Suche senden
Hochladen
Splunk Discovery Köln - 17-01-2020 - Make Your SOC Work Smarter, Not Harder with Splunk
•
Als PPTX, PDF herunterladen
•
1 gefällt mir
•
142 views
Splunk
Folgen
Presentation slides from Splunk Discovery held in Köln on January 17th 2020.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 34
Jetzt herunterladen
Empfohlen
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
Empfohlen
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Splunk
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
Inside SecOps at bet365
Inside SecOps at bet365
Splunk
Best of .conf22 Session Recommendations
Best of .conf22 Session Recommendations
Splunk
IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
Splunk
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Splunk
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC Betrieb
Splunk
Die Grundlagen für den KI gestützten IT-Betrieb
Die Grundlagen für den KI gestützten IT-Betrieb
Splunk
SVA: Digitaler Föderalismus
SVA: Digitaler Föderalismus
Splunk
Computacenter: Public Sector Digital Labor
Computacenter: Public Sector Digital Labor
Splunk
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Weitere ähnliche Inhalte
Mehr von Splunk
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Splunk
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
Inside SecOps at bet365
Inside SecOps at bet365
Splunk
Best of .conf22 Session Recommendations
Best of .conf22 Session Recommendations
Splunk
IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
Splunk
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Splunk
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC Betrieb
Splunk
Die Grundlagen für den KI gestützten IT-Betrieb
Die Grundlagen für den KI gestützten IT-Betrieb
Splunk
SVA: Digitaler Föderalismus
SVA: Digitaler Föderalismus
Splunk
Computacenter: Public Sector Digital Labor
Computacenter: Public Sector Digital Labor
Splunk
Mehr von Splunk
(20)
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Inside SecOps at bet365
Inside SecOps at bet365
Best of .conf22 Session Recommendations
Best of .conf22 Session Recommendations
IT Sicherheitsgesetz 2.0
IT Sicherheitsgesetz 2.0
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Risikowahrnehmung und Cyber-Resilienz Herausforderungen in der Angriffserkennung
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC Betrieb
Die Grundlagen für den KI gestützten IT-Betrieb
Die Grundlagen für den KI gestützten IT-Betrieb
SVA: Digitaler Föderalismus
SVA: Digitaler Föderalismus
Computacenter: Public Sector Digital Labor
Computacenter: Public Sector Digital Labor
Kürzlich hochgeladen
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Kürzlich hochgeladen
(20)
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Splunk Discovery Köln - 17-01-2020 - Make Your SOC Work Smarter, Not Harder with Splunk
1.
© 2019 SPLUNK
INC. Make Your SOC Work Smarter, Not Harder with Splunk Jan 2020 Splunk Security Operations Suite Zac Warren | Security Specialist
2.
© 2019 SPLUNK
INC. Zac Warren Cybersecurity Specialist ● Joined Splunk: 7 Oct 2019 ● 15 Years of IT and Cybersecurity Experience ● Executive Cybersecurity Advisor ● Expertise with multiple OEMs security suites ● Extensive partner experience ● Developed Multi-OEM Security Architectures
3.
During the course
of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2019 SPLUNK INC.
4.
© 2019 SPLUNK
INC. Agenda Security Operations Today Optimizing security operations Scaling Human Resources
5.
© 2019 SPLUNK
INC. Security Operations Today
6.
© 2019 SPLUNK
INC. Today’s SOC ! ! ! ! ! ! ! !! !! ! ! ! ! ! ! ! ! ! ! ! ! !! !! !
7.
© 2019 SPLUNK
INC. Today’s Security Operations Workflow A process that doesn’t scale FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION TIER 1 TIER 2 NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SIEM
8.
© 2019 SPLUNK
INC. Experience Needed Both hard and soft skills TIER 1 TIER 2 • Security Knowledge • Networking • Application Layer Protocols • Database and Query Languages • Unix • Windows • Basic Parsing • Command Line Familiarity • Security Monitoring Tools • Coding/Scripting • Regulatory Compliance • Vulnerability Scanning • Investigations • Troubleshooting • Security Clearance • Communication & Writing • Critical Thinking • Creativity & Curiosity
9.
© 2019 SPLUNK
INC. Security people are hard to find. A GROWING SKILLS SHORTAGE 3.5 Million Unfilled cybersecurity jobs by 2021 (+75% YOY) Cybersecurity Ventures, Cybersecurity Jobs Report, 2017 But…
10.
© 2019 SPLUNK
INC. Optimizing Security Operations
11.
© 2019 SPLUNK
INC. Shifting Focus and Role for SOCs Situational Awareness LEGACY Operation / Monitoring Center Human Authored Human Speed Operations Analysis and Decision-Making REQUIRED Nerve Center / Command Center Human — Machine Learning Machine-Speed Cycle Times
12.
© 2019 SPLUNK
INC. TIER 1 TIER 2 FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION SIEM SOAR Security Operations Workflow NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES
13.
© 2019 SPLUNK
INC. Act Security Nerve Center Endpoints Threat Intelligence Network Web Proxy Firewall Identity and Access WAF and App Security Cloud Security Mobile SOAR SIEM Analyze Monitor Investigate
14.
© 2019 SPLUNK
INC. The only integrated suite with industry-leading SIEM, UEBA and SOAR solutions that utilize a market- proven, scalable big data platform, continually augmented with actionable use case content. Splunk modernizes security operations by acting as their security nerve center, turning data into detections, and insights into actions, across all security use cases, teams, and functions. Splunk drives the Data, Analytics, and Operations layers for the SOC to enable security teams to function at its highest level of performance. AOF Data Sources Content Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom+ Splunk Security Operations Suite Modernize your security operations AOF = Adaptive Operations Framework - our ecosystem of apps and security partner integrations. Content = Pre-packaged security content (searches, detection models, automation playbooks) from the Splunk Research Team. Stay current with latest threat landscape.
15.
© 2019 SPLUNK
INC. How it Works
16.
© 2019 SPLUNK
INC. Combat Threats with Advanced Analytics Powered by Security Information Event Management (SIEM) NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES SECURITY ANALYTICS SIEM Correlate and Sequence Events Validate Alerts Prioritize, Review and Investigate Decide Best Path to Resolution Monitor Security Activity
17.
© 2019 SPLUNK
INC. Splunk Enterprise Security (ES) Analytics-Driven Security Information Event Management (SIEM) ▪ Know Your Security Posture ▪ Investigate with Speed and Flexibility ▪ Scale to Petabytes of Data
18.
© 2019 SPLUNK
INC. Augment your SIEM with Behavioral Analytics Powered by Machine Learning Network Activity Application Activity Login Attempts Removable Media Badge Scans Printer Activity User’s activity Departmental activity Region’s activity Company’s activity Data Analyzed Baselining (and more…) Threat Score: 8 Examples: • Data Exfiltration by Suspicious User or Device • Data Storage Attached by Unusual Number of Times • Unusual Printer Usage • Privilege Escalation • Multiple Failed Login Attempts • Malware • Blacklisted IP Address • Compromised Account 4Threat Score: > > (and more…) Correlation & Detection
19.
© 2019 SPLUNK
INC. Splunk User Behavior Analytics (UBA) Detect unknown threats and anomalous user behavior using machine learning ▪ Enhance Threat Visibility ▪ Accelerate Investigation ▪ Increase Productivity
20.
© 2019 SPLUNK
INC. Automate Your Incident Response Powered by Security Orchestration, Automation, and Response (SOAR) SECURITY ANALYTICS AUTOMATION ORCHESTRATION SIEM SOAR FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETECTION ML-BASED BEHAVIORAL ANALYTICS UEBA + NETWORK TRAFFIC INTRUSION DATA ENDPOINT THREAT INTEL MALWARE AUTHENTICATION WIRE DATA ASSETS & IDENTITIES
21.
© 2019 SPLUNK
INC. Splunk Phantom Integrate and Scale Your Team, Processes, and Tools ▪ Respond Faster ▪ Work Smarter ▪ Strengthen Your Defenses
22.
© 2019 SPLUNK
INC. Splunk Mission Control A Modern, Cloud-Based, and Unified Security Operations Experience ● One place for every team member to manage the security operations event lifecycle, start to finish ● Detect, manage, investigate, hunt, contain, and remediate threats and other high-priority security issues ● Integrate Splunk tools and other cloud, on-premise, and hybrid tools/services together BETA
23.
© 2019 SPLUNK
INC. Identity and Access Internal Network Security Endpoints Orchestratio n WAF & App Security Threat Intelligence Network Web Proxy Firewall + Splunk Adaptive Operations Framework
24.
© 2019 SPLUNK
INC. Security Content Updates ▪ Pre-packaged Searches ▪ Algorithms ▪ Dashboards ▪ Playbooks ▪ …and more! Available for: Splunk Enterprise Security Splunk User Behavior Analytics Splunk Phantom
25.
© 2019 SPLUNK
INC. New Roles in Security Operations Security Content Developer Automation Engineer
26.
© 2019 SPLUNK
INC. Security Operations in 2020 90% TIER 1 ANALYST WORK WILL BE AUTOMATED 50% TIME SPENT OPTIMIZING DETECTION & RESPONSE LOGIC
27.
© 2019 SPLUNK
INC. Beyond the Security Operations (SOC) Splunk Enterprise for Security ▪ Compliance ▪ Data Privacy ▪ Fraud ▪ Risk
28.
© 2019 SPLUNK
INC. Splunk in Action
29.
© 2019 SPLUNK
INC. Aflac ▪ Blocked over two million security threats ▪ Orchestrated threat intelligence across 20 security technologies sitting within its internal Threat Intelligence System ▪ Automated threat hunting and 90% of its security metrics process in just two months Automating Threat Intelligence System
30.
© 2019 SPLUNK
INC. Blackstone ▪ Reduced alert investigation times from 30-45 minutes to less than one minute ▪ Applied a consistent approach to alert management and investigation, eliminating human error ▪ Increased resource efficiency by turning manual, repetitive tasks into automated processes Automating Malware Investigation
31.
© 2019 SPLUNK
INC. *Gartner and Forrester are all trademarks from their respective companies. *Gartner, Magic Quadrant for Security Information and Event Management, Kelly Kavanagh | Toby Bussa, Dec. 4, 2017. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. *The Gartner Peer Insights Customer Choice Logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customer Choice Awards are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights and overall ratings for a given vendor in the market, as further described here http://www.gartner.com/reviews-pages/peer-insights-customer-choice-awards/ and are not intended in any way to represent the views of Gartner or its affiliates. Recognized in Security By Industry Analysts Named a Leader in Gartner’s Magic Quadrant for Security Information and Event Management Designated a 2018 Customer’s Choice for Security Information and Event Management By End Users
32.
© 2019 SPLUNK
INC. Key Takeaways Accelerate detection and response Optimize security operations Scale human resources
33.
© 2019 SPLUNK
INC. Thank You
34.
© 2019 SPLUNK
INC. Agenda:
Jetzt herunterladen