This document discusses building an analytics-driven security operations center (SOC). It begins with an overview of traditional SOCs and their limitations, such as focusing primarily on alerts. It then discusses emerging trends in security operations that are driving the need for an analytics-driven SOC, such as the focus on detection and response. The document proposes seven enablers for building an analytics-driven SOC using Splunk, including selecting the right sourcing strategy, adopting an adaptive security architecture, optimizing threat intelligence management, deploying advanced analytics like machine learning, enabling proactive threat hunting, promoting automation and efficiency, and driving broader enterprise insights.
55. Next Step:
Splunk Security Workshops
SIEM+/SOC Readiness, Security Use Case Definition, Security
Data Source Assessment, Security Automation, Security Business
& Risk Visualisation…......
• Scope data sources, use cases and volumes
• Security Analytics & SOC Building
• Adding Machine Learning to SecOps
• Learn how to visualize security success for the
business
• Data privacy & protection
Contact your Splunk representative to find out how to schedule
56. Threat Activity Dashboard
Splunk Quick Start for Security Analytics & SOC
Rapidly Determine Advanced Malware and Threat Activity
Malware Center Dashboard
59. Learn:
How Travis Perkins built
a SOC in the Cloud
blogs.splunk.com
Learn:
Three Tips from Cisco’s
CSIRT using Splunk
isc2.org
Try it yourself:
Splunk Enterprise Security
in our Sandbox with 50+
Data Sources
splunk.com