Splunk Security Update | Public Sector Summit Germany 2025
113 views
20 slides
Apr 29, 2025
Slide 1 of 20
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Presentation
Splunk Security Update
Sprecher: Marcel Tanuatmadja
Slide Content
© 2025 SPLUNK INC.
Marcel Tanuatmadja
Marcel Tanuatmadja
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.© 2025 SPLUNK LLC
© 2025 SPLUNK INC.© 2025 SPLUNK LLC
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect
Mean
Time
To…
Someone
breaks in You notice it
© 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect
Mean
Time
To…
Someone
breaks in You notice it
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.© 2025 SPLUNK INC.
Find Content (Sec. Use Cases)
Top-Down works best
1. Do a Risk assessment – understand your organisations Resiliency needs
2. Engage Stakeholders early in the process
3. Identify and prioritize Use Cases
4. Identify and prioritize Data Sources
Top
Down
© 2025 SPLUNK INC.© 2025 SPLUNK INC.
Find Content (Sec. Use Cases)
Top-Down works best
1. Do a Risk assessment – understand your organisations Resiliency needs
2. Engage Stakeholders early in the process
3. Identify and prioritize Use Cases
4. Identify and prioritize Data Sources
Top
Down
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.© 2025 SPLUNK INC.
Get Data “in”
Splunk Data Management (DMX)
Filter Normalize
Mask Enrich
Logs to Metrics Aggregate
Public Cloud
Private Cloud
On Premise
Data Lake
Splunk
Cloud
Splunk
Enterprise
Data Management Experience (DMX)
Runs on the Edge and Cloud
End to End Monitoring (incl. Agent Management)
UF, HEC, OTel
Metrics
Logs
Routing
Traces
Events
Splunk O11y
Cloud
Amazon
S3
© 2025 SPLUNK INC.© 2025 SPLUNK INC.
Get Data “in”
Splunk Data Management (DMX)
Filter Normalize
Mask Enrich
Logs to Metrics Aggregate
Public Cloud
Private Cloud
On Premise
Data Lake
Splunk
Cloud
Splunk
Enterprise
Data Management Experience (DMX)
Runs on the Edge and Cloud
End to End Monitoring (incl. Agent Management)
UF, HEC, OTel
Metrics
Logs
Routing
Traces
Events
Splunk O11y
Cloud
Amazon
S3
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.© 2025 SPLUNK INC.
Come up with a Data Storage and Retention Policy
Not all Data is the same
Age of Data
Forensics, Audit & Compliance
<1 sec <1 min<10 sec 1 week 1 year1 month1 hour 1 day 10 year
Prevention, Detection, Monitoring
Incident Review, Investigations, Threat Hunting
Real and Near-Real Time ArchiveAd Hoc
© 2025 SPLUNK INC.© 2025 SPLUNK INC.
Come up with a Data Storage and Retention Policy
Not all Data is the same
Age of Data
Forensics, Audit & Compliance
<1 sec <1 min<10 sec 1 week 1 year1 month1 hour 1 day 10 year
Prevention, Detection, Monitoring
Incident Review, Investigations, Threat Hunting
Real and Near-Real Time ArchiveAd Hoc
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.© 2025 SPLUNK INC.
Find Content for your Use Cases
Use Vendors Library, Develop it yourself, use Industry Standards… and test it
https://github.com/splunk/attack_rang
e
https://github.com/splunk/attack_rang
e
© 2025 SPLUNK INC.© 2025 SPLUNK INC.
Find Content for your Use Cases
Use Vendors Library, Develop it yourself, use Industry Standards… and test it
https://github.com/splunk/attack_rang
e
https://github.com/splunk/attack_rang
e
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.
Prioritize Findings
With Risk-Based-Alerting (RBA)
https://rba.community/
© 2025 SPLUNK INC.
Prioritize Findings
With Risk-Based-Alerting (RBA)
https://rba.community/
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.
●Gain visibility into risks
associated with LLM models, AI
apps and entities.
●Splunk Cisco Security Cloud App
Pulls in alerts from AI Defense
and maps them to the Common
Information Model (CIM),
visualized in a dashboard.
●Includes an out-of-the-box
Enterprise Security detection
that surfaces potential attacks
against the AI models running in
your environment.
Gain visibility into emerging AI Risks
© 2025 SPLUNK INC.
●Gain visibility into risks
associated with LLM models, AI
apps and entities.
●Splunk Cisco Security Cloud App
Pulls in alerts from AI Defense
and maps them to the Common
Information Model (CIM),
visualized in a dashboard.
●Includes an out-of-the-box
Enterprise Security detection
that surfaces potential attacks
against the AI models running in
your environment.
Gain visibility into emerging AI Risks
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do
© 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.
●Take the manual work out of threat analysis
and integrate into SOC workflows seamlessly
●Ensure a baseline standard of investigation
with consistent, comprehensive, and
high-quality threat analysis and Verdict
Automatic analysis of active threats for contextual insights to accelerate investigations & resolution
“Splunk SOAR is able to take the outputs from Splunk Attack
Analyzer and update the case management ticket with the results
to provide the results of the analysis. This gets the information
right where it needs to go – into the analyst’s hands within
minutes.”
– Sr. Director, Global Security Operations, Splunk
Product Web Page -Product Brief - Product Tour
© 2025 SPLUNK INC.
●Take the manual work out of threat analysis
and integrate into SOC workflows seamlessly
●Ensure a baseline standard of investigation
with consistent, comprehensive, and
high-quality threat analysis and Verdict
Automatic analysis of active threats for contextual insights to accelerate investigations & resolution
“Splunk SOAR is able to take the outputs from Splunk Attack
Analyzer and update the case management ticket with the results
to provide the results of the analysis. This gets the information
right where it needs to go – into the analyst’s hands within
minutes.”
– Sr. Director, Global Security Operations, Splunk
Product Web Page -Product Brief - Product Tour
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC© 2025 SPLUNK LLC
You can’t secure, what you can’t see
Incomplete and
Inaccurate Asset Data
52% manage 10,000+ assets
1
Lengthy Security
Investigation
69% experienced an attack
targeting unknown, or poorly
managed assets
2
Gaps in compliance
$4M average revenue
loss due to compliance
audit failures
3
1 Security Hygiene and Posture Management Survey by ESG, Oct 2021, p.12
2 Security Hygiene and Posture Management Survey by ESG, Oct 2021, p.13
3 Whitepaper: The True Cost of Compliance, Ponemon Institute, Dec 2017, p.12
Product Web Page -Product Brief - Technical Tour
© 2025 SPLUNK LLC© 2025 SPLUNK LLC
You can’t secure, what you can’t see
Incomplete and
Inaccurate Asset Data
52% manage 10,000+ assets
1
Lengthy Security
Investigation
69% experienced an attack
targeting unknown, or poorly
managed assets
2
Gaps in compliance
$4M average revenue
loss due to compliance
audit failures
3
1 Security Hygiene and Posture Management Survey by ESG, Oct 2021, p.12
2 Security Hygiene and Posture Management Survey by ESG, Oct 2021, p.13
3 Whitepaper: The True Cost of Compliance, Ponemon Institute, Dec 2017, p.12
Product Web Page -Product Brief - Technical Tour
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC
a
Splunk Add-on
for Talos
Intelligence
All Splunk ES, SOAR, SAA
customers have access
Delivers rich enrichment
for common IOCs
ES
SAA
SOAR
© 2025 SPLUNK LLC
a
Splunk Add-on
for Talos
Intelligence
All Splunk ES, SOAR, SAA
customers have access
Delivers rich enrichment
for common IOCs
ES
SAA
SOAR
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do
(C)ontainment
You contain
the attack
© 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do
(C)ontainment
You contain
the attack
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.
❖Improved case management
capabilities
❖Native Splunk® SOAR integration
❖Enhanced detection engineering
capabilities
The Market-Leading SIEM
to Power the SOC of the
Future
© 2025 SPLUNK INC.
❖Improved case management
capabilities
❖Native Splunk® SOAR integration
❖Enhanced detection engineering
capabilities
The Market-Leading SIEM
to Power the SOC of the
Future
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC© 2025 SPLUNK LLC
Guided security workflows
where you do your work
❖Answer analyst questions to guide
daily workflows
❖Save time while addressing threats
more rapidly
❖Use natural language queries to get
answers during investigations
UI shown is for illustration; not final product.
© 2025 SPLUNK LLC© 2025 SPLUNK LLC
Guided security workflows
where you do your work
❖Answer analyst questions to guide
daily workflows
❖Save time while addressing threats
more rapidly
❖Use natural language queries to get
answers during investigations
UI shown is for illustration; not final product.
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
(R)espond / Resolution / Remediate
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do
You fully neutralize
the attack
You make sure that
attack can’t happen again!
(C)ontainment
You contain
the attack
© 2025 SPLUNK LLC
Master the “Mean-Time-To-X” Game
(D)etect (I)nvestigate
(A)cknowlege
(R)espond / Resolution / Remediate
Mean
Time
To…
Someone
breaks in You notice it
You figure out what happened,
how it happened and what to do
You fully neutralize
the attack
You make sure that
attack can’t happen again!
(C)ontainment
You contain
the attack
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC© 2025 SPLUNK LLC
Flexible Deployment
Models
Logs Events Alerts Telemetry
Investigation
Risk-Based Alerting | Threat
Hunting | Integrated Analytics
Unified Analyst Experience
Workflows | Case Management | Collaboration
GenAI for SecOps
Summarization | Natural Language Search | Reporting
Threat Detection
Static | Dynamic (ML) |
Pre-Built | Custom | Authoring
Response
Enrichment | Automation |
Orchestration | Playbooks
Common Services
Assets & Identities | Threat Intelligence | Risk
Data Management & Federation
Filter | Mask | Route | Access
Unified
TDIR in a
single
platform
Splunk’s unified TDIR platform approach
True Multi
Vendor
© 2025 SPLUNK LLC© 2025 SPLUNK LLC
Flexible Deployment
Models
Logs Events Alerts Telemetry
Investigation
Risk-Based Alerting | Threat
Hunting | Integrated Analytics
Unified Analyst Experience
Workflows | Case Management | Collaboration
GenAI for SecOps
Summarization | Natural Language Search | Reporting
Threat Detection
Static | Dynamic (ML) |
Pre-Built | Custom | Authoring
Response
Enrichment | Automation |
Orchestration | Playbooks
Common Services
Assets & Identities | Threat Intelligence | Risk
Data Management & Federation
Filter | Mask | Route | Access
Unified
TDIR in a
single
platform
Splunk’s unified TDIR platform approach
True Multi
Vendor
Splunk .conf24 Template | TMPLT-FY25-101
© 2025 SPLUNK INC.
Splunk Enterprise Security: The Core of the Unified TDIR Experience
Unifying Threat Detection, Investigation and Response
Federation
Search & Analytics
Amazon
Security Lake
Additional
Data Lakes
Amazon S3
Cisco XDR
Real-time attack chain
detection
Cisco SNA
Pervasive Network
Detection & Analytics
Splunk Enterprise Security
SOAR
Threat Intelligence
Management
Mission Control
Analytics / Search /
Investigation
Unified SOC Analyst View
Analyst Queue | Findings | Investigations | Case Management
Network Traffic
& Logs
Telemetry
& Alerts
© 2025 SPLUNK INC.
Splunk Enterprise Security: The Core of the Unified TDIR Experience
Unifying Threat Detection, Investigation and Response
Federation
Search & Analytics
Amazon
Security Lake
Additional
Data Lakes
Amazon S3
Cisco XDR
Real-time attack chain
detection
Cisco SNA
Pervasive Network
Detection & Analytics
Splunk Enterprise Security
SOAR
Threat Intelligence
Management
Mission Control
Analytics / Search /
Investigation
Unified SOC Analyst View
Analyst Queue | Findings | Investigations | Case Management
Network Traffic
& Logs
Telemetry
& Alerts
Splunk Corporate Template | TMPLT-FY25-102
© 2025 SPLUNK LLC© 2025 SPLUNK LLC
© 2025 SPLUNK LLC© 2025 SPLUNK LLC
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 113
- Slides 20
- Age 219 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views