SlideShare a Scribd company logo

SplunkLive! Paris 2018: Legacy SIEM to Splunk

Download as PPTX, PDF
Splunk
Splunk

Presented at SplunkLive! Paris 2018: Legacy SIEM to Splunk, How to Conquer Migration and Not Die Trying: - Why? - SIEM Replacement - Use Cases - Data Sources & Data Onboarding - Architecture - Third Party Integrations - You Got This -

Technology
1 of 71
Legacy SIEM to Splunk, How to Conquer Migration and Not Die Trying Mathieu Dessus | Presales engineer
During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. ©2018 Splunk Inc. All rights reserved. Forward-Looking Statements
Agenda What Will We Be Talking About Today? You Got This Things you can do today, to get “ready” for a SIEM replacement SIEM Replacement Methodology Splunk PS best practices Use Cases These drive migrations DataSources & Data Onboarding Parsers / connectors / TAs Architecture Measure twice, cut once Third Party Integrations Smart? Great! But do you play well with others? ? Why ? Splunk key advantages compared to your old SIEM
Mathieu Dessus mdessus@splunk.com Ingénieur avant-vente ▶ Implémentation de différentes solutions de sécurité ▶ Jusqu’à la découverte de Splunk ▶ Splunker depuis 5 ans Slogan: Looking for trouble ! Welcome ! Quick introduction
From your legacy SIEM, to a state of the art security solution
Why do you want to upgrade your SIEM ? What the SOC ?
▶ Worthy reasons: • Limited security data type • Inability to effectively ingest data • Slow investigations • Instability and scalability • End-of-life or uncertain roadmap • Closed ecosystem • Limited to on-premises • Limted to Vendor Cloud ▶ Splunk’s a great product. Can it help you to resolve your issues ? Most Common Reasons for Replacement
Security solutions 8 Machinelearning Correlation Analytics Investigation
© 2018 SPLUNK INC. Enterprise Security advantages
Unknown-threats The need to detect anomalies
All kind of data Any format, any volume, any origin… IT and non-IT data
© 2018 SPLUNK INC. ES uses by default acceleration features allowing to analyze hundred of GB of data in a very short period of time High performance
© 2018 SPLUNK INC. Workflow for incident investigation and collaboration with other analysts Investigation framework
© 2018 SPLUNK INC. Allows to focus on high impact attacks and VIP users, avoiding to be distracted by noise Network and identities modelisation
© 2018 SPLUNK INC. Build your own visualization with KPI and metrics using drag & drop Flexible reporting and dashboarding
© 2018 SPLUNK INC. Answer to many compliance needs with the same solution using data already collected Compliance
© 2018 SPLUNK INC. How Did We Get Here? I’m done. I’m replacing this SIEM!
SIEM Migration Methodology Splunk Professional Services (PS) Best Practices – Based on Real World Experience
Adapt your security measures to your threats !
SIEM replacements can be complex, but if the following things are taken into account, you won’t lose your job | shirt over it: ▶ Use cases matter: • Audit & prioritize use cases • Planned response ... do something! ▶ Know your data / datasources • Identify datasources & owners • Audit datasources • Identify enrichment requirements ▶ Current / future state integrations ▶ Research & preparation is key ▶ Assets & identities ▶ Work with Splunk + PS & Partner Things You Should Know About Legacy SIEM Replacement and Splunk Best Practices
Use Cases These Drive Replacements…Use Cases, Use Cases, USE CASES!
▶ Document describing a single detection activity. • What is the condition to detect? • What is the event data required? • What enrichment is required to scope down events? • What enrichment will reduce noise (false positives)? • Point to the response plan • What are your current use cases? • Which ones provide value? • Which ones don’t? What Is a Use Case? Spiral Analysis Planning Evaluation Development Waterfall Prototyping Determine Objectives Test Implement Requirements Design Implementation Verification Maintenance DEVE LOP DEMONSTRATE REFI NE
▶ Document describing a single response activity • For a response what event data is required to triage • What actions should be taken • Escalation communication and do we need to order pizza • Can we reduce the cost of pizza by providing better data for response decisions? What Is a Response Plan?
▶ The first step in embarking on a SIEM replacement initiative is • Identifying and prioritizing high value use cases, response plans and compliance reports: • Splunk PS has a 1-2 week SIEM replacement workshop where we come in and help customers: − Identify and develop high-fidelity use cases slated for migration/development − Datasources and enrichment identified via use case prioritization process − Plan the solution architecture • We typically see a 30-60% reduction in use cases selected for migration generally due to: − Old and/or stale rules − Housekeeping rules no longer needed − Rule consolidation due to advanced Splunk Query Language So no, you don’t have to migrate ALL your old funky rules! Putting the Horse Before the Cart…
Datasources & Data Onboarding Parsers / Connectors / TAs (Technology Add-ons)
▶ Use case analysis determines in-scope datasources ▶ Why you don’t need to migrate your historical data from Legacy SIEM ▶ Data Source Onboarding via: How Do You Migrate Datasources to Splunk? • Universal Forwarder (UF) Deployed alongside existing parsers/connectors • UF deployed on syslog aggregator to read and ship logs into Splunk • Modern HTTP Event Collection • Database Tables (DBX) • Never forget: Splunk Stream! • Fields from raw data • Data Normalization • Splunkbase - splunkbase.com - Easy Button: Custom TAs via “Splunk Add-on Builder” App Splunk Log Forwarding: Syslog Aggregation TAs (Technology Add-ons)Other Common Methods
ES Architecture Measure Twice, Cut Once
▶ Plan for modern data collection, deprecate legacy log collection infrastructure and stop accepting log loss today ▶ Plan for disaster recovery and availability ▶ Plan to remediate logging policies and source configuration Plan the Architecture Now that we know what we want to do, how will we execute it?
© 2018 SPLUNK INC. Components > • Collection layer (connectors / parsers vs. UF's / HF's ) • Parsing layer (Technology Add-ons) • Storage layer (indexers) • Presentation layer (search head + Splunk Enterprise Security) • Security analytics (Splunk Enterprise Security) • Management layer (deployment server, cluster master, license server, deployer) Data source will determine what components are needed—your network determines where they should be Splunk Architecture
Third Party Integrations Smart? Great! But Do You Play Well with Others?
Smart? Great! But Do You Play Well With Others? “At this point in the interview, Johnson, we would like to see how well you play with others.” – Richard Stevens, Penfield, NY
© 2018 SPLUNK INC. Identify current / future state third-party integration points Third Party Integrations We Support Integration With Most Third Party Systems: ▶ Case Management / Ticketing Systems • (ServiceNow, Remedy, etc) ▶ Threat Intelligence Feeds • (STIX, TAXII, Internal, etc) ▶ Database Integration • (Oracle, MySQL, etc) ▶ Microsoft Active Directory ▶ REST API support ▶ Custom Code ▶ Others
© 2018 SPLUNK INC. ES manages lists of threat feed Threat intelligence & IOC
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
You Got This! Things You Can Do Today, to Get Prepared for Your SIEM Replacement
▶ Identify/audit and prioritize use cases for migrations ▶ Identify/audit and prioritize datasources for migration ▶ Identify datasource owners ▶ Research Splunk Technology Add-ons for datasource at splunkbase.com ▶ Assets and identities: identify CMDB sources ▶ Third-party integrations ▶ Develop logging standards Replacement Checklist:
What Do “You” Do Next?
Splunk as Your SIEM
Splunk Security Portfolio for SIEM Enterprise Security600+ Partner Apps User Behavior Analytics Platform for Operational Intelligence Network data Exchange data ES Content Update PCI Compliance Search and Investigate Monitoring & Alerting Dashboards and Reports Incident & Breach Response Splunk Security Apps App for AWS ML Toolkit Google Cloud Microsoft Cloud Discover Anomalous Behavior Detect Unknown Threats Automation & Orchestration Threat Detection Security Operations Threat Intel Email EDR/ETDR DLP
Splunk Enterprise Security Demo
ES : Security Posture
Endpoint : Malware Center
Endpoint : Update Center
Endpoint : Endpoint Changes
Splunk Enterprise Security Investigations Demo
1 2 3
1 2
1 2
2 1
SIEM Replacement Customer Success
© 2018 SPLUNK INC. ▶ An estimated 30 percent lower cost of ownership compared to on-premises alternatives ▶ A dramatic reduction in security investigation and resolution times ▶ Protection against threats, breaches and malware; ensuring regulatory compliance Biopharma Leader Gets Ahead of Security Threats With Analytics-Driven SIEM in the Cloud “ With Splunk the organization now has a security solution that is flexible and scalable to ingest all of its data ubiquitously and that enables the security team to draw conclusions from its data in near real time.”Biopharma
Next Steps
▶ Contact your Account Executive ▶ Contact an Expert ▶ Bi-weekly security demos ▶ Schedule a pre- assessment session with a Sales Engineer Transform Your Security: Next Steps
© 2018 SPLUNK INC. Thank You! https://www.surveymonkey.com/r/SLParis2018
© 2018 SPLUNK INC. October 1-4, 2018 ▶ 8,750+ Splunk Enthusiasts ▶ 300+ Sessions ▶ 100+ Customer Speakers Plus Splunk University: ▶ Three Days: September 29-October 1, 2018 ▶ Get Splunk Certified for FREE! ▶ Get CPE credits for CISSP, CAP, SSCP Walt Disney World Swan and Dolphin Resort in Orlando conf .splunk.com SAVE THE DATE!

Recommended

SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101
Splunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
Splunk
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is Dead
Splunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Splunk
 

Recommended

SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101SplunkLive! Paris 2018: Splunk And AI 101
SplunkLive! Paris 2018: Splunk And AI 101
Splunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
Splunk
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is Dead
Splunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Splunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
Splunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Splunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk
 
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk EnterpriseSplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
Splunk
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
Splunk
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
Splunk
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
Splunk
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk
 
SplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event AnalyticsSplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event Analytics
Splunk
 
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk
 
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
Splunk
 

More Related Content

What's hot

Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
Splunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Splunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk
 
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk EnterpriseSplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
Splunk
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
Splunk
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
Splunk
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
Splunk
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk
 
SplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event AnalyticsSplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event Analytics
Splunk
 

What's hot (20)

Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
 
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk EnterpriseSplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
 
SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and Logs
 
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with SplunkSplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
SplunkLive! Frankfurt 2018 - Monitoring the End User Experience with Splunk
 
Security Automation & Orchestration
Security Automation & OrchestrationSecurity Automation & Orchestration
Security Automation & Orchestration
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning Webinar
 
SplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event AnalyticsSplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event Analytics
 

Similar to SplunkLive! Paris 2018: Legacy SIEM to Splunk

Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk
 
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
Splunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
Splunk
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
Splunk
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
Splunk
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
Splunk
 
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
Precisely
 
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
Splunk
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
Splunk
 
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Precisely
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
PrasadThorat23
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout Session
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
Splunk
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout Session
Splunk
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Georg Knon
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk Enterprises
Splunk
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 

Similar to SplunkLive! Paris 2018: Legacy SIEM to Splunk (20)

Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...
 
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
 
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
Machine Learning & IT Service Intelligence for the Enterprise: The Future is ...
 
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
 
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
Digital Transformation: How to Run Best-in-Class IT Operations in a World of ...
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout Session
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
 
Machine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout SessionMachine Learning and Analytics Breakout Session
Machine Learning and Analytics Breakout Session
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
 
Getting Started with Splunk Enterprises
Getting Started with Splunk EnterprisesGetting Started with Splunk Enterprises
Getting Started with Splunk Enterprises
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Splunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

SplunkLive! Paris 2018: Legacy SIEM to Splunk

  • 1. Legacy SIEM to Splunk, How to Conquer Migration and Not Die Trying Mathieu Dessus | Presales engineer
  • 2. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. ©2018 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 3. Agenda What Will We Be Talking About Today? You Got This Things you can do today, to get “ready” for a SIEM replacement SIEM Replacement Methodology Splunk PS best practices Use Cases These drive migrations DataSources & Data Onboarding Parsers / connectors / TAs Architecture Measure twice, cut once Third Party Integrations Smart? Great! But do you play well with others? ? Why ? Splunk key advantages compared to your old SIEM
  • 4. Mathieu Dessus mdessus@splunk.com Ingénieur avant-vente ▶ Implémentation de différentes solutions de sécurité ▶ Jusqu’à la découverte de Splunk ▶ Splunker depuis 5 ans Slogan: Looking for trouble ! Welcome ! Quick introduction
  • 5. From your legacy SIEM, to a state of the art security solution
  • 6. Why do you want to upgrade your SIEM ? What the SOC ?
  • 7. ▶ Worthy reasons: • Limited security data type • Inability to effectively ingest data • Slow investigations • Instability and scalability • End-of-life or uncertain roadmap • Closed ecosystem • Limited to on-premises • Limted to Vendor Cloud ▶ Splunk’s a great product. Can it help you to resolve your issues ? Most Common Reasons for Replacement
  • 9. © 2018 SPLUNK INC. Enterprise Security advantages
  • 10. Unknown-threats The need to detect anomalies
  • 11. All kind of data Any format, any volume, any origin… IT and non-IT data
  • 12. © 2018 SPLUNK INC. ES uses by default acceleration features allowing to analyze hundred of GB of data in a very short period of time High performance
  • 13. © 2018 SPLUNK INC. Workflow for incident investigation and collaboration with other analysts Investigation framework
  • 14. © 2018 SPLUNK INC. Allows to focus on high impact attacks and VIP users, avoiding to be distracted by noise Network and identities modelisation
  • 15. © 2018 SPLUNK INC. Build your own visualization with KPI and metrics using drag & drop Flexible reporting and dashboarding
  • 16. © 2018 SPLUNK INC. Answer to many compliance needs with the same solution using data already collected Compliance
  • 17. © 2018 SPLUNK INC. How Did We Get Here? I’m done. I’m replacing this SIEM!
  • 18. SIEM Migration Methodology Splunk Professional Services (PS) Best Practices – Based on Real World Experience
  • 19. Adapt your security measures to your threats !
  • 20. SIEM replacements can be complex, but if the following things are taken into account, you won’t lose your job | shirt over it: ▶ Use cases matter: • Audit & prioritize use cases • Planned response ... do something! ▶ Know your data / datasources • Identify datasources & owners • Audit datasources • Identify enrichment requirements ▶ Current / future state integrations ▶ Research & preparation is key ▶ Assets & identities ▶ Work with Splunk + PS & Partner Things You Should Know About Legacy SIEM Replacement and Splunk Best Practices
  • 21. Use Cases These Drive Replacements…Use Cases, Use Cases, USE CASES!
  • 22. ▶ Document describing a single detection activity. • What is the condition to detect? • What is the event data required? • What enrichment is required to scope down events? • What enrichment will reduce noise (false positives)? • Point to the response plan • What are your current use cases? • Which ones provide value? • Which ones don’t? What Is a Use Case? Spiral Analysis Planning Evaluation Development Waterfall Prototyping Determine Objectives Test Implement Requirements Design Implementation Verification Maintenance DEVE LOP DEMONSTRATE REFI NE
  • 23. ▶ Document describing a single response activity • For a response what event data is required to triage • What actions should be taken • Escalation communication and do we need to order pizza • Can we reduce the cost of pizza by providing better data for response decisions? What Is a Response Plan?
  • 24. ▶ The first step in embarking on a SIEM replacement initiative is • Identifying and prioritizing high value use cases, response plans and compliance reports: • Splunk PS has a 1-2 week SIEM replacement workshop where we come in and help customers: − Identify and develop high-fidelity use cases slated for migration/development − Datasources and enrichment identified via use case prioritization process − Plan the solution architecture • We typically see a 30-60% reduction in use cases selected for migration generally due to: − Old and/or stale rules − Housekeeping rules no longer needed − Rule consolidation due to advanced Splunk Query Language So no, you don’t have to migrate ALL your old funky rules! Putting the Horse Before the Cart…
  • 25. Datasources & Data Onboarding Parsers / Connectors / TAs (Technology Add-ons)
  • 26. ▶ Use case analysis determines in-scope datasources ▶ Why you don’t need to migrate your historical data from Legacy SIEM ▶ Data Source Onboarding via: How Do You Migrate Datasources to Splunk? • Universal Forwarder (UF) Deployed alongside existing parsers/connectors • UF deployed on syslog aggregator to read and ship logs into Splunk • Modern HTTP Event Collection • Database Tables (DBX) • Never forget: Splunk Stream! • Fields from raw data • Data Normalization • Splunkbase - splunkbase.com - Easy Button: Custom TAs via “Splunk Add-on Builder” App Splunk Log Forwarding: Syslog Aggregation TAs (Technology Add-ons)Other Common Methods
  • 28. ▶ Plan for modern data collection, deprecate legacy log collection infrastructure and stop accepting log loss today ▶ Plan for disaster recovery and availability ▶ Plan to remediate logging policies and source configuration Plan the Architecture Now that we know what we want to do, how will we execute it?
  • 29. © 2018 SPLUNK INC. Components > • Collection layer (connectors / parsers vs. UF's / HF's ) • Parsing layer (Technology Add-ons) • Storage layer (indexers) • Presentation layer (search head + Splunk Enterprise Security) • Security analytics (Splunk Enterprise Security) • Management layer (deployment server, cluster master, license server, deployer) Data source will determine what components are needed—your network determines where they should be Splunk Architecture
  • 30. Third Party Integrations Smart? Great! But Do You Play Well with Others?
  • 31. Smart? Great! But Do You Play Well With Others? “At this point in the interview, Johnson, we would like to see how well you play with others.” – Richard Stevens, Penfield, NY
  • 32. © 2018 SPLUNK INC. Identify current / future state third-party integration points Third Party Integrations We Support Integration With Most Third Party Systems: ▶ Case Management / Ticketing Systems • (ServiceNow, Remedy, etc) ▶ Threat Intelligence Feeds • (STIX, TAXII, Internal, etc) ▶ Database Integration • (Oracle, MySQL, etc) ▶ Microsoft Active Directory ▶ REST API support ▶ Custom Code ▶ Others
  • 33. © 2018 SPLUNK INC. ES manages lists of threat feed Threat intelligence & IOC
  • 34. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
  • 35. You Got This! Things You Can Do Today, to Get Prepared for Your SIEM Replacement
  • 36. ▶ Identify/audit and prioritize use cases for migrations ▶ Identify/audit and prioritize datasources for migration ▶ Identify datasource owners ▶ Research Splunk Technology Add-ons for datasource at splunkbase.com ▶ Assets and identities: identify CMDB sources ▶ Third-party integrations ▶ Develop logging standards Replacement Checklist:
  • 37. What Do “You” Do Next?
  • 39. Splunk Security Portfolio for SIEM Enterprise Security600+ Partner Apps User Behavior Analytics Platform for Operational Intelligence Network data Exchange data ES Content Update PCI Compliance Search and Investigate Monitoring & Alerting Dashboards and Reports Incident & Breach Response Splunk Security Apps App for AWS ML Toolkit Google Cloud Microsoft Cloud Discover Anomalous Behavior Detect Unknown Threats Automation & Orchestration Threat Detection Security Operations Threat Intel Email EDR/ETDR DLP
  • 41. ES : Security Posture
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 55.
  • 56. 1 2 3
  • 57. 1 2
  • 58.
  • 59. 1 2
  • 60.
  • 61.
  • 62.
  • 63.
  • 64. 2 1
  • 65.
  • 67. © 2018 SPLUNK INC. ▶ An estimated 30 percent lower cost of ownership compared to on-premises alternatives ▶ A dramatic reduction in security investigation and resolution times ▶ Protection against threats, breaches and malware; ensuring regulatory compliance Biopharma Leader Gets Ahead of Security Threats With Analytics-Driven SIEM in the Cloud “ With Splunk the organization now has a security solution that is flexible and scalable to ingest all of its data ubiquitously and that enables the security team to draw conclusions from its data in near real time.”Biopharma
  • 69. ▶ Contact your Account Executive ▶ Contact an Expert ▶ Bi-weekly security demos ▶ Schedule a pre- assessment session with a Sales Engineer Transform Your Security: Next Steps
  • 70. © 2018 SPLUNK INC. Thank You! https://www.surveymonkey.com/r/SLParis2018
  • 71. © 2018 SPLUNK INC. October 1-4, 2018 ▶ 8,750+ Splunk Enthusiasts ▶ 300+ Sessions ▶ 100+ Customer Speakers Plus Splunk University: ▶ Three Days: September 29-October 1, 2018 ▶ Get Splunk Certified for FREE! ▶ Get CPE credits for CISSP, CAP, SSCP Walt Disney World Swan and Dolphin Resort in Orlando conf .splunk.com SAVE THE DATE!