This document summarizes a presentation about operationalizing advanced threat defense. It discusses how advanced threat actors have established a mature economy of cyber threats with global reach. It then outlines an approach to combat these threats by connecting all security and operational data sources to gain comprehensive visibility, and leveraging threat intelligence and security analytics to detect threats across the entire kill chain. The presentation also demonstrates Enterprise Security 3.x software for continuous monitoring and advanced threat detection.
2. Disclaimer
2
During
the
course
of
this
presentaAon,
we
may
make
forward-‐looking
statements
regarding
future
events
or
the
expected
performance
of
the
company.
We
cauAon
you
that
such
statements
reflect
our
current
expectaAons
and
esAmates
based
on
factors
currently
known
to
us
and
that
actual
events
or
results
could
differ
materially.
For
important
factors
that
may
cause
actual
results
to
differ
from
those
contained
in
our
forward-‐looking
statements,
please
review
our
filings
with
the
SEC.
The
forward-‐looking
statements
made
in
the
this
presentaAon
are
being
made
as
of
the
Ame
and
date
of
its
live
presentaAon.
If
reviewed
aQer
its
live
presentaAon,
this
presentaAon
may
not
contain
current
or
accurate
informaAon.
We
do
not
assume
any
obligaAon
to
update
any
forward-‐looking
statements
we
may
make.
In
addiAon,
any
informaAon
about
our
roadmap
outlines
our
general
product
direcAon
and
is
subject
to
change
at
any
Ame
without
noAce.
It
is
for
informaAonal
purposes
only,
and
shall
not
be
incorporated
into
any
contract
or
other
commitment.
Splunk
undertakes
no
obligaAon
either
to
develop
the
features
or
funcAonality
described
or
to
include
any
such
feature
or
funcAonality
in
a
future
release.
4. Agenda
! The
advanced
threat
actors
and
their
success
! An
approach
to
combat
advanced
threat
actors
! ProducAonizing
and
operaAonalizing
advanced
threat
defense
! Demo
! Q&A
4
8. The
Adversary’s
M.O.
:
Kill
Chain
8
• The
adversary
works
to
understand
your
organizaAon
looking
for
opportuniAes
Reconnaissance
• Your
system
is
compromised
and
the
adversary
goes
to
work
ExploitaAon
• The
afacker
steals
data,
disrupts
your
operaAons
or
causes
damage…
AcAng
on
Intent
10. Intrusion
DetecAon
Firewall
Data
Loss
PrevenAon
AnA-‐
Malware
Vulnerability
Scans
Tradi.onal
Security
Strategy
AuthenAcaAon
10
11. Connect
the
Dots
Across
All
Data
Servers
Storage
Desktops
Email
Web
TransacAon
Records
Network
Flows
Hypervisor
Custom
Apps
Physical
Access
Badges
Threat
Intelligence
Mobile
CMBD
DHCP/
DNS
Intrusion
DetecAon
Firewall
Data
Loss
PrevenAon
AnA-‐
Malware
Vulnerability
Scans
AuthenAcaAon
11
29. 29
Enterprise
Security
Office
Hours
@Room
103
Best
Kept
Secrets
of
Enterprise
Security
Dimitri
McKay
Automated
MiAgaAon
With
Enterprise
Security
Jose
Hernandez
Enterprise
Security
@Apps
Showcase
CPE,
CISSP
Credits
For
Security
Talks
30. 30
Security
office
hours:
11:00
AM
–
2:00
PM
@Room
103
Everyday
Geek
out,
share
ideas
with
Enterprise
Security
developers
Red
Team
/
Blue
Team
-‐
Challenge
your
skills
and
learn
new
tricks
Mon-‐Wed:
3:00
PM
–
6:00
PM
@Splunk
Community
Lounge
Thurs:
11:00
AM
–
2:00
PM
Learn,
share
and
hack
Birds
of
a
feather-‐
Collaborate
and
brainstorm
with
security
ninjas
Thurs:
12:00
PM
–
1:00
PM
@Meal
Room