The ongoing cyber-war has a front line and that is the endpoint. In this session, you'll learn various methods to improve endpoint security with the Splunk Universal Forwarder and with commercial endpoint solutions. You can gain critical, timely, detailed information about what's happening on your desktops, laptops, hosts, and POS systems. You can correlate this data to network, threat intel, and other data sources. You'll learn how filesystem details, processes, services, hashes, ports, registry settings and more can be used to detect attackers. This will help any organization using Splunk to greatly improve their security posture.
SplunkLive Brisbane Splunk for Operational Security IntelligenceGabrielle Knowles
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
5 Ways to Improve your Security Posture with Splunk Enterprise SecuritySplunk
Hundreds of leading security teams use Splunk Enterprise and Splunk Enterprise Security (ES) as a big data SIEM plus much more to better protect against today's cyberthreats.
The solution includes pre-built, powerful content, technologies and capabilities to help security professionals quickly detect, investigate, and defeat external and internal threats.
This webinar introduced five ways Splunk ES can help security teams:
1. Detect external, advanced threats in real-time
2. Identify insider threats faster
3. Use free, external threat intelligence to find known threats
4. Accelerate incident investigations
5. Identify and report on cyberthreats with advanced visualizations and analytics
SplunkLive Brisbane Splunk for Operational Security IntelligenceGabrielle Knowles
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
5 Ways to Improve your Security Posture with Splunk Enterprise SecuritySplunk
Hundreds of leading security teams use Splunk Enterprise and Splunk Enterprise Security (ES) as a big data SIEM plus much more to better protect against today's cyberthreats.
The solution includes pre-built, powerful content, technologies and capabilities to help security professionals quickly detect, investigate, and defeat external and internal threats.
This webinar introduced five ways Splunk ES can help security teams:
1. Detect external, advanced threats in real-time
2. Identify insider threats faster
3. Use free, external threat intelligence to find known threats
4. Accelerate incident investigations
5. Identify and report on cyberthreats with advanced visualizations and analytics
SplunkLive Sydney Machine Learning & AnalyticsSplunk
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
SplunkLive Melbourne Splunk for Operational Security Intelligence Splunk
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
SplunkLive Perth Enterprise Security & User Behavior AnalyticsGabrielle Knowles
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
SplunkLive Sydney Enterprise Security & User Behavior AnalyticsGabrielle Knowles
Leverage the Splunk architecture to provide the best possible performance. Whether deploying on premise, in the cloud or on Splunk Cloud, this session will guide you through scenarios that will assist in getting the best from all these options. The agenda also covers how you can plan your searches and reporting to provide the best results for your end users.
SplunkLive Canberra Enterprise Security & User Behavior AnalyticsGabrielle Knowles
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Accelerate Troubleshooting and Reinvent Monitoring with Interactive Visualiza...Splunk
Time is money, especially when it’s downtime impacting your services. Splunk IT Service Intelligence (ITSI) introduces an enhanced troubleshooting and monitoring experience that enables you to visually investigate issues and prevent outages, faster than ever before.
Thiis demo-rich webinar helps you to understand how you can use Splunk ITSI to:
- Speed up investigations by organizing and correlating relevant metrics and events into “swim lanes”
- Compare performance over time with real-time performance to understand trends and identify systemic issues
- Identify and alert on notable events by creating predefined correlation searches
SplunkLive Melbourne Enterprise Security & User Behavior AnalyticsGabrielle Knowles
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
Crowdstrike And Guest Forrester Share Keys To Mastering The Endpoint
CrowdStrike VP, Product Management Rod Murchison and guest speaker Chris Sherman, Forrester Research analyst, will discuss how modern approaches must balance prevention with detection capabilities in the context of an overall security strategy. Ultimately, this will give security professionals the ability to better deal with the influx of new device types and data access requirements while reducing the likelihood of compromise.
In this CrowdCast, Forrester and CrowdStrike will present:
- Forrester’s Targeted-Attack Hierarchy of Needs
- The six core requirements to a successful endpoint security strategy
- Preparing for and responding to targeted intrusions and attacks
- How CrowdStrike lines up with Forrester’s Hierarchy of Needs framework
Social Engineering the Windows Kernel by James ForshawShakacon
One successful technique in social engineering is pretending to be someone or something you're not and hoping the security guard who's forgotten their reading glasses doesn't look too closely at your fake ID. Of course there's no hyperopic guard in the Windows OS, but we do have an ID card, the Access Token which proves our identity to the system and let us access secured resources.
The Windows kernel provides simple capabilities to identify fake Access Tokens, but sometimes the kernel or other kernel-mode drivers are too busy to use them correctly. If a fake token isn't spotted during a privileged operation local elevation of privilege or information disclosure vulnerabilities can be the result. This could allow an attacker to break out of an application sandbox, elevate to administrator privileges or even compromise the kernel itself.
This presentation is about finding and then exploiting the incorrect handling of tokens in the windows kernel as well as first and third party drivers. Examples of serious vulnerabilities such as CVE-2015-0002 and CVE-2015-0062 will be presented. It will provide clear exploitable patterns so that you can do your own security reviews for these issues. Finally I'll discuss some of the ways of exploiting these types of vulnerabilities to elevate local privileges.
Overview of current integration & examples of future additional alignment to deliver higher value for both ServiceNow and AppDynamics.
With AppDynamics and ServiceNow on your application:
– Automate ticket creation process into ServiceNow – Reduce troubleshooting time
and minimize impact on your application
– Intelligent alerting – Dynamic baselines generate alerts only when performance
deviates from normal behavior. No more alert storming
– Full call stack analysis – Quickly identify the root cause of performance issues
with code-level diagnostics
SplunkLive Sydney Machine Learning & AnalyticsSplunk
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
SplunkLive Melbourne Splunk for Operational Security Intelligence Splunk
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
SplunkLive Perth Enterprise Security & User Behavior AnalyticsGabrielle Knowles
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
SplunkLive Sydney Enterprise Security & User Behavior AnalyticsGabrielle Knowles
Leverage the Splunk architecture to provide the best possible performance. Whether deploying on premise, in the cloud or on Splunk Cloud, this session will guide you through scenarios that will assist in getting the best from all these options. The agenda also covers how you can plan your searches and reporting to provide the best results for your end users.
SplunkLive Canberra Enterprise Security & User Behavior AnalyticsGabrielle Knowles
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Accelerate Troubleshooting and Reinvent Monitoring with Interactive Visualiza...Splunk
Time is money, especially when it’s downtime impacting your services. Splunk IT Service Intelligence (ITSI) introduces an enhanced troubleshooting and monitoring experience that enables you to visually investigate issues and prevent outages, faster than ever before.
Thiis demo-rich webinar helps you to understand how you can use Splunk ITSI to:
- Speed up investigations by organizing and correlating relevant metrics and events into “swim lanes”
- Compare performance over time with real-time performance to understand trends and identify systemic issues
- Identify and alert on notable events by creating predefined correlation searches
SplunkLive Melbourne Enterprise Security & User Behavior AnalyticsGabrielle Knowles
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
Crowdstrike And Guest Forrester Share Keys To Mastering The Endpoint
CrowdStrike VP, Product Management Rod Murchison and guest speaker Chris Sherman, Forrester Research analyst, will discuss how modern approaches must balance prevention with detection capabilities in the context of an overall security strategy. Ultimately, this will give security professionals the ability to better deal with the influx of new device types and data access requirements while reducing the likelihood of compromise.
In this CrowdCast, Forrester and CrowdStrike will present:
- Forrester’s Targeted-Attack Hierarchy of Needs
- The six core requirements to a successful endpoint security strategy
- Preparing for and responding to targeted intrusions and attacks
- How CrowdStrike lines up with Forrester’s Hierarchy of Needs framework
Social Engineering the Windows Kernel by James ForshawShakacon
One successful technique in social engineering is pretending to be someone or something you're not and hoping the security guard who's forgotten their reading glasses doesn't look too closely at your fake ID. Of course there's no hyperopic guard in the Windows OS, but we do have an ID card, the Access Token which proves our identity to the system and let us access secured resources.
The Windows kernel provides simple capabilities to identify fake Access Tokens, but sometimes the kernel or other kernel-mode drivers are too busy to use them correctly. If a fake token isn't spotted during a privileged operation local elevation of privilege or information disclosure vulnerabilities can be the result. This could allow an attacker to break out of an application sandbox, elevate to administrator privileges or even compromise the kernel itself.
This presentation is about finding and then exploiting the incorrect handling of tokens in the windows kernel as well as first and third party drivers. Examples of serious vulnerabilities such as CVE-2015-0002 and CVE-2015-0062 will be presented. It will provide clear exploitable patterns so that you can do your own security reviews for these issues. Finally I'll discuss some of the ways of exploiting these types of vulnerabilities to elevate local privileges.
Overview of current integration & examples of future additional alignment to deliver higher value for both ServiceNow and AppDynamics.
With AppDynamics and ServiceNow on your application:
– Automate ticket creation process into ServiceNow – Reduce troubleshooting time
and minimize impact on your application
– Intelligent alerting – Dynamic baselines generate alerts only when performance
deviates from normal behavior. No more alert storming
– Full call stack analysis – Quickly identify the root cause of performance issues
with code-level diagnostics
ServiceNow is the enterprise IT cloud company. We transform IT by automating and managing IT service relationships across the global enterprise. Organizations deploy our service to create a single system of record for IT and automate manual tasks, standardize processes, and consolidate legacy systems. Using our extensible platform, our customers create custom applications and evolve the IT service model to service domains inside and outside the enterprise.
SplunkLive Brisbane Splunk for Operational Security IntelligenceSplunk
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
Deception-Triggered Security Data Science to Detect Adversary MovementsSatnam Singh
Deception-triggered security data science is a novel paradigm where we marry deception and security data science together to enhance security incident analysis. We deploy deception sensors (consisting of multiple low and high honeypots) that can emulate at various stages, e.g., network, endpoint, application, data, and servers. Whenever an adversary tripped over these sensors, we initiate an alert and correlate with data from other hosts and users to construct an adversary trajectory graph. The graph enhances the capabilities of security analysts to get better insights about adversary movements and hosts that may also be compromised. This talk is a must for security data researchers, security analysts, and security practitioners. We will share some case studies from our deployments along with a live demo of our Splunk App.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Webinar: Splunk Enterprise Security Deep Dive: AnalyticsSplunk
Splunk Enterprise Security (ES) ist ein Analytics-getriebenes SIEM, das Security Operations Teams erfolgreich bei der Gefahrenbekämpfung unterstützt. Aber wussten Sie auch schon, dass es aus einem Framework aufgebaut ist, das ganz individuell genutzt werden kann, um spezifische Sicherheitsanforderungen angehen zu können?
In unserem Webinar zeigen wir Ihnen die technischen Details hinter dem ES-Framework:
- Asset- und Identitäts-Korrelationen
- beachtenswerte Events
- Threat intelligence
- Risikoanalyse
- Investigation und Adaptive Response
Wir werden Alltags-Beispiele besprechen und Ihnen anhand einer Demo die Schlüssel-Frameworks zeigen, die Ihnen dabei helfen werden, Securityprobleme zu lösen.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms, which are exposed via an API and demonstrated in a showcase. In this session, we'll present an overview of the app architecture and API and then show you how to use Splunk to easily perform a wide variety of tasks, including outlier detection, predictive analytics, event clustering, and anomaly detection. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
SplunkLive Melbourne Enterprise Security & User Behaviour Analytics Splunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
SplunkLive Sydney Enterprise Security & User Behaviour AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
SplunkLive Perth Enterprise Security & User Behaviour AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Similar to SplunkLive Brisbane Splunking the Endpoint (19)
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
Opendatabay - Open Data Marketplace.pptxOpendatabay
Opendatabay.com unlocks the power of data for everyone. Open Data Marketplace fosters a collaborative hub for data enthusiasts to explore, share, and contribute to a vast collection of datasets.
First ever open hub for data enthusiasts to collaborate and innovate. A platform to explore, share, and contribute to a vast collection of datasets. Through robust quality control and innovative technologies like blockchain verification, opendatabay ensures the authenticity and reliability of datasets, empowering users to make data-driven decisions with confidence. Leverage cutting-edge AI technologies to enhance the data exploration, analysis, and discovery experience.
From intelligent search and recommendations to automated data productisation and quotation, Opendatabay AI-driven features streamline the data workflow. Finding the data you need shouldn't be a complex. Opendatabay simplifies the data acquisition process with an intuitive interface and robust search tools. Effortlessly explore, discover, and access the data you need, allowing you to focus on extracting valuable insights. Opendatabay breaks new ground with a dedicated, AI-generated, synthetic datasets.
Leverage these privacy-preserving datasets for training and testing AI models without compromising sensitive information. Opendatabay prioritizes transparency by providing detailed metadata, provenance information, and usage guidelines for each dataset, ensuring users have a comprehensive understanding of the data they're working with. By leveraging a powerful combination of distributed ledger technology and rigorous third-party audits Opendatabay ensures the authenticity and reliability of every dataset. Security is at the core of Opendatabay. Marketplace implements stringent security measures, including encryption, access controls, and regular vulnerability assessments, to safeguard your data and protect your privacy.
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
20. 20
Splunk Forwarder for ETD*!
• “Free”
• Lightweight
• Secure
• Runs on many versions of
Windows & *NIX & OSX
• Flexible
• Centrally configurable
• SCALE!
*Endpoint Threat Detection (Response?)
Come on. Is anyone using the
Universal Forwarder in this way?
YES.
27. 27
What could we look for?
• ANY new Windows services
• Registry being written to where it should not
• Users that shouldn’t be used
• Unusual/unapproved processes being launched and their connections/hashes
• Unusual/unapproved ports/connections in use
• Unapproved USB devices being inserted
• New files in places they should not be (WindowsSystem32…)
• Files that look like one thing but are really another
• New drive letters being mapped
• Lack of recent Windows updates
• Versions of software known to be vulnerable
• …and more
INSTANT, GRANULAR DATA ABOUT COMMON BEHAVIOR OF WINDOWS MALWARE!
58. 58
Sysmon with network/image filtering?
• Start/Stop of all processes
• Process names & full command line args
• Parent/child relationships (GUIDs) between processes
• Session IDs
• Hash and user data for all processes
• Filenames that have their create times updated
• Driver/DLL loads with hash data
• Network communication per process (TCP and UDP) including IP address, size, port data
• Ability to map communication back to process GUID and session ID
You still get…
You lose…
You retain far
more function
than you lose.
67. 67
Sysmon Info
• Blog post from November, 2014
• App available on Splunkbase,
works with current (3.1) version
of Sysmon:
• Forwarder 6.2+ needed to get
XML formatted Sysmon data (a
good idea, cuts down on size)
68. 68
Sysmon Filters
• This works for Sysmon
3.1+
• Add what you need
• If you actually want
Image and Network data,
add those stanzas
• Email
brodsky@splunk.com for
links to example files!
Filter out all the
Splunk activity
69. 69
Sysmon Config List
• sysmon –c with no
filename will dump
config
Image and
Network
disabled
70. 70
Sysmon Config Load
• sysmon –c with
filename will load
config
• No restart needed
• Ignore errors
• Run as admin (or script
as admin)