SlideShare a Scribd company logo

Splunk guide for_iso_27002

•
•
G
Greg Hanchin

Splunk, Software Tools, Big Data, Logging, PCI, Information security, Cisco Systems, VMware ESX, Regulatory compliance, FISMA, Enterprise architecture, Data center, security software, SCADA, Windows,Unix,Scanners, Citrix

Technology
1 of 6
Download to read offline
Splunk® Enterprise™ Log Management Role Supporting the ISO 27002 Framework E X E C U T I V E B R I E F
E X E C U T I V E B R I E F listen to your data 2 Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk reduction strategy. The ISO 27002 framework can be used to reduce risk for businesses large and small and it is particularly useful for businesses that operate in multiple countries and need to be compliant with many in-country regulations. The ISO 27002 framework provides specific guidance for securing enterprise and organizational data. Splunk® Enterprise™ enables enterprise security compliance across IT operations, the application management lifecycle, the data management lifecycle and security. Splunk Enterprise is a single system that supports all of these disciplines and gets everyone looking at problems through the same “data lens.” The result is operational and security intelligence with a focus on the issues that most concern the business: reputational risks, risks to core business functions that affect top-line revenues and compliance risks that affect reputation and the bottom line. Splunk software as a big data solution for security and an engine for machine data serves four primary functions that support ISO 27002: • Collects, stores and monitors log data throughout its collection, transportation, use and disposal • Helps protect the integrity of the log data making it useful as a definitive record of human-to-machine and machine-to-machine activities • Provides data masking capability coupled with role-based data views • Provides security intelligence through analytics and statistics to provide insights into system and human behaviors that can add risk to an organization See the chart below for the specific ways that Splunk supports key ISO 27002 areas for information security management. Key ISO 27002 Area How Splunk Supports ISO 27002 4.1 Assessing security risks Splunk is an engine for machine data that indexes large amounts of IT data and has analytics and visualization capabilities. Security and business teams can protect the most valuable company assets using Splunk. Once the parameters for “normal access” to critical company data is defined, Splunk Enterprise can be used to watch for access pattern anomalies based on access type, timing and the location of a given user accessing the data. Splunk can classify specific application and host data—and can generate automated searches and alerts to help minimize business risk. 6.1.1 Management commitment to information security With the ability to monitor for both known and unknown threats, Splunk Enterprise supports a management strategy that is focused on information security at a strategic level. For public companies this can mean listing cyber threats as a risk factor in the SEC 10-K document and listing their methodology for monitoring for malware that may remain hidden in the architecture for long periods of time. 6.1.2 Information security coordination Splunk Enterprise supports automated reports for specific security team members or executives. Also, the Splunk App for Enterprise Security supports workflows for assigning tasks to specific people, event re- classification, and recording and setting policy for specific discovered threats. 6.1.3 Allocation of information security responsibilities See 6.1.2 above. In addition, Splunk and the Splunk App for Enterprise Security provide tracking for specific security tasks related to security incidents and the metrics and monitoring of resolved security events. Splunk and the App for Enterprise Security can pull information from asset data bases to track data asset ownership. 6.1.8 Independent review of information security Splunk support digitally signing (or hashing) of data to prove data integrity. Many users facilitate audit requests by simply teaching the auditor how to explore data with Splunk.
E X E C U T I V E B R I E F listen to your data 3listen to your data 6.2.1 Identification of risks related to external parties Splunk can be used to monitor data coming from third parties to ensure that data integrity and records are complete. Splunk can also be used to monitor the performance of third-party service providers for SLA violations. Splunk can monitor transactions between in-house and third- party systems for performance and completeness of transactions. Splunk can monitor and provide metrics for email and web security systems. 7.1.1 Inventory of assets Splunk can perform asset discovery and monitor asset management systems for changes. Splunk can perform configuration reviews by monitoring file changes and system performance. 7.1.3 Acceptable use of assets Splunk can monitor patterns of use and user behavior to determine if employees are using their time effectively or if they are a risk to the company. 7.2.2 Information labeling and handling Splunk allows for meta-data to be added to data coming from specific systems to label the data or system as critical to the business. Splunk can monitor for changes to the configuration of the asset and the data contained on it and watch for changes that occur outside prescribed change windows. 8.1.1 Roles and responsibilities Splunk supports role-based access-control so access to information is granted based on a user’s specific role. Activity analysis can be performed using Splunk to ensure the separation of duties between individuals and/or established roles. User accounts in Splunk can be tied into Active Directory or LDAP for single-sign-on (SSO). 8.2.2 Information security awareness, education and training Splunk can be used to monitor eLearning systems to confirm employee compliance with security awareness training. 8.3.1 Termination responsibilities Splunk can be used to monitor terminated employee user accounts to verify that all accounts for a particular user have been closed. It can also watch and alert if process was not followed or if an account that should have been suspended suddenly becomes active. 8.3.2 Return of assets Splunk can monitor several systems to determine if a terminated employee’s company assets were returned. 8.3.3 Removal of access rights Splunk can monitor the process of removing access rights, for example when an employee moves between departments or is terminated. Splunk can also monitor user access to Active Directory. If a user is added or removed, Splunk can notify IT operations of the change so they can verify that it was authorized. 9.1.2 Physical entry controls Splunk can be used to monitor physical access to facilities and monitor established access patterns for unauthorized access. Data from Active Directory, physical access data and VPN data can be correlated to determine if a user has ‘tail-gated’ into the building. 9.1.4 Protecting against external and environmental threats Splunk can accept data in any format including data from building HVAC systems to measure temperature change and monitor for related physical threats. 9.2.1 Equipment sitting and protection Splunk can accept and monitor data from RFID systems and GPS information, so it can monitor and track the use of (RFID/GPS tagged) company trucks or equipment to protect against theft. 9.2.6 Secure disposal or reuse of equipment Splunk can monitor inventories of hardware throughout its lifecycle. For example, it can track the disposal of hard drives and provide an audit trail for each step in the process. 9.2.7 Removal of property See 9.2.1 Above 10.1.2 Change management Splunk can be used to monitor changes to systems and when they occurred and who performed the work and why. This is useful when tracking emergency verses scheduled downtimes for particular systems. Risk can be assessed by the number of unauthorized changes and can be tracked over time to document the increasing or decreasing level of risk to the business.
E X E C U T I V E B R I E F listen to your data 4listen to your data 10.1.3 Segregation of duties See 8.1.1 above 10.1.4 Separation of development, test and operational facilities Splunk allows access to production system logs for troubleshooting without needing to log onto production systems. This is a key audit requirement and prevents unauthorized changes to systems. 10.2.1 Third-party service delivery If a company has access to log data from their service provider, SLAs can be monitored with Splunk. Also, the lifecycle for data hosted by third parties can be monitored up to the point of disposal. SLAs can be trended over time to support service acquisition decisions. 10.2.2 See 10.2.1 Above. 10.3.1 Capacity management Splunk can monitor CPU utilization and other hardware performance information within a physical or virtual infrastructure. It can monitor thresholds over time to measure signs of performance degradation. Partial hardware failures such as fan breakdown or memory failure can be detected and monitored to support resource planning and acquisition decisions. Services can be monitored for performance of transactions across the IT architecture. This data can inform investigations of the service delivery architecture and enrich customer satisfaction metrics. Splunk supports benchmarking against normal performance and alerting on all parts of the IP stack. 10.3.2 System acceptance Splunk can drive decisions on system development as the ease of troubleshooting applications drives log formatting and revealing in log data what helps to diagnose problems. Splunk used during the QA process can benchmark performance differences between product releases. 10.4.1 Controls against malicious code Splunk supports the search for ‘known’ and ‘unknown threats’ Splunk monitors all aspects of anti-virus deployment, host configuration, email security, and web security products, and next-gen firewalls. These are known threats as reported by signature and rule based systems. Splunk can augment this data with DNS, DHCP, Physical Access data, Active directory log data, packet capture, and Flow data. Watching for time-based patterns that include geo-location data in this data can provide knowledge of malicious insider and persistent malware. Large data sets encourage creativity. Security can become more aligned with the business by focusing security on the most important data assets to the business. 10.5.1 Information backup Splunk can easily monitor data storage solutions for performance and data integrity. Splunk works with different data classifications to properly maintain regulatory compliance and corporate disposal processes. 10.6.1 Network controls Splunk supports role-based access controls for different network teams. Splunk can monitor HTTP, HTTPS, SSL VPN and application layer protocols from AppFlow or other load balancing data. Splunk can provide metrics for performance aspect of network hardware, configuration changes and network performance. Splunk can use log data to monitor data in transit for fidelity. 10.6.2 Security of network services See 10.6.1 and 10.4.1 10.7.1 Management of removable media Splunk can be used to track the use of removable media for use increases, which may indicate the need for employee security awareness training. 10.7.3 Information handling procedures Splunk can add meta-data for classification to facilitate data information categorization and management. 10.7.4 Security of system documentation Monitoring system operations and configuration in accordance with system documentation and performance specifications.
E X E C U T I V E B R I E F listen to your data 5 10.8.4 Electronic messaging Monitor log data form key management and storage systems. Splunk can monitor the authentication process. Splunk can monitor instant messaging communications and key pieces of text for compliance. Splunk can monitor twitter feeds to understand customer sentiment and reputational issues. 10.9.1 Electronic commerce Splunk can monitor and report on all aspects of the customer transaction watching for indicators and patterns of fraudulent activities and transaction errors. 10.9.2 Online transactions Splunk can monitor applications for incomplete from data and application error handling capabilities 10.10.1 Audit logging Splunk can monitor security systems for changes to their configuration in change windows and monitor user behavior. Splunk can pervade a definitive record for compliance audits. 10.10.2 Monitoring system use Splunk monitors account usage patterns determining the need for access by users. Splunk monitors the aspects of specific IT services to understand usage. 10.10.3 Protection of logged information Splunk can monitor hosts to monitor for attempted deletion of system log files. Splunk can ensure proper disposal of log data. 10.10.4 Administrator and operator logs Splunk monitors all user activities and provides a complete log of Splunk activities. Visualizations of trended data can reveal usage patterns 10.10.5 Fault logging Splunk can monitor and trend application faults over time creating development team accountability. 10.10.6 Clock synchronization Splunk can monitor systems to ensure they are synchronized using the NTP protocol. 11.1.1 Access control policy See 10.4.1 and Splunk can monitor the behaviors of usurers that have highly privileged account access to highly sensitive business data. Splunk supports HIPAA, SOX, and FFIEC, NIST 800-53 and other privacy related regulations and internal control framework objectives. 11.2.1 User registration Splunk can monitor the entire process of user registration and monitor for out-of policy user additions and procedure violations. 11.2.2 Privilege management Splunk can monitor privilege changes and monitor change metrics and access escalations. 11.2.3 User password management Splunk can monitor changes to files including the /etc/password file for compliance with change requirements. Splunk can monitor how rapidly change is made across monitored hosts. 11.3.1 Password use Splunk can monitor for hosts where no password is used for authentication. 11.3.2 Unattended user equipment Splunk can monitor for host inactivity and monitor data indicating the password screen saver is in use or doesn’t launch within a specific length of time. 11.4.2 User authentication for external connections Splunk can monitor VPN usage for remote access. Splunk can correlate local system access information with VPN usage and physical access data to monitor for stolen credentials. 11.4.5 Segregation in networks Splunk can monitor traffic between networks and watch for non-allowed traffic for network segregation. 11.5.2 User Identification and authentication Splunk can monitor the process of user authentication. The Splunk App for Enterprise Security can correlate all the access identities of a particular user to track and report on user behavior across the IT architecture. 11.5.4 Use of system utilities Use of system utilities is monitored through the use of their own applications logs in Splunk.
W H I T E P A P E R www.splunk.com 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com listen to your data Copyright © 2012 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # EB-Splunk-ISO-27002-101 11.5.5 Session time-outs Splunk can monitor open sessions and alert abnormally long or open sessions. 11.6.1 Information access registration Please see 12.2.1 – 12.3.1 11.6.2 Sensitive system isolation Splunk can be used to add meta-data and enrich data with classifications by type and criticality and sensitivity for risk reporting. 11.7.2 Teleworking Splunk can monitor remote access to systems via VPN log data and watch for abnormal patterns. 12.3.2 Key management Splunk can monitor software check-in systems for access and separation between development and QA teams. 12.4.1 Control of operational software Splunk can monitor access, configuration and performance of operational software. 12.4.3 Access control to program data Splunk can monitor software check-in systems for access and separation between development and QA teams. 12.5.1 Change control procedures Splunk can monitor systems for change and for violation of change control polities and procedures. 12.5.2 Technical review of applications after operating systems Splunk can monitor for changes to log formats and increases in application error rates. 12.5.4 Information leakage Splunk can monitor for abnormal patterns in system activities data and watch for signs of advanced persistent attackers and malware. 12.6.1 Control of technical vulnerabilities Splunk can monitor the ‘half-life’ of vulnerabilities in the IT architecture and report on them as metrics for patching systems. It can also monitor system uptime metrics. 13.1.1 Reporting information security events The Splunk App for Enterprise Security provides security event management alerting and reporting. 13.2.2 Learning from information security incidents The Splunk App for Enterprise Security provides a complete record of the incident classification and ownership changes with all comment records. These records can be searched by date and by text search. 13.2.3 Collection of evidence The Splunk App for Enterprise Security can take log data and security events and store them in an encrypted format using a free app on Splunkbase. 14.1.1 Information security in the business continuity management process During testing, application performance data can be monitored and analyzed to streamline software development and time to market. Where there are problems, Splunk can monitor risk and report on delayed time to market and lost revenue (sales). 15.1.4 Data protection and privacy of personal information See 10.4.1 and 11.1.1 15.2.1 Compliance with security policies and standards Splunk can automate the auditing of data integrity, availability and confidentiality across the enterprise to ensure compliance with security policies. Splunk can automate forensic investigation and run scripts to automate security-related actions. Free Download Download Splunk for free. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com.

Recommended

IRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET Journal
 
SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security ControlsCasey Wimmer
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Studyjoepanora
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and complianceActian Corporation
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyJonathanPritchard12
 

Recommended

IRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET-Managing Security of Systems by Data Collection
IRJET-Managing Security of Systems by Data CollectionIRJET Journal
 
SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security ControlsCasey Wimmer
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
McAfee CDCR Case Study
McAfee CDCR Case StudyMcAfee CDCR Case Study
McAfee CDCR Case Studyjoepanora
 
Ingres database and compliance
Ingres database and complianceIngres database and compliance
Ingres database and complianceActian Corporation
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyJonathanPritchard12
 
nist_vs_icd
nist_vs_icdnist_vs_icd
nist_vs_icdShashi Dabir
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
13 essential log_col_infog
13 essential log_col_infog13 essential log_col_infog
13 essential log_col_infoghuynhvanphuc
 
Event mgt feb09
Event mgt feb09Event mgt feb09
Event mgt feb09pladott11
 
Session Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior RecorderSession Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior RecorderBMST
 
CSEC630_TeamAssignment_TeamBlazer_FINAL
CSEC630_TeamAssignment_TeamBlazer_FINALCSEC630_TeamAssignment_TeamBlazer_FINAL
CSEC630_TeamAssignment_TeamBlazer_FINALRonald Jackson, Jr
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage PreventionIRJET Journal
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safeALI ANWAR, OCPÂŽ
 
Glossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyGlossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyDavid Sweigert
 
GDPR
GDPRGDPR
GDPRRajivarnan R
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)James W. De Rienzo
 
Events Classification in Log Audit
Events Classification in Log Audit Events Classification in Log Audit
Events Classification in Log Audit IJNSA Journal
 
Information security risk
Information security riskInformation security risk
Information security riskEtsegenet Fisseha
 
A self adaptive learning approach for optimum path evaluation of process for ...
A self adaptive learning approach for optimum path evaluation of process for ...A self adaptive learning approach for optimum path evaluation of process for ...
A self adaptive learning approach for optimum path evaluation of process for ...Alexander Decker
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET Journal
 
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET Journal
 
Sustainable Logging – SplunkLive! 2014
Sustainable Logging – SplunkLive! 2014Sustainable Logging – SplunkLive! 2014
Sustainable Logging – SplunkLive! 2014Paul Gilowey
 
IT Career Opportunities
IT Career OpportunitiesIT Career Opportunities
IT Career Opportunitiessamsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms ComplianceRamkumar Ramachandran
 
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...IndependentCertificationServices
 

More Related Content

What's hot

Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
13 essential log_col_infog
13 essential log_col_infog13 essential log_col_infog
13 essential log_col_infoghuynhvanphuc
 
Event mgt feb09
Event mgt feb09Event mgt feb09
Event mgt feb09pladott11
 
Session Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior RecorderSession Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior RecorderBMST
 
CSEC630_TeamAssignment_TeamBlazer_FINAL
CSEC630_TeamAssignment_TeamBlazer_FINALCSEC630_TeamAssignment_TeamBlazer_FINAL
CSEC630_TeamAssignment_TeamBlazer_FINALRonald Jackson, Jr
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage PreventionIRJET Journal
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Glossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyGlossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyDavid Sweigert
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)James W. De Rienzo
 
Events Classification in Log Audit
Events Classification in Log Audit Events Classification in Log Audit
Events Classification in Log Audit IJNSA Journal
 
Information security risk
Information security riskInformation security risk
Information security riskEtsegenet Fisseha
 
A self adaptive learning approach for optimum path evaluation of process for ...
A self adaptive learning approach for optimum path evaluation of process for ...A self adaptive learning approach for optimum path evaluation of process for ...
A self adaptive learning approach for optimum path evaluation of process for ...Alexander Decker
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET Journal
 
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET Journal
 

What's hot (17)

nist_vs_icd
nist_vs_icdnist_vs_icd
nist_vs_icd
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
13 essential log_col_infog
13 essential log_col_infog13 essential log_col_infog
13 essential log_col_infog
 
Event mgt feb09
Event mgt feb09Event mgt feb09
Event mgt feb09
 
Session Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior RecorderSession Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior Recorder
 
CSEC630_TeamAssignment_TeamBlazer_FINAL
CSEC630_TeamAssignment_TeamBlazer_FINALCSEC630_TeamAssignment_TeamBlazer_FINAL
CSEC630_TeamAssignment_TeamBlazer_FINAL
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage Prevention
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Glossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST VocabularyGlossary - Standard Security Terms - NIST Vocabulary
Glossary - Standard Security Terms - NIST Vocabulary
 
GDPR
GDPRGDPR
GDPR
 
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
RMF Step 4: ASSESS (NIST SP 800-53A Rev.1)
 
Events Classification in Log Audit
Events Classification in Log Audit Events Classification in Log Audit
Events Classification in Log Audit
 
Information security risk
Information security riskInformation security risk
Information security risk
 
A self adaptive learning approach for optimum path evaluation of process for ...
A self adaptive learning approach for optimum path evaluation of process for ...A self adaptive learning approach for optimum path evaluation of process for ...
A self adaptive learning approach for optimum path evaluation of process for ...
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
 
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
 

Viewers also liked

Sustainable Logging – SplunkLive! 2014
Sustainable Logging – SplunkLive! 2014Sustainable Logging – SplunkLive! 2014
Sustainable Logging – SplunkLive! 2014Paul Gilowey
 
IT Career Opportunities
IT Career OpportunitiesIT Career Opportunities
IT Career Opportunitiessamsontamwaiho
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms ComplianceRamkumar Ramachandran
 
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...IndependentCertificationServices
 
Nbr iso 27002
Nbr iso 27002Nbr iso 27002
Nbr iso 27002thedill
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT ProcessesNatarajan V
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Viewers also liked (16)

Sustainable Logging – SplunkLive! 2014
Sustainable Logging – SplunkLive! 2014Sustainable Logging – SplunkLive! 2014
Sustainable Logging – SplunkLive! 2014
 
IT Career Opportunities
IT Career OpportunitiesIT Career Opportunities
IT Career Opportunities
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms Compliance
 
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...Iso 27000 it management systems presentation peter greenham iigi fwr group i...
Iso 27000 it management systems presentation peter greenham iigi fwr group i...
 
Nbr iso 27002
Nbr iso 27002Nbr iso 27002
Nbr iso 27002
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT Processes
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Role of compliance in security audits
Role of compliance in security auditsRole of compliance in security audits
Role of compliance in security audits
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Information security management
Information security managementInformation security management
Information security management
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 

Similar to Splunk guide for_iso_27002

Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_securityGreg Hanchin
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrmGreg Hanchin
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fismaGreg Hanchin
 
Splunk for security
Splunk for securitySplunk for security
Splunk for securityGreg Hanchin
 
Splunk Architecture - A complete guide
Splunk Architecture - A complete guideSplunk Architecture - A complete guide
Splunk Architecture - A complete guideHKRTrainings
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_altoGreg Hanchin
 
SplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunk
 
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...Splunk
 
Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh D
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
 
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Deepak Mishra
 
Splunk for application_management
Splunk for application_managementSplunk for application_management
Splunk for application_managementGreg Hanchin
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Splunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 

Similar to Splunk guide for_iso_27002 (20)

Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_security
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrm
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fisma
 
Splunk for security
Splunk for securitySplunk for security
Splunk for security
 
Splunk Architecture - A complete guide
Splunk Architecture - A complete guideSplunk Architecture - A complete guide
Splunk Architecture - A complete guide
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_alto
 
SplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - Interac
 
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
 
Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner Event
 
Manage Engine Log 360
Manage Engine Log 360Manage Engine Log 360
Manage Engine Log 360
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Report: Study and Implementation of Advance Intrusion Detection and Preventio...
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
 
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
Study And Implemenataion Of Advance Intrusion Detection And Prevention Sysyte...
 
Splunk for application_management
Splunk for application_managementSplunk for application_management
Splunk for application_management
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
 

More from Greg Hanchin

NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threatGreg Hanchin
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43courseGreg Hanchin
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administrationGreg Hanchin
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Greg Hanchin
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 courseGreg Hanchin
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43courseGreg Hanchin
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline Greg Hanchin
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionGreg Hanchin
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk courseGreg Hanchin
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsGreg Hanchin
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_briefGreg Hanchin
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduceGreg Hanchin
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktopGreg Hanchin
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5Greg Hanchin
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connectGreg Hanchin
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directoryGreg Hanchin
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windowsGreg Hanchin
 

More from Greg Hanchin (20)

NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNK
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchange
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threat
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43course
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administration
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 course
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43course
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class description
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk course
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class Details
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_brief
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduce
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktop
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connect
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directory
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windows
 

Recently uploaded

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vĂĄzquez
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Recently uploaded (20)

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Splunk guide for_iso_27002

  • 1. SplunkÂŽ Enterprise™ Log Management Role Supporting the ISO 27002 Framework E X E C U T I V E B R I E F
  • 2. E X E C U T I V E B R I E F listen to your data 2 Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk reduction strategy. The ISO 27002 framework can be used to reduce risk for businesses large and small and it is particularly useful for businesses that operate in multiple countries and need to be compliant with many in-country regulations. The ISO 27002 framework provides specific guidance for securing enterprise and organizational data. SplunkÂŽ Enterprise™ enables enterprise security compliance across IT operations, the application management lifecycle, the data management lifecycle and security. Splunk Enterprise is a single system that supports all of these disciplines and gets everyone looking at problems through the same “data lens.” The result is operational and security intelligence with a focus on the issues that most concern the business: reputational risks, risks to core business functions that affect top-line revenues and compliance risks that affect reputation and the bottom line. Splunk software as a big data solution for security and an engine for machine data serves four primary functions that support ISO 27002: • Collects, stores and monitors log data throughout its collection, transportation, use and disposal • Helps protect the integrity of the log data making it useful as a definitive record of human-to-machine and machine-to-machine activities • Provides data masking capability coupled with role-based data views • Provides security intelligence through analytics and statistics to provide insights into system and human behaviors that can add risk to an organization See the chart below for the specific ways that Splunk supports key ISO 27002 areas for information security management. Key ISO 27002 Area How Splunk Supports ISO 27002 4.1 Assessing security risks Splunk is an engine for machine data that indexes large amounts of IT data and has analytics and visualization capabilities. Security and business teams can protect the most valuable company assets using Splunk. Once the parameters for “normal access” to critical company data is defined, Splunk Enterprise can be used to watch for access pattern anomalies based on access type, timing and the location of a given user accessing the data. Splunk can classify specific application and host data—and can generate automated searches and alerts to help minimize business risk. 6.1.1 Management commitment to information security With the ability to monitor for both known and unknown threats, Splunk Enterprise supports a management strategy that is focused on information security at a strategic level. For public companies this can mean listing cyber threats as a risk factor in the SEC 10-K document and listing their methodology for monitoring for malware that may remain hidden in the architecture for long periods of time. 6.1.2 Information security coordination Splunk Enterprise supports automated reports for specific security team members or executives. Also, the Splunk App for Enterprise Security supports workflows for assigning tasks to specific people, event re- classification, and recording and setting policy for specific discovered threats. 6.1.3 Allocation of information security responsibilities See 6.1.2 above. In addition, Splunk and the Splunk App for Enterprise Security provide tracking for specific security tasks related to security incidents and the metrics and monitoring of resolved security events. Splunk and the App for Enterprise Security can pull information from asset data bases to track data asset ownership. 6.1.8 Independent review of information security Splunk support digitally signing (or hashing) of data to prove data integrity. Many users facilitate audit requests by simply teaching the auditor how to explore data with Splunk.
  • 3. E X E C U T I V E B R I E F listen to your data 3listen to your data 6.2.1 Identification of risks related to external parties Splunk can be used to monitor data coming from third parties to ensure that data integrity and records are complete. Splunk can also be used to monitor the performance of third-party service providers for SLA violations. Splunk can monitor transactions between in-house and third- party systems for performance and completeness of transactions. Splunk can monitor and provide metrics for email and web security systems. 7.1.1 Inventory of assets Splunk can perform asset discovery and monitor asset management systems for changes. Splunk can perform configuration reviews by monitoring file changes and system performance. 7.1.3 Acceptable use of assets Splunk can monitor patterns of use and user behavior to determine if employees are using their time effectively or if they are a risk to the company. 7.2.2 Information labeling and handling Splunk allows for meta-data to be added to data coming from specific systems to label the data or system as critical to the business. Splunk can monitor for changes to the configuration of the asset and the data contained on it and watch for changes that occur outside prescribed change windows. 8.1.1 Roles and responsibilities Splunk supports role-based access-control so access to information is granted based on a user’s specific role. Activity analysis can be performed using Splunk to ensure the separation of duties between individuals and/or established roles. User accounts in Splunk can be tied into Active Directory or LDAP for single-sign-on (SSO). 8.2.2 Information security awareness, education and training Splunk can be used to monitor eLearning systems to confirm employee compliance with security awareness training. 8.3.1 Termination responsibilities Splunk can be used to monitor terminated employee user accounts to verify that all accounts for a particular user have been closed. It can also watch and alert if process was not followed or if an account that should have been suspended suddenly becomes active. 8.3.2 Return of assets Splunk can monitor several systems to determine if a terminated employee’s company assets were returned. 8.3.3 Removal of access rights Splunk can monitor the process of removing access rights, for example when an employee moves between departments or is terminated. Splunk can also monitor user access to Active Directory. If a user is added or removed, Splunk can notify IT operations of the change so they can verify that it was authorized. 9.1.2 Physical entry controls Splunk can be used to monitor physical access to facilities and monitor established access patterns for unauthorized access. Data from Active Directory, physical access data and VPN data can be correlated to determine if a user has ‘tail-gated’ into the building. 9.1.4 Protecting against external and environmental threats Splunk can accept data in any format including data from building HVAC systems to measure temperature change and monitor for related physical threats. 9.2.1 Equipment sitting and protection Splunk can accept and monitor data from RFID systems and GPS information, so it can monitor and track the use of (RFID/GPS tagged) company trucks or equipment to protect against theft. 9.2.6 Secure disposal or reuse of equipment Splunk can monitor inventories of hardware throughout its lifecycle. For example, it can track the disposal of hard drives and provide an audit trail for each step in the process. 9.2.7 Removal of property See 9.2.1 Above 10.1.2 Change management Splunk can be used to monitor changes to systems and when they occurred and who performed the work and why. This is useful when tracking emergency verses scheduled downtimes for particular systems. Risk can be assessed by the number of unauthorized changes and can be tracked over time to document the increasing or decreasing level of risk to the business.
  • 4. E X E C U T I V E B R I E F listen to your data 4listen to your data 10.1.3 Segregation of duties See 8.1.1 above 10.1.4 Separation of development, test and operational facilities Splunk allows access to production system logs for troubleshooting without needing to log onto production systems. This is a key audit requirement and prevents unauthorized changes to systems. 10.2.1 Third-party service delivery If a company has access to log data from their service provider, SLAs can be monitored with Splunk. Also, the lifecycle for data hosted by third parties can be monitored up to the point of disposal. SLAs can be trended over time to support service acquisition decisions. 10.2.2 See 10.2.1 Above. 10.3.1 Capacity management Splunk can monitor CPU utilization and other hardware performance information within a physical or virtual infrastructure. It can monitor thresholds over time to measure signs of performance degradation. Partial hardware failures such as fan breakdown or memory failure can be detected and monitored to support resource planning and acquisition decisions. Services can be monitored for performance of transactions across the IT architecture. This data can inform investigations of the service delivery architecture and enrich customer satisfaction metrics. Splunk supports benchmarking against normal performance and alerting on all parts of the IP stack. 10.3.2 System acceptance Splunk can drive decisions on system development as the ease of troubleshooting applications drives log formatting and revealing in log data what helps to diagnose problems. Splunk used during the QA process can benchmark performance differences between product releases. 10.4.1 Controls against malicious code Splunk supports the search for ‘known’ and ‘unknown threats’ Splunk monitors all aspects of anti-virus deployment, host configuration, email security, and web security products, and next-gen firewalls. These are known threats as reported by signature and rule based systems. Splunk can augment this data with DNS, DHCP, Physical Access data, Active directory log data, packet capture, and Flow data. Watching for time-based patterns that include geo-location data in this data can provide knowledge of malicious insider and persistent malware. Large data sets encourage creativity. Security can become more aligned with the business by focusing security on the most important data assets to the business. 10.5.1 Information backup Splunk can easily monitor data storage solutions for performance and data integrity. Splunk works with different data classifications to properly maintain regulatory compliance and corporate disposal processes. 10.6.1 Network controls Splunk supports role-based access controls for different network teams. Splunk can monitor HTTP, HTTPS, SSL VPN and application layer protocols from AppFlow or other load balancing data. Splunk can provide metrics for performance aspect of network hardware, configuration changes and network performance. Splunk can use log data to monitor data in transit for fidelity. 10.6.2 Security of network services See 10.6.1 and 10.4.1 10.7.1 Management of removable media Splunk can be used to track the use of removable media for use increases, which may indicate the need for employee security awareness training. 10.7.3 Information handling procedures Splunk can add meta-data for classification to facilitate data information categorization and management. 10.7.4 Security of system documentation Monitoring system operations and configuration in accordance with system documentation and performance specifications.
  • 5. E X E C U T I V E B R I E F listen to your data 5 10.8.4 Electronic messaging Monitor log data form key management and storage systems. Splunk can monitor the authentication process. Splunk can monitor instant messaging communications and key pieces of text for compliance. Splunk can monitor twitter feeds to understand customer sentiment and reputational issues. 10.9.1 Electronic commerce Splunk can monitor and report on all aspects of the customer transaction watching for indicators and patterns of fraudulent activities and transaction errors. 10.9.2 Online transactions Splunk can monitor applications for incomplete from data and application error handling capabilities 10.10.1 Audit logging Splunk can monitor security systems for changes to their configuration in change windows and monitor user behavior. Splunk can pervade a definitive record for compliance audits. 10.10.2 Monitoring system use Splunk monitors account usage patterns determining the need for access by users. Splunk monitors the aspects of specific IT services to understand usage. 10.10.3 Protection of logged information Splunk can monitor hosts to monitor for attempted deletion of system log files. Splunk can ensure proper disposal of log data. 10.10.4 Administrator and operator logs Splunk monitors all user activities and provides a complete log of Splunk activities. Visualizations of trended data can reveal usage patterns 10.10.5 Fault logging Splunk can monitor and trend application faults over time creating development team accountability. 10.10.6 Clock synchronization Splunk can monitor systems to ensure they are synchronized using the NTP protocol. 11.1.1 Access control policy See 10.4.1 and Splunk can monitor the behaviors of usurers that have highly privileged account access to highly sensitive business data. Splunk supports HIPAA, SOX, and FFIEC, NIST 800-53 and other privacy related regulations and internal control framework objectives. 11.2.1 User registration Splunk can monitor the entire process of user registration and monitor for out-of policy user additions and procedure violations. 11.2.2 Privilege management Splunk can monitor privilege changes and monitor change metrics and access escalations. 11.2.3 User password management Splunk can monitor changes to files including the /etc/password file for compliance with change requirements. Splunk can monitor how rapidly change is made across monitored hosts. 11.3.1 Password use Splunk can monitor for hosts where no password is used for authentication. 11.3.2 Unattended user equipment Splunk can monitor for host inactivity and monitor data indicating the password screen saver is in use or doesn’t launch within a specific length of time. 11.4.2 User authentication for external connections Splunk can monitor VPN usage for remote access. Splunk can correlate local system access information with VPN usage and physical access data to monitor for stolen credentials. 11.4.5 Segregation in networks Splunk can monitor traffic between networks and watch for non-allowed traffic for network segregation. 11.5.2 User Identification and authentication Splunk can monitor the process of user authentication. The Splunk App for Enterprise Security can correlate all the access identities of a particular user to track and report on user behavior across the IT architecture. 11.5.4 Use of system utilities Use of system utilities is monitored through the use of their own applications logs in Splunk.
  • 6. W H I T E P A P E R www.splunk.com 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com listen to your data Copyright Š 2012 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # EB-Splunk-ISO-27002-101 11.5.5 Session time-outs Splunk can monitor open sessions and alert abnormally long or open sessions. 11.6.1 Information access registration Please see 12.2.1 – 12.3.1 11.6.2 Sensitive system isolation Splunk can be used to add meta-data and enrich data with classifications by type and criticality and sensitivity for risk reporting. 11.7.2 Teleworking Splunk can monitor remote access to systems via VPN log data and watch for abnormal patterns. 12.3.2 Key management Splunk can monitor software check-in systems for access and separation between development and QA teams. 12.4.1 Control of operational software Splunk can monitor access, configuration and performance of operational software. 12.4.3 Access control to program data Splunk can monitor software check-in systems for access and separation between development and QA teams. 12.5.1 Change control procedures Splunk can monitor systems for change and for violation of change control polities and procedures. 12.5.2 Technical review of applications after operating systems Splunk can monitor for changes to log formats and increases in application error rates. 12.5.4 Information leakage Splunk can monitor for abnormal patterns in system activities data and watch for signs of advanced persistent attackers and malware. 12.6.1 Control of technical vulnerabilities Splunk can monitor the ‘half-life’ of vulnerabilities in the IT architecture and report on them as metrics for patching systems. It can also monitor system uptime metrics. 13.1.1 Reporting information security events The Splunk App for Enterprise Security provides security event management alerting and reporting. 13.2.2 Learning from information security incidents The Splunk App for Enterprise Security provides a complete record of the incident classification and ownership changes with all comment records. These records can be searched by date and by text search. 13.2.3 Collection of evidence The Splunk App for Enterprise Security can take log data and security events and store them in an encrypted format using a free app on Splunkbase. 14.1.1 Information security in the business continuity management process During testing, application performance data can be monitored and analyzed to streamline software development and time to market. Where there are problems, Splunk can monitor risk and report on delayed time to market and lost revenue (sales). 15.1.4 Data protection and privacy of personal information See 10.4.1 and 11.1.1 15.2.1 Compliance with security policies and standards Splunk can automate the auditing of data integrity, availability and confidentiality across the enterprise to ensure compliance with security policies. Splunk can automate forensic investigation and run scripts to automate security-related actions. Free Download Download Splunk for free. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com.