O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Splunk Discovery Day Dubai 2017 - Security Keynote

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Carregando em…3
×

Confira estes a seguir

1 de 30 Anúncio

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Semelhante a Splunk Discovery Day Dubai 2017 - Security Keynote (20)

Anúncio

Mais de Splunk (20)

Mais recentes (20)

Anúncio

Splunk Discovery Day Dubai 2017 - Security Keynote

  1. 1. Copyright © 2016 Splunk Inc. James Hanlon MSc, CISSP, CISM Security Markets Director, EMEA Splunk Security Vision, Strategy & Platform
  2. 2. Copyright © 2016 Splunk Inc. The State of Security 2017
  3. 3. Adversary & Threat Campaigns Evolve “Middle East cyber attacks are more often and more severe” [PWC, 2016] Shamoon 2 Shadow BrokerGreen Bug
  4. 4. Tools Process People Scale “Alerts” not “Insights” Not Optimized Alert Overload Across Environments Security is Still Reactive
  5. 5. https://www.sans.org/security-resources/posters/leadership/security-leadership-poster-135 The Challenges of Cyber Leadership ✘Board Level Driven ✘End to End Visibility ✘Complexity & Silo’s ✘Emerging Technology ✘Security Agility ✘Security Operations Efficiency
  6. 6. Copyright © 2016 Splunk Inc. Splunk Security Vision & Strategy
  7. 7. Key 2017 Security Technology Enablers Security Alerting Only Context Based Prioritization Monitoring Only Monitoring Automation Human Authoring Only Human-Machine Authoring RiskDrivenSecurity
  8. 8. Assume you are compromised! Recipe for reducing the breach gap Event Aggregation Incident Creation Investigation & Response Investigative Platform ▶ Flexible Analyst Visualisation ▶ Provide automation with security solutions & tooling ▶ Security operations orchestration & threat hunting Simple Detection ▶ Rules & Statistics ▶ Quick development ▶ Easy for analysts Advanced Detection ▶ Detect unknown ▶ New vectors ▶ Machine learning Event Management ▶ Fast data onboarding ▶ Manage High Volume ▶ Track Entity Relationships Alert Simplification Incident (Contextual Enrichment) Decrease MTTR
  9. 9. SPLUNK IS THE Security Analytics Nerve Center App Endpoint /Server Cloud Threat Intelligence Firewall Web Proxy Internal Network Security Identity Network Our Vision
  10. 10. Splunk Security Portfolio • Risky behavior detection • Advanced attacks & insider • Entity profiling Enterprise Security Response • Security analytics (SOC) platform • Incident response workflow • Adaptive response • OOB key security metrics Splunk Enterprise Detection Realm of Known Human-driven Splunk Security Essentials/UBA Detection Realm of Unknown ML-driven • Any data log aggregation • Rules, statistics, correlation • Search, visualize & hunt Our Platform
  11. 11. 111 Splunk Positioned as a Leader in Gartner 2016 Magic Quadrant for Security Information and Event Management *Gartner, Inc., 2016 Magic Quadrant for Security Information and Event Management, and CriticalCapabilities for Security Informationand Event Management, Oliver Rochford, Kelly M. Kavanagh, Toby Bussa. 10 August 2016 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is availableupon request from Splunk. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Four Years in a Row as a Leader Furthest overall in Completeness of Vision Splunk also scores highest in 2016 Critical Capabilities for SIEM report in all three Use Cases
  12. 12. 12 Why Splunk for Security Analytics? 1 Rapid Security Operationalization with fast data onboarding & any data investigation 2 Security Agility Differentiated Security Technology Demonstrability through Industry Leadership 4 Agility through Cloud, On-premise, Hybrid & MSSP Delivery Models 1 Assurance through 1000’s of Existing Splunk Security Customers 3 Optimal value realization through 1000+ Community App Ecosystem 6 ROI through Security & Non Security Use Cases support 5 Support for Advanced Analytics Use Cases & Machine Learning Security 8 Security Orchestration, Visualisation, Workflow & Automation 7 Security Assurance IT Value Realisation Security Capability Our Value
  13. 13. Copyright © 2016 Splunk Inc. Splunk Security Platform
  14. 14. 1. Select an Appropriate Sourcing Strategy 1 2 3 4 On Premise Cloud Only Hybrid Spilt Technology & SOC Provider Models To Prevent, Detect, Respond and Predict:
  15. 15. © 2017 SPLUNK INC. Customer ▶ UK’s largest building and construction supplier ▶ 20+ business units in group & 27,0000 employees Challenges ▶ Failed previous SIEM project ▶ Complex mix of legacy on premise and cloud solutions ▶ Difficult ingesting data sources for visibility ▶ Limited security personnel Customer Solution: Splunk Enterprise & Splunk Enterprise Security ▶ Fast time from data ingestion to obtaining security insight ▶ Splunk Cloud removes pain from managing host infrastructure ▶ Intrinsic Splunk ES risk scoring has been pivotal in multiple cyber incidents ▶ Architecture design now serving non security use cases (IT Event Monitoring) RETAIL Building a Lean ‘Cloud’ SOC Splunk Security: Fast Time to Value
  16. 16. • Use rules to automate routine aspects of detection and investigation • Extract insights from existing security controls by use of common interface • Take actions with confidence for faster decisions and response • Automate any process along the continuous monitoring, response and analytics cycle 2. Promote Security Automation & Human Efficiency Splunk Adaptive Response Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall To Prevent, Detect, Respond and Predict
  17. 17. • Automatically collect, aggregate and de-duplicate threat feeds from a broad set of sources • Support for STIX/TAXII, OpenIOC, Facebook • Build your own data to create your own Threat Intel • Out of the box Activity and Artifact dashboards 3. Harness Threat Intelligence ▶ Determine impact on network, assets ▶ Use for analysis / IR ▶ Collect / provide forensics ▶ Use to hunt / uncover / link events ▶ Share info with partners Law Enforcement Feeds ISAC Feeds Agency Feed Commercial Service Community Feed Open-Source Feed Other Enrichment Services To Prevent, Detect, Respond and Predict:
  18. 18. 4. Drive Threat Hunting Maturity Enrichment Automation Search & Visualization Hypotheses Automated Analytics Data Science and Machine Learning Data and Intelligence Enrichment Data Search Visualisation Threat Hunting Enablement Integrated & out of the box automation tooling from artifact query, contextual “swim-lane analysis”, anomaly & time series analysis to advanced data science leveraging machine learning Threat Hunting Data Enrichment Enrich data with context and threat-intel across the stack or time to discern deeper patterns or relationships Search & Visualize Relationships for Faster Hunting Search and correlate data while visually fusing results for faster context, analysis and insight Ingest & Onboard Any Threat Hunting Machine Data Source Enable fast ingestion of any machine data through efficient indexing, a big data real time architecture and ‘schema on the read’ technology DATA MATURITY To Prevent, Detect, Respond and Predict:
  19. 19. © 2017 SPLUNK INC. Customer ▶ EU Intuitions own Computer Emergency Response Team (CERT) ▶ Supports 60 organizations across Europe supporting 100,000 end users Challenges ▶ Ingestion from many sources ▶ Constituents: very high value targets ▶ Complex decentralized, heterogeneous environment ▶ Need to correlate everything with everything: file-less lateral movements, bypassing protection layers, phishing attacks Customer Solution: Splunk Enterprise ▶ Provides common language and conventions to control all data (CIM) ▶ Drives time saving & reduces human error while increased visibility ▶ Enables any data & intelligence correlation. Easily integrates with custom security tooling via open API’s ▶ Two tier architecture with end users in control of their data GOVERNMENT Enabling EU Cyber Response Splunk Security: Trusted vhttps://de.slideshare.net/Splunk/splunk-live-utrecht-2016-cert-eu
  20. 20. https://splunkbase.splunk.com/app/3435/ Identify User & Entity Behavior Analytics threats in your environment:  FoC 55+ common UBA use cases common, all available through Splunk Enterprise  Target external attackers and insider threat  Scales from small to massive companies  Splunk app results sent to Splunk Enterprise Security & Splunk User Behavioral Analytics (UBA) solutions 5. Deploy Advanced Analytics – Native ML and UBA To Prevent, Detect, Respond and Predict:
  21. 21. SECURITY & RISK IT OPERATIONS BUSINESS ANALYTICS SAME DATA Of theAsking differentDifferent PEOPLE QUESTIONS 50-90% security data that can be re-used for additional non security business value Online Services SplunkCustomer ValueExamples $11m Benefit Increased revenue from higher uptime High Tech $25m Benefit Increased revenue from higher uptime Oil & Gas $200m Benefit Revenues from Preventing APT’s Transportation $1b Benefit Optimisation with Sensor Data 6.From Security to Enterprise Data Insights
  22. 22. © 2017 SPLUNK INC. Customer ▶ Third largest retail bank in Switzerland with 3m+ customer ▶ No 1 online payments provider Challenges ▶ Protecting financial assets & customer is a top priority ▶ Data ingestion and security insight ▶ Highly manual security analysis and reporting ▶ Cultural and organizational barriers to effective security Customer Solution: Splunk Enterprise ▶ Risk reduction through E-payment & debit card fraud detection ▶ Increased visibility & security automation for online banking, payment processing, customer data protection such as phishing attack workflows FINANCE Connecting Business & Security at a Swiss Bank Splunk Security: Business Value https://conf.splunk.com/session/2015/conf2015_PHoffman_PostFinance_UsingSplunkSearchLanguage_HowSplunkConnectsBusiness.pdf
  23. 23. Splunk Security Portfolio • Risky behavior detection • Advanced attacks & insider • Entity profiling Enterprise Security Response • Security analytics (SOC) platform • Incident response workflow • Adaptive response • OOB key security metrics Splunk Enterprise Detection Realm of Known Human-driven Splunk Security Essentials/UBA Detection Realm of Unknown ML-driven • Any data log aggregation • Rules, statistics, correlation • Search, visualize & hunt
  24. 24. Threat Activity Dashboard Splunk Quick Start for Security Analytics Rapidly Determine Advanced Malware and Threat Activity Malware Center Dashboard
  25. 25. © 2017 SPLUNK INC. • 5,000+ IT and Business Professionals • 175+ Sessions • 80+ Customer Speakers PLUS Splunk University • Three days: Sept 23-25, 2017 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP SEPT 25-28, 2017 Walter E. Washington Convention Center Washington, D.C. CONF.SPLUNK.COM .conf2017: The 8th Annual Splunk Conference
  26. 26. © 2017 SPLUNK INC. May 4th, 2017 H Hotel One Sheikh Zayed Road, Dubai, U.A.E. Dubai Splunk User Group
  27. 27. Thank You
  28. 28. 28 Agenda 28 09:30-10:00 Welcome & Journey to Operational Intelligence, Nordine Aamchoune, Regional Sales Director, Splunk / Hash Basu-Choudhuri, Sales Engineering Director, Splunk 10:00-10:30 Splunk Security Vision, Strategy & Platform, James Hanlon, Security Markets Director, Splunk 10:30-11:00 Customer Use Case – Darkmatter, Eric Eifert, SVP Security Services 11:00-11:30 Break 11:30 -13:00 Splunk for Security & Splunk for IT Operations, George Merhej, Senior Sales Engineer 13:00 - 14:00 Lunch 14:00 Event concludes
  29. 29. © 2017 SPLUNK INC. Customer ▶ Operate in 60 counties with over 45,000 Employees ▶ 29 engineering and project execution centers and 5 fabrication yards Challenges ▶ Needed to gain operational visibility into distributed infrastructure ▶ Unable to meet compliance needs (PCI, ISO27001, SOX, Privacy) ▶ Struggling with governance of IT Operations ▶ Inability to reports holistically across all domains Customer Solution (Splunk Enterprise) ▶ Real time data insights across Security, ITOps & Application Development ▶ Line of Business security risk reporting ▶ SIEM with One ‘dashboard’ to rule them all ▶ IT Operations, application, server reboot, software license utilization monitoring OIL & GAS All you can eat data! Splunk Security: Build an Enterprise Fabric from Security
  30. 30. Focus Areas for Immediate Security Improvement Prevent, Detect, Respond and Predict: Network, Endpoint & Infrastructure (i.e. patching) Detect, Correlate, Automate Privileged Users Access, User Awareness Security Analytics Enforce Critical Controls Users & Access

×