SlideShare a Scribd company logo

SplunkLive! London 2017 - Building an Analytics Driven Security Operation Centre using Splunk Enterprise Security

ā€¢
ā€¢
Splunk
Splunk

This document discusses building an analytics-driven security operations center (SOC). It begins with an overview of traditional SOCs and their limitations, such as focusing primarily on alerts. It then discusses emerging trends in security operations that are driving the need for an analytics-driven SOC, such as the focus on detection and response. The document proposes seven enablers for building an analytics-driven SOC using Splunk, including selecting the right sourcing strategy, adopting an adaptive security architecture, optimizing threat intelligence management, deploying advanced analytics like machine learning, enabling proactive threat hunting, promoting automation and efficiency, and driving broader enterprise insights.

Technology
1 of 60
Ā© 2017 SPLUNK INC. Building the Analytics-Driven SOC James Hanlon, Security Markets Specialist, EMEA Johan Bjerke, Security Staff Engineer, UK MAY 11, 2017 | LONDON
Ā© 2017 SPLUNK INC. 1. A look at traditional security operations 2. Security operations emerging trends 3. How to use Splunk for an Analytics- Driven SOC Agenda
Ā© 2017 SPLUNK INC. Traditional Security Operations
Ā© 2017 SPLUNK INC. A SOC By Any Other Nameā€¦ ā–¶ Security Analytics Center ā–¶ Cyber Fusion Center ā–¶ Cyber Defense Center ā–¶ Threat Defense Center ā–¶ Detection and Response Teams A centralized unit that deals with security on an organizational & technical level Security Operations Center (SOC) Cyber Defense Center (CDC) A team composed primarily of security analysts organized to detect, analyze, respond to, report on, and prevent cybersecurity incidents
Ā© 2017 SPLUNK INC. ā€œA perception of the SOC as a big alert pipeline is outdated and does not allow the organization to make use of more active processes such as internal Threat Intelligence generation and Threat Hunting.ā€ ā€“ [1] Anton Chuvakin https://www.gartner.com/doc/3479617 Traditional SOC Alert Pipeline?
Ā© 2017 SPLUNK INC. Hybrid OutsourceInsource Types of Traditional SOCsā€¦ 10 Strategies of a World Class Cybersecurity Operations Center, Mitre 2014 Virtual Small Large Tiered National Choices?
Ā© 2017 SPLUNK INC. Should or Can I build a SOC? ā–¶ Objectives & Business Alignment ā–¶ Motivation >> Cost ā–¶ Industry Guidance ā–¶ Data Visibility ā–¶ Staff Acquisition & Retention ā–¶ Sourcing Models ā–¶ Automation & Efficiency ā–¶ Service Catalogue Expansion Challenges of traditional Security Operations Security Operations Objectives & Business Alignment Cost Industry Guidance Data Visibility Staffing Sourcing Models Automation & Efficiency Service Catalogue Expansion
Ā© 2017 SPLUNK INC. Many how-to guidesā€¦but little prescriptive guidance
Ā© 2017 SPLUNK INC. The Critical Challenge: Balancing Security Priorities & Business Alignment Security Operations: only part of the bigger pictureā€¦ Security Architecture Risk and Compliance Security Engineering Security Operations Includes SOC https://www.sans.org/security-resources/posters/leadership/security-leadership- poster-135
Ā© 2017 SPLUNK INC. Emerging Trends in Security Operations
Ā© 2017 SPLUNK INC. To meet the challenges of the new "detection and response" paradigm, an intelligence- driven SOC also needs to move beyond traditional defenses, with an adaptive architecture and context-aware components. To support these required changes in information security programs, the traditional SOC must evolve to become the intelligence- driven SOC (ISOC) with automation and orchestration of SOC processes being a key enabler. Gartner, 2016 The desire for a better SOC is clear.. http://www.gartner.com/newsroom/id/3347717 Splunk EMEA CISO SOC RoundTable ļƒ¼ Know what your SOC needs to achieve! ļƒ¼ Align to business! ļƒ¼ Build business support ļƒ¼ Build a strategic roadmap ļƒ¼ Address people challenges and cost strategies early ļƒ¼ Define data sources for SOC insights ļƒ¼ Select technology wisely Splunk CISOā€™s, 2016
Ā© 2017 SPLUNK INC. Three Interrelated Components of Security Process PeopleTechnology [2017 FOCUS] [2017 FOCUS] [Automation & Analytics is the Driving Force]
Ā© 2017 SPLUNK INC. 1. Threat Monitoring 2. Incident Investigation 3. Incident Response Defining the SOC Service Catalogue ā€œWhat do you need to achieve?ā€ 4. Operational Reporting 5. Business Reporting! Mapping the Service Catalogue Splunk SOC Optimisation Workshop
Ā© 2017 SPLUNK INC. Example Documented Service Catalogue Services Catalogue ā— Announcements & advisories ā— Alerts & warnings ā— Incident response, support & analysis ā— Artefact analysis ā— Cyber threat intelligence ā— IDS & log management ā— Vulnerability assessment
Ā© 2017 SPLUNK INC. ā–¶ Tier-1Triage ā–¶ Off hours ā–¶ Tool Engineering ā–¶ Outside Help With Specialties ā€¢ Reverse Engineering ā€¢ Forensics ā€¢ Advanced IR ā€¢ Red/Purple teaming Hybrid Models (i.e. Int SOC platform + MSS) are becoming more common
Ā© 2017 SPLUNK INC. ā–¶ Big Data Log Platform (BLDP) ā–¶ User Behavior Analytics (UBA) ā–¶ Threat intelligence (TI) (consumption, creation & sharing) ā–¶ Threat Hunting (TH) ā–¶ Threat & Vulnerability Management (TVM) ā–¶ Security Incident Response (SIR) ā–¶ Security Operations Automation (SOA) New Automation & Tooling Opportunities in the SOC Security Operations Big Data Log Platform (BDLP) User Behavior Analytics (UBA) Threat intelligence (TI) Threat Hunting (TH) Threat & Vulnerability Management (TVM) Security Incident Response (SIR) Security Operations Automation (SOA)
Ā© 2017 SPLUNK INC. ā€¦ effort by analysts who purposely set out to identify and counteract adversaries that may already be in the environment. https://www.sans.org/reading-room/whitepapers/analyst/ who-what-where-when-effective-threat-hunting-36785 ā€œThreat Huntingā€
Ā© 2017 SPLUNK INC. ā–¶ Start with a hypothesis that considers: ā€¢ Situational Awareness (often crown jewels focused) ā€¢ Threat Intelligence ā€¢ Domain experience ā€¢ Best Results > all 3! ā–¶ Requires lots of data ā–¶ Flexible platform to ask/answer questions ā–¶ Process Automation ā–¶ Data science / ML / Analytics increasingly used How are SOC Teams Hunting? https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785
Ā© 2017 SPLUNK INC. SOC Persona Responsible for the operations, technology, team and leadership Responsible for the technology, product, upgrades SIEM Admin, Tools Engineer Security Analyst Hunter, Incident Responder SecOps / SOC Manager / Director CISO / Head InfoSec Responsible for investigating alerts, incidents and triage Responsible for SOC process, initiatives, often budget Proactively/reactively hunts for threats. Head or Exec of Info Security, Security Considerations: Hiring & Retention Shift Rotations & Coverage Skills Development Business Engagement
Ā© 2017 SPLUNK INC. Calculating the Staff Requirements & Costs Mapping the Staffing Requirements & Costs Splunk SOC Optimisation Workshop
Ā© 2017 SPLUNK INC. āœ“ Fast data onboarding āœ“ Any data source āœ“ Easy correlation āœ“ Automation / integration āœ“ Performant and scalable āœ“ Full fidelity āœ“ Retention and integrity āœ“ Normalized āœ“ Enables Hunting āœ“ Forensic investigation āœ“ Alerting āœ“ User access controls āœ“ Flexible Visualization āœ“ Advanced Analytics (ML?) Critical Characteristics for Log Data Platforms
Ā© 2017 SPLUNK INC. 1. Assets and Identities 2. Threat intel 3. Firewall 4. Network metadata 5. Authentication 6. Server (Windows / Linux) 7. Endpoint 8. IDS / IPS 9. VPN 10.Application 11.Vulnerability Common SOC Data Sources Mapping the Data source Requirements Splunk Security Data Source Assessment
Ā© 2017 SPLUNK INC. Challenges to building you own custom cyber data lake: ā–¶ Dirty data ā–¶ Debugging custom big data collectors ā–¶ Accessing data ā–¶ Little value beyond collection ā–¶ Little value beyond keyword searching ā–¶ Little threat detection value ā–¶ Ability to find, retain & integrate skills needed Build your own custom cyber security data lake? http://blogs.gartner.com/anton-chuvakin/2017/04/11/why-your-security-data-lake-project-will-fail/
Ā© 2017 SPLUNK INC. Splunk for Analytics-Driven SOC
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
Ā© 2017 SPLUNK INC. Splunk as the Nerve Center Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall
Ā© 2017 SPLUNK INC. Splunk Security Portfolio ā€¢ Risky behavior detection ā€¢ Advanced attacks & insider ā€¢ Entity & kill chain profiling Enterprise Security Response ā€¢ Security analytics (SOC) platform ā€¢ Incident response workflow ā€¢ Adaptive response ā€¢ OOB key security metrics Splunk Enterprise Detection Realm of Known Human-driven Splunk Security Essentials/UBA Detection Realm of Unknown ML-driven ā€¢ Any data log aggregation ā€¢ Rules, statistics, correlation ā€¢ Search, visualize & hunt
Ā© 2017 SPLUNK INC. Splunk Enterprise Security A collection of orchestration frameworks for SOC Operations NOTABLE EVENT THREAT INTELLIGENCE ASSET AND IDENTITY CORRELATION ADAPTIVE RESPONSE RISK ANALYSIS Platform for Operational Intelligence
Ā© 2017 SPLUNK INC. A Recipe for the Security Analytics Driven SOC Event Aggregation Incident Creation Investigation & Response Investigative Platform ā–¶ Flexible Analyst Visualisation ā–¶ Provide automation with security solutions & tooling ā–¶ Security operations orchestration & threat hunting Simple Detection ā–¶ Rules & Statistics ā–¶ Quick development ā–¶ Easy for analysts Advanced Detection ā–¶ Detect unknown ā–¶ New vectors ā–¶ Machine learning Event Management ā–¶ Fast data onboarding ā–¶ Manage High Volume ā–¶ Track Entity Relationships Alert Management Incident Contextualization (Enrichment) Decrease MTTR
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
Ā© 2017 SPLUNK INC. 1. Select an Appropriate SOC Sourcing Strategy 1 2 3 4 On Premise Cloud Only Hybrid Spilt Technology & SOC Provider Model ā–¶ To Prevent, Detect, Respond and Predict
Ā© 2017 SPLUNK INC. Customer ā–¶ UKā€™s largest building and construction supplier ā–¶ 20+ business units in group & 27,0000 employees Challenges ā–¶ Failed previous SIEM project ā–¶ Complex mix of legacy on premise and cloud solutions ā–¶ Difficult ingesting data sources for visibility ā–¶ Limited security personnel Customer Solution: Splunk Enterprise & Splunk Enterprise Security) ā–¶ Fast time from data ingestion to obtaining security insight ā–¶ Splunk Cloud removes pain from managing host infrastructure ā–¶ Intrinsic Splunk ES risk scoring has been pivotal in multiple cyber incidents ā–¶ Architecture design now serving non security use cases (IT Event Monitoring) RETAIL Building a Lean ā€˜Cloudā€™ SOC Splunk Security: Fast Time to Value
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
Ā© 2017 SPLUNK INC. ā–¶ Correlation across all security relevant data ā–¶ Insights from existing security architectures ā–¶ Advanced analytics techniques such as machine learning 2. Adopt an Adaptive Security Architecture To Prevent, Detect, Respond and Predict 1,000+ Apps and Add-ons Splunk Security Solutions
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
Ā© 2017 SPLUNK INC. ā–¶ Automatically collect, aggregate and de-duplicate threat feeds from a broad set of sources ā–¶ Support for STIX/TAXII, OpenIOC, Facebook ā–¶ Build your own data to create your own Threat Intel ā–¶ Out of the box Activity and Artifact dashboards 3. Threat Intelligence ā€“ ES Threat Intel Framework ā–¶ Determine impact on network, assets ā–¶ Use for analysis / IR ā–¶ Collect / provide forensics ā–¶ Use to hunt / uncover / link events ā–¶ Share info with partners Law Enforcement Feeds ISAC Feeds Agency Feed Commercial Service Community Feed Open-Source Feed Other Enrichment Services
Ā© 2017 SPLUNK INC. Customer ā–¶ EU Intuitions own Computer Emergency Response Team (CERT) ā–¶ Supports 60 organizations across Europe supporting 100,000 end users Challenges ā–¶ Ingestion from many sources ā–¶ Constituents: very high value targets ā–¶ Complex decentralized, heterogeneous environment ā–¶ Need to correlate everything with everything: file-less lateral movements, bypassing protection layers, phishing attacks Customer Solution: Splunk Enterprise ā–¶ Provides common language and conventions to control all data (CIM) ā–¶ Drives time saving & reduces human error while increased visibility ā–¶ Enables any data & intelligence correlation. Easily integrates with custom security tooling via open APIā€™s ā–¶ Two tier architecture with end users in control of their data GOVERNMENT Enabling EU Cyber Response Splunk Security: Trusted vhttps://de.slideshare.net/Splunk/splunk-live-utrecht-2016-cert-eu
Ā© 2017 SPLUNK INC. Demo: Proactively Managing Threat Intelligence [Splunk Enterprise Security Threat Intelligence Management]
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
ā€¢ Accelerate anomaly and unknown threat detection ā€“ minimize attacks & insider threat ā€¢ Use Splunk Security Essentials App ā€“ FOC App with 55+ UBA use cases ā€¢ Premium Machine learning solution ā€“ Splunk User Behavior Analytics ā€“ Flexible workflows for SOC Manager, SOC analyst and Hunter/Investigator within SIEM 4. Deploy Advanced Analytics ā€“ Native ML and UBA To Prevent, Detect, Respond and Predict: Security Essentials App UBA Premium Solution Premium Solution Integration
Ā© 2017 SPLUNK INC. Demo: Deploying Advanced Analytics [Join us at the next security session to see the live demo!]
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
Ā© 2017 SPLUNK INC. 5. Proactive Investigation & Threat Hunting Enrichment Automation Search & Visualization Hypotheses Automated Analytics Data Science and Machine Learning Data and Intelligence Enrichment Data Search Visualisation Threat Hunting Enablement Integrated & out of the box automation tooling from artifact query, contextual ā€œswim-lane analysisā€, anomaly & time series analysis to advanced data science leveraging machine learning Threat Hunting Data Enrichment Enrich data with context and threat-intel across the stack or time to discern deeper patterns or relationships Search & Visualize Relationships for Faster Hunting Search and correlate data while visually fusing results for faster context, analysis and insight Ingest & Onboard Any Threat Hunting Machine Data Source Enable fast ingestion of any machine data through efficient indexing, a big data real time architecture and ā€˜schema on the readā€™ technology DATA MATURITY
Ā© 2017 SPLUNK INC. Customer ā–¶ Third largest retail bank in Switzerland with 3m+ customer ā–¶ No 1 online payments provider Challenges ā–¶ Protecting financial assets & customer is a top priority ā–¶ Data ingestion and security insight ā–¶ Highly manual security analysis and reporting ā–¶ Cultural and organizational barriers to optimal security Customer Solution: Splunk Enterprise ā–¶ Risk reduction through E-payment & debit card fraud detection ā–¶ Increased visibility & security automation for online banking, payment processing, customer data protection such as phishing attack workflows FINANCE Connecting Business & Security at a Swiss Bank Splunk Security: Business Value https://conf.splunk.com/session/2015/conf2015_PHoffman_PostFinance_UsingSplunkSearchLanguage_HowSplunkConnectsBusiness.pdf
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
Ā© 2017 SPLUNK INC. ā–¶ Use rules to automate routine aspects of detection and investigation ā–¶ Extract insights from existing security controls by use of common interface ā–¶ Take actions with confidence for faster decisions and response ā–¶ Automate any process along the continuous monitoring, response and analytics cycle 6. Promote Security Automation & Human Efficiency To Prevent, Detect, Respond and Predict: Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall + Splunk Adaptive Response Alliance
Ā© 2017 SPLUNK INC. Demo: Driving Automation [Splunk Enterprise Security Adaptive Response]
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
Ā© 2017 SPLUNK INC. SECURITY & RISK IT OPERATIONS BUSINESS ANALYTICS SAME DATA Of theAsking differentDifferent PEOPLE QUESTIONS 40-70%security data that can be re-used for additional non security business value Online Services SplunkCustomer ValueExamples $11m Benefit Increased revenue from higher uptime High Tech $25m Benefit Increased revenue from higher uptime Oil & Gas $200m Benefit Revenues from Preventing APTā€™s Transportation $1b Benefit Optimisation with Sensor Data 7.From Security to Enterprise Data Insights
Ā© 2017 SPLUNK INC. Customer ā–¶ Operate in 60 counties with over 45,000 Employees ā–¶ 29 engineering and project execution centers and 5 fabrication yards Challenges ā–¶ Needed to gain operational visibility into distributed infrastructure ā–¶ Unable to meet compliance needs (PCI, ISO27001, SOX, Privacy) ā–¶ Struggling with governance of IT Operations ā–¶ Inability to reports holistically across all domains Customer Solution (Splunk Enterprise) ā–¶ Real time data insights across Security, ITOps & Application Development ā–¶ LoB security risk & compliance reporting ā–¶ SIEM & One ā€˜dashboardā€™ to rule them all ā–¶ IT Operations, application, server reboot, software license utilization monitoringā€¦ OIL & GAS Drive Enterprise Insights! Splunk Security: Build an Enterprise Data Fabric from Security
Ā© 2017 SPLUNK INC. Demo: Connecting (Visualizing) Security for the Business [Splunk Enterprise Security Glass Tables]
Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
Ā© 2017 SPLUNK INC. Wrapping up
Ā© 2017 SPLUNK INC. Helping you build your analytics driven SOC Security Nerve Center
Next Step: Splunk Security Workshops SIEM+/SOC Readiness, Security Use Case Definition, Security Data Source Assessment, Security Automation, Security Business & Risk Visualisationā€¦...... ā€¢ Scope data sources, use cases and volumes ā€¢ Security Analytics & SOC Building ā€¢ Adding Machine Learning to SecOps ā€¢ Learn how to visualize security success for the business ā€¢ Data privacy & protection Contact your Splunk representative to find out how to schedule
Threat Activity Dashboard Splunk Quick Start for Security Analytics & SOC Rapidly Determine Advanced Malware and Threat Activity Malware Center Dashboard
Ā© 2017 SPLUNK INC. ā€¢ 5,000+ IT and Business Professionals ā€¢ 175+ Sessions ā€¢ 80+ Customer Speakers PLUS Splunk University ā€¢ Three days: Sept 23-25, 2017 ā€¢ Get Splunk Certified for FREE! ā€¢ Get CPE credits for CISSP, CAP, SSCP SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. CONF.SPLUNK.COM .conf2017: The 8th Annual Splunk Conference
Ā© 2017 SPLUNK INC. Rate This Session on Pony Poll ponypoll.com/london17 Complete the survey for your chance to win a .conf2017 pass
Learn: How Travis Perkins built a SOC in the Cloud blogs.splunk.com Learn: Three Tips from Ciscoā€™s CSIRT using Splunk isc2.org Try it yourself: Splunk Enterprise Security in our Sandbox with 50+ Data Sources splunk.com
Ā© 2017 SPLUNK INC. Helping you build your analytics driven SOC Security Nerve Center Thank You

Recommended

Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk
Ā 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
Ā 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
Ā 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...Splunk
Ā 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
Ā 
Webinar: Splunk Enterprise Security Deep Dive: Analytics
Webinar: Splunk Enterprise Security Deep Dive: AnalyticsWebinar: Splunk Enterprise Security Deep Dive: Analytics
Webinar: Splunk Enterprise Security Deep Dive: AnalyticsSplunk
Ā 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...Splunk
Ā 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
Ā 

Recommended

Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk
Ā 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
Ā 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
Ā 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...Splunk
Ā 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
Ā 
Webinar: Splunk Enterprise Security Deep Dive: Analytics
Webinar: Splunk Enterprise Security Deep Dive: AnalyticsWebinar: Splunk Enterprise Security Deep Dive: Analytics
Webinar: Splunk Enterprise Security Deep Dive: AnalyticsSplunk
Ā 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...Splunk
Ā 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
Ā 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunk
Ā 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk
Ā 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
Ā 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
Ā 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...Splunk
Ā 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
Ā 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk
Ā 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk
Ā 
Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk
Ā 
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunk
Ā 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
Ā 
SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunk
Ā 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...Splunk
Ā 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunk
Ā 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
Ā 
Build a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureBuild a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureSplunk
Ā 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunk
Ā 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
Ā 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARSplunk
Ā 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunk
Ā 
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017Splunk
Ā 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunk
Ā 

More Related Content

What's hot

SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunk
Ā 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk
Ā 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
Ā 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
Ā 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...Splunk
Ā 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
Ā 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk
Ā 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk
Ā 
Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk
Ā 
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunk
Ā 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
Ā 
SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunk
Ā 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...Splunk
Ā 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunk
Ā 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
Ā 
Build a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureBuild a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureSplunk
Ā 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunk
Ā 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
Ā 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARSplunk
Ā 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunk
Ā 

What's hot (20)

SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Ā 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Ā 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
Ā 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Ā 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
Ā 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Ā 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Ā 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
Ā 
Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk for Security - Hands-On
Splunk for Security - Hands-On
Ā 
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
Ā 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Ā 
SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and Logs
Ā 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Ā 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Ā 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Ā 
Build a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureBuild a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security Posture
Ā 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
Ā 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security Session
Ā 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Ā 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics Methods
Ā 

Viewers also liked

Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017Splunk
Ā 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunk
Ā 
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with SplunkSplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with SplunkSplunk
Ā 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
Ā 
SplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunk
Ā 
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry PeopleSplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry PeopleSplunk
Ā 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
Ā 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionSplunk
Ā 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk
Ā 
Splunk at Scotiabank
Splunk at ScotiabankSplunk at Scotiabank
Splunk at ScotiabankSplunk
Ā 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk
Ā 
SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.Splunk
Ā 
Using Splunk at MoneyGram International
Using Splunk at MoneyGram InternationalUsing Splunk at MoneyGram International
Using Splunk at MoneyGram InternationalSplunk
Ā 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
Ā 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk
Ā 
Rage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementRage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementSplunk
Ā 
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVOSplunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVOSplunk
Ā 
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event ManagementSplunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event ManagementSplunk
Ā 
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk
Ā 

Viewers also liked (19)

Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017
Ā 
SplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNowSplunkLive! Customer Presentation--ServiceNow
SplunkLive! Customer Presentation--ServiceNow
Ā 
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with SplunkSplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
SplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk
Ā 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability Management
Ā 
SplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - Unicredit
Ā 
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry PeopleSplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
SplunkLive! London 2017 - Using Machine Learning to Feed Hungry People
Ā 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Ā 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Ā 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
Ā 
Splunk at Scotiabank
Splunk at ScotiabankSplunk at Scotiabank
Splunk at Scotiabank
Ā 
Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17Splunk Forum Financial Services Chicago 9/13/17
Splunk Forum Financial Services Chicago 9/13/17
Ā 
SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.
Ā 
Using Splunk at MoneyGram International
Using Splunk at MoneyGram InternationalUsing Splunk at MoneyGram International
Using Splunk at MoneyGram International
Ā 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Ā 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Ā 
Rage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementRage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event Management
Ā 
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVOSplunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO
Ā 
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event ManagementSplunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management
Ā 
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Ā 

Similar to SplunkLive! London 2017 - Building an Analytics Driven Security Operation Centre using Splunk Enterprise Security

Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocRene Aguero
Ā 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
Ā 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
Ā 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
Ā 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
Ā 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
Ā 
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk
Ā 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
Ā 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
Ā 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
Ā 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunk
Ā 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarSplunk
Ā 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsSplunk
Ā 
Splunk ITOA Roundtable - Zurich: 30th November 2017
Splunk ITOA Roundtable - Zurich: 30th November 2017Splunk ITOA Roundtable - Zurich: 30th November 2017
Splunk ITOA Roundtable - Zurich: 30th November 2017Splunk
Ā 
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkĆ³w
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkĆ³wPLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkĆ³w
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkĆ³wPROIDEA
Ā 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation PrasadThorat23
Ā 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningDigital Transformation EXPO Event Series
Ā 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
Ā 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecuritySplunk
Ā 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Splunk
Ā 

Similar to SplunkLive! London 2017 - Building an Analytics Driven Security Operation Centre using Splunk Enterprise Security (20)

Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Ā 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Ā 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Ā 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Ā 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Ā 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
Ā 
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Ā 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
Ā 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
Ā 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Ā 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
Ā 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Ā 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
Ā 
Splunk ITOA Roundtable - Zurich: 30th November 2017
Splunk ITOA Roundtable - Zurich: 30th November 2017Splunk ITOA Roundtable - Zurich: 30th November 2017
Splunk ITOA Roundtable - Zurich: 30th November 2017
Ā 
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkĆ³w
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkĆ³wPLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkĆ³w
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkĆ³w
Ā 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
Ā 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Ā 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
Ā 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
Ā 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
Ā 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
Ā 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
Ā 
.conf Go 2023 - Navegando la normativa SOX (TelefĆ³nica)
.conf Go 2023 - Navegando la normativa SOX (TelefĆ³nica).conf Go 2023 - Navegando la normativa SOX (TelefĆ³nica)
.conf Go 2023 - Navegando la normativa SOX (TelefĆ³nica)Splunk
Ā 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
Ā 
.conf Go 2023 - PĆ„ liv og dĆød Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - PĆ„ liv og dĆød Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - PĆ„ liv og dĆød Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - PĆ„ liv og dĆød Om sikkerhetsarbeid i Norsk helsenett Splunk
Ā 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BƤr)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BƤr).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BƤr)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BƤr)Splunk
Ā 
.conf Go 2023 - Das passende Rezept fĆ¼r die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept fĆ¼r die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept fĆ¼r die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept fĆ¼r die digitale (Security) Revolution zu...Splunk
Ā 
.conf go 2023 - Cyber Resilienz ā€“ Herausforderungen und Ansatz fĆ¼r Energiever...
.conf go 2023 - Cyber Resilienz ā€“ Herausforderungen und Ansatz fĆ¼r Energiever....conf go 2023 - Cyber Resilienz ā€“ Herausforderungen und Ansatz fĆ¼r Energiever...
.conf go 2023 - Cyber Resilienz ā€“ Herausforderungen und Ansatz fĆ¼r Energiever...Splunk
Ā 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
Ā 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
Ā 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
Ā 
Splunk x Freenet - .conf Go KoĢˆln
Splunk x Freenet - .conf Go KoĢˆlnSplunk x Freenet - .conf Go KoĢˆln
Splunk x Freenet - .conf Go KoĢˆlnSplunk
Ā 
Splunk Security Session - .conf Go KoĢˆln
Splunk Security Session - .conf Go KoĢˆlnSplunk Security Session - .conf Go KoĢˆln
Splunk Security Session - .conf Go KoĢˆlnSplunk
Ā 
Data foundations building success, at city scale ā€“ Imperial College London
Data foundations building success, at city scale ā€“ Imperial College London Data foundations building success, at city scale ā€“ Imperial College London
Data foundations building success, at city scale ā€“ Imperial College LondonSplunk
Ā 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Ā 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
Ā 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
Ā 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
Ā 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
Ā 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
Ā 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Ā 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Ā 
.conf Go 2023 - Navegando la normativa SOX (TelefĆ³nica)
.conf Go 2023 - Navegando la normativa SOX (TelefĆ³nica).conf Go 2023 - Navegando la normativa SOX (TelefĆ³nica)
.conf Go 2023 - Navegando la normativa SOX (TelefĆ³nica)
Ā 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Ā 
.conf Go 2023 - PĆ„ liv og dĆød Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - PĆ„ liv og dĆød Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - PĆ„ liv og dĆød Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - PĆ„ liv og dĆød Om sikkerhetsarbeid i Norsk helsenett
Ā 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BƤr)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BƤr).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BƤr)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BƤr)
Ā 
.conf Go 2023 - Das passende Rezept fĆ¼r die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept fĆ¼r die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept fĆ¼r die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept fĆ¼r die digitale (Security) Revolution zu...
Ā 
.conf go 2023 - Cyber Resilienz ā€“ Herausforderungen und Ansatz fĆ¼r Energiever...
.conf go 2023 - Cyber Resilienz ā€“ Herausforderungen und Ansatz fĆ¼r Energiever....conf go 2023 - Cyber Resilienz ā€“ Herausforderungen und Ansatz fĆ¼r Energiever...
.conf go 2023 - Cyber Resilienz ā€“ Herausforderungen und Ansatz fĆ¼r Energiever...
Ā 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Ā 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Ā 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Ā 
Splunk x Freenet - .conf Go KoĢˆln
Splunk x Freenet - .conf Go KoĢˆlnSplunk x Freenet - .conf Go KoĢˆln
Splunk x Freenet - .conf Go KoĢˆln
Ā 
Splunk Security Session - .conf Go KoĢˆln
Splunk Security Session - .conf Go KoĢˆlnSplunk Security Session - .conf Go KoĢˆln
Splunk Security Session - .conf Go KoĢˆln
Ā 
Data foundations building success, at city scale ā€“ Imperial College London
Data foundations building success, at city scale ā€“ Imperial College London Data foundations building success, at city scale ā€“ Imperial College London
Data foundations building success, at city scale ā€“ Imperial College London
Ā 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Ā 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Ā 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Ā 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Ā 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Ā 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Ā 

Recently uploaded

Finology Group ā€“ Insurtech Innovation Award 2024
Finology Group ā€“ Insurtech Innovation Award 2024Finology Group ā€“ Insurtech Innovation Award 2024
Finology Group ā€“ Insurtech Innovation Award 2024The Digital Insurer
Ā 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
Ā 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
Ā 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
Ā 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
Ā 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
Ā 
šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜RTylerCroy
Ā 
Scaling API-first ā€“ The story of a global engineering organization
Scaling API-first ā€“ The story of a global engineering organizationScaling API-first ā€“ The story of a global engineering organization
Scaling API-first ā€“ The story of a global engineering organizationRadu Cotescu
Ā 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
Ā 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
Ā 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
Ā 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
Ā 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
Ā 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
Ā 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
Ā 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĆŗjo
Ā 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
Ā 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
Ā 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
Ā 

Recently uploaded (20)

Finology Group ā€“ Insurtech Innovation Award 2024
Finology Group ā€“ Insurtech Innovation Award 2024Finology Group ā€“ Insurtech Innovation Award 2024
Finology Group ā€“ Insurtech Innovation Award 2024
Ā 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Ā 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Ā 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Ā 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Ā 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Ā 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Ā 
šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜šŸ¬ The future of MySQL is Postgres šŸ˜
šŸ¬ The future of MySQL is Postgres šŸ˜
Ā 
Scaling API-first ā€“ The story of a global engineering organization
Scaling API-first ā€“ The story of a global engineering organizationScaling API-first ā€“ The story of a global engineering organization
Scaling API-first ā€“ The story of a global engineering organization
Ā 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Ā 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Ā 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Ā 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Ā 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Ā 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
Ā 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Ā 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Ā 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Ā 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Ā 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Ā 

SplunkLive! London 2017 - Building an Analytics Driven Security Operation Centre using Splunk Enterprise Security

  • 1. Ā© 2017 SPLUNK INC. Building the Analytics-Driven SOC James Hanlon, Security Markets Specialist, EMEA Johan Bjerke, Security Staff Engineer, UK MAY 11, 2017 | LONDON
  • 2. Ā© 2017 SPLUNK INC. 1. A look at traditional security operations 2. Security operations emerging trends 3. How to use Splunk for an Analytics- Driven SOC Agenda
  • 3. Ā© 2017 SPLUNK INC. Traditional Security Operations
  • 4. Ā© 2017 SPLUNK INC. A SOC By Any Other Nameā€¦ ā–¶ Security Analytics Center ā–¶ Cyber Fusion Center ā–¶ Cyber Defense Center ā–¶ Threat Defense Center ā–¶ Detection and Response Teams A centralized unit that deals with security on an organizational & technical level Security Operations Center (SOC) Cyber Defense Center (CDC) A team composed primarily of security analysts organized to detect, analyze, respond to, report on, and prevent cybersecurity incidents
  • 5. Ā© 2017 SPLUNK INC. ā€œA perception of the SOC as a big alert pipeline is outdated and does not allow the organization to make use of more active processes such as internal Threat Intelligence generation and Threat Hunting.ā€ ā€“ [1] Anton Chuvakin https://www.gartner.com/doc/3479617 Traditional SOC Alert Pipeline?
  • 6. Ā© 2017 SPLUNK INC. Hybrid OutsourceInsource Types of Traditional SOCsā€¦ 10 Strategies of a World Class Cybersecurity Operations Center, Mitre 2014 Virtual Small Large Tiered National Choices?
  • 7. Ā© 2017 SPLUNK INC. Should or Can I build a SOC? ā–¶ Objectives & Business Alignment ā–¶ Motivation >> Cost ā–¶ Industry Guidance ā–¶ Data Visibility ā–¶ Staff Acquisition & Retention ā–¶ Sourcing Models ā–¶ Automation & Efficiency ā–¶ Service Catalogue Expansion Challenges of traditional Security Operations Security Operations Objectives & Business Alignment Cost Industry Guidance Data Visibility Staffing Sourcing Models Automation & Efficiency Service Catalogue Expansion
  • 8. Ā© 2017 SPLUNK INC. Many how-to guidesā€¦but little prescriptive guidance
  • 9. Ā© 2017 SPLUNK INC. The Critical Challenge: Balancing Security Priorities & Business Alignment Security Operations: only part of the bigger pictureā€¦ Security Architecture Risk and Compliance Security Engineering Security Operations Includes SOC https://www.sans.org/security-resources/posters/leadership/security-leadership- poster-135
  • 10. Ā© 2017 SPLUNK INC. Emerging Trends in Security Operations
  • 11. Ā© 2017 SPLUNK INC. To meet the challenges of the new "detection and response" paradigm, an intelligence- driven SOC also needs to move beyond traditional defenses, with an adaptive architecture and context-aware components. To support these required changes in information security programs, the traditional SOC must evolve to become the intelligence- driven SOC (ISOC) with automation and orchestration of SOC processes being a key enabler. Gartner, 2016 The desire for a better SOC is clear.. http://www.gartner.com/newsroom/id/3347717 Splunk EMEA CISO SOC RoundTable ļƒ¼ Know what your SOC needs to achieve! ļƒ¼ Align to business! ļƒ¼ Build business support ļƒ¼ Build a strategic roadmap ļƒ¼ Address people challenges and cost strategies early ļƒ¼ Define data sources for SOC insights ļƒ¼ Select technology wisely Splunk CISOā€™s, 2016
  • 12. Ā© 2017 SPLUNK INC. Three Interrelated Components of Security Process PeopleTechnology [2017 FOCUS] [2017 FOCUS] [Automation & Analytics is the Driving Force]
  • 13. Ā© 2017 SPLUNK INC. 1. Threat Monitoring 2. Incident Investigation 3. Incident Response Defining the SOC Service Catalogue ā€œWhat do you need to achieve?ā€ 4. Operational Reporting 5. Business Reporting! Mapping the Service Catalogue Splunk SOC Optimisation Workshop
  • 14. Ā© 2017 SPLUNK INC. Example Documented Service Catalogue Services Catalogue ā— Announcements & advisories ā— Alerts & warnings ā— Incident response, support & analysis ā— Artefact analysis ā— Cyber threat intelligence ā— IDS & log management ā— Vulnerability assessment
  • 15. Ā© 2017 SPLUNK INC. ā–¶ Tier-1Triage ā–¶ Off hours ā–¶ Tool Engineering ā–¶ Outside Help With Specialties ā€¢ Reverse Engineering ā€¢ Forensics ā€¢ Advanced IR ā€¢ Red/Purple teaming Hybrid Models (i.e. Int SOC platform + MSS) are becoming more common
  • 16. Ā© 2017 SPLUNK INC. ā–¶ Big Data Log Platform (BLDP) ā–¶ User Behavior Analytics (UBA) ā–¶ Threat intelligence (TI) (consumption, creation & sharing) ā–¶ Threat Hunting (TH) ā–¶ Threat & Vulnerability Management (TVM) ā–¶ Security Incident Response (SIR) ā–¶ Security Operations Automation (SOA) New Automation & Tooling Opportunities in the SOC Security Operations Big Data Log Platform (BDLP) User Behavior Analytics (UBA) Threat intelligence (TI) Threat Hunting (TH) Threat & Vulnerability Management (TVM) Security Incident Response (SIR) Security Operations Automation (SOA)
  • 17. Ā© 2017 SPLUNK INC. ā€¦ effort by analysts who purposely set out to identify and counteract adversaries that may already be in the environment. https://www.sans.org/reading-room/whitepapers/analyst/ who-what-where-when-effective-threat-hunting-36785 ā€œThreat Huntingā€
  • 18. Ā© 2017 SPLUNK INC. ā–¶ Start with a hypothesis that considers: ā€¢ Situational Awareness (often crown jewels focused) ā€¢ Threat Intelligence ā€¢ Domain experience ā€¢ Best Results > all 3! ā–¶ Requires lots of data ā–¶ Flexible platform to ask/answer questions ā–¶ Process Automation ā–¶ Data science / ML / Analytics increasingly used How are SOC Teams Hunting? https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785
  • 19. Ā© 2017 SPLUNK INC. SOC Persona Responsible for the operations, technology, team and leadership Responsible for the technology, product, upgrades SIEM Admin, Tools Engineer Security Analyst Hunter, Incident Responder SecOps / SOC Manager / Director CISO / Head InfoSec Responsible for investigating alerts, incidents and triage Responsible for SOC process, initiatives, often budget Proactively/reactively hunts for threats. Head or Exec of Info Security, Security Considerations: Hiring & Retention Shift Rotations & Coverage Skills Development Business Engagement
  • 20. Ā© 2017 SPLUNK INC. Calculating the Staff Requirements & Costs Mapping the Staffing Requirements & Costs Splunk SOC Optimisation Workshop
  • 21. Ā© 2017 SPLUNK INC. āœ“ Fast data onboarding āœ“ Any data source āœ“ Easy correlation āœ“ Automation / integration āœ“ Performant and scalable āœ“ Full fidelity āœ“ Retention and integrity āœ“ Normalized āœ“ Enables Hunting āœ“ Forensic investigation āœ“ Alerting āœ“ User access controls āœ“ Flexible Visualization āœ“ Advanced Analytics (ML?) Critical Characteristics for Log Data Platforms
  • 22. Ā© 2017 SPLUNK INC. 1. Assets and Identities 2. Threat intel 3. Firewall 4. Network metadata 5. Authentication 6. Server (Windows / Linux) 7. Endpoint 8. IDS / IPS 9. VPN 10.Application 11.Vulnerability Common SOC Data Sources Mapping the Data source Requirements Splunk Security Data Source Assessment
  • 23. Ā© 2017 SPLUNK INC. Challenges to building you own custom cyber data lake: ā–¶ Dirty data ā–¶ Debugging custom big data collectors ā–¶ Accessing data ā–¶ Little value beyond collection ā–¶ Little value beyond keyword searching ā–¶ Little threat detection value ā–¶ Ability to find, retain & integrate skills needed Build your own custom cyber security data lake? http://blogs.gartner.com/anton-chuvakin/2017/04/11/why-your-security-data-lake-project-will-fail/
  • 24. Ā© 2017 SPLUNK INC. Splunk for Analytics-Driven SOC
  • 25. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 26. Ā© 2017 SPLUNK INC. Splunk as the Nerve Center Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall
  • 27. Ā© 2017 SPLUNK INC. Splunk Security Portfolio ā€¢ Risky behavior detection ā€¢ Advanced attacks & insider ā€¢ Entity & kill chain profiling Enterprise Security Response ā€¢ Security analytics (SOC) platform ā€¢ Incident response workflow ā€¢ Adaptive response ā€¢ OOB key security metrics Splunk Enterprise Detection Realm of Known Human-driven Splunk Security Essentials/UBA Detection Realm of Unknown ML-driven ā€¢ Any data log aggregation ā€¢ Rules, statistics, correlation ā€¢ Search, visualize & hunt
  • 28. Ā© 2017 SPLUNK INC. Splunk Enterprise Security A collection of orchestration frameworks for SOC Operations NOTABLE EVENT THREAT INTELLIGENCE ASSET AND IDENTITY CORRELATION ADAPTIVE RESPONSE RISK ANALYSIS Platform for Operational Intelligence
  • 29. Ā© 2017 SPLUNK INC. A Recipe for the Security Analytics Driven SOC Event Aggregation Incident Creation Investigation & Response Investigative Platform ā–¶ Flexible Analyst Visualisation ā–¶ Provide automation with security solutions & tooling ā–¶ Security operations orchestration & threat hunting Simple Detection ā–¶ Rules & Statistics ā–¶ Quick development ā–¶ Easy for analysts Advanced Detection ā–¶ Detect unknown ā–¶ New vectors ā–¶ Machine learning Event Management ā–¶ Fast data onboarding ā–¶ Manage High Volume ā–¶ Track Entity Relationships Alert Management Incident Contextualization (Enrichment) Decrease MTTR
  • 30. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 31. Ā© 2017 SPLUNK INC. 1. Select an Appropriate SOC Sourcing Strategy 1 2 3 4 On Premise Cloud Only Hybrid Spilt Technology & SOC Provider Model ā–¶ To Prevent, Detect, Respond and Predict
  • 32. Ā© 2017 SPLUNK INC. Customer ā–¶ UKā€™s largest building and construction supplier ā–¶ 20+ business units in group & 27,0000 employees Challenges ā–¶ Failed previous SIEM project ā–¶ Complex mix of legacy on premise and cloud solutions ā–¶ Difficult ingesting data sources for visibility ā–¶ Limited security personnel Customer Solution: Splunk Enterprise & Splunk Enterprise Security) ā–¶ Fast time from data ingestion to obtaining security insight ā–¶ Splunk Cloud removes pain from managing host infrastructure ā–¶ Intrinsic Splunk ES risk scoring has been pivotal in multiple cyber incidents ā–¶ Architecture design now serving non security use cases (IT Event Monitoring) RETAIL Building a Lean ā€˜Cloudā€™ SOC Splunk Security: Fast Time to Value
  • 33. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 34. Ā© 2017 SPLUNK INC. ā–¶ Correlation across all security relevant data ā–¶ Insights from existing security architectures ā–¶ Advanced analytics techniques such as machine learning 2. Adopt an Adaptive Security Architecture To Prevent, Detect, Respond and Predict 1,000+ Apps and Add-ons Splunk Security Solutions
  • 35. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 36. Ā© 2017 SPLUNK INC. ā–¶ Automatically collect, aggregate and de-duplicate threat feeds from a broad set of sources ā–¶ Support for STIX/TAXII, OpenIOC, Facebook ā–¶ Build your own data to create your own Threat Intel ā–¶ Out of the box Activity and Artifact dashboards 3. Threat Intelligence ā€“ ES Threat Intel Framework ā–¶ Determine impact on network, assets ā–¶ Use for analysis / IR ā–¶ Collect / provide forensics ā–¶ Use to hunt / uncover / link events ā–¶ Share info with partners Law Enforcement Feeds ISAC Feeds Agency Feed Commercial Service Community Feed Open-Source Feed Other Enrichment Services
  • 37. Ā© 2017 SPLUNK INC. Customer ā–¶ EU Intuitions own Computer Emergency Response Team (CERT) ā–¶ Supports 60 organizations across Europe supporting 100,000 end users Challenges ā–¶ Ingestion from many sources ā–¶ Constituents: very high value targets ā–¶ Complex decentralized, heterogeneous environment ā–¶ Need to correlate everything with everything: file-less lateral movements, bypassing protection layers, phishing attacks Customer Solution: Splunk Enterprise ā–¶ Provides common language and conventions to control all data (CIM) ā–¶ Drives time saving & reduces human error while increased visibility ā–¶ Enables any data & intelligence correlation. Easily integrates with custom security tooling via open APIā€™s ā–¶ Two tier architecture with end users in control of their data GOVERNMENT Enabling EU Cyber Response Splunk Security: Trusted vhttps://de.slideshare.net/Splunk/splunk-live-utrecht-2016-cert-eu
  • 38. Ā© 2017 SPLUNK INC. Demo: Proactively Managing Threat Intelligence [Splunk Enterprise Security Threat Intelligence Management]
  • 39. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 40. ā€¢ Accelerate anomaly and unknown threat detection ā€“ minimize attacks & insider threat ā€¢ Use Splunk Security Essentials App ā€“ FOC App with 55+ UBA use cases ā€¢ Premium Machine learning solution ā€“ Splunk User Behavior Analytics ā€“ Flexible workflows for SOC Manager, SOC analyst and Hunter/Investigator within SIEM 4. Deploy Advanced Analytics ā€“ Native ML and UBA To Prevent, Detect, Respond and Predict: Security Essentials App UBA Premium Solution Premium Solution Integration
  • 41. Ā© 2017 SPLUNK INC. Demo: Deploying Advanced Analytics [Join us at the next security session to see the live demo!]
  • 42. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 43. Ā© 2017 SPLUNK INC. 5. Proactive Investigation & Threat Hunting Enrichment Automation Search & Visualization Hypotheses Automated Analytics Data Science and Machine Learning Data and Intelligence Enrichment Data Search Visualisation Threat Hunting Enablement Integrated & out of the box automation tooling from artifact query, contextual ā€œswim-lane analysisā€, anomaly & time series analysis to advanced data science leveraging machine learning Threat Hunting Data Enrichment Enrich data with context and threat-intel across the stack or time to discern deeper patterns or relationships Search & Visualize Relationships for Faster Hunting Search and correlate data while visually fusing results for faster context, analysis and insight Ingest & Onboard Any Threat Hunting Machine Data Source Enable fast ingestion of any machine data through efficient indexing, a big data real time architecture and ā€˜schema on the readā€™ technology DATA MATURITY
  • 44. Ā© 2017 SPLUNK INC. Customer ā–¶ Third largest retail bank in Switzerland with 3m+ customer ā–¶ No 1 online payments provider Challenges ā–¶ Protecting financial assets & customer is a top priority ā–¶ Data ingestion and security insight ā–¶ Highly manual security analysis and reporting ā–¶ Cultural and organizational barriers to optimal security Customer Solution: Splunk Enterprise ā–¶ Risk reduction through E-payment & debit card fraud detection ā–¶ Increased visibility & security automation for online banking, payment processing, customer data protection such as phishing attack workflows FINANCE Connecting Business & Security at a Swiss Bank Splunk Security: Business Value https://conf.splunk.com/session/2015/conf2015_PHoffman_PostFinance_UsingSplunkSearchLanguage_HowSplunkConnectsBusiness.pdf
  • 45. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 46. Ā© 2017 SPLUNK INC. ā–¶ Use rules to automate routine aspects of detection and investigation ā–¶ Extract insights from existing security controls by use of common interface ā–¶ Take actions with confidence for faster decisions and response ā–¶ Automate any process along the continuous monitoring, response and analytics cycle 6. Promote Security Automation & Human Efficiency To Prevent, Detect, Respond and Predict: Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall + Splunk Adaptive Response Alliance
  • 47. Ā© 2017 SPLUNK INC. Demo: Driving Automation [Splunk Enterprise Security Adaptive Response]
  • 48. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 49. Ā© 2017 SPLUNK INC. SECURITY & RISK IT OPERATIONS BUSINESS ANALYTICS SAME DATA Of theAsking differentDifferent PEOPLE QUESTIONS 40-70%security data that can be re-used for additional non security business value Online Services SplunkCustomer ValueExamples $11m Benefit Increased revenue from higher uptime High Tech $25m Benefit Increased revenue from higher uptime Oil & Gas $200m Benefit Revenues from Preventing APTā€™s Transportation $1b Benefit Optimisation with Sensor Data 7.From Security to Enterprise Data Insights
  • 50. Ā© 2017 SPLUNK INC. Customer ā–¶ Operate in 60 counties with over 45,000 Employees ā–¶ 29 engineering and project execution centers and 5 fabrication yards Challenges ā–¶ Needed to gain operational visibility into distributed infrastructure ā–¶ Unable to meet compliance needs (PCI, ISO27001, SOX, Privacy) ā–¶ Struggling with governance of IT Operations ā–¶ Inability to reports holistically across all domains Customer Solution (Splunk Enterprise) ā–¶ Real time data insights across Security, ITOps & Application Development ā–¶ LoB security risk & compliance reporting ā–¶ SIEM & One ā€˜dashboardā€™ to rule them all ā–¶ IT Operations, application, server reboot, software license utilization monitoringā€¦ OIL & GAS Drive Enterprise Insights! Splunk Security: Build an Enterprise Data Fabric from Security
  • 51. Ā© 2017 SPLUNK INC. Demo: Connecting (Visualizing) Security for the Business [Splunk Enterprise Security Glass Tables]
  • 52. Ā© 2017 SPLUNK INC. 1. Select the right sourcing strategy 2. Adopt an adaptive security architecture 3. Optimise threat intelligence management 4. Deploy advanced analytics 5. Proactive investigation & threat hunting 6. Promote security automation & human efficiency 7. Drive Enterprise ā€˜Not Justā€™ Security Insights ā€œ7 Enablersā€ of the Analytics Driven SOC
  • 53. Ā© 2017 SPLUNK INC. Wrapping up
  • 54. Ā© 2017 SPLUNK INC. Helping you build your analytics driven SOC Security Nerve Center
  • 55. Next Step: Splunk Security Workshops SIEM+/SOC Readiness, Security Use Case Definition, Security Data Source Assessment, Security Automation, Security Business & Risk Visualisationā€¦...... ā€¢ Scope data sources, use cases and volumes ā€¢ Security Analytics & SOC Building ā€¢ Adding Machine Learning to SecOps ā€¢ Learn how to visualize security success for the business ā€¢ Data privacy & protection Contact your Splunk representative to find out how to schedule
  • 56. Threat Activity Dashboard Splunk Quick Start for Security Analytics & SOC Rapidly Determine Advanced Malware and Threat Activity Malware Center Dashboard
  • 57. Ā© 2017 SPLUNK INC. ā€¢ 5,000+ IT and Business Professionals ā€¢ 175+ Sessions ā€¢ 80+ Customer Speakers PLUS Splunk University ā€¢ Three days: Sept 23-25, 2017 ā€¢ Get Splunk Certified for FREE! ā€¢ Get CPE credits for CISSP, CAP, SSCP SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. CONF.SPLUNK.COM .conf2017: The 8th Annual Splunk Conference
  • 58. Ā© 2017 SPLUNK INC. Rate This Session on Pony Poll ponypoll.com/london17 Complete the survey for your chance to win a .conf2017 pass
  • 59. Learn: How Travis Perkins built a SOC in the Cloud blogs.splunk.com Learn: Three Tips from Ciscoā€™s CSIRT using Splunk isc2.org Try it yourself: Splunk Enterprise Security in our Sandbox with 50+ Data Sources splunk.com
  • 60. Ā© 2017 SPLUNK INC. Helping you build your analytics driven SOC Security Nerve Center Thank You