Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
237 views
25 slides
Nov 29, 2018
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Presentation from the Partner Executive Summit, Frankfurt, 21. November 2018
Slide Content
Analytics-Driven Security und Security Orchestration Automation And Response Angelo Brancato CISSP, CISM, CCSK | Security Specialist, EMEA November 21st, Frankfurt am Main
Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases Of the Same Data DIFFERENT People ASKING DIFFERENT Questions
Splunk was built for change from the beginning Send unstructured data from all systems, devices and people Splunk doesn’t structure your data until you start to ask it questions Suite of tools empower you to investigate, monitor and act on any data, anywhere Ideal to detect everchanging cyber attacks
Threats ARE more Complex and far reaching NOT CLOSING The Skills GAP Security to Enable business and THE mission
TIER 1 ANALYST WORK WILL BE AUTOMATED TIME NOW SPENT TUNING DETECTION AND RESPONSE LOGIC PLATFORM TO ORCHESTRATE THEM ALL 90 % 50 % 1
Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Search and Investigate Proactive Monitoring and Alerting Security Situational Awareness Real-time Risk Insight & Automation Reactive Proactive Level 1 Level 2 Level 3 Level 4
+ Free Apps 125+ Examples, with 180+ Searches Data Onboarding Guides Content Mapping (MITRE ATT&CK, Killchain etc.) Mapping to Premium Apps On-Prem, Cloud, SaaS or Hybrid Performance at Scale Open Ecosystem Native ML/AI Integration
+ Free Apps ... Many great , free Apps to solve a specific Problem
ASSET AND IDENTITY CORRELATION NOTABLE EVENT & INVESTIGATION THREAT INTELLIGENCE RISK ANALYSIS ADAPTIVE RESPONSE CONTENT UPDATE +
+
Event Sequencing to optimize threat detection and accelerate investigation Use Case Library for faster detection and incident response Updated Investigation Workbench to reduce time to contain and remediate .Conf2018 Release Splunk Enterprise Security 5.2
+ + Realm of Known Realm of Unknown
Splunk-to-Kafka UBA ingestion for enhanced performance and reliability User Feedback Learning to improve threat detection and anomaly customization Native UBA SSO authentication support for IAM tools .Conf2018 Release Splunk User Behavior Analytics 4.2
+ +
+ + Optional Optional
Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
Splunk SANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT Automated Malware Investigation “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” Adam Fletcher CISO, Blackstone A Phantom Case Study
Clustering support for scale, performance and redundancy Indicator View for improved threat analysis and hunting Integrated Splunk Search, the only SOAR platform with this capability ANNOUNCING Splunk Phantom 4.1
Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center
Cloud Security Endpoints Orchestration WAF & App Security Threat Intelligence Network Web Proxy Firewall Identity and Access The thought process The intuition The reflexes Machine Learning & Adaptive Operations & Analytics Driven Security & Splunk as the Security Nerve Center TIER 1 ANALYST WORK WILL BE AUTOMATED TIME NOW SPENT TUNING DETECTION AND RESPONSE LOGIC PLATFORM TO ORCHESTRATE THEM ALL 90 % 50 % 1
SPLUNK User Behavior Analytics 4.2 SPLUNK Enterprise Security 5.2 SPLUNK Phantom 4.1 Event Sequencing Accelerate Investigation Investigation Workbench User Feedback Splunk-to-Kafka UBA Connector Targeted Hunting Indicator View Playbook Import Wizard Faster Remediation Use Case Library Optimized Threat Detection Raw Event Drill Down Container-Based Architecture Clustering Support User Management UI Splunk Integration New Onboarding Tour SECURITY PREMIUM APPS – Conf18 Releases
Thank you!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 237
- Slides 25
- Favorites 1
- Age 2559 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views