SlideShare ist ein Scribd-Unternehmen logo

Operationalizing Security Intelligence

Splunk
Splunk

This document summarizes an presentation about operationalizing security intelligence. It discusses three key aspects: 1. Using risk-based analytics to prioritize alerts based on correlating events over time and assigning risk scores to hosts. This helps determine which alerts require immediate investigation. 2. Adding context to alerts by integrating data from different technologies, matching context, and acquiring additional context through APIs. This provides more insight into prioritizing alerts. 3. Connecting security data with people by enabling human-mediated automation, collaboration, free-form investigation through interactive views and workflows. This allows leveraging all security data and human intuition in investigations. The presentation promotes operationalizing security intelligence through these approaches and evaluating Spl

Technologie
1 von 45
Operationalizing Security Intelligence Matthias Maier CISSP, CEH, Product Marketing Manager
Who I am • Now Product Marketing Manager EMEA • 8 Years Consultant Security + Big Data • 3+ Years at Splunk, McAfee (Intel Security), Tibco LogLogic • worked with top organizations across industries advising customers • CISSP, Certified ethical Hacker
3 Make machine data accessible, usable and valuable to everyone. 3
4 Turning Machine Data Into Business Value Index Untapped Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance and Fraud IT Operations Business Analytics Internet of Things and Industrial Data
SECURITY USE CASES In SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS MONITORING OF UNKNOWN, ADVANCED THREATS INCIDENT INVESTIGATIONS & FORENSICS INSIDER THREAT Splunk Can Complement OR Replace an Existing SIEM INSIDER THREAT
Disclaimer 6 During the course of this presentation, we may make forward looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release.
Agenda The super hero and the fish market – a short story What is Security Intelligence Examples of Operationalizing Security Intelligence Call to action
https://i.ytimg.com/vi/4GmMNF1b0Lw/maxresdefault.jpg
http://www.technobuffalo.com/wp-content/uploads/2015/07/Xena.jpeg
https://epicheroism.files.wordpress.com/2013/09/k war-1680x1050.jpg
http://www.entrust.com/wp- content/uploads/2013/02/Entrust-MobileDemo- RSA20131.jpg
http://www.123rf.com/photo_30266410_seattle-july-5-customers-at-pike-place-fish-company-wait-to-order-fish-at-the-famous-seafood-market-.html
Lone hacker…
Organized Criminals
Crossing the Chasm
Crossing the Chasm
Security Intelligence Information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information. http://whatis.techtarget.com/definition/security-intelligence-SI
Security Intelligence Information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information. http://whatis.techtarget.com/definition/security-intelligence-SI
Intelligence Actionable information that provides an organization with decision support and possibly a strategic advantage. SI is a comprehensive approach that integrates multiple processes and practices designed to protect the organization. http://whatis.techtarget.com/definition/security-intelligence-SI
Intelligence Actionable information that provides an organization with decision support and possibly a strategic advantage. SI is a comprehensive approach that integrates multiple processes and practices designed to protect the organization. http://whatis.techtarget.com/definition/security-intelligence-SI
Operationalizing Security Intelligence
Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Worth an Investigation? Which one to investigate first?
Operationalizing Security Intelligence 1. Risk-Based 2. Context and Intelligence 3. Connecting People and Data 25
Network Endpoint Access Data Sources Threat Intelligence
Persist, Repeat Threat Intelligence Access/Identity Endpoint Network Attacker, know relay/C2 sites, infected sites, IOC, attack/campaign intent and attribution Where they went to, who talked to whom, attack transmitted, abnormal traffic, malware download What process is running (malicious, abnormal, etc.) Process owner, registry mods, attack/malware artifacts, patching level, attack susceptibility Access level, privileged users, likelihood of infection, where they might be in kill chain • Third-party threat intel • Open-source blacklist • Internal threat intelligence • Firewall, IDS, IPS • DNS • Email • Endpoint (AV/IPS/FW) • Malware detection • PCLM • DHCP • OS logs • Patching • Active Directory • LDAP • CMDB • Operating system • Database • VPN, AAA, SSO Data Sources Required • Web proxy • NetFlow • Network
Requirement 1: Risk Based Analytics
Risk Based Analytics Network Endpoint AccessThreat Intelligence Rules/String/Regex matching Statistical outliers and anomalies Session and Behavior profiling Scoring and aggregation
Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Worth an Investigation? Which one to investigate first?
Example - Situation Day 1 •Host A: IDS Signature Triggers •Source: Network IDS Day 5 •Host A: AV System Triggers •Source: AntiVirus Day 10 •Host A: Multiple failed logins from this host •Source: Active Directory Day 20 •Host A: accessing unusual network segments •Source: Network Traffic Correlation
Context: Risk Scoring Day 1 •Host A: IDS Signature Triggers •Source: Network IDS Day 5 •Host A: AV System Triggers •Source: AntiVirus Day 10 •Host A: Multiple failed logins from this host •Source: Active Directory Day 20 •Host A: accessing unusual network segments •Source: Network Traffic Correlation Risk Score Host A: 0 + 10 Risk Score Host A: 10 + 30 Risk Score Host A: 40 + 30 Risk Score Host A: 70 + 5
Requirement 2: Context and Intelligence
Context and Intelligence Integrate across technologies Automated context matching Automated context acquisition Post processing and post analysis Threat Intelligence Asset & CMDB API/SDK Integrations Data Stores Applications
Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Worth an Investigation? Which one to investigate first?
Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Risk Score Host A: 75 Risk Score Host B: 5 Worth an Investigation? Which one to investigate first?
Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Risk Score Host A: 75 Risk Score Host B: 5 System Owner: Juergen Klopp Location: Liverpool System Owner: Donald Duck Department: Duckburg Confidentiality Level: High Confidentiality Level: Low Worth an Investigation? Which one to investigate first?
http://www.entrust.com/wp-content/uploads/2013/02/Entrust-MobileDemo-RSA20131.jpg
Requirement 3: Connecting Data and People
Connecting People and Data Human mediated automation Sharing and collaboration Free form investigation – human intuition Interact with views and workflows Any data, all data Automation Collaboration Investigation Workflows All data
Visual Investigations – Kill Chain
Operationalizing Security Intelligence 1. Risk-Based 2. Context and Intelligence 3. Connecting People and Data 42
Crossing the Chasm
Call to action Today: • Visit the Splunk booth and get a live demo of an Incident Investigation • Pick up your free t-shirt • Get at 4pm free beer at the booth! Next 7 Days: • Try Splunk Cloud Enterprise Security Sandbox to explore hands on • Think about use cases or visibility gaps you have today that can be addressed! Next 90 Days: • Schedule a Splunk Workshop onsite to explore how you can mature your security program with the help of Machine Data
45 Thank You @Matthias_by

Empfohlen

Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBASplunk
 
Splunk 101
Splunk 101Splunk 101
Splunk 101Splunk
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Allot Communications
 
Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 

Empfohlen

Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBASplunk
 
Splunk 101
Splunk 101Splunk 101
Splunk 101Splunk
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Stefaan Van daele
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Allot Communications
 
Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityRobert Herjavec
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongDuo Security
 
Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerSecuring Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerDuo Security
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesDuo Security
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapRetail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapTripwire
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?sohailAhmad304
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DeviceWireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DevicePriyanka Aash
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for CybersecuritySplunk
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The PasswordPriyanka Aash
 
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 

Weitere ähnliche Inhalte

Was ist angesagt?

Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityRobert Herjavec
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threatsZscaler
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongDuo Security
 
Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerSecuring Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerDuo Security
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesDuo Security
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapRetail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapTripwire
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?sohailAhmad304
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DeviceWireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DevicePriyanka Aash
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for CybersecuritySplunk
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The PasswordPriyanka Aash
 

Was ist angesagt? (20)

Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
 
Stopping zero day threats
Stopping zero day threatsStopping zero day threats
Stopping zero day threats
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To Companies
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
 
Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerSecuring Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the Headlines
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapRetail Security: Closing the Threat Gap
Retail Security: Closing the Threat Gap
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?
 
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DeviceWireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device
 
Using Big Data for Cybersecurity
Using Big Data for CybersecurityUsing Big Data for Cybersecurity
Using Big Data for Cybersecurity
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Operational Security
Operational SecurityOperational Security
Operational Security
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The Password
 

Andere mochten auch

Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 
Mabel Normand and The Digital Scholarly Essay
Mabel Normand and The Digital Scholarly EssayMabel Normand and The Digital Scholarly Essay
Mabel Normand and The Digital Scholarly EssayVicki Callahan
 
Business School Perspective
Business School PerspectiveBusiness School Perspective
Business School Perspectiveroppem9
 
Financial Tower Ho Chi Minh City brochure
Financial Tower Ho Chi Minh City brochureFinancial Tower Ho Chi Minh City brochure
Financial Tower Ho Chi Minh City brochureKodgule Lazuli
 
Лабораторийн ажил 3 - 4
Лабораторийн ажил 3 - 4Лабораторийн ажил 3 - 4
Лабораторийн ажил 3 - 4Chinzorig Undarmaa
 
Trung tâm đào tạo nghề dj đảm bảo uy tín
Trung tâm đào tạo nghề dj đảm bảo uy tínTrung tâm đào tạo nghề dj đảm bảo uy tín
Trung tâm đào tạo nghề dj đảm bảo uy tínVandieuhuuich
 
Хичээлийн тодорхойлолт
Хичээлийн тодорхойлолтХичээлийн тодорхойлолт
Хичээлийн тодорхойлолтChinzorig Undarmaa
 
Cronache di napoli primarie pd congelate le deroghe della campania
Cronache di napoli primarie pd congelate le deroghe della campaniaCronache di napoli primarie pd congelate le deroghe della campania
Cronache di napoli primarie pd congelate le deroghe della campaniaritachiliberti
 
Time to Kick it into Gear
Time to Kick it into GearTime to Kick it into Gear
Time to Kick it into Gearroppem9
 
Sci-Fi-London / PsychFi Lab 2016
Sci-Fi-London / PsychFi Lab 2016Sci-Fi-London / PsychFi Lab 2016
Sci-Fi-London / PsychFi Lab 2016James Edward Marks
 
Top down attribution - Journal of Performance Measurement - par Christian Levecq
Top down attribution - Journal of Performance Measurement - par Christian LevecqTop down attribution - Journal of Performance Measurement - par Christian Levecq
Top down attribution - Journal of Performance Measurement - par Christian LevecqAlban Jarry (Bibliothèque de Documents)
 
Heart of Darkness Book 1 Reading Selections
Heart of Darkness Book 1 Reading SelectionsHeart of Darkness Book 1 Reading Selections
Heart of Darkness Book 1 Reading SelectionsMichael Gilliand
 
M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails FireEye, Inc.
 
алимкулов бахтияр
алимкулов бахтияралимкулов бахтияр
алимкулов бахтиярmoodle21
 
Желчнокаменная болезнь
Желчнокаменная болезньЖелчнокаменная болезнь
Желчнокаменная болезньArthur Kondaraki
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreA Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
 

Andere mochten auch (20)

Corporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses LinkedinCorporate Security Intelligence Just Got Smarter All Courses Linkedin
Corporate Security Intelligence Just Got Smarter All Courses Linkedin
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
 
Mabel Normand and The Digital Scholarly Essay
Mabel Normand and The Digital Scholarly EssayMabel Normand and The Digital Scholarly Essay
Mabel Normand and The Digital Scholarly Essay
 
Business School Perspective
Business School PerspectiveBusiness School Perspective
Business School Perspective
 
Financial Tower Ho Chi Minh City brochure
Financial Tower Ho Chi Minh City brochureFinancial Tower Ho Chi Minh City brochure
Financial Tower Ho Chi Minh City brochure
 
Лабораторийн ажил 3 - 4
Лабораторийн ажил 3 - 4Лабораторийн ажил 3 - 4
Лабораторийн ажил 3 - 4
 
Trung tâm đào tạo nghề dj đảm bảo uy tín
Trung tâm đào tạo nghề dj đảm bảo uy tínTrung tâm đào tạo nghề dj đảm bảo uy tín
Trung tâm đào tạo nghề dj đảm bảo uy tín
 
Хичээлийн тодорхойлолт
Хичээлийн тодорхойлолтХичээлийн тодорхойлолт
Хичээлийн тодорхойлолт
 
Cronache di napoli primarie pd congelate le deroghe della campania
Cronache di napoli primarie pd congelate le deroghe della campaniaCronache di napoli primarie pd congelate le deroghe della campania
Cronache di napoli primarie pd congelate le deroghe della campania
 
Time to Kick it into Gear
Time to Kick it into GearTime to Kick it into Gear
Time to Kick it into Gear
 
Sci-Fi-London / PsychFi Lab 2016
Sci-Fi-London / PsychFi Lab 2016Sci-Fi-London / PsychFi Lab 2016
Sci-Fi-London / PsychFi Lab 2016
 
Top down attribution - Journal of Performance Measurement - par Christian Levecq
Top down attribution - Journal of Performance Measurement - par Christian LevecqTop down attribution - Journal of Performance Measurement - par Christian Levecq
Top down attribution - Journal of Performance Measurement - par Christian Levecq
 
Heart of Darkness Book 1 Reading Selections
Heart of Darkness Book 1 Reading SelectionsHeart of Darkness Book 1 Reading Selections
Heart of Darkness Book 1 Reading Selections
 
M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails M-Trends® 2011: When Prevention Fails
M-Trends® 2011: When Prevention Fails
 
алимкулов бахтияр
алимкулов бахтияралимкулов бахтияр
алимкулов бахтияр
 
PL Lecture3
PL Lecture3PL Lecture3
PL Lecture3
 
Желчнокаменная болезнь
Желчнокаменная болезньЖелчнокаменная болезнь
Желчнокаменная болезнь
 
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreA Battle Against the Industry - Beating Antivirus for Meterpreter and More
A Battle Against the Industry - Beating Antivirus for Meterpreter and More
 
CS203 Лекц02 Oop
CS203 Лекц02 OopCS203 Лекц02 Oop
CS203 Лекц02 Oop
 
массив
массивмассив
массив
 

Ähnlich wie Operationalizing Security Intelligence

Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesSplunk
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesSplunk
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 

Ähnlich wie Operationalizing Security Intelligence (20)

Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Best Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting BreachesBest Practices for Scoping Infections and Disrupting Breaches
Best Practices for Scoping Infections and Disrupting Breaches
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 

Mehr von Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

Mehr von Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Kürzlich hochgeladen

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 

Operationalizing Security Intelligence

  • 2. Who I am • Now Product Marketing Manager EMEA • 8 Years Consultant Security + Big Data • 3+ Years at Splunk, McAfee (Intel Security), Tibco LogLogic • worked with top organizations across industries advising customers • CISSP, Certified ethical Hacker
  • 3. 3 Make machine data accessible, usable and valuable to everyone. 3
  • 4. 4 Turning Machine Data Into Business Value Index Untapped Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance and Fraud IT Operations Business Analytics Internet of Things and Industrial Data
  • 5. SECURITY USE CASES In SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS MONITORING OF UNKNOWN, ADVANCED THREATS INCIDENT INVESTIGATIONS & FORENSICS INSIDER THREAT Splunk Can Complement OR Replace an Existing SIEM INSIDER THREAT
  • 6. Disclaimer 6 During the course of this presentation, we may make forward looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release.
  • 7. Agenda The super hero and the fish market – a short story What is Security Intelligence Examples of Operationalizing Security Intelligence Call to action
  • 12.
  • 13.
  • 19. Security Intelligence Information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information. http://whatis.techtarget.com/definition/security-intelligence-SI
  • 20. Security Intelligence Information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information. http://whatis.techtarget.com/definition/security-intelligence-SI
  • 21. Intelligence Actionable information that provides an organization with decision support and possibly a strategic advantage. SI is a comprehensive approach that integrates multiple processes and practices designed to protect the organization. http://whatis.techtarget.com/definition/security-intelligence-SI
  • 22. Intelligence Actionable information that provides an organization with decision support and possibly a strategic advantage. SI is a comprehensive approach that integrates multiple processes and practices designed to protect the organization. http://whatis.techtarget.com/definition/security-intelligence-SI
  • 24. Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Worth an Investigation? Which one to investigate first?
  • 25. Operationalizing Security Intelligence 1. Risk-Based 2. Context and Intelligence 3. Connecting People and Data 25
  • 26. Network Endpoint Access Data Sources Threat Intelligence
  • 27. Persist, Repeat Threat Intelligence Access/Identity Endpoint Network Attacker, know relay/C2 sites, infected sites, IOC, attack/campaign intent and attribution Where they went to, who talked to whom, attack transmitted, abnormal traffic, malware download What process is running (malicious, abnormal, etc.) Process owner, registry mods, attack/malware artifacts, patching level, attack susceptibility Access level, privileged users, likelihood of infection, where they might be in kill chain • Third-party threat intel • Open-source blacklist • Internal threat intelligence • Firewall, IDS, IPS • DNS • Email • Endpoint (AV/IPS/FW) • Malware detection • PCLM • DHCP • OS logs • Patching • Active Directory • LDAP • CMDB • Operating system • Database • VPN, AAA, SSO Data Sources Required • Web proxy • NetFlow • Network
  • 28. Requirement 1: Risk Based Analytics
  • 29. Risk Based Analytics Network Endpoint AccessThreat Intelligence Rules/String/Regex matching Statistical outliers and anomalies Session and Behavior profiling Scoring and aggregation
  • 30. Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Worth an Investigation? Which one to investigate first?
  • 31. Example - Situation Day 1 •Host A: IDS Signature Triggers •Source: Network IDS Day 5 •Host A: AV System Triggers •Source: AntiVirus Day 10 •Host A: Multiple failed logins from this host •Source: Active Directory Day 20 •Host A: accessing unusual network segments •Source: Network Traffic Correlation
  • 32. Context: Risk Scoring Day 1 •Host A: IDS Signature Triggers •Source: Network IDS Day 5 •Host A: AV System Triggers •Source: AntiVirus Day 10 •Host A: Multiple failed logins from this host •Source: Active Directory Day 20 •Host A: accessing unusual network segments •Source: Network Traffic Correlation Risk Score Host A: 0 + 10 Risk Score Host A: 10 + 30 Risk Score Host A: 40 + 30 Risk Score Host A: 70 + 5
  • 33. Requirement 2: Context and Intelligence
  • 34. Context and Intelligence Integrate across technologies Automated context matching Automated context acquisition Post processing and post analysis Threat Intelligence Asset & CMDB API/SDK Integrations Data Stores Applications
  • 35. Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Worth an Investigation? Which one to investigate first?
  • 36. Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Risk Score Host A: 75 Risk Score Host B: 5 Worth an Investigation? Which one to investigate first?
  • 37. Alerts Alert 1 Alert 2 Host A Host B Accessing unusual network segments Malware Found but couldn’t be removed Risk Score Host A: 75 Risk Score Host B: 5 System Owner: Juergen Klopp Location: Liverpool System Owner: Donald Duck Department: Duckburg Confidentiality Level: High Confidentiality Level: Low Worth an Investigation? Which one to investigate first?
  • 39. Requirement 3: Connecting Data and People
  • 40. Connecting People and Data Human mediated automation Sharing and collaboration Free form investigation – human intuition Interact with views and workflows Any data, all data Automation Collaboration Investigation Workflows All data
  • 42. Operationalizing Security Intelligence 1. Risk-Based 2. Context and Intelligence 3. Connecting People and Data 42
  • 44. Call to action Today: • Visit the Splunk booth and get a live demo of an Incident Investigation • Pick up your free t-shirt • Get at 4pm free beer at the booth! Next 7 Days: • Try Splunk Cloud Enterprise Security Sandbox to explore hands on • Think about use cases or visibility gaps you have today that can be addressed! Next 90 Days: • Schedule a Splunk Workshop onsite to explore how you can mature your security program with the help of Machine Data

Hinweis der Redaktion

  1. At Splunk, our mission is to make machine data accessible, usable and valuable to everyone. And this overarching mission is what drives our company and product priorities.
  2. Splunk products are being used for data volumes ranging from gigabytes to hundreds of terabytes per day. Splunk software and cloud services reliably collects and indexes machine data, from a single source to tens of thousands of sources. All in real time. Once data is in Splunk Enterprise, you can search, analyze, report on and share insights form your data. The Splunk Enterprise platform is optimized for real-time, low-latency and interactivity, making it easy to explore, analyze and visualize your data. This is described as Operational Intelligence. The insights gained from machine data support a number of use cases and can drive value across your organization. [In North America] Splunk Cloud is available in North America and offers Splunk Enterprise as a cloud-based service – essentially empowering you with Operational Intelligence without any operational effort.
  3. Stela starts
  4. The process of discovering relationships across all security-relevant data, including data from IT infrastructures, point security products and all machine-generated data to rapidly adapt to a changing threat landscape. 
  5. The process of discovering relationships across all security-relevant data, including data from IT infrastructures, point security products and all machine-generated data to rapidly adapt to a changing threat landscape.