This presentation + demo will provide an overview of AI and machine learning offerings across the Splunk portfolio -- including Splunk Cloud and Splunk Enterprise, Splunk Machine Learning Toolkit, Splunk IT Service Intelligence, Splunk Enterprise Security and Splunk UBA -- and give you insight into how AI and ML can be applied across IT ops, security, IoT and business analytics use cases.
El documento presenta una introducción a la ciberinteligencia, describiendo su importancia para los gobiernos y la necesidad de investigar y analizar la actividad en el ciberespacio para conocer amenazas potenciales. Explica que la ciberinteligencia es una disciplina analítica que incluye la recolección y análisis de datos sobre la actividad en el ciberespacio para proveer información útil para la toma de decisiones y estrategias ante amenazas cibernéticas. Luego, describe las categorías y disciplinas de la ciberinteligencia,
El documento describe la fase de explotación de vulnerabilidades mediante Metasploit. Explica que en esta fase el auditor lanza exploits para obtener acceso no autorizado a sistemas remotos y su información. Detalla los tipos de payloads como singles, stagers y staged, y la importancia de elegir el payload correcto. También cubre conceptos como intrusión sin interacción del usuario y provee un ejemplo práctico de intrusión usando la vulnerabilidad MS08-067.
1. The document presents a five point incident response model shown as a swim lane diagram with five stages: prevention, detection, classification, control & eradication, and follow up & recovery.
2. It shows the flow of an incident from end users and detection capabilities to various response teams like the help desk, CSIRT, ITS department, and management.
3. The diagram is meant to coordinate cross-functional response across different departments and silos to improve performance, resiliency, and systems in response to incidents.
This presentation + demo will provide an overview of AI and machine learning offerings across the Splunk portfolio -- including Splunk Cloud and Splunk Enterprise, Splunk Machine Learning Toolkit, Splunk IT Service Intelligence, Splunk Enterprise Security and Splunk UBA -- and give you insight into how AI and ML can be applied across IT ops, security, IoT and business analytics use cases.
El documento presenta una introducción a la ciberinteligencia, describiendo su importancia para los gobiernos y la necesidad de investigar y analizar la actividad en el ciberespacio para conocer amenazas potenciales. Explica que la ciberinteligencia es una disciplina analítica que incluye la recolección y análisis de datos sobre la actividad en el ciberespacio para proveer información útil para la toma de decisiones y estrategias ante amenazas cibernéticas. Luego, describe las categorías y disciplinas de la ciberinteligencia,
El documento describe la fase de explotación de vulnerabilidades mediante Metasploit. Explica que en esta fase el auditor lanza exploits para obtener acceso no autorizado a sistemas remotos y su información. Detalla los tipos de payloads como singles, stagers y staged, y la importancia de elegir el payload correcto. También cubre conceptos como intrusión sin interacción del usuario y provee un ejemplo práctico de intrusión usando la vulnerabilidad MS08-067.
1. The document presents a five point incident response model shown as a swim lane diagram with five stages: prevention, detection, classification, control & eradication, and follow up & recovery.
2. It shows the flow of an incident from end users and detection capabilities to various response teams like the help desk, CSIRT, ITS department, and management.
3. The diagram is meant to coordinate cross-functional response across different departments and silos to improve performance, resiliency, and systems in response to incidents.
This document outlines a presentation on threat hunting with Splunk. The presenter is Ken Westin, a security strategist at Splunk with over 20 years of experience in technology and security. The agenda includes an overview of threat hunting basics and data sources, examining the cyber kill chain through a hands-on attack scenario using Splunk, and advanced threat hunting techniques including machine learning. Log-in credentials are provided for access to hands-on demo environments related to the presentation.
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
Priority Intelligence Requirement Answering and Commercial Question-Answering...Brian Ulicny
The document discusses the requirements for answering Priority Intelligence Requirements (PIRs) and identifies gaps between these requirements and existing question-answering technologies. PIRs must be specific, tied to a decision, and answerable within a set time. They also require attributes like sources, reliability, locations, and the ability to fuse answers over time. However, commercial question-answering systems have limitations in areas like representing sources, assessing reliability, answering over multiple documents, and providing persistent and incremental answers required for PIRs.
Mobile Network Security: a tale of tracking, spoofing and owning mobile phone...Luca Bongiorni
Quick overview of some case studies about: IMSI-Catcher (Stingray phone tracker), tracking phones, GPRS sniffing, GSM-R catching and DoS, POS, gambling machines, etc.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Presentation to Nov 2015 "Chicago Security Intelligence with SIEM" meetup.
Overview of SIEM as part of Continuous Monitoring in the NIST CyberSecurity framework.
The document describes how a dynamic (lock-and-key) access control list works on a router to block client traffic until the client telnets to the router. When a client telnets to the router, a dynamic entry is added to the access list that allows traffic from the client for a set timeout period, after which the traffic will again be blocked unless another telnet session occurs.
The document discusses implementing a zero trust architecture (ZTA) based on the guidance from NIST SP 1800-35. It describes how NIST SP 1800-35 uses enhanced identity governance (EIG) as the first step towards a ZTA. It outlines the physical and information architecture of the ZTA lab described in NIST SP 1800-35, including the use of Okta, Ivanti, and other identity and access management tools. It also summarizes the future directions discussed in NIST SP 1800-35, such as using micro-segmentation and software-defined perimeters to further a ZTA.
This document outlines a presentation on threat hunting with Splunk. The presenter is Ken Westin, a security strategist at Splunk with over 20 years of experience in technology and security. The agenda includes an overview of threat hunting basics and data sources, examining the cyber kill chain through a hands-on attack scenario using Splunk, and advanced threat hunting techniques including machine learning. Log-in credentials are provided for access to hands-on demo environments related to the presentation.
Building an Intelligence-Driven Security Operations CenterEMC
This white paper describes how an intelligence-driven security operations center (SOC) improves threat detection and response by helping organizations use all available security-related information from both internal and external sources to detect hidden threats and even predict new ones.
Priority Intelligence Requirement Answering and Commercial Question-Answering...Brian Ulicny
The document discusses the requirements for answering Priority Intelligence Requirements (PIRs) and identifies gaps between these requirements and existing question-answering technologies. PIRs must be specific, tied to a decision, and answerable within a set time. They also require attributes like sources, reliability, locations, and the ability to fuse answers over time. However, commercial question-answering systems have limitations in areas like representing sources, assessing reliability, answering over multiple documents, and providing persistent and incremental answers required for PIRs.
Mobile Network Security: a tale of tracking, spoofing and owning mobile phone...Luca Bongiorni
Quick overview of some case studies about: IMSI-Catcher (Stingray phone tracker), tracking phones, GPRS sniffing, GSM-R catching and DoS, POS, gambling machines, etc.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Presentation to Nov 2015 "Chicago Security Intelligence with SIEM" meetup.
Overview of SIEM as part of Continuous Monitoring in the NIST CyberSecurity framework.
The document describes how a dynamic (lock-and-key) access control list works on a router to block client traffic until the client telnets to the router. When a client telnets to the router, a dynamic entry is added to the access list that allows traffic from the client for a set timeout period, after which the traffic will again be blocked unless another telnet session occurs.
The document discusses implementing a zero trust architecture (ZTA) based on the guidance from NIST SP 1800-35. It describes how NIST SP 1800-35 uses enhanced identity governance (EIG) as the first step towards a ZTA. It outlines the physical and information architecture of the ZTA lab described in NIST SP 1800-35, including the use of Okta, Ivanti, and other identity and access management tools. It also summarizes the future directions discussed in NIST SP 1800-35, such as using micro-segmentation and software-defined perimeters to further a ZTA.