Splunk Security Update Sprecher: Marcel Tanuatmadja

1. © 2025 SPLUNK INC.
Marcel Tanuatmadja

2. © 2025 SPLUNK INC.
© 2025 SPLUNK LLC

3. © 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect
Mean
Time
To…
Someone
breaks in You notice it

4. © 2025 SPLUNK INC.
© 2025 SPLUNK INC.
Find Content (Sec. Use Cases)
Top-Down works best
1. Do a Risk assessment – understand your organisations Resiliency needs
2. Engage Stakeholders early in the process
3. Identify and prioritize Use Cases
4. Identify and prioritize Data Sources
Top
Down

5. © 2025 SPLUNK INC.
© 2025 SPLUNK INC.
Get Data “in”
Splunk Data Management (DMX)
Filter Normalize
Mask Enrich
Logs to Metrics Aggregate
Public
Cloud
Private
Cloud
On
Premise
Data Lake
Splunk
Cloud
Splunk
Enterprise
Data Management Experience (DMX)
Runs on the Edge and Cloud
End to End Monitoring (incl. Agent Management)
UF,
HEC,
OTel Metrics
Logs
Routing
Traces
Events
Splunk O11y
Cloud
Amazon
S3

6. © 2025 SPLUNK INC.
© 2025 SPLUNK INC.
Come up with a Data Storage and Retention Policy
Not all Data is the same
Age of Data
Forensics, Audit & Compliance
<1 sec <1 min
<10 sec 1 week 1 year
1 month
1 hour 1 day 10 year
Prevention, Detection, Monitoring
Incident Review, Investigations, Threat Hunting
Real and Near-Real Time Archive
Ad Hoc

7. © 2025 SPLUNK INC.
© 2025 SPLUNK INC.
Find Content for your Use Cases
Use Vendors Library, Develop it yourself, use Industry Standards… and test it
https://github.com/splunk/attack_rang
e
https://github.com/splunk/attack_rang
e

8. © 2025 SPLUNK INC.
Prioritize Findings
With Risk-Based-Alerting (RBA)
https://rba.community/

9. © 2025 SPLUNK INC.
● Gain visibility into risks
associated with LLM models, AI
apps and entities.
● Splunk Cisco Security Cloud App
Pulls in alerts from AI Defense
and maps them to the Common
Information Model (CIM),
visualized in a dashboard.
● Includes an out-of-the-box
Enterprise Security detection
that surfaces potential attacks
against the AI models running in
your environment.
Gain visibility into emerging AI Risks

10. © 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do

11. © 2025 SPLUNK INC.
● Take the manual work out of threat analysis
and integrate into SOC workflows seamlessly
● Ensure a baseline standard of investigation
with consistent, comprehensive, and
high-quality threat analysis and Verdict
Automatic analysis of active threats for contextual insights to accelerate investigations & resolution
“Splunk SOAR is able to take the outputs from Splunk Attack
Analyzer and update the case management ticket with the results
to provide the results of the analysis. This gets the information
right where it needs to go – into the analyst’s hands within
minutes.”
– Sr. Director, Global Security Operations, Splunk
Product Web Page -Product Brief - Product Tour

12. © 2025 SPLUNK LLC
© 2025 SPLUNK LLC
You can’t secure, what you can’t see
Incomplete and
Inaccurate Asset Data
52% manage 10,000+ assets1
Lengthy Security
Investigation
69% experienced an attack
targeting unknown, or poorly
managed assets2
Gaps in compliance
$4M average revenue
loss due to compliance
audit failures3
1 Security Hygiene and Posture Management Survey by ESG, Oct 2021, p.12
2 Security Hygiene and Posture Management Survey by ESG, Oct 2021, p.13
3 Whitepaper: The True Cost of Compliance, Ponemon Institute, Dec 2017, p.12
Product Web Page -Product Brief - Technical Tour

13. © 2025 SPLUNK LLC
a
Splunk Add-on
for Talos
Intelligence
All Splunk ES, SOAR, SAA
customers have access
Delivers rich enrichment
for common IOCs
ES
SAA
SOAR

14. © 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do
(C)ontainment
You contain
the attack

15. © 2025 SPLUNK INC.
❖ Improved case management
capabilities
❖ Native Splunk® SOAR integration
❖ Enhanced detection engineering
capabilities
The Market-Leading SIEM
to Power the SOC of the
Future

16. © 2025 SPLUNK LLC
© 2025 SPLUNK LLC
Guided security workflows
where you do your work
❖ Answer analyst questions to guide
daily workflows
❖ Save time while addressing threats
more rapidly
❖ Use natural language queries to get
answers during investigations
UI shown is for illustration; not final product.

17. © 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
(R)espond / Resolution / Remediate
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do
You fully neutralize
the attack
You make sure that
attack can’t happen again!
(C)ontainment
You contain
the attack

18. © 2025 SPLUNK LLC
© 2025 SPLUNK LLC
Flexible Deployment
Models
Logs Events Alerts Telemetry
Investigation
Risk-Based Alerting | Threat
Hunting | Integrated Analytics
Unified Analyst Experience
Workflows | Case Management | Collaboration
GenAI for SecOps
Summarization | Natural Language Search | Reporting
Threat Detection
Static | Dynamic (ML) |
Pre-Built | Custom | Authoring
Response
Enrichment | Automation |
Orchestration | Playbooks
Common Services
Assets & Identities | Threat Intelligence | Risk
Data Management & Federation
Filter | Mask | Route | Access
Unified
TDIR in a
single
platform
Splunk’s unified TDIR platform approach
True Multi
Vendor

19. © 2025 SPLUNK INC.
Splunk Enterprise Security: The Core of the Unified TDIR Experience
Unifying Threat Detection, Investigation and Response
Federation
Search & Analytics
Amazon
Security Lake
Additional
Data Lakes
Amazon S3
Cisco XDR
Real-time attack chain
detection
Cisco SNA
Pervasive Network
Detection & Analytics
Splunk Enterprise Security
SOAR
Threat Intelligence
Management
Mission Control
Analytics / Search /
Investigation
Unified SOC Analyst View
Analyst Queue | Findings | Investigations | Case Management
Network Traffic
& Logs
Telemetry
& Alerts

20. © 2025 SPLUNK LLC
© 2025 SPLUNK LLC