales
team
at
Splunk.com
>
About
Us
>
Contact