Weitere ähnliche Inhalte Ähnlich wie Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR (20) Kürzlich hochgeladen (20) Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR1. © 2017 SPLUNK INC.
Analytics-Driven Security und Security
Orchestration Automation And Response
Angelo Brancato CISSP, CISM, CCSK | Security Specialist, EMEA
NOVEMBER 21ST, FRANKFURT AM MAIN
2. © 2017 SPLUNK INC.
During the course of this presentation, we may make forward-looking statements regarding future events or
the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results could
differ materially. For important factors that may cause actual results to differ from those contained in our
forward-looking statements, please review our filings with the SEC.
The forward-looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or accurate
information. We do not assume any obligation to update any forward looking statements we may make. In
addition, any information about our roadmap outlines our general product direction and is subject to change
at any time without notice. It is for informational purposes only and shall not be incorporated into any contract
or other commitment. Splunk undertakes no obligation either to develop the features or functionality
described or to include any such feature or functionality in a future release.
Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in
the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved.
Forward-Looking Statements
3. © 2017 SPLUNK INC.
Splunk turns machine data into answers
Network
Servers
DevOps
Users
Cloud Security
Databases
O F T H E
Same Data
D I F F E R E N T
People
A S K I N G D I F F E R E N T
Questions
4. © 2017 SPLUNK INC.
Splunk was built for change
from the beginning
Send unstructured data
from all systems, devices
and people
Splunk doesn’t structure your
data until you start to ask
it questions
Suite of tools empower you to
investigate, monitor and act on
any data, anywhere
Ideal to detect everchanging cyber attacks
6. T I E R 1 A N A LY S T
W O R K W I L L B E
A U T O M AT E D
T I M E N O W S P E N T
T U N I N G D E T E C T I O N
A N D R E S P O N S E
L O G I C
P L AT F O R M T O
O R C H E S T R AT E
T H E M A L L
90%
50%
1
7. © 2018 SPLUNK INC.
Splunk Security Portfolio
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
8. © 2018 SPLUNK INC.
Splunk Security Portfolio
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
Search
and
Investigate
Proactive
Monitoring
and Alerting
Security
Situational
Awareness
Real-time
Risk
Insight &
Automation
Reactive
Proactive
Level 1
Level 2
Level 3
Level 4
9. © 2017 SPLUNK INC.
Search
and
Investigate
Proactive
Monitoring
and Alerting
Security
Situational
Awareness
Real-time
Risk
Insight &
Automation
Reactive
Proactive
Level 1
Level 2
Level 3
Level 4
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
+
Free Apps
125+ Examples, with 180+ Searches
Data Onboarding Guides
Content Mapping (MITRE ATT&CK, Killchain etc.)
Mapping to Premium Apps
On-Prem, Cloud, SaaS or Hybrid
Performance at Scale
Open Ecosystem
Native ML/AI Integration
10. © 2017 SPLUNK INC.
Search
and
Investigate
Proactive
Monitoring
and Alerting
Security
Situational
Awareness
Real-time
Risk
Insight &
Automation
Reactive
Proactive
Level 1
Level 2
Level 3
Level 4
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
+
Free Apps
...
Many great, free Apps to solve a specific Problem
11. © 2017 SPLUNK INC.
Search
and
Investigate
Proactive
Monitoring
and Alerting
Security
Situational
Awareness
Real-time
Risk
Insight &
Automation
Reactive
Proactive
Level 1
Level 2
Level 3
Level 4
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
ASSET AND
IDENTITY
CORRELATION
NOTABLE
EVENT &
INVESTIGATION
THREAT
INTELLIGENCE
RISK
ANALYSIS
ADAPTIVE
RESPONSE
CONTENT
UPDATE
+
12. © 2017 SPLUNK INC.
Search
and
Investigate
Proactive
Monitoring
and Alerting
Security
Situational
Awareness
Real-time
Risk
Insight &
Automation
Reactive
Proactive
Level 1
Level 2
Level 3
Level 4
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
+
MATHMATICAL
STATISTICAL
CALCULATION
ANOMALIES /
PREDICTION
ANALYTICS DRIVEN SECURITY
Correlations
and notable events
EVENT &
INFORMATION
CORRELATION
RISK
13. © 2017 SPLUNK INC.
Event Sequencing to
optimize threat detection and
accelerate investigation
Use Case Library for
faster detection and
incident response
Updated Investigation
Workbench to reduce time
to contain and remediate
.Conf2018 Release
Splunk Enterprise Security 5.2
14. © 2017 SPLUNK INC.
Search
and
Investigate
Proactive
Monitoring
and Alerting
Security
Situational
Awareness
Real-time
Risk
Insight &
Automation
Reactive
Proactive
Level 1
Level 2
Level 3
Level 4
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
+ +
Realm of
Known
Realm of
Unknown
15. © 2017 SPLUNK INC.
Splunk-to-Kafka UBA
ingestion for enhanced
performance and reliability
User Feedback
Learning to improve
threat detection and
anomaly customization
Native UBA SSO
authentication support for
IAM tools
.Conf2018 Release
Splunk User Behavior Analytics 4.2
16. © 2017 SPLUNK INC.
Search
and
Investigate
Proactive
Monitoring
and Alerting
Security
Situational
Awareness
Real-time
Risk
Insight &
Automation
Reactive
Proactive
Level 1
Level 2
Level 3
Level 4
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
+ +
17. © 2017 SPLUNK INC.
Search
and
Investigate
Proactive
Monitoring
and Alerting
Security
Situational
Awareness
Real-time
Risk
Insight &
Automation
Reactive
Proactive
Level 1
Level 2
Level 3
Level 4
DATA
PLATFORM
ANALYTICS OPERATIONS
Platform for Machine Data
+ +
Optional
Optional
18. Decision Making Acting
SIEM
THREAT INTEL PLATFORM
HADOOP
GRC
AUTOMATED MANUAL (TODAY)
FIREWALL
IDS / IPS
ENDPOINT
WAF
ADVANCED MALWARE
FORENSICS
MALWARE DETONATION
FIREWALL
IDS / IPS
ENDPOINT
WAF
ADVANCED MALWARE
FORENSICS
MALWARE DETONATION
TIER 1
TIER 2
TIER 3
Observe
Point Products
Orient
Analytics
SOAR for Security Operations
Faster execution through the loop yields better security
19. Decision Making Acting
SIEM
THREAT INTEL PLATFORM
HADOOP
GRC
AUTOMATED AUTOMATED WITH PHANTOM
FIREWALL
IDS / IPS
ENDPOINT
WAF
ADVANCED MALWARE
FORENSICS
MALWARE DETONATION
FIREWALL
IDS / IPS
ENDPOINT
WAF
ADVANCED MALWARE
FORENSICS
MALWARE DETONATION
TIER 1
TIER 2
TIER 3
Observe
Point Products
Orient
Analytics
SOAR for Security Operations
Faster execution through the loop yields better security
ACTION RESULTS /
FEEDBACK LOOP
20. © 2017 SPLUNK INC.
SplunkSANDBOX QUERY RECIPIENTS
USER PROFILE
HUNT FILE
HUNT FILE
FILE REPUTATION
FILE ASSESSMENT
RUN PLAYBOOK
“REMEDIATE"
EMAIL ALERT
Automated
Malware
Investigation
“Automation with
Phantom enables us to
process malware email
alerts in about 40
seconds vs. 30 minutes
or more.”
Adam Fletcher
CISO, Blackstone
A Phantom Case Study
21. © 2017 SPLUNK INC.
Clustering support for
scale, performance and
redundancy
Indicator View for
improved threat
analysis and hunting
Integrated Splunk Search,
the only SOAR platform
with this capability
ANNOUNCING
Splunk Phantom 4.1
22. © 2017 SPLUNK INC.
Cloud
Security
Endpoints
Orchestration
WAF & App
Security
Threat Intelligence
Network
Web Proxy
Firewall
Identity and Access
The thought process
The intuition
The reflexes
Machine
Learning &
Adaptive
Operations &
Analytics
Driven
Security &
Splunk as the Security Nerve Center
23. © 2017 SPLUNK INC.
Cloud
Security
Endpoints
Orchestration
WAF & App
Security
Threat Intelligence
Network
Web Proxy
Firewall
Identity and Access
The thought process
The intuition
The reflexes
Machine
Learning &
Adaptive
Operations &
Analytics
Driven
Security &
Splunk as the Security Nerve Center
T I E R 1 A N A LY S T
W O R K W I L L B E
A U T O M AT E D
T I M E N O W S P E N T
T U N I N G D E T E C T I O N
A N D R E S P O N S E
L O G I C
P L AT F O R M T O
O R C H E S T R AT E
T H E M A L L
90%
50%
1
24. © 2017 SPLUNK INC.
SPLUNK
User Behavior
Analytics 4.2
SPLUNK
Enterprise
Security 5.2
SPLUNK
Phantom
4.1
Event
Sequencing
Accelerate
Investigation
User
Feedback
Targeted
Hunting
Indicator
View
Faster
Remediation
Use Case
Library
Container-Based
Architecture
Clustering
Support
User
Management UI
SECURITY PREMIUM APPS – Conf18 Releases