Splunk Webinar: Splunk App for Palo Alto Networks
•
1 like•2,135 views
Splunk App for Palo Alto Networks
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Viewers also liked
Viewers also liked (9)
Similar to Splunk Webinar: Splunk App for Palo Alto Networks
Similar to Splunk Webinar: Splunk App for Palo Alto Networks (20)
More from Georg Knon
More from Georg Knon (20)
Recently uploaded
Recently uploaded (20)
Splunk Webinar: Splunk App for Palo Alto Networks
- 1. Copyright © 2014 Splunk, Inc. Copyright © 2014 Splunk, Inc. Splunk and Palo Alto Networks
- 2. Copyright © 2014 Splunk, Inc. Ihr Webcast Team 2 Matthias Maier Senior Sales Engineer mmaier@splunk.com Thomas Huber Major Account Manager thuber@splunk.com Ronny Greifenhain Systems Engineer rgreifenhain@paloaltonetworks.com Florian Bahorski Major Account Manager fbahorski@paloaltonetworks.com
- 3. 1. Splunk – Overview 2. Palo Alto Networks – Overview 3. Live Demo – Palo Alto Networks & Splunk Copyright © 2014 Splunk, Inc. Agenda 3 • Pan Threat detection • Known/Unknown threats • Splunk integration • Investigation • Visibility • Incident Response 4. Q&A
- 4. Copyright © 2014 Splunk, Inc. Splunk
- 5. Splunk: The Engine For Machine Data Copyright © 2014 Splunk, Inc. GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases Report and analyze Custom dashboards Monitor and alert Ad hoc search Splunk storage Real-time Machine Data Sensors, Telematics, Storage, Servers, Security devices, Desktops, CDRs Developer Platform Other Big Data stores 5
- 6. Splunk is Used Across IT and the Business Copyright © 2014 Splunk, Inc. IT Ops Security Compliance App Mgmt Web Intelligence Business Analytics 6
- 7. Top Five Splunk Security Use Cases Copyright © 2014 Splunk, Inc. More than a SIEM; a Security Intelligence Platform Security & Compliance Reporting Real-time Monitoring of Known Threats Real-time Monitoring of Unknown Threats Incident Investigations & Forensics Splunk Can Complement OR Replace Existing SIEMs Fraud detection 7
- 8. Products: Splunk Enterprise + Apps Splunk App for 120+ security apps Enterprise Security Copyright © 2014 Splunk, Inc. Palo Alto Networks Blue Coat OSSEC Proxy SG Cisco Security Suite Active Directory F5 Security Juniper NetFlow Logic Sourcefire FireEye Snort Asset Discovery 8
- 9. Copyright © 2014 Splunk, Inc. Palo Alto Networks
- 10. ©2013, Palo Alto Networks. Confidential and Proprietary. Copyright © 2014 Splunk, Inc. 10
- 11. Copyright © 2014 Splunk, Inc. Demo
- 12. Why Splunk Customers Need Palo Alto Networks Layered defenses with network security Copyright © 2014 Splunk, Inc. Better APT detection with WildFire™ Rich PAN data enables more SIEM/Splunk value 12
- 13. Why Palo Alto Networks Customers Need Splunk Layered defenses with a SIEM & non- PAN data Better APT detection with Splunk outlier detection Copyright © 2014 Splunk, Inc. 13 Turn PAN IOCs into Splunk searches Richer, longer-term, more flexible reporting …and don’t forget network monitoring, IT operations, app mgmt use cases….
- 14. Copyright © 2014 Splunk, Inc. Next Steps
- 15. Copyright © 2014 Splunk, Inc. Traditional SIEM Contact us www.surveymonkey.com/s/DACH_Webinare 15 Matthias Maier Senior Sales Engineer mmaier@splunk.com Thomas Huber Major Account Manager thuber@splunk.com Ronny Greifenhain Systems Engineer rgreifenhain@paloaltonetworks.com Florian Bahorski Major Account Manager fbahorski@paloaltonetworks.com
- 16. Copyright © 2014 Splunk, Inc. Next Steps with Splunk TraditiSopnlauln SkIEM • Download the Palo Alto app at Splunk.com > Community > Apps • If new user, try Splunk for free! Download Splunk at www.splunk.com Go to Splunk.com > Community > Documentation > Splunk Tutorial In 30 minutes will have imported data, run searches, created reports • More security information at Splunk.com > Solutions > Security • Contact sales team at Splunk.com > About Us > Contact 16
- 17. Next Steps with Palo Alto Networks Copyright © 2014 Splunk, Inc. TraditiSopnlauln SkIEM • To see what the platform can do, schedule an Application Visibility Report Go to: connect.paloaltonetworks.com/AVR • Find more information: Paloaltonetworks.com > Solutions • Contact sales team at: Paloaltonetworks.com > Contact 17
- 18. Copyright © 2014 Splunk, Inc. Thank you!
Editor's Notes
- Splunk can ingest any type of machine data, from any source in real time. These are listed here on the left and are flowing into Splunk for indexing. Once indexed, users can perform the use cases on the top right on the data. They can search through the data, monitor the data and be alerted in real-time if scheduled search parameters are met. The raw data can be aggregated in seconds for custom reports and dashboards. Also Splunk is a platform that developers can build on. It uses a well documented Rest API and several SDKs so developers and external; applications can directly access and act on the data within Splunk. Lastly, besides indexing raw data into its flat file data store, Splunk can also retrieve and index data that resides in other data stores such as a SQL database or Hadoop.
- Splunk enables many use cases. We are drilling into the red box, or security. Key is you put data into Splunk *once* and then use it for many use cases. This enables a strong ROI.
- Make sure to stress we are a Security Intelligence Platform and we can meet their needs these use cases plus more. We are more than a SIEM in that we are much more flexible and also can be used for use cases outside of security. Highlight that many customers already have a SIEM and are generally happy with it. But they do have some pain with current SIEM….maybe it struggles getting in non-security data, maybe it has limited search/reporting capabilities, etc. In these cases, Splunk can happily complement their SIEM. They perhaps use their existing SIEM for alerting, and they then log into Splunk to do the investigation, etc. But key point is that we can easily complement or replace a SIEM.
- 1 solution for Splunk for Security, but 3 offerings. At bottom is Splunk Enterprise, our core product. Every Splunk deployment includes this as this is where the core indexing and searching resides. Many customers build their own searches/reports/dashboards on top of it. On top of it, optional Apps can be installed. Apps are basically a collection of reports, dashboards, and searches purpose-built for a specific use case or product. Can be built by Splunk, customer, partners and all but a few are free on Splunkbase. Apps are great for customers who want out-of-the-box content and do want to have to build it themselves, and want to extend point solutions. One key App is the Splunk-built Enterprise Security app. It is basically an out-of-the-box SIEM with reports, dashboards, correlation rules, and workflow for security use cases. (It does have a cost though) Besides this app there are over 80 security-centric free Apps on Splunkbase. These are offering 3 and includes the Splunk App for PAN which is in the red box.
- A quick summary of who we are. We were founded in 2005; in 2007 we brought to market the first next generation firewall to classify traffic based on application, regardless of the port, protocol, encryption or other evasive tactic. We have been described by Gartner as a disruptive security platform because we took a fresh, from the ground up approach to building a firewall for modern networks. Our key differentiator is the ability to Safely Enable Applications: this means more than allowing or blocking – it means using business-relevant elements such as the application identity, who is using the application, and the type of content or threat as a more meaningful way to control network access and grow your business. This means you can build firewall policies to allow the application but apply function control, or bandwidth shaping, or threat prevention to the application. Able to Address All Network Security Needs: We have a broad range of platforms that all support a rich firewall feature-set that can protect your perimeter, datacenter, distributed enterprise with Exceptional Growth and Global Presence: Refer to the charts on the right for growth. We have over 12,500 customers in over 100 countries with support centers and hardware depots distributed worldwide. Experienced Technology and Management Team: The technology team drives our innovation and our continued efforts at disrupting the network security market – they are our most valued team members. The management team brings a rich history of steering a rapidly growing dynamic company like ours.
- Improved security with layered defenses SIEM does not do any perimeter-level threat blocking Network security is first line of defense; PAN is the leader. Also save $ by replacing many network security point products with one broader solution Complements Splunk for better APT detection Diverse PAN data can be indexed for improved security & compliance More effective SIEM use cases
- Improved security with Big Data SIEM; Splunk is the leader Combine PAN data with other data sources for SIEM use cases Not all threats enter via the network IOCs uncovered by PAN can be turned into Splunk searches Complements Palo Alto Networks for better APT detection Splunk offers longer-term, more granular reporting on PAN data then what Panorama offers Measure operational health of PAN deployment, network monitoring (incl load balancers, switches, routers, etc), overall IT Ops