SlideShare a Scribd company logo

Bechtel Customer Presentation

Splunk
Splunk

Bechtel Customer Presentation

Technology
1 of 42
Copyright © 2014 Splunk Inc. Security Opera;ons: Hun$ng Wabbits, Possum, and APT Ryan Chapman Bechtel Corpora;on
2 Disclaimer During the course of this presenta;on, we may make forward looking statements regarding future events or the expected performance of the company. We cau;on you that such statements reflect our current expecta;ons and es;mates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward- looking statements made in the this presenta;on are being made as of the ;me and date of its live presenta;on. If reviewed aRer its live presenta;on, this presenta;on may not contain current or accurate informa;on. We do not assume any obliga;on to update any forward looking statements we may make. In addi;on, any informa;on about our roadmap outlines our general product direc;on and is subject to change at any ;me without no;ce. It is for informa;onal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obliga;on either to develop the features or func;onality described or to include any such feature or func;onality in a future release.
3 Agenda •  Intro to Bechtel •  Who’s This Guy? •  Overview of Security @ Bechtel •  Why Splunk? •  Hun$ng Tips and Tricks
4 Bechtel Corpora;on •  Largest Engineering, Construc;on, & PM Company in the U.S. •  55,400 colleagues | 25,000 projects | 160 countries | 7 con;nents •  Target Rich Environment – Global Threats •  2012 Goal: Develop World-Class SOC
5 Ryan J. Chapman •  Computer Incident Response Team (CIRT) –  Network Security Monitoring Analyst •  Incident Handler •  CIRT / SOC Liaison •  “Did You Check Splunk?” Guy ê  No, Really. Did You Check Splunk? @rj_chap
6 It Takes A Village! •  We ALL Par$cipate in Hun$ng •  Bechtel SOC & CIRT –  SOC: Time Allocated –  CIRT: Required During On-Call •  Tribal Training + “Security Blitz” + “Tech Talks” •  Example of a Rockstar: –  Keith Tyler (@keithtyler) ê FANTASTIC Hunter!
Security @ Bechtel
8 Post Remedia;on Structure
9 APT Events Use Case BEFORE SPLUNK AFTER SPLUNK Event Escala$on to CIRT • 99% of Events • 2013-2014: < 3% • 2015: < 1% APT Events Detected •  1 APT Event •  2013: 269 APT Events •  2014: 82 APT Events
10 The Security Stack External Intense Monitoring Full Packet Capture DNS Protec$on Network Event Parsing Firewall Applica$on Firewall Email Blocking Behavior Analysis APT Detec$on Forensics AV Log Forwarding Remediate Detect Respond Deter
11 Why Splunk? •  Beuer than GREP? •  Parsing Individual Logs? –  2.35TB/day License •  Primary Uses: –  Alert Genera;on –  Incident Handling / Response ê  The “5 W’s” –  HUNTING Because it’s Awesome!
12 Obligatory Splunk Quote “We wouldn’t be able to do our jobs without Splunk.”
Hun;ng Tac;cs
14 •  Ask Ques;ons –  BE INQUISITIVE NOSY –  Read Ar;cles / Twiuer / OSINT •  Develop Queries –  Create Baselines / Tune Queries •  Implement Saved Searches •  Allocate Time for Hun$ng The Hunter Mentality Be like water… but also mimic a nosy neighbor
Go Home Word, You’re Drunk
16 Word Up! Tell Your Brother, Your Sister, and Your Momma Too… •  Word Files = Common Carrier File •  Easy to Weaponize –  VBA / Macro –  CVE-based Exploit (Metasploit) •  Weaponized Files Launch… –  All The Things Q: Is Word Launching… Stuff?
17 The Sobriety Test index=wls* EventID=4688 CreatorProcessName="WINWORD" Signed=False NOT (NewProcessName="C:Windows*" OR NewProcessName="C:Progra*") | table _time, host, SubjectUserName, BaseFileName, CommandLine, NewProcessName, MD5 NOTE: “Audit Process Crea0on” must be enabled
18 Test Results: INEBRIATED _$me host Base FileName NewProcessName MD5 11/9/15 15:35 [DERP] Purchase Order rd2015 oct-dec #40098.exe C:Users[DERP] AppDataLocal TempPurchase Order rd2015 oct- dec #40098.exe EFF6EBFD48A 669FE9C2E62 B0E82561CE
19 What’cha Drinking?
20 What About Malicious Scripts? THE LAUNCH CODES ARE BAD! DO NOT LAUNCH! •  Common Script Handlers: –  cscript / wscript / powershell ß These Run Scripts •  Carrier File Handlers: –  Word (doc) –  Excel (xls) –  PowerPoint (ppt) –  Adobe Reader (pdf) –  Etc.
21 The Pwnie Express index=wls EventID=4688 (CommandLine="*cscript*" OR CommandLine="*wscript*" OR CommandLine="*powershell*") (CreatorProcessName="WINWORD" OR CreatorProcessName="POWERPNT" OR CreatorProcessName="EXCEL" OR CreatorProcessName="Adobe*") | table _time, host, SubjectUserName, CreatorProcessName, BaseFileName, CommandLine ‘Cause They Are Carrier Files!
22 I “C” A Script _$me host Creator Process Name Base FileName CommandLine 01/24/16 22:49:03 [DERP] EXCEL cscript.exe cscript 'C:Users [DERP]Desktop Databases_Public Loto Permit Excel reg_seing.vbs'
Scheduled Tasks via at.exe
24 Scheduled Tasks SCHTASKS vs. AT •  schtasks.exe – Common Task Scheduler/Viewer •  at.exe –  Deprecated, but Available Through Windows 7 –  Historically Used for Privilege Escala;on (WinXP) ê Ajackers S$ll Love It (Older Admins Too) –  Creates `%System_Root%/Tasks/at[0-9].job` Files ê Sweep Enterprise for These & Analyze! Q: Anyone Running at.exe?
25 The Query Anyone Running at.exe? index=wls EventID=4688 BaseFileName="at.exe" CommandLine="*" NOT BaseFileName="[known good]" NOT CommandLine="[known good]" | table …
26 Nothing Silly Recently But A Few Years Ago… _$me host Base FileName CommandLine Creator Process Name 06/06/11 04:01 [DERP] at.exe at 04:03 /interac$ve cmd /c cmd.exe cmd
Remote Powershell
28 PowerShell Shenanigans Auackers LOVE PowerShell   Why Are Auackers Using PowerShell? –  Powerful, Built-in Tool – (Nearly) Always Available –  Can Execute in Memory (Diskless) –  Easy to Avoid Detec;on ê A Hacker’s Best Toolkit = Tools on the Box!   PowerShell is a Growing Concern –  See: PowerSploit Framework
29 PowerShell Snooping Brainstorming   Discussion: Event Code 4688 vs. 4103/4   We Already Look for Encoded PS Commands –  See: “Splunk Live! Santa Clara 2015” Talk   What About Remote PS Access Methods? –  PowerShell Can Run Remote Scripts Q: Is Anyone Running Remote PS Commands?
30 Remote PowerShell Just a Few Samples…   Common Remote Methods: Get-Service winrm Enable-PSRemoting New-PSSession Enter-PSSession Invoke-Command –computername General use of: –computer NOTE: -computer can specify 127.0.0.1)
31 PowerShell: WSMan
32 PowerShell Search Remote Methods = Auacker’s Forte index=wls* EventID=4688 BaseFileName=powershell.exe (CommandLine="*winrm*" OR CommandLine="*psremoting*" OR CommandLine="*pssession*" OR CommandLine="*invoke-command*" OR CommandLine="*wsman*" [OR CommandLine="*-computer*"]) | table …
33 PowerShellMafia’s PowerSploit Dirty Dirty Tricks   Open Source PowerShell Auack Framework –  Becoming More and More Common   We Can Enumerate All PowerSploit PS Modules –  And Look For Them ê  And yell/cry/smile if we find any Q: Is Anyone Running PowerSploit? (BETTER NOT BE!)
34 “A PowerShell Post-Exploita;on Framework”
35 Enumerated PowerSploit Modules index=wls* EventID=4688 (BaseFileName=powershell.exe OR BaseFileName=cmd.exe) (CommandLine="*powersploit*" OR CommandLine="*Invoke-DllInjection*" OR CommandLine="*Invoke-ReflectivePEInjection*" OR CommandLine="*Invoke-Shellcode*" OR CommandLine="*Invoke-WmiCommand*" OR CommandLine="*Out-EncodedCommand*" OR CommandLine="*Out-CompressedDll*" OR CommandLine="*Out-EncryptedScript*" OR CommandLine="*Remove-Comments*" OR CommandLine="*New-UserPersistenceOption*" OR CommandLine="*New-ElevatedPersistenceOption*" OR CommandLine="*Add-Persistence*" OR CommandLine="*Install-SSP*" OR CommandLine="*Get-SecurityPackages*" OR CommandLine="*Find-AVSignature*" OR CommandLine="*Invoke-TokenManipulation*" OR CommandLine="*Invoke-CredentialInjection*" OR CommandLine="*Invoke-NinjaCopy*" OR CommandLine="*Invoke-Mimikatz*" OR CommandLine="*Get-Keystrokes*" OR CommandLine="*Get-GPPPassword*" OR CommandLine="*Get-TimedScreenshot*" OR CommandLine="*New-VolumeShadowCopy*" OR CommandLine="*Get-VolumeShadowCopy*" OR CommandLine="*Mount-VolumeShadowCopy*" OR CommandLine="*Remove-VolumeShadowCopy*" OR CommandLine="*Get-VaultCredential*" OR CommandLine="*Out-Minidump*" OR CommandLine="*Set-MasterBootRecord*" OR CommandLine="*Set-CriticalProcess*" OR CommandLine="*PowerUp*" OR CommandLine="*Invoke-Portscan*" OR CommandLine="*Get- HttpStatus*" OR CommandLine="*Invoke-ReverseDnsLookup*" OR CommandLine="*PowerView*") | table …
Quick Example: Rogue svchost.exe
37 svchost.exe w/Bad Parent smss.exe -> wininit.exe -> services.exe -> svchost.exe index=wls EventID=4688 BaseFileName="svchost.exe" NOT CreatorProcessName="services" | table …
Quick Example: CLI> blah [IPv4] blah
39 IPv4 Addresses in CLI The Internet is a Scary Place index=wls* EventID=4688 CommandLine="*" NOT BaseFileName=cscript.exe OR BaseFileName=nslookup.exe OR BaseFileName=cmd.exe OR BaseFileName=ping.exe OR BaseFileName=nblookup.exe OR BaseFileName=route.exe) | regex CommandLine="sd{1,3}.d{1,3}. d{1,3}.d{1,3}s"
40 Recap & Takeaways •  Ask Ques$ons –  Read Ar$cles / Twijer Feeds / OSINT Reports / etc. –  “Does This Happen Here?” •  Develop Queries •  Establish Baselines –  Tune Over Time •  Create Saved Searches •  Allocate Time For Hun$ng! Keep Hun;n’!
41 Resources •  Windows Logging Service (WLS) Home Page –  By Jason McCord (@digira;82) –  hups://digira;82.com/wls-informa;on/ •  “Know your Windows Processes or Die Trying” –  Ar;cle by Patrick Olsen, 2014/01/18 –  hup://sysforensics.org/2014/01/know-your-windows-processes/ •  Bechtel Splunk Live! Santa Clara 2015 Preso –  hup://www.slideshare.net/Splunk/bechtel-customer-presenta;on Keep Hun;n’!
Thank You Security Opera;ons: Hun$ng Wabbits, Possum, and APT Ryan Chapman – @rj_chap Bechtel QUESTIONS?

Recommended

Spark streaming
Spark streamingSpark streaming
Spark streaming
Whiteklay
 
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Kai Wähner
 
Data Observability Best Pracices
Data Observability Best PracicesData Observability Best Pracices
Data Observability Best Pracices
Andy Petrella
 
Getting Data Quality Right
Getting Data Quality RightGetting Data Quality Right
Getting Data Quality Right
DATAVERSITY
 
An Apache Hive Based Data Warehouse
An Apache Hive Based Data WarehouseAn Apache Hive Based Data Warehouse
An Apache Hive Based Data Warehouse
DataWorks Summit
 
Data Lakehouse Symposium | Day 1 | Part 1
Data Lakehouse Symposium | Day 1 | Part 1Data Lakehouse Symposium | Day 1 | Part 1
Data Lakehouse Symposium | Day 1 | Part 1
Databricks
 
Data science - An Introduction
Data science - An IntroductionData science - An Introduction
Data science - An Introduction
Ravishankar Rajagopalan
 
Data Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache ArrowData Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache Arrow
Databricks
 

Recommended

Spark streaming
Spark streamingSpark streaming
Spark streaming
Whiteklay
 
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Data Warehouse vs. Data Lake vs. Data Streaming – Friends, Enemies, Frenemies?
Kai Wähner
 
Data Observability Best Pracices
Data Observability Best PracicesData Observability Best Pracices
Data Observability Best Pracices
Andy Petrella
 
Getting Data Quality Right
Getting Data Quality RightGetting Data Quality Right
Getting Data Quality Right
DATAVERSITY
 
An Apache Hive Based Data Warehouse
An Apache Hive Based Data WarehouseAn Apache Hive Based Data Warehouse
An Apache Hive Based Data Warehouse
DataWorks Summit
 
Data Lakehouse Symposium | Day 1 | Part 1
Data Lakehouse Symposium | Day 1 | Part 1Data Lakehouse Symposium | Day 1 | Part 1
Data Lakehouse Symposium | Day 1 | Part 1
Databricks
 
Data science - An Introduction
Data science - An IntroductionData science - An Introduction
Data science - An Introduction
Ravishankar Rajagopalan
 
Data Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache ArrowData Science Across Data Sources with Apache Arrow
Data Science Across Data Sources with Apache Arrow
Databricks
 
TigerGraph UI Toolkits Financial Crimes
TigerGraph UI Toolkits Financial CrimesTigerGraph UI Toolkits Financial Crimes
TigerGraph UI Toolkits Financial Crimes
TigerGraph
 
Managed Feature Store for Machine Learning
Managed Feature Store for Machine LearningManaged Feature Store for Machine Learning
Managed Feature Store for Machine Learning
Logical Clocks
 
Big Data Fabric Capability Maturity Model
Big Data Fabric Capability Maturity ModelBig Data Fabric Capability Maturity Model
Big Data Fabric Capability Maturity Model
Ross Collins
 
Data Federation with Apache Spark
Data Federation with Apache SparkData Federation with Apache Spark
Data Federation with Apache Spark
DataWorks Summit
 
High Dimensional Data Visualization
High Dimensional Data VisualizationHigh Dimensional Data Visualization
High Dimensional Data Visualization
Fabian Keller
 
Business case for Big Data Analytics
Business case for Big Data AnalyticsBusiness case for Big Data Analytics
Business case for Big Data Analytics
Vijay Rao
 
Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017
Michelle Ufford
 
Big data unit 2
Big data unit 2Big data unit 2
Big data unit 2
RojaT4
 
Intro to Delta Lake
Intro to Delta LakeIntro to Delta Lake
Intro to Delta Lake
Databricks
 
Fraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business AuthorityFraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business Authority
Neo4j
 
A glimpse of cassandra 4.0 features netflix
A glimpse of cassandra 4.0 features netflixA glimpse of cassandra 4.0 features netflix
A glimpse of cassandra 4.0 features netflix
Vinay Kumar Chella
 
Netflix Data Engineering @ Uber Engineering Meetup
Netflix Data Engineering @ Uber Engineering MeetupNetflix Data Engineering @ Uber Engineering Meetup
Netflix Data Engineering @ Uber Engineering Meetup
Blake Irvine
 
Building Scalable Data Pipelines - 2016 DataPalooza Seattle
Building Scalable Data Pipelines - 2016 DataPalooza SeattleBuilding Scalable Data Pipelines - 2016 DataPalooza Seattle
Building Scalable Data Pipelines - 2016 DataPalooza Seattle
Evan Chan
 
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solutionDifferentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
James Serra
 
Data council sf amundsen presentation
Data council sf amundsen presentationData council sf amundsen presentation
Data council sf amundsen presentation
Tao Feng
 
Data Lake Architektur: Von den Anforderungen zur Technologie
Data Lake Architektur: Von den Anforderungen zur TechnologieData Lake Architektur: Von den Anforderungen zur Technologie
Data Lake Architektur: Von den Anforderungen zur Technologie
Jens Albrecht
 
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
Spark Summit
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data Warehouse
Snowflake Computing
 
What are data products and why are they different from other products?
What are data products and why are they different from other products?What are data products and why are they different from other products?
What are data products and why are they different from other products?
inovex GmbH
 
The columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache ArrowThe columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache Arrow
DataWorks Summit
 
Bechtel Customer Presentation
Bechtel Customer PresentationBechtel Customer Presentation
Bechtel Customer Presentation
Splunk
 
Bechtel epc
Bechtel epcBechtel epc
Bechtel epc
Subhash Chandra
 

More Related Content

What's hot

Managed Feature Store for Machine Learning
Managed Feature Store for Machine LearningManaged Feature Store for Machine Learning
Managed Feature Store for Machine Learning
Logical Clocks
 
Data Federation with Apache Spark
Data Federation with Apache SparkData Federation with Apache Spark
Data Federation with Apache Spark
DataWorks Summit
 
Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017
Michelle Ufford
 
Fraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business AuthorityFraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business Authority
Neo4j
 
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solutionDifferentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
James Serra
 
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
Spark Summit
 
The columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache ArrowThe columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache Arrow
DataWorks Summit
 

What's hot (20)

TigerGraph UI Toolkits Financial Crimes
TigerGraph UI Toolkits Financial CrimesTigerGraph UI Toolkits Financial Crimes
TigerGraph UI Toolkits Financial Crimes
 
Managed Feature Store for Machine Learning
Managed Feature Store for Machine LearningManaged Feature Store for Machine Learning
Managed Feature Store for Machine Learning
 
Big Data Fabric Capability Maturity Model
Big Data Fabric Capability Maturity ModelBig Data Fabric Capability Maturity Model
Big Data Fabric Capability Maturity Model
 
Data Federation with Apache Spark
Data Federation with Apache SparkData Federation with Apache Spark
Data Federation with Apache Spark
 
High Dimensional Data Visualization
High Dimensional Data VisualizationHigh Dimensional Data Visualization
High Dimensional Data Visualization
 
Business case for Big Data Analytics
Business case for Big Data AnalyticsBusiness case for Big Data Analytics
Business case for Big Data Analytics
 
Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017Data Engineering Efficiency @ Netflix - Strata 2017
Data Engineering Efficiency @ Netflix - Strata 2017
 
Big data unit 2
Big data unit 2Big data unit 2
Big data unit 2
 
Intro to Delta Lake
Intro to Delta LakeIntro to Delta Lake
Intro to Delta Lake
 
Fraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business AuthorityFraud Detection with Graphs at the Danish Business Authority
Fraud Detection with Graphs at the Danish Business Authority
 
A glimpse of cassandra 4.0 features netflix
A glimpse of cassandra 4.0 features netflixA glimpse of cassandra 4.0 features netflix
A glimpse of cassandra 4.0 features netflix
 
Netflix Data Engineering @ Uber Engineering Meetup
Netflix Data Engineering @ Uber Engineering MeetupNetflix Data Engineering @ Uber Engineering Meetup
Netflix Data Engineering @ Uber Engineering Meetup
 
Building Scalable Data Pipelines - 2016 DataPalooza Seattle
Building Scalable Data Pipelines - 2016 DataPalooza SeattleBuilding Scalable Data Pipelines - 2016 DataPalooza Seattle
Building Scalable Data Pipelines - 2016 DataPalooza Seattle
 
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solutionDifferentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
 
Data council sf amundsen presentation
Data council sf amundsen presentationData council sf amundsen presentation
Data council sf amundsen presentation
 
Data Lake Architektur: Von den Anforderungen zur Technologie
Data Lake Architektur: Von den Anforderungen zur TechnologieData Lake Architektur: Von den Anforderungen zur Technologie
Data Lake Architektur: Von den Anforderungen zur Technologie
 
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
A Tale of Two Graph Frameworks on Spark: GraphFrames and Tinkerpop OLAP Artem...
 
Introducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data WarehouseIntroducing the Snowflake Computing Cloud Data Warehouse
Introducing the Snowflake Computing Cloud Data Warehouse
 
What are data products and why are they different from other products?
What are data products and why are they different from other products?What are data products and why are they different from other products?
What are data products and why are they different from other products?
 
The columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache ArrowThe columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache Arrow
 

Viewers also liked

Building a community of practice around higher ed for sustainabiltiy in asia ...
Building a community of practice around higher ed for sustainabiltiy in asia ...Building a community of practice around higher ed for sustainabiltiy in asia ...
Building a community of practice around higher ed for sustainabiltiy in asia ...
Michelle Merrill
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
devilback
 
1257103560 X Mp Lantand Iso15926 Oct2009
1257103560 X Mp Lantand Iso15926 Oct20091257103560 X Mp Lantand Iso15926 Oct2009
1257103560 X Mp Lantand Iso15926 Oct2009
Giorgio Amici
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
Splunk
 

Viewers also liked (20)

Bechtel Customer Presentation
Bechtel Customer PresentationBechtel Customer Presentation
Bechtel Customer Presentation
 
Bechtel epc
Bechtel epcBechtel epc
Bechtel epc
 
Splunk Enterprise for InfoSec Hands-On
Splunk Enterprise for InfoSec Hands-OnSplunk Enterprise for InfoSec Hands-On
Splunk Enterprise for InfoSec Hands-On
 
2017 STS - BECHTEL’S INNOVATIVE “ENGINEERED LOGISTICS” APPROACH FOR TRANSPORT...
2017 STS - BECHTEL’S INNOVATIVE “ENGINEERED LOGISTICS” APPROACH FOR TRANSPORT...2017 STS - BECHTEL’S INNOVATIVE “ENGINEERED LOGISTICS” APPROACH FOR TRANSPORT...
2017 STS - BECHTEL’S INNOVATIVE “ENGINEERED LOGISTICS” APPROACH FOR TRANSPORT...
 
Splunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout SessionSplunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout Session
 
Mobile Applications
Mobile ApplicationsMobile Applications
Mobile Applications
 
DJP_Asset+information
DJP_Asset+informationDJP_Asset+information
DJP_Asset+information
 
Building a community of practice around higher ed for sustainabiltiy in asia ...
Building a community of practice around higher ed for sustainabiltiy in asia ...Building a community of practice around higher ed for sustainabiltiy in asia ...
Building a community of practice around higher ed for sustainabiltiy in asia ...
 
A Strategy For Standing Up A Successful Employee Resource Group
A Strategy For Standing Up A Successful Employee Resource GroupA Strategy For Standing Up A Successful Employee Resource Group
A Strategy For Standing Up A Successful Employee Resource Group
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
1257103560 X Mp Lantand Iso15926 Oct2009
1257103560 X Mp Lantand Iso15926 Oct20091257103560 X Mp Lantand Iso15926 Oct2009
1257103560 X Mp Lantand Iso15926 Oct2009
 
Dr. amjad bangash bechtel
Dr. amjad bangash bechtelDr. amjad bangash bechtel
Dr. amjad bangash bechtel
 
Workshop threat-hunting
Workshop threat-huntingWorkshop threat-hunting
Workshop threat-hunting
 
Bechtel project planning example
Bechtel project planning exampleBechtel project planning example
Bechtel project planning example
 
LNG PROCESS
LNG PROCESSLNG PROCESS
LNG PROCESS
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016
 
Bechtel On OpenID and OAuth from Cloud Identity Summit
Bechtel On OpenID and OAuth from Cloud Identity SummitBechtel On OpenID and OAuth from Cloud Identity Summit
Bechtel On OpenID and OAuth from Cloud Identity Summit
 
ASGARD Splunk Conf 2016
ASGARD Splunk Conf 2016ASGARD Splunk Conf 2016
ASGARD Splunk Conf 2016
 

Similar to Bechtel Customer Presentation

5 Ways to Improve your Security Posture with Splunk Enterprise Security
5 Ways to Improve your Security Posture with Splunk Enterprise Security5 Ways to Improve your Security Posture with Splunk Enterprise Security
5 Ways to Improve your Security Posture with Splunk Enterprise Security
Splunk
 
SplunkLive DC April 2016 - Operationalizing Machine Learning
SplunkLive DC April 2016 - Operationalizing Machine LearningSplunkLive DC April 2016 - Operationalizing Machine Learning
SplunkLive DC April 2016 - Operationalizing Machine Learning
Tom LaGatta
 
Deception-Triggered Security Data Science to Detect Adversary Movements
Deception-Triggered Security Data Science to Detect Adversary MovementsDeception-Triggered Security Data Science to Detect Adversary Movements
Deception-Triggered Security Data Science to Detect Adversary Movements
Satnam Singh
 

Similar to Bechtel Customer Presentation (20)

Machine Learning + Analytics in Splunk
Machine Learning + Analytics in SplunkMachine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
5 Ways to Improve your Security Posture with Splunk Enterprise Security
5 Ways to Improve your Security Posture with Splunk Enterprise Security5 Ways to Improve your Security Posture with Splunk Enterprise Security
5 Ways to Improve your Security Posture with Splunk Enterprise Security
 
Machine Learning + Analytics
Machine Learning + AnalyticsMachine Learning + Analytics
Machine Learning + Analytics
 
Splunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-On
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBA
 
SplunkLive DC April 2016 - Operationalizing Machine Learning
SplunkLive DC April 2016 - Operationalizing Machine LearningSplunkLive DC April 2016 - Operationalizing Machine Learning
SplunkLive DC April 2016 - Operationalizing Machine Learning
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Experian Customer Presentation
Experian Customer PresentationExperian Customer Presentation
Experian Customer Presentation
 
Deception-Triggered Security Data Science to Detect Adversary Movements
Deception-Triggered Security Data Science to Detect Adversary MovementsDeception-Triggered Security Data Science to Detect Adversary Movements
Deception-Triggered Security Data Science to Detect Adversary Movements
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in SplunkMachine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
 
SplunkLive Perth Machine Learning & Analytics
SplunkLive Perth Machine Learning & AnalyticsSplunkLive Perth Machine Learning & Analytics
SplunkLive Perth Machine Learning & Analytics
 
SplunkLive Melbourne Machine Learning & Analytics
SplunkLive Melbourne Machine Learning & AnalyticsSplunkLive Melbourne Machine Learning & Analytics
SplunkLive Melbourne Machine Learning & Analytics
 
SplunkLive Canberra Machine Learning & Analytics
SplunkLive Canberra Machine Learning & AnalyticsSplunkLive Canberra Machine Learning & Analytics
SplunkLive Canberra Machine Learning & Analytics
 
SplunkLive Perth Machine Learning & Analytics
SplunkLive Perth Machine Learning & AnalyticsSplunkLive Perth Machine Learning & Analytics
SplunkLive Perth Machine Learning & Analytics
 
SplunkLive Melbourne Machine Learning & Analytics
SplunkLive Melbourne Machine Learning & AnalyticsSplunkLive Melbourne Machine Learning & Analytics
SplunkLive Melbourne Machine Learning & Analytics
 
SplunkLive Sydney Machine Learning & Analytics
SplunkLive Sydney Machine Learning & AnalyticsSplunkLive Sydney Machine Learning & Analytics
SplunkLive Sydney Machine Learning & Analytics
 
SplunkLive Canberra Machine Learning & Analytics
SplunkLive Canberra Machine Learning & AnalyticsSplunkLive Canberra Machine Learning & Analytics
SplunkLive Canberra Machine Learning & Analytics
 
SplunkLive Sydney Machine Learning & Analytics
SplunkLive Sydney Machine Learning & AnalyticsSplunkLive Sydney Machine Learning & Analytics
SplunkLive Sydney Machine Learning & Analytics
 

More from Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 

Bechtel Customer Presentation

Editor's Notes

  1. Global reach = Global threats
  2. NOT TIER 1/2!!!!
  3. Remove 2015??