Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktionalitäten in Splunk Enterprise Security und UBA

2. Legal Notices During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release.

3. Today’s Speakers Rene Siekermann – Sales Engineer – Splunk Matthias Maier • Product Marketing Manager • Splunk

4. General Information about Webinars • After the webinar you’ll get an E-Mail containing: • Recording of the Webinar • Link to Slideshare with this Presentation • Ask your questions during the Webinar and we will go through them in a Q&A Session at the End

5. CYBER CRIMINALS MALICIOUS INSIDERS NATION STATES

6. The Ever-Changing Threat Landscape 53% Victims notified by external entity 100% Valid credentials were used 229 Median # of days before detection Source: Mandiant M-Trends Report 2012-2016

7. Splunk – Analytics-Driven Security • APT detection/hunting (kill chain method) • Counter threat automation • Threat Intelligence aggregation (internal & external) • Fraud detection – ATO, account abuse • Insider threat detection • Replace SIEM @ lower TCO, increase maturity • Augment SIEM @ increase coverage & agility • Compliance monitoring, reporting, auditing • Log retention, storage, monitoring, auditing • Continuous monitoring/evaluation • Incident response and forensic investigation • Event searching, reporting, monitoring & correlation • Rapid learning loop, shorten discover/detect cycle • Rapid insight from all data • Fraud analyst • Threat Research/Intelligence • Malware research • Cyber Security/Threat • Security Analyst • CSIRT • Forensics • Engineering • Tier 1 Analyst • Tier 2 Analyst • Tier 3 Analyst • Audit/Compliance Security Operations Roles/Functions Reactive Proactive Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight

8. Analytics-Driven Security Risk- Based Context and Intelligence Connecting Data and People

9. Turning Machine Data Into Business Value Index Untapped Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance and Fraud IT Operations Business Analytics Industrial Data and the Internet of Things

10. Security Intelligence Use Cases SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS DETECTING UNKNOWN THREATS INCIDENT INVESTIGATIONS & FORENSICS FRAUD DETECTION INSIDER THREAT Complement, replace and go beyond traditional SIEMs

11. Splunk Enterprise Security & UBA with Demo’s

12. Overview UEBA 2.2 ES 4.1

13. What is Splunk UBA?

14. SO, WHAT IS THE COMPROMISED / MISUSED CREDENTIALS OR DEVICES LACK OF RESOURCES (SECURITY EXPERTISE) LACK OF ALERT PRIORITIZATION & EXCESSIVE FALSE POSITIVES PROBLEM?

15. Splunk User Behavioral Analytics Automated Detection of INSIDER THREATS AND CYBER ATTACKS Platform for Machine Data Behavior Baselining & Modelling Unsupervised Machine Learning Real-Time & Big Data Architecture Threat & Anomaly Detection Security Analytics

16. MULTI-ENTITY BEHAVIORAL MODEL Temporal Window USER HOST NETWORK APPLICATION DATA Activity A Activity N Activity A Activity N Activity A Activity N Activity A Activity N Activity A Activity N ACTIVITY A ACTIVITY C ACTIVITY F ACTIVITY B ACTIVITY L

17. INSIDER THREAT Day 1 . . Day 2 . . Day N John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY Unusual Machine Access (Lateral Movement; Individual & Peer Group) Unusual Zone (CorpPCI) traversal (Lateral Movement) Unusual Activity Sequence Unusual Zone Combination (PCICorp) Unusual File Access (Individual & Peer Group) Multiple Outgoing Connections & Unusual SSL session duration

18. PROXY SERVER FIREWALL WHAT DOES SPLUNK UBA NEED? ACTIVE DIRECTORY / DOMAIN CONTROLLER DNS, DHCP SPLUNK ENTERPRISE ANY SIEM AT A MINIMUM

19. What is Splunk ES?

20. Platform for Machine Data Splunk Enterprise Security Advancing analytics-driven security Security and Compliance Reporting Monitor and Detect Investigate Threats and Incidents Analyze and Optimize Response

21. What’s new in Splunk Enterprise Security 4.1 ?

22. Prioritize and Speed Investigations Centralized incident review combining risk and quick search Use the new risk scores and quick searches to determine the impact of an incident quickly Use risk scores to generate actionable alerts to respond on matters that require immediate attention. ES 4.1

23. Enhanced Investigation Timeline Add file attachments to Investigation Timeline Export Investigation Timeline as PDF

24. Behavioral Analytics in SIEM Workflow • All Splunk UBA results available in Enterprise Security • Workflows for SOC Manager, SOC analyst and Hunter/Investigator • Splunk UBA can be purchased/operated separately from Splunk Enterprise Security ES 4.1 and UBA 2.2

25. Expanded Threat Intelligence ES 4.1 Supports Facebook ThreatExchange An additional threat intelligence feed that provides following threat indicators - domain names, IPs and hashes Use with ad hoc searches and investigations Extends Splunk’s Threat Intelligence Framework

26. Splunk Enterprise Security Customer Use Cases

27. Thousands of Global Security Customers

28. Replacing a legacy SIEM with Splunk Enterprise Security at John Lewis • Replaced legacy SIEM for PCI compliance and reusing compliance investments for security and IT-Opps use cases • Single Pains of Glass/Centralized Security Visibility on their operations bridge, DDOS reporting, Privileged user monitoring, Application level security monitoring • Identify incidents more quickly and take appropriate automated action where required • Empowering users to make operational risk management decisions “Empower the users – send alerts and reports straight to them. Don’t let the security team be a bottleneck”

29. MBDA Germany Drives Security Intelligence With Splunk Enterprise Security • Enabling the security operations center (SOC) team to work very efficiently • Since deploying ES, the average time to analyze a CERT message has been reduced from an average of 372 minutes to just 15. • Real-time alerts identify attacks that would previously have gone undetected • Analysis of historical data informs future security measures, resulting in a more resilient security posture overall ““Splunk dramatically reduces security risks at MBDA Germany. The software helps us to work much more efficiently, gain visibility across our entire network, react more quickly to security breaches and use insights from our data analysis to inform our future security strategy.”.” — Head of IT and Project Manager Information Technology, MBDA Germany

30. Thank you! Q&A 30

Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktionalitäten in Splunk Enterprise Security und UBA

Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktionalitäten in Splunk Enterprise Security und UBA

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados(20)

Destaque

Destaque(20)

Similar a Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktionalitäten in Splunk Enterprise Security und UBA

Similar a Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktionalitäten in Splunk Enterprise Security und UBA(20)

Mais de Splunk

Mais de Splunk(20)

Último

Último(20)

Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktionalitäten in Splunk Enterprise Security und UBA

Notas do Editor