SlideShare ist ein Scribd-Unternehmen logo

Accelerate Incident Response with Orchestration & Automation

Als PPTX, PDF herunterladen
Splunk
Splunk

Daily IT security operations processes have not changed significantly over the past decade, but that all stands to change now that a new technology has arrived—enabling security teams to work smarter, respond faster, and improve their defenses. With Security Orchestration, Automation and Response (SOAR) technology, mundane processes can be handled by computers, allowing the SOC team to focus on identifying and responding to the real threats and attacks. This session examines traditional SOC processes and what becomes possible with a SOAR platform like Splunk Phantom. Whether it's a two-person security operation or a full complement SOC, learn to identify the processes that computers can handle on your behalf, and how to go beyond simple use cases and leverage all of the available security tools in your arsenal to the max.

Technologie
1 von 31
© 2019 SPLUNK INC.© 2019 SPLUNK INC. Accelerate Incident Response Using Orchestration and Automation
© 2019 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward-Looking Statements
© 2019 SPLUNK INC. Incident Response Too many alerts Not enough insights Tools Too many No integration Skills Attracting Training Retaining Scale Orchestration & Automation Horizontal & Vertical Security Operations Practices Need to Change
© 2019 SPLUNK INC. Incident Response Challenge
© 2019 SPLUNK INC. Incident Response Takes Significant Time 5 Source: SANS 2017 Incident Response Survey Time from compromise to detection Time from detection to containment Time from containment to remediation 1-3 months 2–7 days
© 2019 SPLUNK INC. Where Does Your Time Go? When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
© 2019 SPLUNK INC. Time-to-Contain + Time-to-Remediate = 86% When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
© 2019 SPLUNK INC. Tools
© 2019 SPLUNK INC. How many security tools and technologies does your company use? Poll #1
© 2019 SPLUNK INC. Tools and Technologies Galore Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017 TOO MANY TOOLS On average, organizations are using between 25 and 30 different security technologies and services.
© 2019 SPLUNK INC. Skills and Scale Orchestration and Automation
© 2019 SPLUNK INC. Orchestration ► Security Orchestration is the machine-based coordination of security actions across tools and technologies. ► Brings together or integrates different technologies and tools ► Provides the ability to coordinate informed decision making, formalize and automate responsive actions Automation ► Security Automation is the machine- based execution of security actions. ► Focus is on how to make machines do task-oriented "human work” ► Improve repetitive work, with high confidence in the outcome ► Allows multiple tasks or "playbooks" to potentially execute numerous tasks Orchestration vs. Automation
© 2019 SPLUNK INC. Do you use Security Orchestration Automation and Response (SOAR) ? Poll #2
© 2019 SPLUNK INC. Automation & Orchestration Adoption Growing Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
© 2019 SPLUNK INC. Security Nerve Center Overview
© 2019 SPLUNK INC. ANALYTICS ORCHESTRATION NETWORK THREAT INTELLIGENCE MOBILE ENDPOINTS IDENTITY AND ACCESS CLOUD SECURITY WAF AND APP SECURITY WEB PROXY FIREWALL Observe Decide Orient Act Security Nerve Center
© 2019 SPLUNK INC. Splunk Security Portfolio Enterprise Security 3rd Party Apps & Add-ons (900+) User Behavior Analytics Platform for Operational Intelligence Network data Exchange dataES Content Update PCI Compliance Search and Investigate Monitoring & Alerting Dashboards and Reports Incident & Breach Response Splunk Security Apps & Add-ons Security Essentials App for AWS Google Cloud Microsoft Cloud Discover Anomalous Behavior Detect Unknown Threats Automation & Orchestration Threat Detection Security Operations Phantom Premium Solutions
© 2019 SPLUNK INC. Adaptive Operations Framework Partner ecosystem enables the Security Nerve Center Mission Deeply integrate with the best security technologies to improve cyber defenses and maximize operational efficiency. Approach Gather, analyze, share, and take action using end-to-end context across across multiple security domains. NETWORK THREAT INTELLIGENCE ENDPOINTS IDENTITY AND ACCESS CLOUD SECURITY WAF AND APP SECURITY WEB PROXY FIREWALL Splunkbase Apps & Add-Ons Splunk Enterprise Security Adaptive Response Actions Splunk Phantom Apps & Playbooks DATA / ANALYTICS OPERATIONS 240+ INTEGRATIONS / 1,200+ APIS
© 2019 SPLUNK INC. Phantom Security Operations
© 2019 SPLUNK INC. Operationalizing Security With Phantom Integrate your team, processes, and tools together. Work smarter by automating repetitive tasks allowing analysts to focus on more mission-critical tasks. Respond faster and reduce dwell times with automated detection, investigation, and response. Strengthen defenses by integrating existing security infrastructure together so that each part is an active participant.
© 2019 SPLUNK INC. Automation Automate repetitive tasks to force multiply team efforts. Execute automated actions in seconds versus hours. Pre-fetch intelligence to support decision making.
© 2019 SPLUNK INC. 200+ APPS & GROWING 1000+ API’S Orchestration Coordinate complex workflows across your SOC.
© 2019 SPLUNK INC. Collaboration Communicate without losing context of the mission. Share items of interest with your team. Tap into collective knowledge with Phantom Mission Experts™.
© 2019 SPLUNK INC. Event Management Triage the most relevant events first. Eliminate noise from your workload. Escalate verified events to a formal case.
© 2019 SPLUNK INC. Create case templates that replicate your SOPs. Manage your response to threats with precision. Embed automation within a case task. Case Management
© 2019 SPLUNK INC. Quickly assess operational status and team performance. Conduct post-mortem case review. Demonstrate return on your organization's security investment. Reporting & Metrics
© 2019 SPLUNK INC. SplunkSANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT A Phantom Case Study “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” Adam Fletcher CISO How it Works Automated Malware Investigation
© 2019 SPLUNK INC. DEMO
© 2019 SPLUNK INC. 1. Use Phantom with Splunk or Splunk Enterprise Security to accelerate Incident Investigation and Response 2. Use Adaptive Operations Framework to realize your security nerve center 3. Splunk offers market proven, comprehensive solutions for Incident Response 4. Use with all Security domains and related IT domains to solve incident response use cases and more Splunk offers options to accelerate incident response with orchestration and automation Key Takeaways
© 2019 SPLUNK INC. https://usergroups.splunk.com/ Check website for upcoming events [CITY] Area User Group Connect with Local Splunkers Get More Information Here at the SplunkZone
© 2019 SPLUNK INC.© 2019 SPLUNK INC. Thank You.

Empfohlen

Einführung in Security Analytics Methoden
Einführung in Security Analytics MethodenEinführung in Security Analytics Methoden
Einführung in Security Analytics Methoden
Splunk
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
Splunk
 
Splunk4Leaders: How to Supercharge your Decision Making Capability
Splunk4Leaders: How to Supercharge your Decision Making CapabilitySplunk4Leaders: How to Supercharge your Decision Making Capability
Splunk4Leaders: How to Supercharge your Decision Making Capability
Splunk
 
Machine Learning in Action
Machine Learning in Action Machine Learning in Action
Machine Learning in Action
Splunk
 
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + MLGet More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + ML
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und AutomationSplunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und Automation
Splunk
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in Action
Splunk
 

Empfohlen

Einführung in Security Analytics Methoden
Einführung in Security Analytics MethodenEinführung in Security Analytics Methoden
Einführung in Security Analytics Methoden
Splunk
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
Splunk
 
Splunk4Leaders: How to Supercharge your Decision Making Capability
Splunk4Leaders: How to Supercharge your Decision Making CapabilitySplunk4Leaders: How to Supercharge your Decision Making Capability
Splunk4Leaders: How to Supercharge your Decision Making Capability
Splunk
 
Machine Learning in Action
Machine Learning in Action Machine Learning in Action
Machine Learning in Action
Splunk
 
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + MLGet More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + ML
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und AutomationSplunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und Automation
Splunk
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in Action
Splunk
 
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Splunk
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
Splunk
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
Splunk
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSIVorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Splunk
 
"Splunk Worst Practices"... und wie man diese behebt
"Splunk Worst Practices"... und wie man diese behebt"Splunk Worst Practices"... und wie man diese behebt
"Splunk Worst Practices"... und wie man diese behebt
Splunk
 
Turning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk PlatformTurning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk Platform
Splunk
 
Extending Splunk to Business use cases with Process Mining
Extending Splunk to Business use cases with Process MiningExtending Splunk to Business use cases with Process Mining
Extending Splunk to Business use cases with Process Mining
Splunk
 
Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting
Splunk
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud
Splunk
 
Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Turning Data into Business outcomes
Turning Data into Business outcomes Turning Data into Business outcomes
Turning Data into Business outcomes
Splunk
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Splunk
 

Weitere ähnliche Inhalte

Was ist angesagt?

Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
 

Was ist angesagt? (16)

Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
 
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform ReleaseWhat's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSIVorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
 
"Splunk Worst Practices"... und wie man diese behebt
"Splunk Worst Practices"... und wie man diese behebt"Splunk Worst Practices"... und wie man diese behebt
"Splunk Worst Practices"... und wie man diese behebt
 
Turning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk PlatformTurning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk Platform
 
Extending Splunk to Business use cases with Process Mining
Extending Splunk to Business use cases with Process MiningExtending Splunk to Business use cases with Process Mining
Extending Splunk to Business use cases with Process Mining
 
Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting
 
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
 
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not HarderMake Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud
 
Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2 Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
 
Turning Data into Business outcomes
Turning Data into Business outcomes Turning Data into Business outcomes
Turning Data into Business outcomes
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods
 

Ähnlich wie Accelerate Incident Response with Orchestration & Automation

SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
Splunk
 

Ähnlich wie Accelerate Incident Response with Orchestration & Automation (20)

Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
Abenteuer bei Monitoring und Troubleshooting
Abenteuer bei Monitoring und TroubleshootingAbenteuer bei Monitoring und Troubleshooting
Abenteuer bei Monitoring und Troubleshooting
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics MethodsSpliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in Action
 
Machine Learning in Action
Machine Learning in Action Machine Learning in Action
Machine Learning in Action
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
 
Sec1391
Sec1391Sec1391
Sec1391
 

Mehr von Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

Mehr von Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Kürzlich hochgeladen (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Accelerate Incident Response with Orchestration & Automation

  • 1. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Accelerate Incident Response Using Orchestration and Automation
  • 2. © 2019 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 3. © 2019 SPLUNK INC. Incident Response Too many alerts Not enough insights Tools Too many No integration Skills Attracting Training Retaining Scale Orchestration & Automation Horizontal & Vertical Security Operations Practices Need to Change
  • 4. © 2019 SPLUNK INC. Incident Response Challenge
  • 5. © 2019 SPLUNK INC. Incident Response Takes Significant Time 5 Source: SANS 2017 Incident Response Survey Time from compromise to detection Time from detection to containment Time from containment to remediation 1-3 months 2–7 days
  • 6. © 2019 SPLUNK INC. Where Does Your Time Go? When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
  • 7. © 2019 SPLUNK INC. Time-to-Contain + Time-to-Remediate = 86% When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
  • 8. © 2019 SPLUNK INC. Tools
  • 9. © 2019 SPLUNK INC. How many security tools and technologies does your company use? Poll #1
  • 10. © 2019 SPLUNK INC. Tools and Technologies Galore Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017 TOO MANY TOOLS On average, organizations are using between 25 and 30 different security technologies and services.
  • 11. © 2019 SPLUNK INC. Skills and Scale Orchestration and Automation
  • 12. © 2019 SPLUNK INC. Orchestration ► Security Orchestration is the machine-based coordination of security actions across tools and technologies. ► Brings together or integrates different technologies and tools ► Provides the ability to coordinate informed decision making, formalize and automate responsive actions Automation ► Security Automation is the machine- based execution of security actions. ► Focus is on how to make machines do task-oriented "human work” ► Improve repetitive work, with high confidence in the outcome ► Allows multiple tasks or "playbooks" to potentially execute numerous tasks Orchestration vs. Automation
  • 13. © 2019 SPLUNK INC. Do you use Security Orchestration Automation and Response (SOAR) ? Poll #2
  • 14. © 2019 SPLUNK INC. Automation & Orchestration Adoption Growing Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
  • 15. © 2019 SPLUNK INC. Security Nerve Center Overview
  • 16. © 2019 SPLUNK INC. ANALYTICS ORCHESTRATION NETWORK THREAT INTELLIGENCE MOBILE ENDPOINTS IDENTITY AND ACCESS CLOUD SECURITY WAF AND APP SECURITY WEB PROXY FIREWALL Observe Decide Orient Act Security Nerve Center
  • 17. © 2019 SPLUNK INC. Splunk Security Portfolio Enterprise Security 3rd Party Apps & Add-ons (900+) User Behavior Analytics Platform for Operational Intelligence Network data Exchange dataES Content Update PCI Compliance Search and Investigate Monitoring & Alerting Dashboards and Reports Incident & Breach Response Splunk Security Apps & Add-ons Security Essentials App for AWS Google Cloud Microsoft Cloud Discover Anomalous Behavior Detect Unknown Threats Automation & Orchestration Threat Detection Security Operations Phantom Premium Solutions
  • 18. © 2019 SPLUNK INC. Adaptive Operations Framework Partner ecosystem enables the Security Nerve Center Mission Deeply integrate with the best security technologies to improve cyber defenses and maximize operational efficiency. Approach Gather, analyze, share, and take action using end-to-end context across across multiple security domains. NETWORK THREAT INTELLIGENCE ENDPOINTS IDENTITY AND ACCESS CLOUD SECURITY WAF AND APP SECURITY WEB PROXY FIREWALL Splunkbase Apps & Add-Ons Splunk Enterprise Security Adaptive Response Actions Splunk Phantom Apps & Playbooks DATA / ANALYTICS OPERATIONS 240+ INTEGRATIONS / 1,200+ APIS
  • 19. © 2019 SPLUNK INC. Phantom Security Operations
  • 20. © 2019 SPLUNK INC. Operationalizing Security With Phantom Integrate your team, processes, and tools together. Work smarter by automating repetitive tasks allowing analysts to focus on more mission-critical tasks. Respond faster and reduce dwell times with automated detection, investigation, and response. Strengthen defenses by integrating existing security infrastructure together so that each part is an active participant.
  • 21. © 2019 SPLUNK INC. Automation Automate repetitive tasks to force multiply team efforts. Execute automated actions in seconds versus hours. Pre-fetch intelligence to support decision making.
  • 22. © 2019 SPLUNK INC. 200+ APPS & GROWING 1000+ API’S Orchestration Coordinate complex workflows across your SOC.
  • 23. © 2019 SPLUNK INC. Collaboration Communicate without losing context of the mission. Share items of interest with your team. Tap into collective knowledge with Phantom Mission Experts™.
  • 24. © 2019 SPLUNK INC. Event Management Triage the most relevant events first. Eliminate noise from your workload. Escalate verified events to a formal case.
  • 25. © 2019 SPLUNK INC. Create case templates that replicate your SOPs. Manage your response to threats with precision. Embed automation within a case task. Case Management
  • 26. © 2019 SPLUNK INC. Quickly assess operational status and team performance. Conduct post-mortem case review. Demonstrate return on your organization's security investment. Reporting & Metrics
  • 27. © 2019 SPLUNK INC. SplunkSANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT A Phantom Case Study “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” Adam Fletcher CISO How it Works Automated Malware Investigation
  • 28. © 2019 SPLUNK INC. DEMO
  • 29. © 2019 SPLUNK INC. 1. Use Phantom with Splunk or Splunk Enterprise Security to accelerate Incident Investigation and Response 2. Use Adaptive Operations Framework to realize your security nerve center 3. Splunk offers market proven, comprehensive solutions for Incident Response 4. Use with all Security domains and related IT domains to solve incident response use cases and more Splunk offers options to accelerate incident response with orchestration and automation Key Takeaways
  • 30. © 2019 SPLUNK INC. https://usergroups.splunk.com/ Check website for upcoming events [CITY] Area User Group Connect with Local Splunkers Get More Information Here at the SplunkZone
  • 31. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Thank You.