SlideShare a Scribd company logo

Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03

Download as PPTX, PDF
N
NiketNilay

Splunk Enterprise Security Demo by Niket Nilay at Splunk Bengaluru User Group virtual meeting for October 2020.

Technology
1 of 31
https://conf.splunk.com/
© 2020 SPLUNK INC. https://www.youtube.com/watch?v=C8UzEaF2OwQ https://conf.splunk.com/
© 2020 SPLUNK INC. https://www.youtube.com/watch?v=C0DQQhXkvao
Bengaluru User Group 03rd Oct 2020 Splunk> Like an F-18, bro Looking for trouble Take the sh out of IT Because Ninjas are too busy Find your Achilles' heel, before a Trojan does Because you can't always blame Canada Can you SPL? Cloud control Counter errorism I like big Data and I cannot lie I see dead servers I'm ESXi and I know it Finding your faults, just like mom Let my people know Not your mom's MoM More brain, less surgery A petabyte of data is a terrible thing to waste Ready. AMI. Fire. REST for the wicked Weapon of a Security Warrior See the forest *and* the trees See your world. Maybe wish you hadn't. Sensor SenseiPut that in your | and Splunk it. Stop chasing your tail -f search WTF | report FTW | alert WFH Don't be a SOAR loser. End of meh-trics. Turing down for what?!
Housekeeping Join #splunk_bengaluru_usergroup on Slack http://splk.it/slack Use #splunk_bengaluru_usergroup for Q&A during the session Please keep your lines muted when not speaking Slides, recording & feedback form will be posted to the Events page Splunk Bengaluru User Group https://usergroups.splunk.com/bengaluru-splunk-user-group/
© 2019 SPLUNK INC. Niket Nilay Sales Engineer @ Splunk Splunk Enterprise Security Demo 3rd Oct 2020 Splunker since version 6.0 for 7+ years. @Splunk for 7 months. Out of 7 sessions of Bengaluru User Group, this is my 3rd 
During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2 0 1 9 S P L U N K I N C .
© 2020 SPLUNK INC. Today’s Security Operations Workflow A process that doesn’t scale FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION TIER 1 TIER 2 NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SIEM
© 2020 SPLUNK INC. Shifting Focus and Role for SOCs Situational Awareness LEGACY Operation / Monitoring Center Human Authored Human Speed Operations Analysis and Decision-Making REQUIRED Nerve Center / Command Center Human — Machine Learning Machine-Speed Cycle Times
© 2020 SPLUNK INC. TIER 1 TIER 2 FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION SIEM SOAR Security Operations Workflow NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES
© 2020 SPLUNK INC. Act Security Nerve Center Endpoints Threat Intelligence Network Web Proxy Firewall Identity and Access WAF and App Security Cloud Security Mobile SOAR SIEM Analyze Monitor Investigate
© 2 0 1 9 S P L U N K I N C . The only integrated suite with industry-leading SIEM, UEBA and SOAR solutions that utilize a market-proven, scalable big data platform, continually augmented with actionable use case content. Splunk modernizes security operations by acting as their security nerve center, turning data into detections, and insights into actions, across all security use cases, teams, and functions. Splunk drives the Data, Analytics, and Operations layers for the SOC to enable security teams to function at its highest level of performance. AOF Data Sources Content Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom+ Splunk Security Operations Suite Modernize your security operations AOF = Adaptive Operations Framework - our ecosystem of apps and security partner integrations. Content = Pre-packaged security content (searches, detection models, automation playbooks) from the Splunk Research Team. Stay current with latest threat landscape.
© 2020 SPLUNK INC. Combat Threats with Advanced Analytics Powered by Security Information Event Management (SIEM) NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SECURITY ANALYTICS SIEM Correlate and Sequence Events Validate Alerts Prioritize, Review and Investigate Decide Best Path to Resolution Monitor Security Activity
© 2020 SPLUNK INC. Splunk Enterprise Security (ES) Analytics-Driven Security Information Event Management (SIEM) ▪ Know Your Security Posture ▪ Investigate with Speed and Flexibility ▪ Scale to Petabytes of Data
© 2 0 1 9 S P L U N K I N C . Demo
© 2020 SPLUNK INC. *Gartner and Forrester are all trademarks from their respective companies. *Gartner, Magic Quadrant for Security Information and Event Management, Kelly Kavanagh | Toby Bussa, Dec. 4, 2017. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. *The Gartner Peer Insights Customer Choice Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customer Choice Awards are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights and overall ratings for a given vendor in the market, as further described here http://www.gartner.com/reviews-pages/peer-insights-customer-choice-awards/ and are not intended in any way to represent the views of Gartner or its affiliates. By Industry Analysts Named a Leader in Gartner’s Magic Quadrant for Security Information and Event Management Designated a 2018 Customer’s Choice for Security Information and Event Management By End Users
© 2020 SPLUNK INC. Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall + Splunk Adaptive Operations Framework
© 2020 SPLUNK INC. Security Content Updates ▪ Pre-packaged Searches ▪ Algorithms ▪ Dashboards ▪ Playbooks ▪ …and more! Available for: Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom
© 2020 SPLUNK INC. Security Operations in 2020 TIER 1 ANALYST WORK WILL BE AUTOMATED TIME SPENT OPTIMIZING DETECTION & RESPONSE LOGIC
© 2020 SPLUNK INC. Beyond the Security Operations (SOC) Splunk Enterprise for Security ▪ Compliance ▪ Data Privacy ▪ Fraud ▪ Risk
© 2 0 1 9 S P L U N K I N C . Appendix
© 2020 SPLUNK INC. References  Splunk ES Content Update  Splunk Common Information Model (CIM)  Splunk Machine Learning Toolkit  Splunk Security Essentials  Splunk Security Essentials for Ransomware  Splunk Security Essentials for Fraud Detection  Splunk Essentials for ICS Monitoring and Diagnostics Splunkbase Apps
© 2020 SPLUNK INC. Aflac  Blocked over two million security threats  Orchestrated threat intelligence across 20 security technologies sitting within its internal Threat Intelligence System  Automated threat hunting and 90% of its security metrics process in just two months Automating Threat Intelligence System
© 2020 SPLUNK INC. Blackstone  Reduced alert investigation times from 30-45 minutes to less than one minute  Applied a consistent approach to alert management and investigation, eliminating human error  Increased resource efficiency by turning manual, repetitive tasks into automated processes Automating Malware Investigation
© 2020 SPLUNK INC. Key Takeaways Accelerate detection and response Optimize security operations Scale human resources
© 2020 SPLUNK INC. Q&A Raise hand to be unmuted Post questions in WebEx Chat Join Slack for Q&A http://splk.it/slack
© 2020 SPLUNK INC. Contribute, Collaborate and win #splunk_bengaluru_usergroup • Token of appreciation for the Speakers in the Community event NA • Monthly reward for winners of Challenges posted in Slack NA http://splk.it/slack
© 2020 SPLUNK INC. Challenges on Slack #splunk_bengaluru_usergroup Rule for participation* • Must have attended User Group Session and Checked In. • In the Slack thread only mention challenge# attempted (do not answer in Slack chat). • Send personal note on Slack with actual answer or email. • Winner will be based on first one to get max. correct answer. • If you have already won previously in last 12 sessions, preference will be given to second best answer. • Answers to challenges from August Bengaluru User Group session posted on Slack. • Challenges from September session posted on Slack. • India geography only. http://splk.it/slack
© 2020 SPLUNK INC. Community Resources Splunk Community Resources (Both Official and Unofficial) Splunk > Clara-fication: Splunk Community: https://www.splunk.com/en_us/blog/tips- and-tricks/splunk-clara-fication-splunk-community.html
We plan to meet 1st Saturday of every month at 14:00 PM IST. Please provide feedback for : • Sessions and improvements. • Topics to be covered in future sessions. • Let us know if you are interested in presenting in User Group. Keep the comradery through Slack and Splunk Answers> What’s Next http://splk.it/slack http://community.splunk.com https://conf.splunk.com Splunk .Conf 2020 registrations are open: Oct 20th and 21st (Virtual)
Thank You

Recommended

Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group MeetupSplunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
kamlesh2410
 
Splunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
Splunk Dashboard Studio | September Bengaluru Splunk User Group MeetupSplunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
Splunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
kamlesh2410
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
kamlesh2410
 
Splunk bangalore user group 2020 09 01
Splunk bangalore user group 2020 09 01Splunk bangalore user group 2020 09 01
Splunk bangalore user group 2020 09 01
NiketNilay
 
Detection as code splunk user group dec 2020
Detection as code splunk user group dec 2020Detection as code splunk user group dec 2020
Detection as code splunk user group dec 2020
Ulf Thornander
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in Action
Splunk
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01
NiketNilay
 

Recommended

Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group MeetupSplunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
Splunk Post .conf21: Event Wrap-Up | October Bengaluru Splunk User Group Meetup
kamlesh2410
 
Splunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
Splunk Dashboard Studio | September Bengaluru Splunk User Group MeetupSplunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
Splunk Dashboard Studio | September Bengaluru Splunk User Group Meetup
kamlesh2410
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
kamlesh2410
 
Splunk bangalore user group 2020 09 01
Splunk bangalore user group 2020 09 01Splunk bangalore user group 2020 09 01
Splunk bangalore user group 2020 09 01
NiketNilay
 
Detection as code splunk user group dec 2020
Detection as code splunk user group dec 2020Detection as code splunk user group dec 2020
Detection as code splunk user group dec 2020
Ulf Thornander
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in Action
Splunk
 
Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01Splunk bangalore user group 2020-06-01
Splunk bangalore user group 2020-06-01
NiketNilay
 
Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
Shannon Cuthbertson
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best of
Splunk
 
Splunk4Leaders
Splunk4Leaders Splunk4Leaders
Splunk4Leaders
Splunk
 
SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! Overview
Georg Knon
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for Splunk
Mickey Perre
 
Using BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJSUsing BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJS
Stephen Feather
 
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
AppDynamics
 
Service intelligence hands on workshop
Service intelligence hands on workshopService intelligence hands on workshop
Service intelligence hands on workshop
Megan Shippy
 
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour StockholmTop Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
AppDynamics
 
How To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonHow To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour London
AppDynamics
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
Splunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
Splunk
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
Splunk EMEA
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 

More Related Content

What's hot

Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
Shannon Cuthbertson
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best of
Splunk
 
Splunk4Leaders
Splunk4Leaders Splunk4Leaders
Splunk4Leaders
Splunk
 
SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! Overview
Georg Knon
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for Splunk
Mickey Perre
 
Using BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJSUsing BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJS
Stephen Feather
 
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
AppDynamics
 
Service intelligence hands on workshop
Service intelligence hands on workshopService intelligence hands on workshop
Service intelligence hands on workshop
Megan Shippy
 
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour StockholmTop Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
AppDynamics
 
How To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonHow To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour London
AppDynamics
 

What's hot (10)

Getting Started with Splunk Hands-on
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
 
.conf21 - The Best of
.conf21 - The Best of.conf21 - The Best of
.conf21 - The Best of
 
Splunk4Leaders
Splunk4Leaders Splunk4Leaders
Splunk4Leaders
 
SplunkLive! Overview
SplunkLive! OverviewSplunkLive! Overview
SplunkLive! Overview
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for Splunk
 
Using BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJSUsing BLE to Enhance User Engagement - ConnectJS
Using BLE to Enhance User Engagement - ConnectJS
 
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
Is Your Infrastructure Affecting Critical Business Transactions? - AppSphere16
 
Service intelligence hands on workshop
Service intelligence hands on workshopService intelligence hands on workshop
Service intelligence hands on workshop
 
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour StockholmTop Tips For AppD Adoption Success - AppD Global Tour Stockholm
Top Tips For AppD Adoption Success - AppD Global Tour Stockholm
 
How To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour LondonHow To Create An AppD Centre of Excellence at AppD Global Tour London
How To Create An AppD Centre of Excellence at AppD Global Tour London
 

Similar to Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03

SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
Splunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
Splunk
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Erin Sweeney
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
Splunk EMEA
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior Analytics
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML
Splunk
 
Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 

Similar to Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03 (20)

SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015Mission possible splunk+paloaltonetworks_6_2015
Mission possible splunk+paloaltonetworks_6_2015
 
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
Mission Possible: Detect and Prevent CyberAttacks with Splunk and Palo Alto N...
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
 
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
Die Rolle von KI in der digitalen Widerstandsfähigkeit - Splunk Public Sector...
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior Analytics
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary sessionSplunkLive! Paris 2016 - Plenary session
SplunkLive! Paris 2016 - Plenary session
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML
 
Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 

Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03

  • 2. © 2020 SPLUNK INC. https://www.youtube.com/watch?v=C8UzEaF2OwQ https://conf.splunk.com/
  • 3. © 2020 SPLUNK INC. https://www.youtube.com/watch?v=C0DQQhXkvao
  • 4. Bengaluru User Group 03rd Oct 2020 Splunk> Like an F-18, bro Looking for trouble Take the sh out of IT Because Ninjas are too busy Find your Achilles' heel, before a Trojan does Because you can't always blame Canada Can you SPL? Cloud control Counter errorism I like big Data and I cannot lie I see dead servers I'm ESXi and I know it Finding your faults, just like mom Let my people know Not your mom's MoM More brain, less surgery A petabyte of data is a terrible thing to waste Ready. AMI. Fire. REST for the wicked Weapon of a Security Warrior See the forest *and* the trees See your world. Maybe wish you hadn't. Sensor SenseiPut that in your | and Splunk it. Stop chasing your tail -f search WTF | report FTW | alert WFH Don't be a SOAR loser. End of meh-trics. Turing down for what?!
  • 5. Housekeeping Join #splunk_bengaluru_usergroup on Slack http://splk.it/slack Use #splunk_bengaluru_usergroup for Q&A during the session Please keep your lines muted when not speaking Slides, recording & feedback form will be posted to the Events page Splunk Bengaluru User Group https://usergroups.splunk.com/bengaluru-splunk-user-group/
  • 6. © 2019 SPLUNK INC. Niket Nilay Sales Engineer @ Splunk Splunk Enterprise Security Demo 3rd Oct 2020 Splunker since version 6.0 for 7+ years. @Splunk for 7 months. Out of 7 sessions of Bengaluru User Group, this is my 3rd 
  • 7. During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2 0 1 9 S P L U N K I N C .
  • 8. © 2020 SPLUNK INC. Today’s Security Operations Workflow A process that doesn’t scale FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION TIER 1 TIER 2 NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SIEM
  • 9. © 2020 SPLUNK INC. Shifting Focus and Role for SOCs Situational Awareness LEGACY Operation / Monitoring Center Human Authored Human Speed Operations Analysis and Decision-Making REQUIRED Nerve Center / Command Center Human — Machine Learning Machine-Speed Cycle Times
  • 10. © 2020 SPLUNK INC. TIER 1 TIER 2 FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION SIEM SOAR Security Operations Workflow NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES
  • 11. © 2020 SPLUNK INC. Act Security Nerve Center Endpoints Threat Intelligence Network Web Proxy Firewall Identity and Access WAF and App Security Cloud Security Mobile SOAR SIEM Analyze Monitor Investigate
  • 12. © 2 0 1 9 S P L U N K I N C . The only integrated suite with industry-leading SIEM, UEBA and SOAR solutions that utilize a market-proven, scalable big data platform, continually augmented with actionable use case content. Splunk modernizes security operations by acting as their security nerve center, turning data into detections, and insights into actions, across all security use cases, teams, and functions. Splunk drives the Data, Analytics, and Operations layers for the SOC to enable security teams to function at its highest level of performance. AOF Data Sources Content Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom+ Splunk Security Operations Suite Modernize your security operations AOF = Adaptive Operations Framework - our ecosystem of apps and security partner integrations. Content = Pre-packaged security content (searches, detection models, automation playbooks) from the Splunk Research Team. Stay current with latest threat landscape.
  • 13. © 2020 SPLUNK INC. Combat Threats with Advanced Analytics Powered by Security Information Event Management (SIEM) NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SECURITY ANALYTICS SIEM Correlate and Sequence Events Validate Alerts Prioritize, Review and Investigate Decide Best Path to Resolution Monitor Security Activity
  • 14. © 2020 SPLUNK INC. Splunk Enterprise Security (ES) Analytics-Driven Security Information Event Management (SIEM) ▪ Know Your Security Posture ▪ Investigate with Speed and Flexibility ▪ Scale to Petabytes of Data
  • 15. © 2 0 1 9 S P L U N K I N C . Demo
  • 16. © 2020 SPLUNK INC. *Gartner and Forrester are all trademarks from their respective companies. *Gartner, Magic Quadrant for Security Information and Event Management, Kelly Kavanagh | Toby Bussa, Dec. 4, 2017. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. *The Gartner Peer Insights Customer Choice Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customer Choice Awards are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights and overall ratings for a given vendor in the market, as further described here http://www.gartner.com/reviews-pages/peer-insights-customer-choice-awards/ and are not intended in any way to represent the views of Gartner or its affiliates. By Industry Analysts Named a Leader in Gartner’s Magic Quadrant for Security Information and Event Management Designated a 2018 Customer’s Choice for Security Information and Event Management By End Users
  • 17. © 2020 SPLUNK INC. Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall + Splunk Adaptive Operations Framework
  • 18. © 2020 SPLUNK INC. Security Content Updates ▪ Pre-packaged Searches ▪ Algorithms ▪ Dashboards ▪ Playbooks ▪ …and more! Available for: Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom
  • 19. © 2020 SPLUNK INC. Security Operations in 2020 TIER 1 ANALYST WORK WILL BE AUTOMATED TIME SPENT OPTIMIZING DETECTION & RESPONSE LOGIC
  • 20. © 2020 SPLUNK INC. Beyond the Security Operations (SOC) Splunk Enterprise for Security ▪ Compliance ▪ Data Privacy ▪ Fraud ▪ Risk
  • 21. © 2 0 1 9 S P L U N K I N C . Appendix
  • 22. © 2020 SPLUNK INC. References  Splunk ES Content Update  Splunk Common Information Model (CIM)  Splunk Machine Learning Toolkit  Splunk Security Essentials  Splunk Security Essentials for Ransomware  Splunk Security Essentials for Fraud Detection  Splunk Essentials for ICS Monitoring and Diagnostics Splunkbase Apps
  • 23. © 2020 SPLUNK INC. Aflac  Blocked over two million security threats  Orchestrated threat intelligence across 20 security technologies sitting within its internal Threat Intelligence System  Automated threat hunting and 90% of its security metrics process in just two months Automating Threat Intelligence System
  • 24. © 2020 SPLUNK INC. Blackstone  Reduced alert investigation times from 30-45 minutes to less than one minute  Applied a consistent approach to alert management and investigation, eliminating human error  Increased resource efficiency by turning manual, repetitive tasks into automated processes Automating Malware Investigation
  • 25. © 2020 SPLUNK INC. Key Takeaways Accelerate detection and response Optimize security operations Scale human resources
  • 26. © 2020 SPLUNK INC. Q&A Raise hand to be unmuted Post questions in WebEx Chat Join Slack for Q&A http://splk.it/slack
  • 27. © 2020 SPLUNK INC. Contribute, Collaborate and win #splunk_bengaluru_usergroup • Token of appreciation for the Speakers in the Community event NA • Monthly reward for winners of Challenges posted in Slack NA http://splk.it/slack
  • 28. © 2020 SPLUNK INC. Challenges on Slack #splunk_bengaluru_usergroup Rule for participation* • Must have attended User Group Session and Checked In. • In the Slack thread only mention challenge# attempted (do not answer in Slack chat). • Send personal note on Slack with actual answer or email. • Winner will be based on first one to get max. correct answer. • If you have already won previously in last 12 sessions, preference will be given to second best answer. • Answers to challenges from August Bengaluru User Group session posted on Slack. • Challenges from September session posted on Slack. • India geography only. http://splk.it/slack
  • 29. © 2020 SPLUNK INC. Community Resources Splunk Community Resources (Both Official and Unofficial) Splunk > Clara-fication: Splunk Community: https://www.splunk.com/en_us/blog/tips- and-tricks/splunk-clara-fication-splunk-community.html
  • 30. We plan to meet 1st Saturday of every month at 14:00 PM IST. Please provide feedback for : • Sessions and improvements. • Topics to be covered in future sessions. • Let us know if you are interested in presenting in User Group. Keep the comradery through Slack and Splunk Answers> What’s Next http://splk.it/slack http://community.splunk.com https://conf.splunk.com Splunk .Conf 2020 registrations are open: Oct 20th and 21st (Virtual)