SlideShare ist ein Scribd-Unternehmen logo

Webinar: Neues zur Splunk App for Enterprise Security

Georg Knon
Georg Knon

Webinar: Neues zur Splunk App for Enterprise Security

Software
1 von 27
Downloaden Sie, um offline zu lesen
Copyright  ©  2015  Splunk  Inc.   The  Splunk  App  for   Enterprise  Security       Holger  Sesterhenn,   Sen.  Sales  Engineer,  CISSP     MaChias  Maier,     Security  Product  MarkeEng,  EMEA        
2   Ihr  Webcast  Team   Ma#hias  Maier   Security  Product  MarkeEng,  EMEA   mmaier@splunk.com   Holger  Sesterhenn   Sen.  Sales  Engineer   hsesterhenn@splunk.com  
Copyright  ©  2015  Splunk  Inc.   Safe  Harbor  Statement   During   the   course   of   this   presentaEon,   we   may   make   forward   looking   statements   regarding   future   events  or  the  expected  performance  of  the  company.  We  cauEon  you  that  such  statements  reflect  our   current  expectaEons  and  esEmates  based  on  factors  currently  known  to  us  and  that  actual  events  or   results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those   contained  in  our  forward-­‐looking  statements,  please  review  our  filings  with  the  SEC.    The  forward-­‐looking   statements  made  in  this  presentaEon  are  being  made  as  of  the  Eme  and  date  of  its  live  presentaEon.   If  reviewed  aSer  its  live  presentaEon,  this  presentaEon  may  not  contain  current  or  accurate  informaEon.     We  do  not  assume  any  obligaEon  to  update  any  forward  looking  statements  we  may  make.  In  addiEon,   any  informaEon  about  our  roadmap  outlines  our  general  product  direcEon  and  is  subject  to  change  at   any  Eme  without  noEce.  It  is  for  informaEonal  purposes  only  and  shall  not  be  incorporated  into  any   contract   or   other   commitment.   Splunk   undertakes   no   obligaEon   either   to   develop   the   features   or   funcEonality  described  or  to  include  any  such  feature  or  funcEonality  in  a  future  release.  
Copyright  ©  2015  Splunk  Inc.   How  Can  Splunk  Help?  
Roadmap   Security  Strategy   Security  Posture   Visual  Security  AnalyEcs   Advanced  Threats   Insider  Threat  
Roadmap   Security  Strategy  
Source:  Mandiant  M-­‐Trends  Report  2012/2013/2014   67%   VicEms  noEfied   by  an  external   enEty   100%   Valid  credenEals   were  used   229   Median  #  of   days  before   detecEon   The  Ever-­‐Changing  Threat  Landscape  
Copyright  ©  2015  Splunk  Inc.   Intrusion     DetecEon   Firewall   Data  Loss   PrevenEon   AnE-­‐Malware   Vulnerability   Scans   AuthenEcaEon   TradiEonal  Security  Strategy  
Copyright  ©  2015  Splunk  Inc.   Connect  the  Dots  Across  All  Data   Servers   Storage   Desktops  Email   Web   TransacEon   Records   Network   Flows   Hypervisor   Custom   Apps   Physical   Access   Badges   Threat   Intelligence   Mobile   CMBD  DHCP/DNS   Intrusion     DetecEon   Firewall   Data  Loss   PrevenEon   AnE-­‐ Malware   Vulnerability   Scans   AuthenEcaEon  
Copyright  ©  2015  Splunk  Inc.   ConnecEng  the  “Data  Dots”  via  MulEple/Dynamic  RelaEonships   Persist,  Repeat   Threat  Intelligence   Auth—User  Roles   Host     Ac@vity/Security   Network     Ac@vity/Security   ACacker,  know  relay/C2  sites,  infected  sites,  IOC,   aCack/campaign  intent  and  aCribuEon   Where  they  went  to,  who  talked  to  whom,  aCack   transmiCed,  abnormal  traffic,  malware  download   What  process  is  running  (malicious,  abnormal,  etc.)   Process  owner,  registry  mods,  aCack/malware   arEfacts,  patching  level,  aCack  suscepEbility   Access  level,  privileged  users,  likelihood  of  infecEon,   where  they  might  be  in  kill  chain     Delivery,  exploit   installa@on   Gain  trusted   access   Exfiltra@on  Data  gathering  Upgrade  (escalate)   lateral  movement   Persist,  repeat    
AnalyEcs-­‐Driven  Security   Risk  Based   Context  and  Intelligence   ConnecEng  Data   and  People  
Copyright  ©  2015  Splunk  Inc.   Sample  Nasdaq  -­‐  Heartbleed  
Complement,  replace  and  go  beyond  tradi@onal  SIEMs   Security  Intelligence  Use  Cases   13   SECURITY  &                     COMPLIANCE   REPORTING   REAL-­‐TIME   MONITORING  OF   KNOWN  THREATS   MONITORING     OF  UNKNOWN   THREATS   INCIDENT   INVESTIGATIONS   &  FORENSICS   FRAUD     DETECTION   INSIDER     THREAT  
Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture  
15   What’s  New  in  Splunk  App  for  Enterprise  Security  3.3   BeCer   DetecEon  of   Advanced   Threats   •  STIX/TAXII  &  OpenIOC   threat  intelligence   •  IOC/arEfacts  research   Improved   CollaboraEon   •  Export  correlaEon   searches,  KSIs,  swim  lanes   BeCer   DetecEon  of   Malicious   Insiders   •  User  acEvity  monitoring   dashboard  and  swim  lanes   •  Access  anomalies     Faster  Incident   Response   •  Added  funcEonality  to   Incident  Response  page   Benefit  Feature  
Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture   • SituaEonal  Awareness   Visual  Security  AnalyEcs  
Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture   • SituaEonal  Awareness   Visual  Security  AnalyEcs   • Contextual  Analysis   Advanced  Threats  
Copyright  ©  2015  Splunk  Inc.   hCp://sExproject.github.io/about/    
Copyright  ©  2015  Splunk  Inc.   STIX/TAXII  and  Open  IOC  101     •  Info  sharing  across  companies  and     industries     •  Standardized  XML   •  Contains  TTPs,  IOCs,  COA   •  IOCs  include  IPs,  web/e-­‐mail     domains,  hashes,  processes,     registry  key,  cerEficates     •  hCp://sExproject.github.io/about/  
Copyright  ©  2015  Splunk  Inc.   Threat  Intelligence  in  Splunk  
Copyright  ©  2015  Splunk  Inc.   TAXII  Services   Source:  hCp://hailataxii.com  
Copyright  ©  2015  Splunk  Inc.   Sample  TAXII  Feeds   User  Community   Organisa@on   Cyber  Threat  XChange   Health  InformaEon  Trust  Alliance   Defense  Security  InformaEon  Exchange   Defense  Industrial  Base  InformaEon  and  Sharing   and  Analysis  OrganizaEon   ICS-­‐ISAC   Industrial  Control  System  InformaEon  Sharing  and   Analysis  Center   NH-­‐ISAC  NaEonal  Health  Cybersecurity   Intelligence  Planorm   NaEonal  Health  InformaEon  and  Analysis  Center   FS-­‐ISAC  /  Soltra  Edge   Financial  Services  InformaEon  Sharing  and   Analyses  Center  (FS-­‐ISAC)   Retail  Cyber  Intelligence  Sharing  Center,   Intelligence  Sharing  Portal   Retail  InformaEon  Sharing  and  Analysis  Center   (Retail-­‐ISAC)   More:  hCp://sExproject.github.io/supporters/  
Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture   • SituaEonal  Awareness   Visual  Security  AnalyEcs   • Contextual  Analysis   Advanced  Threats   • Knowledge  Sharing  and  AdopEon   Insider  Threat  
Copyright  ©  2015  Splunk  Inc.   DetecEng  Suspicious  User  AcEvity   •  Spot  suspicious  user  acEvity     •  Malicious  insider  or  external  threat  using  stolen  credenEals     •  High  aggregate  risk  score   •  Uploaded  data  to  non-­‐corp  sites     •  Emailed  data  to  non-­‐corp  domains     •  Visits  to  blacklisted  sites     •  Remote  access     •  Anomalous  help  desk  Ecket    
Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture   • SituaEonal  Awareness   Visual  Security  AnalyEcs   • Contextual  Analysis   Advanced  Threats   • Knowledge  Sharing  and  AdopEon   Insider  Threat   • Stop  Data  Breaches  
Copyright  ©  2015  Splunk  Inc.   Case  Study:  Telenor   "   Challanges:   –  Millions  of  customers,  thousands  of  servers  and  routers   and  they  had  missing  details  in  operaEve  tasks.   –  CommunicaEon  between  departments  was  challanging.   –  Errors  and  issues  sporadically  slipped  unnoEced.   "   Breakthroughs:   –  Team  noEced  WebMail  accounts  being  abused  to  send   hundreds  of  thousands  of  SMS  messages  abroad   –  Baselining  normal  and  track  DeviaEon   –  Understand  aCackers  and  their  behaviour  to  take  them   down  proacEve.     Norway's largest telecom services provider 160 Mio mobile subscribers globally
Copyright  ©  2015  Splunk  Inc.   Thank  You!     Q&A  

Empfohlen

Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsSplunk
 
Build a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureBuild a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureSplunk
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 

Empfohlen

Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunk
 
Gov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsGov & Education Day 2015 - User Behavior Analytics
Gov & Education Day 2015 - User Behavior AnalyticsSplunk
 
Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk for Security - Hands-On
Splunk for Security - Hands-On Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Gov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsGov Day Sacramento 2015 - User Behavior Analytics
Gov Day Sacramento 2015 - User Behavior AnalyticsSplunk
 
Build a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureBuild a Security Portfolio That Strengthens Your Security Posture
Build a Security Portfolio That Strengthens Your Security PostureSplunk
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunkLive! Stockholm 2015 breakout - Analytics based security
SplunkLive! Stockholm 2015 breakout - Analytics based securitySplunk
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands OnSplunk
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...Splunk
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitErin Sweeney
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBASplunk
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018YoungCho50
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for SecurityGabrielle Knowles
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsSplunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
 

Weitere ähnliche Inhalte

Was ist angesagt?

Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands OnSplunk
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...Splunk
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitErin Sweeney
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBASplunk
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudyAndrew Gerber
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018YoungCho50
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsSplunk
 

Was ist angesagt? (20)

Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
Splunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBASplunk for Enterprise Security Featuring UBA
Splunk for Enterprise Security Featuring UBA
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
 
Splunk for Security-Hands On
Splunk for Security-Hands OnSplunk for Security-Hands On
Splunk for Security-Hands On
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBA
 
Splunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case StudySplunk for Security: Background & Customer Case Study
Splunk for Security: Background & Customer Case Study
 
Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018Security investigation hands-on workshop 2018
Security investigation hands-on workshop 2018
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat Hunting
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security SessionSplunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security Session
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior Analytics
 

Ähnlich wie Webinar: Neues zur Splunk App for Enterprise Security

Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...Splunk
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationGeorg Knon
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018Splunk
 
SplunkLive! Wien - Splunk für Security
SplunkLive! Wien - Splunk für SecuritySplunkLive! Wien - Splunk für Security
SplunkLive! Wien - Splunk für SecuritySplunk
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunk
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Adam Tice
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARSplunk
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
Operational Security Intelligence Breakout Session
Operational Security Intelligence Breakout SessionOperational Security Intelligence Breakout Session
Operational Security Intelligence Breakout SessionSplunk
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 

Ähnlich wie Webinar: Neues zur Splunk App for Enterprise Security (20)

Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
 
Operational Security
Operational SecurityOperational Security
Operational Security
 
Splunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident InvestigationSplunk Webinar Best Practices für Incident Investigation
Splunk Webinar Best Practices für Incident Investigation
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
SplunkLive! Wien - Splunk für Security
SplunkLive! Wien - Splunk für SecuritySplunkLive! Wien - Splunk für Security
SplunkLive! Wien - Splunk für Security
 
SplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für SecuritySplunkLive! Zürich - Splunk für Security
SplunkLive! Zürich - Splunk für Security
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 
Splunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat DefenseSplunk conf2014 - Operationalizing Advanced Threat Defense
Splunk conf2014 - Operationalizing Advanced Threat Defense
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
Operational Security Intelligence Breakout Session
Operational Security Intelligence Breakout SessionOperational Security Intelligence Breakout Session
Operational Security Intelligence Breakout Session
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
 

Mehr von Georg Knon

Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Georg Knon
 
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Georg Knon
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomGeorg Knon
 
SplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaSplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaGeorg Knon
 
SplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumSplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumGeorg Knon
 
Splunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementSplunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementGeorg Knon
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingGeorg Knon
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionGeorg Knon
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGeorg Knon
 
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Georg Knon
 
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceSplunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceGeorg Knon
 
5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer SecurityGeorg Knon
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service IntelligenceGeorg Knon
 
Data models pivot with splunk break out session
Data models pivot with splunk break out sessionData models pivot with splunk break out session
Data models pivot with splunk break out sessionGeorg Knon
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service IntelligenceGeorg Knon
 
Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Georg Knon
 
Webinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceWebinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceGeorg Knon
 
Splunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenSplunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenGeorg Knon
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrGeorg Knon
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysGeorg Knon
 

Mehr von Georg Knon (20)

Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
Splunk Webinar: Verwandeln Sie Daten in wertvolle Erkenntnisse - Machine Lear...
 
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
Splunk Webinar: Mit Splunk SPL Maschinendaten durchsuchen, transformieren und...
 
SplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case SwisscomSplunkLive! Zürich 2016 - Use Case Swisscom
SplunkLive! Zürich 2016 - Use Case Swisscom
 
SplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case HelvetiaSplunkLive! Zürich 2016 - Use Case Helvetia
SplunkLive! Zürich 2016 - Use Case Helvetia
 
SplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case AdcubumSplunkLive! Zürich 2016 - Use Case Adcubum
SplunkLive! Zürich 2016 - Use Case Adcubum
 
Splunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application ManagementSplunk Webinar: Splunk für Application Management
Splunk Webinar: Splunk für Application Management
 
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingSplunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
Splunk Webinar: IT Operations Demo für Troubleshooting & Dashboarding
 
Splunk for IT Operations Breakout Session
Splunk for IT Operations Breakout SessionSplunk for IT Operations Breakout Session
Splunk for IT Operations Breakout Session
 
Getting started with Splunk - Break out Session
Getting started with Splunk - Break out SessionGetting started with Splunk - Break out Session
Getting started with Splunk - Break out Session
 
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
Webinar Big Data zur Echtzeit-Betrugserkennung im eBanking nutzen mit Splunk ...
 
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational IntelligenceSplunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
Splunk Webinar: Verwandeln Sie Datensilos in Operational Intelligence
 
5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security5 Möglichkeiten zur Verbesserung Ihrer Security
5 Möglichkeiten zur Verbesserung Ihrer Security
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service Intelligence
 
Data models pivot with splunk break out session
Data models pivot with splunk break out sessionData models pivot with splunk break out session
Data models pivot with splunk break out session
 
Splunk IT Service Intelligence
Splunk IT Service IntelligenceSplunk IT Service Intelligence
Splunk IT Service Intelligence
 
Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015Splunk Internet of Things Roundtable 2015
Splunk Internet of Things Roundtable 2015
 
Webinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligenceWebinar splunk cloud saa s plattform für operational intelligence
Webinar splunk cloud saa s plattform für operational intelligence
 
Splunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit InformationenSplunk Webinar: Maschinendaten anreichern mit Informationen
Splunk Webinar: Maschinendaten anreichern mit Informationen
 
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren NetzwerkverkehrSplunk App for Stream - Einblicke in Ihren Netzwerkverkehr
Splunk App for Stream - Einblicke in Ihren Netzwerkverkehr
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
 

Kürzlich hochgeladen

Copilot para Microsoft 365 y Power Platform Copilot
Copilot para Microsoft 365 y Power Platform CopilotCopilot para Microsoft 365 y Power Platform Copilot
Copilot para Microsoft 365 y Power Platform CopilotEdgard Alejos
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolsosttopstonverter
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingShane Coughlan
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Data modeling 101 - Basics - Software Domain
Data modeling 101 - Basics - Software DomainData modeling 101 - Basics - Software Domain
Data modeling 101 - Basics - Software DomainAbdul Ahad
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdfAndrey Devyatkin
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 

Kürzlich hochgeladen (20)

Copilot para Microsoft 365 y Power Platform Copilot
Copilot para Microsoft 365 y Power Platform CopilotCopilot para Microsoft 365 y Power Platform Copilot
Copilot para Microsoft 365 y Power Platform Copilot
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration tools
 
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full RecordingOpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
OpenChain AI Study Group - Europe and Asia Recap - 2024-04-11 - Full Recording
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Data modeling 101 - Basics - Software Domain
Data modeling 101 - Basics - Software DomainData modeling 101 - Basics - Software Domain
Data modeling 101 - Basics - Software Domain
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 

Webinar: Neues zur Splunk App for Enterprise Security

  • 1. Copyright  ©  2015  Splunk  Inc.   The  Splunk  App  for   Enterprise  Security       Holger  Sesterhenn,   Sen.  Sales  Engineer,  CISSP     MaChias  Maier,     Security  Product  MarkeEng,  EMEA        
  • 2. 2   Ihr  Webcast  Team   Ma#hias  Maier   Security  Product  MarkeEng,  EMEA   mmaier@splunk.com   Holger  Sesterhenn   Sen.  Sales  Engineer   hsesterhenn@splunk.com  
  • 3. Copyright  ©  2015  Splunk  Inc.   Safe  Harbor  Statement   During   the   course   of   this   presentaEon,   we   may   make   forward   looking   statements   regarding   future   events  or  the  expected  performance  of  the  company.  We  cauEon  you  that  such  statements  reflect  our   current  expectaEons  and  esEmates  based  on  factors  currently  known  to  us  and  that  actual  events  or   results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those   contained  in  our  forward-­‐looking  statements,  please  review  our  filings  with  the  SEC.    The  forward-­‐looking   statements  made  in  this  presentaEon  are  being  made  as  of  the  Eme  and  date  of  its  live  presentaEon.   If  reviewed  aSer  its  live  presentaEon,  this  presentaEon  may  not  contain  current  or  accurate  informaEon.     We  do  not  assume  any  obligaEon  to  update  any  forward  looking  statements  we  may  make.  In  addiEon,   any  informaEon  about  our  roadmap  outlines  our  general  product  direcEon  and  is  subject  to  change  at   any  Eme  without  noEce.  It  is  for  informaEonal  purposes  only  and  shall  not  be  incorporated  into  any   contract   or   other   commitment.   Splunk   undertakes   no   obligaEon   either   to   develop   the   features   or   funcEonality  described  or  to  include  any  such  feature  or  funcEonality  in  a  future  release.  
  • 4. Copyright  ©  2015  Splunk  Inc.   How  Can  Splunk  Help?  
  • 5. Roadmap   Security  Strategy   Security  Posture   Visual  Security  AnalyEcs   Advanced  Threats   Insider  Threat  
  • 7. Source:  Mandiant  M-­‐Trends  Report  2012/2013/2014   67%   VicEms  noEfied   by  an  external   enEty   100%   Valid  credenEals   were  used   229   Median  #  of   days  before   detecEon   The  Ever-­‐Changing  Threat  Landscape  
  • 8. Copyright  ©  2015  Splunk  Inc.   Intrusion     DetecEon   Firewall   Data  Loss   PrevenEon   AnE-­‐Malware   Vulnerability   Scans   AuthenEcaEon   TradiEonal  Security  Strategy  
  • 9. Copyright  ©  2015  Splunk  Inc.   Connect  the  Dots  Across  All  Data   Servers   Storage   Desktops  Email   Web   TransacEon   Records   Network   Flows   Hypervisor   Custom   Apps   Physical   Access   Badges   Threat   Intelligence   Mobile   CMBD  DHCP/DNS   Intrusion     DetecEon   Firewall   Data  Loss   PrevenEon   AnE-­‐ Malware   Vulnerability   Scans   AuthenEcaEon  
  • 10. Copyright  ©  2015  Splunk  Inc.   ConnecEng  the  “Data  Dots”  via  MulEple/Dynamic  RelaEonships   Persist,  Repeat   Threat  Intelligence   Auth—User  Roles   Host     Ac@vity/Security   Network     Ac@vity/Security   ACacker,  know  relay/C2  sites,  infected  sites,  IOC,   aCack/campaign  intent  and  aCribuEon   Where  they  went  to,  who  talked  to  whom,  aCack   transmiCed,  abnormal  traffic,  malware  download   What  process  is  running  (malicious,  abnormal,  etc.)   Process  owner,  registry  mods,  aCack/malware   arEfacts,  patching  level,  aCack  suscepEbility   Access  level,  privileged  users,  likelihood  of  infecEon,   where  they  might  be  in  kill  chain     Delivery,  exploit   installa@on   Gain  trusted   access   Exfiltra@on  Data  gathering  Upgrade  (escalate)   lateral  movement   Persist,  repeat    
  • 11. AnalyEcs-­‐Driven  Security   Risk  Based   Context  and  Intelligence   ConnecEng  Data   and  People  
  • 12. Copyright  ©  2015  Splunk  Inc.   Sample  Nasdaq  -­‐  Heartbleed  
  • 13. Complement,  replace  and  go  beyond  tradi@onal  SIEMs   Security  Intelligence  Use  Cases   13   SECURITY  &                     COMPLIANCE   REPORTING   REAL-­‐TIME   MONITORING  OF   KNOWN  THREATS   MONITORING     OF  UNKNOWN   THREATS   INCIDENT   INVESTIGATIONS   &  FORENSICS   FRAUD     DETECTION   INSIDER     THREAT  
  • 14. Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture  
  • 15. 15   What’s  New  in  Splunk  App  for  Enterprise  Security  3.3   BeCer   DetecEon  of   Advanced   Threats   •  STIX/TAXII  &  OpenIOC   threat  intelligence   •  IOC/arEfacts  research   Improved   CollaboraEon   •  Export  correlaEon   searches,  KSIs,  swim  lanes   BeCer   DetecEon  of   Malicious   Insiders   •  User  acEvity  monitoring   dashboard  and  swim  lanes   •  Access  anomalies     Faster  Incident   Response   •  Added  funcEonality  to   Incident  Response  page   Benefit  Feature  
  • 16. Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture   • SituaEonal  Awareness   Visual  Security  AnalyEcs  
  • 17. Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture   • SituaEonal  Awareness   Visual  Security  AnalyEcs   • Contextual  Analysis   Advanced  Threats  
  • 18. Copyright  ©  2015  Splunk  Inc.   hCp://sExproject.github.io/about/    
  • 19. Copyright  ©  2015  Splunk  Inc.   STIX/TAXII  and  Open  IOC  101     •  Info  sharing  across  companies  and     industries     •  Standardized  XML   •  Contains  TTPs,  IOCs,  COA   •  IOCs  include  IPs,  web/e-­‐mail     domains,  hashes,  processes,     registry  key,  cerEficates     •  hCp://sExproject.github.io/about/  
  • 20. Copyright  ©  2015  Splunk  Inc.   Threat  Intelligence  in  Splunk  
  • 21. Copyright  ©  2015  Splunk  Inc.   TAXII  Services   Source:  hCp://hailataxii.com  
  • 22. Copyright  ©  2015  Splunk  Inc.   Sample  TAXII  Feeds   User  Community   Organisa@on   Cyber  Threat  XChange   Health  InformaEon  Trust  Alliance   Defense  Security  InformaEon  Exchange   Defense  Industrial  Base  InformaEon  and  Sharing   and  Analysis  OrganizaEon   ICS-­‐ISAC   Industrial  Control  System  InformaEon  Sharing  and   Analysis  Center   NH-­‐ISAC  NaEonal  Health  Cybersecurity   Intelligence  Planorm   NaEonal  Health  InformaEon  and  Analysis  Center   FS-­‐ISAC  /  Soltra  Edge   Financial  Services  InformaEon  Sharing  and   Analyses  Center  (FS-­‐ISAC)   Retail  Cyber  Intelligence  Sharing  Center,   Intelligence  Sharing  Portal   Retail  InformaEon  Sharing  and  Analysis  Center   (Retail-­‐ISAC)   More:  hCp://sExproject.github.io/supporters/  
  • 23. Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture   • SituaEonal  Awareness   Visual  Security  AnalyEcs   • Contextual  Analysis   Advanced  Threats   • Knowledge  Sharing  and  AdopEon   Insider  Threat  
  • 24. Copyright  ©  2015  Splunk  Inc.   DetecEng  Suspicious  User  AcEvity   •  Spot  suspicious  user  acEvity     •  Malicious  insider  or  external  threat  using  stolen  credenEals     •  High  aggregate  risk  score   •  Uploaded  data  to  non-­‐corp  sites     •  Emailed  data  to  non-­‐corp  domains     •  Visits  to  blacklisted  sites     •  Remote  access     •  Anomalous  help  desk  Ecket    
  • 25. Roadmap   Security  Strategy   • ConnecEng  Data  and  People   Security  Posture   • SituaEonal  Awareness   Visual  Security  AnalyEcs   • Contextual  Analysis   Advanced  Threats   • Knowledge  Sharing  and  AdopEon   Insider  Threat   • Stop  Data  Breaches  
  • 26. Copyright  ©  2015  Splunk  Inc.   Case  Study:  Telenor   "   Challanges:   –  Millions  of  customers,  thousands  of  servers  and  routers   and  they  had  missing  details  in  operaEve  tasks.   –  CommunicaEon  between  departments  was  challanging.   –  Errors  and  issues  sporadically  slipped  unnoEced.   "   Breakthroughs:   –  Team  noEced  WebMail  accounts  being  abused  to  send   hundreds  of  thousands  of  SMS  messages  abroad   –  Baselining  normal  and  track  DeviaEon   –  Understand  aCackers  and  their  behaviour  to  take  them   down  proacEve.     Norway's largest telecom services provider 160 Mio mobile subscribers globally
  • 27. Copyright  ©  2015  Splunk  Inc.   Thank  You!     Q&A