SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Security Posture
•
2 likes•696 views
All data is security relevant – whether you are an IT or security professional, it is important to gain context into all your data to understand your environment, quickly hunt for and investigate potential threats in your environment, and take action to remediate. In this session, you will learn how to: - Leverage your data across silos with analytics-driven security - Operationalise all relevant data to gain greater visibility of your environment to make more informed decisions - Optimise incident response to more clearly understand an attack and the sequential relationship between events to quickly determine the appropriate next steps - Improve investigation and remediation times by automating decisions or by using human-assisted decisions with full context from adaptive response - Utilise Splunk User Behavior Analytics and verify privileged access and detect unusual activity by using UBA anomalies
Recommended
More Related Content
What's hot
What's hot (20)
Similar to SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Security Posture
Similar to SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Security Posture (20)
More from Splunk
More from Splunk (20)
Recently uploaded
Recently uploaded (20)
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Security Posture
- 1. © 2017 SPLUNK INC. Build a Security Portfolio That Strengthens Your Security Posture Monzy Merza | Head of Security Research and Security Field PM 11 MAY 2017 | LONDON
- 2. © 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Safe Harbor Statement
- 3. © 2017 SPLUNK INC. 1. Security Maturity 2. Analytics Driven Security 3. Developing a Security Nerve Center What Can You Expect From This Session?
- 4. © 2017 SPLUNK INC.
- 5. © 2017 SPLUNK INC.
- 6. © 2017 SPLUNK INC. Security Operations Maturity Reactive Proactive Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight
- 7. © 2017 SPLUNK INC. Tools Process People Scale “Alerts” not “Insights” Not Optimized Alert Overload Across Environments Security Operations are Complex
- 8. © 2017 SPLUNK INC. Strengthen Your Security Posture Centralize Analysis Investigative Mindset Operationalize
- 9. © 2017 SPLUNK INC. Solution Architecture DATA SOURCES PLATFORM Monitoring Net Flow Relational Databases IdentityNetwork Endpoint Firewall Threat Intelligence Hadoop Platform for Operational Intelligence Real-Time Monitoring Advanced Threat Detection Anti-FraudInsider Threats Security and Compliance Reporting Incident Investigations and Forensics USE CASES SOLUTIONS Visibility,Analytics,Awareness&Action Vendor Apps Community Apps Use Case Apps Showcase Apps
- 10. © 2017 SPLUNK INC. Centralize Analysis
- 11. © 2017 SPLUNK INC. Solution: Splunk, the Engine for Machine Data Custom dashboards Report and analyze Monitor and alert Developer Platform Ad hoc search References – Coded fields, mappings, aliases Dynamic information – Stored in non-traditional formats Environmental context – Human maintained files, documents System/application – Available only using application request Intelligence/analytics – Indicators, anomaly, research, white/blacklist Real-Time Machine Data On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy Meters Firewall Intrusion Prevention
- 12. © 2017 SPLUNK INC. Splunk Demo https://splunkbase.splunk.com/app/3358/#/details
- 13. © 2017 SPLUNK INC. Investigation : Authentication Failures
- 14. © 2017 SPLUNK INC.
- 15. © 2017 SPLUNK INC.
- 16. © 2017 SPLUNK INC.
- 17. © 2017 SPLUNK INC. Accelerating Problem Identification, Increasing Efficiency ▶ Real-time view of Operational Intelligence ▶ Time and cost savings resulting from reduced manual workload through automated processes ▶ Reduced Mean Time To Investigate and the Mean Time To Resolve incidents, resulting in improved security “Splunk Enterprise enables us to easily capture and investigate logs from a number of different systems, all in one place. This flexibility coupled with reliable performance, even at scale, provides many valuable advantages: increased security and more efficient work processes.” — Staff Member, Forschungszentrum Jülich
- 18. © 2017 SPLUNK INC. Solution Architecture DATA SOURCES PLATFORM Monitoring Net Flow Relational Databases IdentityNetwork Endpoint Firewall Threat Intelligence Hadoop Platform for Operational Intelligence Real-Time Monitoring Advanced Threat Detection Anti-FraudInsider Threats Security and Compliance Reporting Incident Investigations and Forensics USE CASES SOLUTIONS Visibility,Analytics,Awareness&Action Vendor Apps Community Apps Use Case Apps Showcase Apps
- 19. © 2017 SPLUNK INC. Community and Ecosystem DATA SOURCES PLATFORM Monitoring Net Flow Relational Databases IdentityNetwork Endpoint Firewall Threat Intelligence Hadoop Platform for Operational Intelligence Real-Time Monitoring Advanced Threat Detection Anti-FraudInsider Threats Security and Compliance Reporting Incident Investigations and Forensics USE CASES SOLUTIONS Visibility,Analytics,Awareness&Action Vendor Apps Community Apps Use Case Apps Showcase Apps
- 20. © 2017 SPLUNK INC. Security is an Ecosystem Solution Threat IntelligenceNetworkEndpoint Access/Identity Platform for Operational Intelligence
- 21. © 2017 SPLUNK INC. Security is an Ecosystem Solution Threat IntelligenceNetworkEndpoint Access/Identity Platform for Operational Intelligence
- 22. © 2017 SPLUNK INC. Splunk Demo https://splunkbase.splunk.com/app/491/
- 23. © 2017 SPLUNK INC.
- 24. © 2017 SPLUNK INC. 192.168.0.2
- 25. © 2017 SPLUNK INC.
- 26. © 2017 SPLUNK INC. Information driven Security at YOOX.com ▶ From a technology oriented approach to an info-centric approach ▶ From log correlaton to pattern recogniton ▶ From a passive/display platform to a proactive/executive platform ▶ From standard dashboards to real-time dynamic dashboards ▶ From a security event to an context-aware security information “From a security event to an context-aware security information” — Head of Information Security, YOOX Group
- 27. © 2017 SPLUNK INC. Operationalize
- 28. © 2017 SPLUNK INC. SIEM Operations DATA SOURCES PLATFORM Monitoring Net Flow Relational Databases IdentityNetwork Endpoint Firewall Threat Intelligence Hadoop Platform for Operational Intelligence Real-Time Monitoring Advanced Threat Detection Anti-FraudInsider Threats Security and Compliance Reporting Incident Investigations and Forensics USE CASES SOLUTIONS Visibility,Analytics,Awareness&Action Vendor Apps Community Apps Use Case Apps Showcase Apps
- 29. © 2017 SPLUNK INC. Splunk for Enterprise Security ▶ Optimize Your SOC Team and Augment/Replace Your SIEM Risk-Based Analytics Visualize and Discover Relationships Enrich Security Analysis With Threat Intelligence
- 30. © 2017 SPLUNK INC. Splunk Enterprise Security Incident Investigations & ManagementAlerts & Dashboards & Reports Statistical Outliers & Risk Scoring & User Activity Threat Intel & Asset & Identity Integration Pre-built searches, alerts, reports, dashboards, workflow, and threat intelligence 31
- 31. © 2017 SPLUNK INC. 1Risk-based security Security Posture 32
- 32. © 2017 SPLUNK INC. Investigation Timeline 33
- 33. © 2017 SPLUNK INC. Replaced legacy SIEM with Splunk ▶ End to end visibility with Splunk ▶ Real-time response instead of weeks later ▶ Security awareness increased, Splunk as a enabler for collaboration ▶ Data collection from 400 locations, 100.000 Windows Clients, 10.000 Server and many network devices “Security put the ball in play, business is now our driver” — Splunk Ninja, IKEA
- 34. © 2017 SPLUNK INC. Security is an Ecosystem Solution Threat IntelligenceNetworkEndpoint Access/Identity Platform for Operational Intelligence
- 35. © 2017 SPLUNK INC. Splunk is the Security Nerve Center WAF & App Security Orchestration Network Threat Intelligence Internal Network Security Identity and Access Firewall Web Proxy Endpoints
- 36. © 2017 SPLUNK INC. ▶ Centrally automate retrieval, sharing and response action resulting in improved detection, investigation and remediation times ▶ Improve operational efficiency using workflow-based context with automated and human-assisted decisions ▶ Extract new insight by leveraging context, sharing data and taking actions between Enterprise Security and Adaptive Response partners Adaptive Response: Analytics-Driven Decisions, Automation
- 37. © 2017 SPLUNK INC. Splunk Adaptive Response Partners WAF & App Security Orchestration Network Threat Intelligence Internal Network Security Identity and Access Endpoints Firewall Web Proxy
- 38. © 2017 SPLUNK INC. Alert, Analyze, Respond ▶ Efficient and effective response to security incidents ▶ Early detection of attacks ▶ Collection of information on intrusions from the Internet and the data ▶ Adaptive Response “Collaboration and eco-system through open interfaces, easy integration and distributed development costs. The focus is on simplicity, flexibility and dynamism.“ — Head of Security Architecture, Swisscom Switzerland Ltd.
- 39. © 2017 SPLUNK INC. SIEM Operations DATA SOURCES PLATFORM Monitoring Net Flow Relational Databases IdentityNetwork Endpoint Firewall Threat Intelligence Hadoop Platform for Operational Intelligence Real-Time Monitoring Advanced Threat Detection Anti-FraudInsider Threats Security and Compliance Reporting Incident Investigations and Forensics USE CASES SOLUTIONS Visibility,Analytics,Awareness&Action Vendor Apps Community Apps Use Case Apps Showcase Apps
- 40. © 2017 SPLUNK INC. Security Operations DATA SOURCES PLATFORM Monitoring Net Flow Relational Databases IdentityNetwork Endpoint Firewall Threat Intelligence Hadoop Platform for Operational Intelligence Real-Time Monitoring Advanced Threat Detection Anti-FraudInsider Threats Security and Compliance Reporting Incident Investigations and Forensics USE CASES SOLUTIONS Visibility,Analytics,Awareness&Action Vendor Apps Community Apps Use Case Apps Showcase Apps
- 41. © 2017 SPLUNK INC. Splunk User Behavior Analytics ▶ Packaged Advanced & Behavioral Analytics Behavior-Based Threat Detection Kill Chain Detection and Attack Vector Discovery Self-Learning and Tuning
- 42. © 2017 SPLUNK INC. 43
- 43. © 2017 SPLUNK INC. 44
- 44. © 2017 SPLUNK INC. Advanced Threat Detection with Data Science ▶ Improve SOC efficiency ▶ Find unknown threats ▶ Analyze beyond traditional rule based approaches ▶ Detect insider threats “Splunk UBA is unique in its data-science driven approach to automatically finding unknown threats” — Mark Grimse, VP IT Security, Rambus
- 45. © 2017 SPLUNK INC. Solution Architecture DATA SOURCES PLATFORM Monitoring Net Flow Relational Databases IdentityNetwork Endpoint Firewall Threat Intelligence Hadoop Platform for Operational Intelligence Real-Time Monitoring Advanced Threat Detection Anti-FraudInsider Threats Security and Compliance Reporting Incident Investigations and Forensics USE CASES SOLUTIONS Visibility,Analytics,Awareness&Action Vendor Apps Community Apps Use Case Apps Showcase Apps
- 46. © 2017 SPLUNK INC. Rapid 5 Year Ascension in Gartner SIEM MQ Niche Player 2011 2016 Leader
- 47. © 2017 SPLUNK INC. Splunk is a leader in The Forrester Wave: Security Analytics Platforms, Q1 2017 Splunk Positioned as a Leader in Security Analytics Platforms *The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. ™ Splunk receives highest possible scores in 17 criteria *
- 48. © 2017 SPLUNK INC. Tell us what Analytics are best for you! ▶ If you have Enterprise Security deployed in your environment ▶ You want to enhance your security posture with analytics ▶ You are commited to giving us feedback (Good or Bad) ▶ Email ES-SOC@splunk.com to schedule a preview ▶ Receive guidance on how to detect, investigate and respond to threats ▶ No need for writing searches or manually investigating alerts ▶ Developed by Splunk’s Security Research team of former red and blue teamers ▶ Next round of Alphas will start in a couple of weeks
- 49. Learn: How Travis Perkins built a SOC in the Cloud blogs.splunk.com Learn: Three Tips from Cisco’s CSIRT using Splunk isc2.org Try it yourself: Splunk Enterprise Security in our Sandbox with 50+ Data Sources splunk.com Thank you
- 50. Next Step: Discovery Workshop What’s your Security use case? • Develop cost justification for management • Learn how to measure security success • Prioritization • Scope data sources / data volume / costs • Establish organizational processes • Data privacy justification
- 51. © 2017 SPLUNK INC. SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. .conf2017 The 8th Annual Splunk Conference conf.splunk.com You will receive an email after registration opens with a link to save over $450 on the full conference rate. You’ll have 30 days to take advantage of this special promotional rate! SAVE OVER $450
- 52. © 2017 SPLUNK INC. Take the Survey on Pony Poll ponypoll.com/slldn Complete the survey for your chance to win a .conf2017 pass
- 53. © 2017 SPLUNK INC.© 2017 SPLUNK INC. THANK YOU
Editor's Notes
- Core messages: - Analytics-driven security is important and can help my pain. - Splunk helps me to be successful. Splunk has solutions that fit into my maturity.
- Stela starts
- There are a lot of challenges and conditions that factor into the always changing security landscape. In this session we’re going to walk you through some common security challenges you may or may not know you are facing today. We’ll learn how using analytics, while implementing a few best practices, will begin to improve your security operations quickly and how Splunk analytics-driven solutions can help make it all easier for you. Important to keep security top of mind - Important things to consider How you can strengthen your security with a few simple changes Agenda for the day: Talk about some of the challenges we often face in security/cyber Look at ways to improve my security posture, more on that later How can you get there? Splunk provides a framework to help impement security process as you take steps to strengthen posture.
- Security tools only deliver “alerts”, not “insights” – It’s difficult to determine root cause and what the real issue is. The same issues keep surfacing despite config / policy changes. Security processes are not optimized to “improve posture” since they are not designed to provide big picture view of what’s really happening. The Process is complex, based on isolated views / tools There are many skilled people that are stuck performing mundane tasks with alert overload that distracts you from priority issues – Then reinventing wheel over and over again Scale introduces uncertainty as this is constantly evolving across environments whether Prem, cloud, MSSP, global, hybrid. Along with new business reqs, technologies, changes in architecture
- Main talking point: There are common problems and possible solutions Centralized Analysis Control your environment – start with the basics. Do you know what data you have or where it’s been? You first need to have the data and know your environment to know if there are threats and how to best control the environment. Create a stronger security posture with a foundation you’ve created – know your assets and how best to defend/control them. Investigations - All data is security relevant – Forensic investigation - get all data to be able to analyze and find evidence a analytics-driven security approach is the only way to find answers who was affected, who did they come in, what did they touch The last piece is operationalizing – the key is making sure you can fully incorporate this into your processes – there is a full spectrum of “maturity” in security – you may be doing security in your spare time or fully staffed, 24/7 – either way the key is being able to run security in a manner that supports how you think about security
- How customer used the platform for general monitoring and alerting and evolved to using solutions for advanced analytics, situational awareness, taking action, etc.
- Approach should cover Splunk for beginners, with the range of security expertise/postures/ma
- Splunk is the platform for machine data, it digests all machine data and allow users to quickly analyze their data and rapidly obtain insight. The platform was designed around the premise of being able to consume any machine data even if the format changes. A relational database would cannot effectively support constantly changing underlying schemas. Splunk solves this by creating a schema on the fly… Splunk Cloud is only available in the U.S. and Canada.
- See Script
- TITLE Sub_1 Sub_2
- TITLE Sub_1 Sub_2
- TITLE Sub_1 Sub_2
- TITLE Sub_1 Sub_2
- Institutes:[4]Institute for Advanced Simulation (IAS) Institute of Bio- and Geosciences (IBG) Institute of Complex Systems (ICS) Institute of Energy and Climate Research (IEK) Institute of Neuroscience and Medicine (INM) Jülich Centre for Neutron Science (JCNS) Nuclear Physics Institute (IKP) Peter Grünberg Institute (PGI) Industry • Technology Splunk Use Cases • IT operations • Application delivery • Security • Compliance Challenges Security and network teams needed centralized access to log data to accelerate troubleshooting and issue resolution Needed to gain greater control and coordination of access rights to supercomputers and other HPC systems Wanted to correlate and report on security alerts from internal and external sources Splunk Products • Splunk Enterprise • Splunk for Cisco ASA App Data Sources • Firewall logs • DHCP logs • Radius logs • CERT alerts Case Study http://www.splunk.com/en_us/customers/success-stories/julich.html Read/Speak: With more than 5,500 employees, the Forschungszentrum Jülich (Jülich Research Center) is a member of the Helmholtz Association of German Research Centers. Jülich’s large campus IT network supports thousands of researchers and includes the Jülich Supercomputing Center (JSC), which provides scientists in Europe with computing resources of the highest performance class. Jülich needed a centralized log management system to enable faster, more comprehensive data analysis, alerting, reporting and compliance enforcement. Since deploying Splunk Enterprise, Jülich has seen benefits including: Real-time view of Operational Intelligence Reduced time to investigate and resolve issues Strengthened regulatory compliance
- How customer used the platform for general monitoring and alerting and evolved to using solutions for advanced analytics, situational awareness, taking action, etc.
- How customer used the platform for general monitoring and alerting and evolved to using solutions for advanced analytics, situational awareness, taking action, etc.
- Goals : Roadmap > Different maturity Levels Immediate contents for benefit Importance of each Security domains Each domain > Partial scene of full story Benefit > Consolidation of different domain data More context > Accurate & Fast response Critical for validation > different angles Links the activities Structure of demo What will be shown. Contents > Immediate value/benefits Explain each Endpoint, Symantec Endpoint Analysis Application, full visibility > endpoint & activities > Advanced correlations/investigations Access / Authentication : Cisco ISE app Control over network / system access activities. Network : Palo Alto App Show how traffic look like > Posture, investigate. Threat Intel : My own app! Anyone, create apps > Threat Intel Example.
- Goals : Roadmap > Different maturity Levels Immediate contents for benefit Importance of each Security domains Each domain > Partial scene of full story Benefit > Consolidation of different domain data More context > Accurate & Fast response Critical for validation > different angles Links the activities Structure of demo What will be shown. Contents > Immediate value/benefits Explain each Endpoint, Symantec Endpoint Analysis Application, full visibility > endpoint & activities > Advanced correlations/investigations Access / Authentication : Cisco ISE app Control over network / system access activities. Network : Palo Alto App Show how traffic look like > Posture, investigate. Threat Intel : My own app! Anyone, create apps > Threat Intel Example.
- See Script
- URL : https://demo-pan.splunkoxygen.com/en-US/app/SplunkforPaloAltoNetworks/web_usage_report?earliest=-60m&latest=now&form.src_ip=192.168.0.2&form.dest_hostname=&form.user=&form.vsys=
- University of Adelaide - Splunk + Palo Alto Networks Monitoring Internet usage The university had removed its Internet quota model, but this presented the challenge of how to control Internet costs without using a quota-based system. “With a tweak to the Splunk App for Palo Alto Networks, we are able to monitor chargeable Internet usage at a level of visibility never before seen,” says Benwell. “We have the ability to pinpoint, at an application level, where our Internet charges are being incurred.” With such a granular level of visibility, the university can take action to control charging costs before these costs become an issue. As the university’s large and disparate IT network expands, security remains a significant priority. Since deploying Splunk Enterprise, the university has seen benefits including: Hundreds of hours saved in security analyst time annually Improvements in uptime and service continuity Faster threat mitigation https://www.splunk.com/en_us/customers/success-stories/university-of-adelaide.html https://www.paloaltonetworks.com/customers/university-of-adelaide.html The University of Adelaide is one of Australia’s Group of Eight, research-intensive universities and consistently ranked in the top 1% in the world. The University has three campuses, over 3500 staff members and more than 27,000 students. Three campuses 3500 staff members 27,000 students Data Sources UDP input from central syslog server and Universal forwarder on Microsoft Windows and Unix hosts Email (Cisco IronPort, Microsoft Exchange) Windows—Active Directory Citrix XenApp and XenDesktop Radius and proxy servers VPN device logs Palo Alto Perimeter Firewall logs and policy
- Industry • Retail and E-Commerce Splunk Use Cases • Security Challenges Keep the trust Gain the big picture High availability Data process transperancy We need risk value based on content and other events correlated Splunk Products • Splunk Enterprise Data Sources Case Study .CONF Session: http://conf.splunk.com/session/2015/conf2015_GGaias_Yoox_SecurityCompliance_BuildingAnEnterpriseGradeSecurity.pdf
- How customer used the platform for general monitoring and alerting and evolved to using solutions for advanced analytics, situational awareness, taking action, etc.
- All of this rich capability is delivered through Pre-built searches, dashboards, reports and workflows. Your analysts are enable to investigate alerts, maintain a continuous monitoring posture and hunt for unusual activity Manage and investigate incidents by correlating event data and contextual information from any data source Pre-built statistical capabilities identify unusual activity and reduce false positives Automated Threat Intel Integration ensures that new information is rapidly integrated into alerts and investigations Enterprise Security delivers pre-built reports, dashboards, workflows across all security domains. Including wire data, end points, network, access and identity management
- Get a library of security posture widgets to place on any dashboard or easily create your own. See security events by location, host, source type, asset groupings and geography. KPIs provide real-time trending and monitoring of your security posture. The Security Posture dashboard gives you a complete view of what’s going on in your enterprise. The dashboard objects are customizable – You don’t need to know any custom languages or wait for long development times- -- you can add/remove new KSI/KPI on the fly. -- you can change KSI/KPI thresholds on the fly. -- add/remove/organize dashboard widgets with mouse clicks
- Industry • Retail Splunk Use Cases • Security Challenges Splunk Products • Splunk Enterprise Data Sources Case Study Splunk Live Session: http://de.slideshare.net/Splunk/splunklive-stockholm-2015-ikea
- Goals : Roadmap > Different maturity Levels Immediate contents for benefit Importance of each Security domains Each domain > Partial scene of full story Benefit > Consolidation of different domain data More context > Accurate & Fast response Critical for validation > different angles Links the activities Structure of demo What will be shown. Contents > Immediate value/benefits Explain each Endpoint, Symantec Endpoint Analysis Application, full visibility > endpoint & activities > Advanced correlations/investigations Access / Authentication : Cisco ISE app Control over network / system access activities. Network : Palo Alto App Show how traffic look like > Posture, investigate. Threat Intel : My own app! Anyone, create apps > Threat Intel Example.
- -Add another slide that shows stats on ENTIRE ECOYSTEM (from CISO CAB)
- Industry • Telecommunication Splunk Use Cases • Security Challenges Silo landscapes and isolated analysis of security high coordination time High to very high remediation time Very high integration costs Splunk Products • Splunk Enterprise Data Sources Case Study in Progress .CONF Session: http://conf.splunk.com/session/2015/conf2015_CJungo_HSong_SwissCom_SecurityComplinace_CollaborativeSecurityModel.pdf
- How customer used the platform for general monitoring and alerting and evolved to using solutions for advanced analytics, situational awareness, taking action, etc.
- How customer used the platform for general monitoring and alerting and evolved to using solutions for advanced analytics, situational awareness, taking action, etc.
- Industry • Telecommunication Splunk Use Cases • Security Challenges Silo landscapes and isolated analysis of security high coordination time High to very high remediation time Very high integration costs Splunk Products • Splunk Enterprise Data Sources Case Study in Progress .CONF Session: http://conf.splunk.com/session/2015/conf2015_CJungo_HSong_SwissCom_SecurityComplinace_CollaborativeSecurityModel.pdf
- How customer used the platform for general monitoring and alerting and evolved to using solutions for advanced analytics, situational awareness, taking action, etc.
- Travis Perkins Blog: blogs.splunk.com/2016/09/14/trust-and-resilience-at-the-speed-of-business-how-travis-perkins-built-a-lean-soc-with-splunk-in-the-cloud/ ISC2 CSIRT Cisco Webinar: www.isc2.org/emea-focused-webinars/default.aspx?commid=246355 ES Sandbox: www.splunk.com/getsplunk/es_sandbox
- You liked today? We also have our annual users conference in September – that is just a tiny sliver of what you are getting today. Best Part - it’s here in DC so you have no excuse. This really is a time when all Splunk users come together and share best practices and learn how to do more analytics and expand what they can do with their data.
- Don’t forget to complete today’s survey at ponypoll.com/sldc for your chance to win a .conf2017 pass. A winner will be identified tomorrow through a random drawing from completed surveys and will be notified via email.