SlideShare ist ein Scribd-Unternehmen logo

Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR

Als PPTX, PDF herunterladen
Splunk
Splunk

Presentation from the Partner Executive Summit, Frankfurt, 21. November 2018

Technologie
1 von 25
© 2017 SPLUNK INC. Analytics-Driven Security und Security Orchestration Automation And Response Angelo Brancato CISSP, CISM, CCSK | Security Specialist, EMEA NOVEMBER 21ST, FRANKFURT AM MAIN
© 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
© 2017 SPLUNK INC. Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases O F T H E Same Data D I F F E R E N T People A S K I N G D I F F E R E N T Questions
© 2017 SPLUNK INC. Splunk was built for change from the beginning Send unstructured data from all systems, devices and people Splunk doesn’t structure your data until you start to ask it questions Suite of tools empower you to investigate, monitor and act on any data, anywhere Ideal to detect everchanging cyber attacks
THREATS ARE MORE COMPLEX AND FAR REACHING NOT CLOSING THE SKILLS GAP SECURITY TO ENABLE BUSINESS AND THE MISSION
T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
© 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
© 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps 125+ Examples, with 180+ Searches Data Onboarding Guides Content Mapping (MITRE ATT&CK, Killchain etc.) Mapping to Premium Apps On-Prem, Cloud, SaaS or Hybrid Performance at Scale Open Ecosystem Native ML/AI Integration
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps ... Many great, free Apps to solve a specific Problem
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data ASSET AND IDENTITY CORRELATION NOTABLE EVENT & INVESTIGATION THREAT INTELLIGENCE RISK ANALYSIS ADAPTIVE RESPONSE CONTENT UPDATE +
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + MATHMATICAL STATISTICAL CALCULATION ANOMALIES / PREDICTION ANALYTICS DRIVEN SECURITY Correlations and notable events EVENT & INFORMATION CORRELATION RISK
© 2017 SPLUNK INC. Event Sequencing to optimize threat detection and accelerate investigation Use Case Library for faster detection and incident response Updated Investigation Workbench to reduce time to contain and remediate .Conf2018 Release Splunk Enterprise Security 5.2
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Realm of Known Realm of Unknown
© 2017 SPLUNK INC. Splunk-to-Kafka UBA ingestion for enhanced performance and reliability User Feedback Learning to improve threat detection and anomaly customization Native UBA SSO authentication support for IAM tools .Conf2018 Release Splunk User Behavior Analytics 4.2
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + +
© 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Optional Optional
Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
© 2017 SPLUNK INC. SplunkSANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT Automated Malware Investigation “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” Adam Fletcher CISO, Blackstone A Phantom Case Study
© 2017 SPLUNK INC. Clustering support for scale, performance and redundancy Indicator View for improved threat analysis and hunting Integrated Splunk Search, the only SOAR platform with this capability ANNOUNCING Splunk Phantom 4.1
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
© 2017 SPLUNK INC. SPLUNK User Behavior Analytics 4.2 SPLUNK Enterprise Security 5.2 SPLUNK Phantom 4.1 Event Sequencing Accelerate Investigation User Feedback Targeted Hunting Indicator View Faster Remediation Use Case Library Container-Based Architecture Clustering Support User Management UI SECURITY PREMIUM APPS – Conf18 Releases
© 2017 SPLUNK INC. THANK YOU!

Empfohlen

Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Splunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTPartner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Splunk
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit Europe
Splunk
 
Splunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
Splunk
 
Partner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsPartner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOps
Splunk
 

Empfohlen

Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow BetaPartner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Partner Exec Summit 2018 - Frankfurt: Splunk Business Flow Beta
Splunk
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoTPartner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Partner Exec Summit 2018 - Frankfurt: Splunk for Industrial IoT
Splunk
 
Travis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit EuropeTravis Perkins at Gartner Risk and Security Management Summit Europe
Travis Perkins at Gartner Risk and Security Management Summit Europe
Splunk
 
Splunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable BernSplunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk IT Service Intelligence Overview - AIOps Roundtable Bern
Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
SplunkLive! Utrecht 2018 - Customer presentation: Irdeto
Splunk
 
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
SplunkLive! Utrecht 2018 - Customer presentation: Dutch Tax Office
Splunk
 
Partner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOpsPartner Exec Summit 2018 - Frankfurt: AIOps
Partner Exec Summit 2018 - Frankfurt: AIOps
Splunk
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
Splunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
Splunk
 
SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia
Splunk
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods
Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS
Splunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
Splunk
 
Clear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkClear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with Splunk
Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Splunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and Logs
Splunk
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017
Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
Splunk
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
Splunk
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability Management
Splunk
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
Splunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Rene Aguero
 

Weitere ähnliche Inhalte

Was ist angesagt?

SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 

Was ist angesagt? (20)

How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
Splunk Discovery: Milan 2018 - Delivering New Visibility and Analytics for IT...
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys SplunkLive! Stockholm 2019 - Customer presentation: Norlys
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
 
SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia SplunkLive! Stockholm 2018 - Customer presentation: Telia
SplunkLive! Stockholm 2018 - Customer presentation: Telia
 
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods Introduction into Security Analytics Methods
Introduction into Security Analytics Methods
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019 - Customer presentation: ISS
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
 
Clear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkClear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and Logs
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
 
SplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk OverviewSplunkLive! Paris 2018: Splunk Overview
SplunkLive! Paris 2018: Splunk Overview
 
Splunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk OverviewSplunk Discovery: Milan 2018 - Splunk Overview
Splunk Discovery: Milan 2018 - Splunk Overview
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability Management
 
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the BusinessDrive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
 

Ähnlich wie Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR

Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy Users
Splunk
 

Ähnlich wie Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR (20)

SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security Session
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security Operations
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Splunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learningSplunk for AIOps: Reduce IT outages through prediction with machine learning
Splunk for AIOps: Reduce IT outages through prediction with machine learning
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy Users
 

Mehr von Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

Mehr von Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Kürzlich hochgeladen

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Kürzlich hochgeladen (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR

  • 1. © 2017 SPLUNK INC. Analytics-Driven Security und Security Orchestration Automation And Response Angelo Brancato CISSP, CISM, CCSK | Security Specialist, EMEA NOVEMBER 21ST, FRANKFURT AM MAIN
  • 2. © 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 3. © 2017 SPLUNK INC. Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases O F T H E Same Data D I F F E R E N T People A S K I N G D I F F E R E N T Questions
  • 4. © 2017 SPLUNK INC. Splunk was built for change from the beginning Send unstructured data from all systems, devices and people Splunk doesn’t structure your data until you start to ask it questions Suite of tools empower you to investigate, monitor and act on any data, anywhere Ideal to detect everchanging cyber attacks
  • 5. THREATS ARE MORE COMPLEX AND FAR REACHING NOT CLOSING THE SKILLS GAP SECURITY TO ENABLE BUSINESS AND THE MISSION
  • 6. T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
  • 7. © 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
  • 8. © 2018 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4
  • 9. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps 125+ Examples, with 180+ Searches Data Onboarding Guides Content Mapping (MITRE ATT&CK, Killchain etc.) Mapping to Premium Apps On-Prem, Cloud, SaaS or Hybrid Performance at Scale Open Ecosystem Native ML/AI Integration
  • 10. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + Free Apps ... Many great, free Apps to solve a specific Problem
  • 11. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data ASSET AND IDENTITY CORRELATION NOTABLE EVENT & INVESTIGATION THREAT INTELLIGENCE RISK ANALYSIS ADAPTIVE RESPONSE CONTENT UPDATE +
  • 12. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + MATHMATICAL STATISTICAL CALCULATION ANOMALIES / PREDICTION ANALYTICS DRIVEN SECURITY Correlations and notable events EVENT & INFORMATION CORRELATION RISK
  • 13. © 2017 SPLUNK INC. Event Sequencing to optimize threat detection and accelerate investigation Use Case Library for faster detection and incident response Updated Investigation Workbench to reduce time to contain and remediate .Conf2018 Release Splunk Enterprise Security 5.2
  • 14. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Realm of Known Realm of Unknown
  • 15. © 2017 SPLUNK INC. Splunk-to-Kafka UBA ingestion for enhanced performance and reliability User Feedback Learning to improve threat detection and anomaly customization Native UBA SSO authentication support for IAM tools .Conf2018 Release Splunk User Behavior Analytics 4.2
  • 16. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + +
  • 17. © 2017 SPLUNK INC. Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4 DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data + + Optional Optional
  • 18. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
  • 19. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
  • 20. © 2017 SPLUNK INC. SplunkSANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT Automated Malware Investigation “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” Adam Fletcher CISO, Blackstone A Phantom Case Study
  • 21. © 2017 SPLUNK INC. Clustering support for scale, performance and redundancy Indicator View for improved threat analysis and hunting Integrated Splunk Search, the only SOAR platform with this capability ANNOUNCING Splunk Phantom 4.1
  • 22. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center
  • 23. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center T I E R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M T O O R C H E S T R AT E T H E M A L L 90% 50% 1
  • 24. © 2017 SPLUNK INC. SPLUNK User Behavior Analytics 4.2 SPLUNK Enterprise Security 5.2 SPLUNK Phantom 4.1 Event Sequencing Accelerate Investigation User Feedback Targeted Hunting Indicator View Faster Remediation Use Case Library Container-Based Architecture Clustering Support User Management UI SECURITY PREMIUM APPS – Conf18 Releases
  • 25. © 2017 SPLUNK INC. THANK YOU!