SlideShare une entreprise Scribd logo

Splunk conf2014 - Operationalizing Advanced Threat Defense

Splunk
Splunk

This document summarizes a presentation about operationalizing advanced threat defense. It discusses how advanced threat actors have established a mature economy of cyber threats with global reach. It then outlines an approach to combat these threats by connecting all security and operational data sources to gain comprehensive visibility, and leveraging threat intelligence and security analytics to detect threats across the entire kill chain. The presentation also demonstrates Enterprise Security 3.x software for continuous monitoring and advanced threat detection.

Technologie
1  sur  31
Télécharger pour lire hors ligne
Copyright  ©  2014  Splunk  Inc.   Monzy  Merza   Minister  of  Defense,  Splunk,  Inc.   OperaAonalizing   Advanced  Threat   Defense  
Disclaimer   2   During  the  course  of  this  presentaAon,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cauAon  you  that  such  statements  reflect  our  current  expectaAons  and   esAmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaAon  are  being  made  as   of  the  Ame  and  date  of  its  live  presentaAon.  If  reviewed  aQer  its  live  presentaAon,  this  presentaAon  may  not  contain   current  or  accurate  informaAon.  We  do  not  assume  any  obligaAon  to  update  any  forward-­‐looking  statements  we  may   make.  In  addiAon,  any  informaAon  about  our  roadmap  outlines  our  general  product  direcAon  and  is  subject  to  change   at  any  Ame  without  noAce.  It  is  for  informaAonal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obligaAon  either  to  develop  the  features  or  funcAonality  described  or  to   include  any  such  feature  or  funcAonality  in  a  future  release.  
Advanced  Threat  Defense  Requires   Visibility   Context   &   Intelligence   Human   Empowerment   3  
Agenda   !   The  advanced  threat  actors  and  their  success   !   An  approach  to  combat  advanced  threat  actors   !   ProducAonizing  and  operaAonalizing  advanced  threat  defense   !   Demo   !   Q&A   4  
5   Mature  Economy  of  Cyber  Threats  
6   Image:  eyeswideopen.org   Threat  Actors  Have  Global  Reach  
Source:  Mandiant  M-­‐Trends  Report  2012/2013/2014   7   229   40   100%   67%  
The  Adversary’s  M.O.  :  Kill  Chain   8   •  The  adversary  works  to  understand  your  organizaAon  looking  for  opportuniAes   Reconnaissance   •  Your  system  is  compromised  and  the  adversary  goes  to  work   ExploitaAon   •  The  afacker  steals  data,  disrupts  your  operaAons  or  causes  damage…   AcAng  on  Intent    
OperaAonalizing  Advanced  Threat  Defense     9  
Intrusion     DetecAon   Firewall   Data  Loss   PrevenAon   AnA-­‐ Malware   Vulnerability   Scans   Tradi.onal  Security  Strategy   AuthenAcaAon   10  
Connect  the  Dots  Across  All  Data   Servers   Storage   Desktops  Email   Web   TransacAon   Records   Network   Flows  Hypervisor   Custom   Apps   Physical   Access   Badges   Threat   Intelligence   Mobile   CMBD  DHCP/  DNS   Intrusion     DetecAon   Firewall   Data  Loss   PrevenAon   AnA-­‐ Malware   Vulnerability   Scans   AuthenAcaAon   11  
12   Threat  Intelligence  Network   Endpoint   AuthenAcaAon   Minimum  Set  of  Sources  
13   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Security  Intelligence   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
Security  Intelligence   14   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
Security  Intelligence   15   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
Security  Intelligence   16   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
17   Enterprise  Security  3.x   ConAnuous  Monitoring  and  Advanced  Threat  DetecAon  
18  
19  
20  
21  
22  
What’s  New  in  ES  3.1   RISK-­‐BASED  ANALYTICS   VISUALIZE  AND  DISCOVER   RELATIONSHIPS   ENRICH  SECURITY  ANALYSIS   WITH  THREAT  INTELLIGENCE   Risk  Scoring  Framework   KSI/KPI/KRI  Edi.ng   Contribu.ng  Factors  Analysis   GUI  Edi.ng  of  Swimlanes   Guided  Search  Builder     Domain  and  URL  threat  Intel   Aggrega.on  and  Deduplica.on   Threat  Intel  Source  Weights   23  
24   Demo  
25   Threat  Intelligence  Network   Endpoint   AuthenAcaAon   Advanced  Threat  Defense  Starts  Here  
Security  Intelligence   26   Developer   PlaUorm   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
Thousands  of  Global  Security  Customers   27  
Industry  RecogniAon   28   2012   2013   Product/Service Rating AccelOps AlienVault BlackStratus EventTracker HP(ArcSight) IBMSecurity(QRadar) LogRhythm McAfee(ESM) Real-Time Monitoring 3.50 3.00 3.00 2.9 4.1 4.0 3.75 3.75 Threat Intelligence 3.00 3.50 2.50 1.5 4.0 4.0 3.25 4.00 Behavior Profiling 2.50 3.50 2.50 2.8 4.0 4.5 3.38 3.50 Data and User Monitoring 2.97 2.43 2.16 3.2 4.2 3.8 3.41 4.44 Application Monitoring 2.90 3.65 2.90 3.2 4.5 4.3 4.10 4.20 Analytics 2.44 3.19 2.94 2.9 3.8 3.7 3.30 3.59 Log Management and Reporting 2.75 3.00 2.50 3.4 4.0 3.8 3.75 3.25 Deployment/Support Simplicity 3.50 4.00 3.00 4.3 3.7 4.3 4.25 4.00 Source: Gartner (June 2014)
29   Enterprise  Security   Office  Hours     @Room  103   Best  Kept  Secrets  of   Enterprise  Security    Dimitri  McKay   Automated  MiAgaAon  With   Enterprise  Security   Jose  Hernandez   Enterprise  Security   @Apps  Showcase   CPE,  CISSP  Credits   For  Security  Talks    
30   Security  office  hours:  11:00  AM  –  2:00  PM  @Room  103  Everyday    Geek  out,  share  ideas  with  Enterprise  Security  developers   Red  Team  /  Blue  Team  -­‐  Challenge  your  skills  and  learn  new  tricks   Mon-­‐Wed:  3:00  PM  –  6:00  PM  @Splunk  Community  Lounge   Thurs:  11:00  AM  –  2:00  PM   Learn,  share  and  hack   Birds  of  a  feather-­‐  Collaborate  and  brainstorm  with  security  ninjas       Thurs:  12:00  PM  –  1:00  PM  @Meal  Room    
THANK  YOU!!!   monzy@splunk.com  

Recommandé

Conf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuConf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuSplunk
 
Security Hands-On - Splunklive! Houston
Security Hands-On - Splunklive! HoustonSecurity Hands-On - Splunklive! Houston
Security Hands-On - Splunklive! HoustonSplunk
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018YoungCho50
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 
SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop Splunk
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopSplunk
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information SecurityShannon Cuthbertson
 

Recommandé

Conf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuConf2014_SplunkSecurityNinjutsu
Conf2014_SplunkSecurityNinjutsuSplunk
 
Security Hands-On - Splunklive! Houston
Security Hands-On - Splunklive! HoustonSecurity Hands-On - Splunklive! Houston
Security Hands-On - Splunklive! HoustonSplunk
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018YoungCho50
 
Threat Hunting with Splunk
Threat Hunting with Splunk Threat Hunting with Splunk
Threat Hunting with Splunk Splunk
 
SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop SplunkSummit 2015 - ES Hands On Workshop
SplunkSummit 2015 - ES Hands On Workshop Splunk
 
Analytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopAnalytics Driven SIEM Workshop
Analytics Driven SIEM WorkshopSplunk
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information SecurityShannon Cuthbertson
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for SecurityGabrielle Knowles
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunk
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...Splunk
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsSplunk
 
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunk
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunk
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status CommandsSplunk
 

Contenu connexe

Tendances

Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunk
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...Splunk
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsSplunk
 
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunk
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 

Tendances (20)

Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based security
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk EnterpriseSplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics MethodsSplunkLive! Paris 2018: Intro to Security Analytics Methods
SplunkLive! Paris 2018: Intro to Security Analytics Methods
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior Analytics
 
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 

En vedette

SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunk
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status CommandsSplunk
 
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information SecuritySplunk
 
Conf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimizationConf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimizationSplunk
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 eventsMichael Gough
 

En vedette (7)

SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security Ninjitsu
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
 
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
Conf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimizationConf2014_SplunkSearchOptimization
Conf2014_SplunkSearchOptimization
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
Finding attacks with these 6 events
Finding attacks with these 6 eventsFinding attacks with these 6 events
Finding attacks with these 6 events
 

Similaire à Splunk conf2014 - Operationalizing Advanced Threat Defense

Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationGeorg Knon
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
SplunkLive! Wien - Splunk für Security
SplunkLive! Wien - Splunk für SecuritySplunkLive! Wien - Splunk für Security
SplunkLive! Wien - Splunk für SecuritySplunk
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunk
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesSplunk
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer OverviewScott Suhy
 
SplunkSummit 2015 - Splunking the Endpoint
SplunkSummit 2015 - Splunking the EndpointSplunkSummit 2015 - Splunking the Endpoint
SplunkSummit 2015 - Splunking the EndpointSplunk
 
Overview of Haystax Technology
Overview of Haystax TechnologyOverview of Haystax Technology
Overview of Haystax TechnologyHaystax Technology
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 

Similaire à Splunk conf2014 - Operationalizing Advanced Threat Defense (20)

Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident Investigation
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
SplunkLive! Wien - Splunk für Security
SplunkLive! Wien - Splunk für SecuritySplunkLive! Wien - Splunk für Security
SplunkLive! Wien - Splunk für Security
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für Security
 
Operational Security
Operational SecurityOperational Security
Operational Security
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
inSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdfinSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdf
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer Overview
 
SplunkSummit 2015 - Splunking the Endpoint
SplunkSummit 2015 - Splunking the EndpointSplunkSummit 2015 - Splunking the Endpoint
SplunkSummit 2015 - Splunking the Endpoint
 
Overview of Haystax Technology
Overview of Haystax TechnologyOverview of Haystax Technology
Overview of Haystax Technology
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 

Plus de Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

Plus de Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Dernier

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Dernier (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Splunk conf2014 - Operationalizing Advanced Threat Defense

  • 1. Copyright  ©  2014  Splunk  Inc.   Monzy  Merza   Minister  of  Defense,  Splunk,  Inc.   OperaAonalizing   Advanced  Threat   Defense  
  • 2. Disclaimer   2   During  the  course  of  this  presentaAon,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cauAon  you  that  such  statements  reflect  our  current  expectaAons  and   esAmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaAon  are  being  made  as   of  the  Ame  and  date  of  its  live  presentaAon.  If  reviewed  aQer  its  live  presentaAon,  this  presentaAon  may  not  contain   current  or  accurate  informaAon.  We  do  not  assume  any  obligaAon  to  update  any  forward-­‐looking  statements  we  may   make.  In  addiAon,  any  informaAon  about  our  roadmap  outlines  our  general  product  direcAon  and  is  subject  to  change   at  any  Ame  without  noAce.  It  is  for  informaAonal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obligaAon  either  to  develop  the  features  or  funcAonality  described  or  to   include  any  such  feature  or  funcAonality  in  a  future  release.  
  • 3. Advanced  Threat  Defense  Requires   Visibility   Context   &   Intelligence   Human   Empowerment   3  
  • 4. Agenda   !   The  advanced  threat  actors  and  their  success   !   An  approach  to  combat  advanced  threat  actors   !   ProducAonizing  and  operaAonalizing  advanced  threat  defense   !   Demo   !   Q&A   4  
  • 5. 5   Mature  Economy  of  Cyber  Threats  
  • 6. 6   Image:  eyeswideopen.org   Threat  Actors  Have  Global  Reach  
  • 7. Source:  Mandiant  M-­‐Trends  Report  2012/2013/2014   7   229   40   100%   67%  
  • 8. The  Adversary’s  M.O.  :  Kill  Chain   8   •  The  adversary  works  to  understand  your  organizaAon  looking  for  opportuniAes   Reconnaissance   •  Your  system  is  compromised  and  the  adversary  goes  to  work   ExploitaAon   •  The  afacker  steals  data,  disrupts  your  operaAons  or  causes  damage…   AcAng  on  Intent    
  • 9. OperaAonalizing  Advanced  Threat  Defense     9  
  • 10. Intrusion     DetecAon   Firewall   Data  Loss   PrevenAon   AnA-­‐ Malware   Vulnerability   Scans   Tradi.onal  Security  Strategy   AuthenAcaAon   10  
  • 11. Connect  the  Dots  Across  All  Data   Servers   Storage   Desktops  Email   Web   TransacAon   Records   Network   Flows  Hypervisor   Custom   Apps   Physical   Access   Badges   Threat   Intelligence   Mobile   CMBD  DHCP/  DNS   Intrusion     DetecAon   Firewall   Data  Loss   PrevenAon   AnA-­‐ Malware   Vulnerability   Scans   AuthenAcaAon   11  
  • 12. 12   Threat  Intelligence  Network   Endpoint   AuthenAcaAon   Minimum  Set  of  Sources  
  • 13. 13   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Security  Intelligence   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 14. Security  Intelligence   14   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 15. Security  Intelligence   15   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 16. Security  Intelligence   16   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 17. 17   Enterprise  Security  3.x   ConAnuous  Monitoring  and  Advanced  Threat  DetecAon  
  • 18. 18  
  • 19. 19  
  • 20. 20  
  • 21. 21  
  • 22. 22  
  • 23. What’s  New  in  ES  3.1   RISK-­‐BASED  ANALYTICS   VISUALIZE  AND  DISCOVER   RELATIONSHIPS   ENRICH  SECURITY  ANALYSIS   WITH  THREAT  INTELLIGENCE   Risk  Scoring  Framework   KSI/KPI/KRI  Edi.ng   Contribu.ng  Factors  Analysis   GUI  Edi.ng  of  Swimlanes   Guided  Search  Builder     Domain  and  URL  threat  Intel   Aggrega.on  and  Deduplica.on   Threat  Intel  Source  Weights   23  
  • 25. 25   Threat  Intelligence  Network   Endpoint   AuthenAcaAon   Advanced  Threat  Defense  Starts  Here  
  • 26. Security  Intelligence   26   Developer   PlaUorm   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 27. Thousands  of  Global  Security  Customers   27  
  • 28. Industry  RecogniAon   28   2012   2013   Product/Service Rating AccelOps AlienVault BlackStratus EventTracker HP(ArcSight) IBMSecurity(QRadar) LogRhythm McAfee(ESM) Real-Time Monitoring 3.50 3.00 3.00 2.9 4.1 4.0 3.75 3.75 Threat Intelligence 3.00 3.50 2.50 1.5 4.0 4.0 3.25 4.00 Behavior Profiling 2.50 3.50 2.50 2.8 4.0 4.5 3.38 3.50 Data and User Monitoring 2.97 2.43 2.16 3.2 4.2 3.8 3.41 4.44 Application Monitoring 2.90 3.65 2.90 3.2 4.5 4.3 4.10 4.20 Analytics 2.44 3.19 2.94 2.9 3.8 3.7 3.30 3.59 Log Management and Reporting 2.75 3.00 2.50 3.4 4.0 3.8 3.75 3.25 Deployment/Support Simplicity 3.50 4.00 3.00 4.3 3.7 4.3 4.25 4.00 Source: Gartner (June 2014)
  • 29. 29   Enterprise  Security   Office  Hours     @Room  103   Best  Kept  Secrets  of   Enterprise  Security    Dimitri  McKay   Automated  MiAgaAon  With   Enterprise  Security   Jose  Hernandez   Enterprise  Security   @Apps  Showcase   CPE,  CISSP  Credits   For  Security  Talks    
  • 30. 30   Security  office  hours:  11:00  AM  –  2:00  PM  @Room  103  Everyday    Geek  out,  share  ideas  with  Enterprise  Security  developers   Red  Team  /  Blue  Team  -­‐  Challenge  your  skills  and  learn  new  tricks   Mon-­‐Wed:  3:00  PM  –  6:00  PM  @Splunk  Community  Lounge   Thurs:  11:00  AM  –  2:00  PM   Learn,  share  and  hack   Birds  of  a  feather-­‐  Collaborate  and  brainstorm  with  security  ninjas       Thurs:  12:00  PM  –  1:00  PM  @Meal  Room