SlideShare uma empresa Scribd logo

SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and Automation

‱Transferir como PPTX, PDF‱
‱
Splunk
Splunk

Presented at SplunkLive! Munich: - Incident Response Challenge - Tools - Scale - Adaptive Response - Customer Success

Tecnologia
1 de 40
© 2017 SPLUNK INC. Use Splunk for Incident Response, Orchestration and Automation 14:45 Udo Götzen | Staff Sales Engineer, CISSP 20.03.2018 | MĂŒnchen
© 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
© 2017 SPLUNK INC. Incident Response Slow Alert Noise Tools Problem Many tools Disparate tools Skills Lack of skills Retention Training Scale Horizontal and Vertical Orchestration Automation Security Operations Need to Change
© 2017 SPLUNK INC. Incident Response Challenge
© 2017 SPLUNK INC. 5 Incident Response Takes Significant Time 5 Source: SANS 2017 Incident Response Survey
© 2017 SPLUNK INC. Where Does Your Time Go? When working an incident which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
© 2017 SPLUNK INC. Time-to-Contain + Time-to-Respond = 72% When working an incident which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
© 2017 SPLUNK INC. Time = Risk => The Need for Speed!
© 2017 SPLUNK INC. Tools
© 2017 SPLUNK INC. Tools and Technologies Galore Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
© 2017 SPLUNK INC. Scale Orchestration and Automation
© 2017 SPLUNK INC. Let us define these terms first.
© 2017 SPLUNK INC. Orchestration ▶ Brings together or integrates different technologies and tools ▶ Security-specific or non-security- specific ▶ Provides the ability to coordinate informed decision making, formalize and automate responsive actions Automation ▶ Focus is on how to make machines do task-oriented "human work” ▶ Allows multiple tasks or "playbooks" to potentially execute numerous tasks ▶ Automation is a subset of orchestration Orchestration vs Automation
© 2017 SPLUNK INC. Adaptive Response Overview
© 2017 SPLUNK INC. Adaptive Response Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall Mission: Deeper integrations across the best security technologies to help combat advanced attacks together. Approach: Gather / analyze, share, take action based on end-to-end context, across security domains.
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
© 2017 SPLUNK INC. Adaptive Response Technology
© 2017 SPLUNK INC. Leverages Existing Splunk Common Action Model ‱ A CIM for alert actions ‱ Not a data model Existing Actions ‱ Information: Give/Get (i.e. additional context) ‱ Permission: Grant/Revoke (e.g. user, host, etc) ‱ Control: Change (e.g. firewall rules) Metadata ‱ Category - Information gathering, Information conveyance, Permissions control ‱ Task - Create, Update, Delete, Allow, Block ‱ Subject – what will be acted upon (network, endpoint, etc) ‱ Vendor – providing the action. Adaptive Response Framework (Within ES)
© 2017 SPLUNK INC. How To Interact With AR Suggest Next StepsAutomatically With Notables Run Ad-Hoc
© 2017 SPLUNK INC. Adaptive Response Actions (Examples) AUTOMATIO N Automatically With Notables
© 2017 SPLUNK INC. Adaptive Response Actions (Examples) AUTOMATIO N Category - Information gathering, Information conveyance, Permissions control Task - Create, Update, Delete, Allow, Block Subject – what will be acted upon (network, endpoint, etc) Vendor – providing the action. Ex; Splunk, Ziften, Palo Alto Networks, etc
© 2017 SPLUNK INC. Adaptive Response Actions (Examples) AUTOMATIO N Run Ad-Hoc
© 2017 SPLUNK INC. Demo Adaptive Response
© 2017 SPLUNK INC. Adaptive Response Benefits
© 2017 SPLUNK INC. Adaptive Response Benefits ‱ Centrally automate retrieval, sharing and response action resulting in improved detection, investigation and remediation times ‱ Improve operational efficiency using workflow-based context with automated and human-assisted decisions. Measure efficacy ‱ Extract new insight by leveraging context, sharing data and taking actions between Enterprise Security and Adaptive Response partners
© 2017 SPLUNK INC. Accelerate Detection, Investigation & Response ● Use the correlation search builder to configure and automate and attach the results to notable events ● In incident review, configure and execute ad-hoc responses and queries across the security ecosystem ● Use the actions dashboard to search and review responses taken and their results 28
© 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
© 2017 SPLUNK INC. Customer Success Adaptive Response
© 2017 SPLUNK INC. ▶ Blocked over two million security threats ▶ Orchestrated threat intelligence across 20 security technologies sitting within its internal Threat Intelligence System ▶ Automated threat detection, response and 90% of its security metrics process in just two months Automating Threat Detection With Splunk Adaptive Response “Since implementing Splunk ES as the brain in our security nerve center, we have found Splunk to be the right solution to quickly and effectively create and implement security analytics across a wide array of data sources and security use cases.” – Senior Vice President, Chief Global Security Officer, Aflac
© 2017 SPLUNK INC. Case Study: Symantec Sample of Symantec AR Actions*: ‱ Isolate Endpoint ‱ Rejoin Endpoint ‱ Query File for Disposition Symantec ATP helps detect and remediate complex attacks across endpoint, email, network, and web from a single console Splunk Adaptive Response has the power to help reduce workload on customer SOC teams by speeding up decision making and associated actions through automation. - Peter Doggart, Vice President of Business Development, Symantec
© 2017 SPLUNK INC. 1. Adaptive Response helps accelerate Incident Detection, Investigation and Response 2. Use Adaptive Response framework for multi-vendor security workflow orchestration and automation 3. Use with IT and Security domains to solve a range of security use cases Mitigate Incident Response Challenges with Orchestration and Automation Key Takeaways
© 2017 SPLUNK INC. Search and Investigate Analytics-Driven Security Index Untapped Data: Any Source, Type, Volume On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy Meters Firewall Intrusion Prevention Splunk Enterprise Security 600+ Security Apps Splunk User Behavior Analytics Monitoring, Correlations, Alerts Dashboards and Reports Analytics and Virtualization Adaptive Response Employee Info Asset and CMDB Threat Intelligence Applications Data Stores External Lookups Platform for Operational Intelligence
© 2017 SPLUNK INC. Machine Learning Roundtable Splunk Live Munich 20. MĂ€rz 2018 ▶ Raum Schwabing 1-3 (IT Ops Track Room) 15:00 – 16:00 ▶ Join our Machine Learning experts from Splunk to learn more about Roadmap and discuss your questions ‱ Andrew Stein, Global Analytics Architect, Data Scientist ‱ Iman Makaremi, Data Scientist ‱ Philipp Drieger, EMEA ML SME
Save the Date 2018 ORLANDO FLORIDA Walt Disney World Swan and Dolphin Hotels .conf18: Monday, October 1 – Thursday, October 4 Splunk University: Saturday, September 29 – Monday, October 1
© 2017 SPLUNK INC. Take the Survey on Pony Poll https://ponypoll.com/8vue6qh Complete the survey for your chance to win a .conf18 pass
© 2017 SPLUNK INC. Q&A Thank you Join: Our Community with Apps, Ask Questions or join a SplunkLive! event https://www.splunk.com/en_us/community.html Try: Splunk Security Online Experience (No Download) https://www.splunk.com/en_us/solutions/solution- areas/security-and-fraud/security- investigation/getting-started.html Explore: Download the CIS Critical Security Controls App https://splunkbase.splunk.com/app/3064/
© 2017 SPLUNK INC.© 2017 SPLUNK INC. THANK YOU
© 2017 SPLUNK INC. Q&A
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Backup
© 2017 SPLUNK INC. Splunk Demo

Recomendados

SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
Splunk
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding Overview
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
Splunk
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics Methods
Splunk
 

Recomendados

SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
 
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Munich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
Splunk
 
SplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding OverviewSplunkLive! Munich 2018: Data Onboarding Overview
SplunkLive! Munich 2018: Data Onboarding Overview
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and LogsSplunkLive! Munich 2018: Integrating Metrics and Logs
SplunkLive! Munich 2018: Integrating Metrics and Logs
Splunk
 
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with SplunkSplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
SplunkLive! Munich 2018: Monitoring the End-User Experience with Splunk
Splunk
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics MethodsSplunkLive! Munich 2018: Intro to Security Analytics Methods
SplunkLive! Munich 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
Splunk
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
Splunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
Splunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is Dead
Splunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
Splunk
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
Splunk
 
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk EnterpriseSplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
Splunk
 
SplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event AnalyticsSplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event Analytics
Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Rene Aguero
 

Mais conteĂșdo relacionado

Mais procurados

SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
Splunk
 

Mais procurados (20)

SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
SplunkLive! Frankfurt 2018 - Predictive, Proactive, and Collaborative ML with...
 
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AI
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics MethodsSplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with SplunkSplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
 
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AI
 
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics MethodsSplunkLive! Zurich 2018: Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
 
SplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is DeadSplunkLive! Paris 2018: Event Management Is Dead
SplunkLive! Paris 2018: Event Management Is Dead
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics MethodsSplunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
 
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & LogsSplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
SplunkLive! Frankfurt 2018 - Integrating Metrics & Logs
 
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
SplunkLive! Zurich 2018: Legacy SIEM to Splunk, How to Conquer Migration and ...
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
 
SplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary SessionSplunkLive! Paris 2018: Plenary Session
SplunkLive! Paris 2018: Plenary Session
 
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk EnterpriseSplunkLive! Munich 2018: Getting Started with Splunk Enterprise
SplunkLive! Munich 2018: Getting Started with Splunk Enterprise
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
 
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AISplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
SplunkLive! Zurich 2018: Get More From Your Machine Data with Splunk & AI
 
SplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event AnalyticsSplunkLive! Zurich 2018: Event Analytics
SplunkLive! Zurich 2018: Event Analytics
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
 

Semelhante a SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and Automation

SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
Splunk
 
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Splunk
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
Splunk
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
Splunk
 

Semelhante a SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and Automation (20)

SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise SecurityExploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security Exploring Frameworks of Splunk Enterprise Security
Exploring Frameworks of Splunk Enterprise Security
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
 
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOARPartner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
 

Mais de Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

Mais de Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (TelefĂłnica)
.conf Go 2023 - Navegando la normativa SOX (TelefĂłnica).conf Go 2023 - Navegando la normativa SOX (TelefĂłnica)
.conf Go 2023 - Navegando la normativa SOX (TelefĂłnica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - PĂ„ liv og dĂžd Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - PĂ„ liv og dĂžd Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - PĂ„ liv og dĂžd Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - PĂ„ liv og dĂžd Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BĂ€r)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BĂ€r).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BĂ€r)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius BĂ€r)
 
.conf Go 2023 - Das passende Rezept fĂŒr die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept fĂŒr die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept fĂŒr die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept fĂŒr die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz fĂŒr Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz fĂŒr Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz fĂŒr Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz fĂŒr Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Mcleodganj Call Girls đŸ„° 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls đŸ„° 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls đŸ„° 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls đŸ„° 8617370543 Service Offer VIP Hot Model
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and Automation

  • 1. © 2017 SPLUNK INC. Use Splunk for Incident Response, Orchestration and Automation 14:45 Udo Götzen | Staff Sales Engineer, CISSP 20.03.2018 | MĂŒnchen
  • 2. © 2017 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2017 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 3. © 2017 SPLUNK INC. Incident Response Slow Alert Noise Tools Problem Many tools Disparate tools Skills Lack of skills Retention Training Scale Horizontal and Vertical Orchestration Automation Security Operations Need to Change
  • 4. © 2017 SPLUNK INC. Incident Response Challenge
  • 5. © 2017 SPLUNK INC. 5 Incident Response Takes Significant Time 5 Source: SANS 2017 Incident Response Survey
  • 6. © 2017 SPLUNK INC. Where Does Your Time Go? When working an incident which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
  • 7. © 2017 SPLUNK INC. Time-to-Contain + Time-to-Respond = 72% When working an incident which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
  • 8. © 2017 SPLUNK INC. Time = Risk => The Need for Speed!
  • 9. © 2017 SPLUNK INC. Tools
  • 10. © 2017 SPLUNK INC. Tools and Technologies Galore Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
  • 11. © 2017 SPLUNK INC. Scale Orchestration and Automation
  • 12. © 2017 SPLUNK INC. Let us define these terms first.
  • 13. © 2017 SPLUNK INC. Orchestration ▶ Brings together or integrates different technologies and tools ▶ Security-specific or non-security- specific ▶ Provides the ability to coordinate informed decision making, formalize and automate responsive actions Automation ▶ Focus is on how to make machines do task-oriented "human work” ▶ Allows multiple tasks or "playbooks" to potentially execute numerous tasks ▶ Automation is a subset of orchestration Orchestration vs Automation
  • 14. © 2017 SPLUNK INC. Adaptive Response Overview
  • 15. © 2017 SPLUNK INC. Adaptive Response Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall Mission: Deeper integrations across the best security technologies to help combat advanced attacks together. Approach: Gather / analyze, share, take action based on end-to-end context, across security domains.
  • 16. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
  • 17. © 2017 SPLUNK INC. Adaptive Response Technology
  • 18. © 2017 SPLUNK INC. Leverages Existing Splunk Common Action Model ‱ A CIM for alert actions ‱ Not a data model Existing Actions ‱ Information: Give/Get (i.e. additional context) ‱ Permission: Grant/Revoke (e.g. user, host, etc) ‱ Control: Change (e.g. firewall rules) Metadata ‱ Category - Information gathering, Information conveyance, Permissions control ‱ Task - Create, Update, Delete, Allow, Block ‱ Subject – what will be acted upon (network, endpoint, etc) ‱ Vendor – providing the action. Adaptive Response Framework (Within ES)
  • 19. © 2017 SPLUNK INC. How To Interact With AR Suggest Next StepsAutomatically With Notables Run Ad-Hoc
  • 20. © 2017 SPLUNK INC. Adaptive Response Actions (Examples) AUTOMATIO N Automatically With Notables
  • 21. © 2017 SPLUNK INC. Adaptive Response Actions (Examples) AUTOMATIO N Category - Information gathering, Information conveyance, Permissions control Task - Create, Update, Delete, Allow, Block Subject – what will be acted upon (network, endpoint, etc) Vendor – providing the action. Ex; Splunk, Ziften, Palo Alto Networks, etc
  • 22. © 2017 SPLUNK INC. Adaptive Response Actions (Examples) AUTOMATIO N Run Ad-Hoc
  • 23. © 2017 SPLUNK INC. Demo Adaptive Response
  • 24. © 2017 SPLUNK INC. Adaptive Response Benefits
  • 25. © 2017 SPLUNK INC. Adaptive Response Benefits ‱ Centrally automate retrieval, sharing and response action resulting in improved detection, investigation and remediation times ‱ Improve operational efficiency using workflow-based context with automated and human-assisted decisions. Measure efficacy ‱ Extract new insight by leveraging context, sharing data and taking actions between Enterprise Security and Adaptive Response partners
  • 26. © 2017 SPLUNK INC. Accelerate Detection, Investigation & Response ● Use the correlation search builder to configure and automate and attach the results to notable events ● In incident review, configure and execute ad-hoc responses and queries across the security ecosystem ● Use the actions dashboard to search and review responses taken and their results 28
  • 27. © 2017 SPLUNK INC. Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access
  • 28. © 2017 SPLUNK INC. Customer Success Adaptive Response
  • 29. © 2017 SPLUNK INC. ▶ Blocked over two million security threats ▶ Orchestrated threat intelligence across 20 security technologies sitting within its internal Threat Intelligence System ▶ Automated threat detection, response and 90% of its security metrics process in just two months Automating Threat Detection With Splunk Adaptive Response “Since implementing Splunk ES as the brain in our security nerve center, we have found Splunk to be the right solution to quickly and effectively create and implement security analytics across a wide array of data sources and security use cases.” – Senior Vice President, Chief Global Security Officer, Aflac
  • 30. © 2017 SPLUNK INC. Case Study: Symantec Sample of Symantec AR Actions*: ‱ Isolate Endpoint ‱ Rejoin Endpoint ‱ Query File for Disposition Symantec ATP helps detect and remediate complex attacks across endpoint, email, network, and web from a single console Splunk Adaptive Response has the power to help reduce workload on customer SOC teams by speeding up decision making and associated actions through automation. - Peter Doggart, Vice President of Business Development, Symantec
  • 31. © 2017 SPLUNK INC. 1. Adaptive Response helps accelerate Incident Detection, Investigation and Response 2. Use Adaptive Response framework for multi-vendor security workflow orchestration and automation 3. Use with IT and Security domains to solve a range of security use cases Mitigate Incident Response Challenges with Orchestration and Automation Key Takeaways
  • 32. © 2017 SPLUNK INC. Search and Investigate Analytics-Driven Security Index Untapped Data: Any Source, Type, Volume On-Premises Private Cloud Public Cloud Storage Online Shopping Cart Telecoms Desktops Security Web Services Networks Containers Web Clickstreams RFID Smartphones and Devices Servers Messaging GPS Location Packaged Applications Custom Applications Online Services DatabasesCall Detail Records Energy Meters Firewall Intrusion Prevention Splunk Enterprise Security 600+ Security Apps Splunk User Behavior Analytics Monitoring, Correlations, Alerts Dashboards and Reports Analytics and Virtualization Adaptive Response Employee Info Asset and CMDB Threat Intelligence Applications Data Stores External Lookups Platform for Operational Intelligence
  • 33. © 2017 SPLUNK INC. Machine Learning Roundtable Splunk Live Munich 20. MĂ€rz 2018 ▶ Raum Schwabing 1-3 (IT Ops Track Room) 15:00 – 16:00 ▶ Join our Machine Learning experts from Splunk to learn more about Roadmap and discuss your questions ‱ Andrew Stein, Global Analytics Architect, Data Scientist ‱ Iman Makaremi, Data Scientist ‱ Philipp Drieger, EMEA ML SME
  • 34. Save the Date 2018 ORLANDO FLORIDA Walt Disney World Swan and Dolphin Hotels .conf18: Monday, October 1 – Thursday, October 4 Splunk University: Saturday, September 29 – Monday, October 1
  • 35. © 2017 SPLUNK INC. Take the Survey on Pony Poll https://ponypoll.com/8vue6qh Complete the survey for your chance to win a .conf18 pass
  • 36. © 2017 SPLUNK INC. Q&A Thank you Join: Our Community with Apps, Ask Questions or join a SplunkLive! event https://www.splunk.com/en_us/community.html Try: Splunk Security Online Experience (No Download) https://www.splunk.com/en_us/solutions/solution- areas/security-and-fraud/security- investigation/getting-started.html Explore: Download the CIS Critical Security Controls App https://splunkbase.splunk.com/app/3064/
  • 37. © 2017 SPLUNK INC.© 2017 SPLUNK INC. THANK YOU
  • 38. © 2017 SPLUNK INC. Q&A
  • 39. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Backup
  • 40. © 2017 SPLUNK INC. Splunk Demo