SlideShare a Scribd company logo

Drive More Value from your SOC Through Connecting Security to the Business

Download as PPTX, PDF
Splunk, profile picture
Splunk

This document discusses how Splunk can help organizations drive more value from their security operations through connecting security to the business. It introduces Splunk's Security Prescriptive Path, which provides a prescriptive guidance to help optimize security resources and processes. Examples are given of how Splunk customers have realized value through gaining better data visibility, integrating security tools, automating security tasks, and enabling business-focused security risk reporting with machine learning and analytics capabilities. The document advocates assessing a organization's security operations using Splunk's Prescriptive Value Path to identify priority areas for improving security and linking it to business objectives.

Technology
1 of 43
Downloaded 70 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
© 2019 SPLUNK INC.© 2019 SPLUNK INC. Drive More Value from Your Security Operations: Connecting Security to the Business With Splunk James Hanlon | Director of Security Specialization, EMEA 13 June 2019
© 2019 SPLUNK INC. Who am I ▶ Director of Splunk Security Specialization for EMEA ▶ Work with many large & small Splunk security customers ▶ Provide customer security advisory services ▶ 17+ years in Security
© 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back What is value in security operations?
© 2019 SPLUNK INC. What is the value of Security in 2019? Even for some security teams, this can be hard to define
© 2019 SPLUNK INC. How much more valuable is a secure company worth than an insecure one? How much security is enough? How should security resources be invested and applied for optimal ROI? What is the impact of the threat?
© 2019 SPLUNK INC. Adequate Security (Risk Managed) Security ROI (SROI) Sufficient Security (Compliance Driven) Differentiated Security
© 2019 SPLUNK INC. © 2019 SPLUNK INC. ▶ Organizational Awareness ▶ Understanding the threat exposure & profile ▶ Demonstrating the value of Security Organizational Situational Awareness & Threat Profile © 2019 SPLUNK INC. ▶ Clarity of mission ▶ Known current and future state ▶ How to transform security The Security Mission © 2019 SPLUNK INC. ▶ Ownership ▶ Volume ▶ Technical know how Getting Data Visibility for the Security © 2019 SPLUNK INC. ▶ Legacy IT complexity ▶ Emergent Technology ▶ Consolidation drives & cost reduction IT Complexity and Emerging Digital Channels © 2019 SPLUNK INC. Security Operations Processes & Resources ▶ Hire ▶ Automate▶ Develop ▶ Optimize▶ Retain © 2019 SPLUNK INC. Prescriptive Security Operations Guidance What to do first, second and last (or not at all)? © 2019 SPLUNK INC. 416 78 ▶ MTTD ▶ MTTR ▶ Dwell Time ▶ TTV Time © 2019 SPLUNK INC. ▶ Security Analytics ▶ Machine Learning (AI) ▶ Automation ▶ Cloud based SecOps The Expansive & Emergent Security Technology Landscape
© 2019 SPLUNK INC. So, the value of security can often be characterized by the organizational strategy…and the barriers
© 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back
© 2019 SPLUNK INC. Translating the Value of Splunk Security Security Data Analytics Value: Gain full data visibility of any legacy or emergent technology or platform Driver: Risk mitigation Whether on-prem or cloud, Splunk data and non-Splunk data sources can easily be ingested into and segmented by the tool. Security Automation Value: lower human workloads, security process inefficiency & MTTR Driver: cost avoidance Security Machine Learning (AI) Value: Detect unknows / detect faster Driver: cost avoidance, risk mitigation Integrated Security Platform Value: Increase TTV through integrated, consolidated and contextual toolsets Driver: cost avoidance r on-prem or cloud, Splunk data and non-Splunk data sources can easily be ingested into and segmented by the tool. Flexible Visualisation & Reporting Value: Increase security visibility and organizational business insights Driver: Risk mitigation Prescriptive Security Content Value: be guided by industry led advice Driver: cost avoidance
© 2019 SPLUNK INC. NETWORK THREAT INTELLIGENCE MOBILE ENDPOINTS IDENTITY AND ACCESS CLOUD SECURITY WAF AND APP SECURITY WEB PROXY FIREWALL ANALYTICS ORCHESTRATION Observe Decide Orient Act Splunk’s Security Vision 90% TIER 1 ANALYST WORK WILL BE AUTOMATED 50% TIME NOW SPENT TUNING DETECTION AND RESPONSE LOGIC 1PLATFORM TO ORCHESTRATE THEM ALL
© 2019 SPLUNK INC. Splunk Security Operations Suite P L A T F O R M D A T A S O U R C E S U S E C A S E S A P P L I C A T I O N S Security ContentUpdates Security Monitoring Logs Business Context Threat Intelligence + Compliance & Data Privacy Advanced Threat Detection Incident Investigation & Forensics Insider Threat Detection Incident Response Fraud Analytics & Detection SOC Automation
© 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back Helping you unlock the value of Splunk Security
© 2019 SPLUNK INC. Introducing the Security Prescriptive Path Helping You Drive More from your Splunk Investment
© 2019 SPLUNK INC. > > Security Paths Value Paths Security Operations Compliance >Fraud  faster detection and triage of security alerts and insider threats  better discovery of targeted and advanced threats  faster investigation and remediation of security incidents  reduced risk of breach, disruption, damage and data leakage  reduction in compliance reporting time  reduction in potential compliance penalties  reduction in risk of fraud  reduction in fraud losses Compliance Fraud Monitoring and Investigation Insider Threat SOAR Security Investigation Security Monitoring Advanced Thread Incident Response & Forensics 3 Paths - 8 Security Use Cases - 70 Security Capabilities
© 2019 SPLUNK INC. Examples of how Customers have realized value Splunk Security “The How”
© 2019 SPLUNK INC. Addressing The Barriers to Value: Data Volume, Data Visibility & IT Complexity How Splunk Security Analytics Drives Value Any Data Analytics Investigative Platform
© 2019 SPLUNK INC. Investigation & Analytics with Splunk LEARN MORE
© 2019 SPLUNK INC. Addressing The Barriers to Value: Integrating Security Tooling | Industry Led Analytics Guidance How Splunk Security Analytics Drives Value Pre-built Security Workflows Guided Security Analytics
© 2019 SPLUNK INC. Triage & Investigation Workflows LEARN MORE
© 2019 SPLUNK INC. LEARN MORE Operationalizing Security Analytics Content Development
© 2019 SPLUNK INC. Addressing The Barriers to Value: Human Workload | Process Repeatability Automate Security Tasks Process Efficiency & Repeatability How Splunk Security Analytics Drives Value
© 2019 SPLUNK INC. Security Automation with Splunk LEARN MORE
© 2019 SPLUNK INC. Addressing The Barriers to Value: Reduce MTTD, MTTR I Connecting with the Business Machine Learning for Security How Splunk Security Analytics Drives Value Business & IT Risk Reporting
© 2019 SPLUNK INC. LEARN MORE Security Risk Reporting with Splunk
© 2019 SPLUNK INC.
© 2019 SPLUNK INC. Designed to help optimize value in your security operations  Increase security visibility, tackle IT complexity  Provide prescriptive guidance  Increase process efficiency, lower MTTD, MTTR  Enable business focused security risk reporting Security Mission
© 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back Using Analytics to Connect Security to the Business
© 2019 SPLUNK INC.
© 2019 SPLUNK INC. Gartner 2017 Analytics is Now A Foundational Security Operations Capability
© 2019 SPLUNK INC. Logs Wired DB Mobile IoT APIMetrics Any volume Any location Any type Machine Data Storage Silo 1 Storage Silo 2 Networ k Silo Proxy Silo App Silo VMs Silo SCADA Silo AWS Silo Azure Silo APM Silo more Silos Servers Silo Data sources IT OPERATIONS SECURITY Business AnalyticsDevOps/App analytics Use Cases IoT Different people asking different questions on the same data, in real time Splunkbase; 1900+ Free Apps/add-ons Splunk> MINT Splunk> Industrial Asset Management MQTT Modular Input Kepware IDF to Metrics Splunk> App for Infrastructure Splunk> Stream JMX JAVA Splunk> DB Connect Fast Time to Value Premium Apps AI / Machine Learning accelerators 30%↓ Risk* 4%↑ supply chain throughput ** 70%+↓ QA troubleshooting* 25%+↓ power/facility*** • 3rd Party (ServiceNow, CMDB, SIEM…) • Structured data > Automate > Collaborative incident response SAME DATA, MULTIPLE USE CASES Splunk Platform (Cloud / On-prem) DATA SOURCES CORRELATION Data to Answers Splunk> Machine Learning Toolkit 70% to 90%↓ MTTR* But an Analytics capability can do much more across across many IT domains
© 2019 SPLUNK INC. Converged Analytics for Business Value We call this..
© 2019 SPLUNK INC. Extracting Value Through Converged Data Analytics Security, IoT & Industrial Data Analytics
© 2019 SPLUNK INC. UCAS GDPR Compliance, IT Operations & Security
© 2019 SPLUNK INC. SecOps / SOC Strategy & Metrics (Operational Security) Adversary,Threat,Controls,Vulnerability orITRiskDrivenSOCstrategies Corporate/IT Initiative 1 Corporate Mission & Goals Corporate/IT Initiative 2 Corporate/IT Initiative 3 Corporate/IT Initiative N Reducing this gap provides business enabling alignment for Security & SOC teams Business Enabling Data & Security Insights (Data Analytics Enabled) Analytics Driven Approach to Connect Security to the Business
© 2019 SPLUNK INC. DEMO Splunk Security Prescriptive Value Path (PVP)
© 2019 SPLUNK INC. Realities that Worry Executives? Only 28 percent of companies use project performance techniques (PMI, 2017) Most organizations have a 70% project failure rate (4PM) Only 64% of projects meet their goals (Wrike) Executives need prescriptive plans to mitigate these risks
© 2019 SPLUNK INC. Introducing the Security Prescriptive Path Helping You Drive More from your Splunk Investment
© 2019 SPLUNK INC. > > Security Paths Value Paths Security Operations Compliance >Fraud  faster detection and triage of security alerts and insider threats  better discovery of targeted and advanced threats  faster investigation and remediation of security incidents  reduced risk of breach, disruption, damage and data leakage  reduction in compliance reporting time  reduction in potential compliance penalties  reduction in risk of fraud  reduction in fraud losses Compliance Fraud Monitoring and Investigation Insider Threat SOAR Security Investigation Security Monitoring Advanced Thread Incident Response & Forensics 3 Paths - 8 Security Use Cases - 70 Security Capabilities
© 2019 SPLUNK INC. Final Thoughts Takeaways
© 2019 SPLUNK INC. Splunk are committed to helping customer drive more value from their investments in Security Read how other customers have found value from their investments with Splunk Speak to your account team about conducting a prescriptive value path (PVP) assessment with Splunk Key Takeaways
© 2019 SPLUNK INC. Learn how others have found value with Splunk https://conf.splunk.com/
© 2019 SPLUNK INC.© 2019 SPLUNK INC. Thank You. Don’t forget to rate this session in the SplunkLive! mobile app

More Related Content

PPTX
What's New with the Latest Splunk Platform Release
Splunk
 
PPTX
Accelerate Incident Response with Orchestration & Automation
Splunk
 
PPTX
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
Splunk
 
PPTX
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Splunk
 
PPTX
Make Your SOC Work Smarter, Not Harder
Splunk
 
PPTX
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
PPTX
Einführung in Security Analytics Methoden
Splunk
 
PPTX
Clear the Mist from your Clouds with Splunk
Splunk
 
What's New with the Latest Splunk Platform Release
Splunk
 
Accelerate Incident Response with Orchestration & Automation
Splunk
 
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
Splunk
 
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Splunk
 
Make Your SOC Work Smarter, Not Harder
Splunk
 
Splunk Cloud and Splunk Enterprise 7.2
Splunk
 
Einführung in Security Analytics Methoden
Splunk
 
Clear the Mist from your Clouds with Splunk
Splunk
 

What's hot (17)

PPTX
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Splunk
 
PPTX
The DevOps Promise: Helping Management Realise the Quality, Velocity & Effici...
Splunk
 
PPTX
Accelerate incident Response Using Orchestration and Automation
Splunk
 
PPTX
Machine Learning in Action
Splunk
 
PPTX
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Splunk
 
PPTX
Splunk Incident Response, Orchestrierung und Automation
Splunk
 
PPTX
Best Practices for Splunk Deployments
Splunk
 
PPTX
Mit Splunk Artificial Intelligence und Machine Learning mehr aus Ihren Daten ...
Splunk
 
PPTX
Splunk und Multi-Cloud
Splunk
 
PPTX
"Splunk Worst Practices"... und wie man diese behebt
Splunk
 
PPTX
Worst Splunk practices...and how to fix them
Splunk
 
PPTX
Turning Data Into Business Outcomes with the Splunk Platform
Splunk
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
PPTX
Splunk Phantom SOAR Roundtable
Splunk
 
PPTX
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Splunk
 
PPTX
Machine Learning in Action
Splunk
 
PPTX
Machine Learning in Action
Splunk
 
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Splunk
 
The DevOps Promise: Helping Management Realise the Quality, Velocity & Effici...
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Machine Learning in Action
Splunk
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Splunk
 
Splunk Incident Response, Orchestrierung und Automation
Splunk
 
Best Practices for Splunk Deployments
Splunk
 
Mit Splunk Artificial Intelligence und Machine Learning mehr aus Ihren Daten ...
Splunk
 
Splunk und Multi-Cloud
Splunk
 
"Splunk Worst Practices"... und wie man diese behebt
Splunk
 
Worst Splunk practices...and how to fix them
Splunk
 
Turning Data Into Business Outcomes with the Splunk Platform
Splunk
 
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
Splunk Phantom SOAR Roundtable
Splunk
 
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Splunk
 
Machine Learning in Action
Splunk
 
Machine Learning in Action
Splunk
 
Ad

Similar to Drive More Value from your SOC Through Connecting Security to the Business (20)

PPTX
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
 
PPTX
Accelerate incident Response Using Orchestration and Automation
Splunk
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
PPTX
Splunk Enterprise Security
Splunk
 
PPTX
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
PPTX
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
PDF
Splunk-Presentation
PrasadThorat23
 
PPTX
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk
 
PPTX
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
PDF
Sec1391
PaulDAvilar
 
PPTX
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
 
PPTX
How a Leading Saudi Bank Matured Security to Better Partner the Business
Splunk
 
PPTX
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
PPTX
SplunkLive! London 2017 - Splunk Overview
Splunk
 
PPTX
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
Splunk
 
PPTX
Get More From Your Data with Splunk AI + ML
Splunk
 
PDF
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Splunk
 
PPTX
Abenteuer bei Monitoring und Troubleshooting
Splunk
 
PDF
Splunk Solution overview testing versi 1
yulitasarahhh
 
PPTX
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
NiketNilay
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
Splunk Enterprise Security
Splunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Splunk-Presentation
PrasadThorat23
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
Sec1391
PaulDAvilar
 
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
Splunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
SplunkLive! London 2017 - Splunk Overview
Splunk
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
Splunk
 
Get More From Your Data with Splunk AI + ML
Splunk
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Splunk
 
Abenteuer bei Monitoring und Troubleshooting
Splunk
 
Splunk Solution overview testing versi 1
yulitasarahhh
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
NiketNilay
 
Ad

More from Splunk (20)

PDF
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
PDF
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
PDF
Building Resilience with Energy Management for the Public Sector
Splunk
 
PDF
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
PDF
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
PDF
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
PDF
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
PDF
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
PDF
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
PDF
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
PDF
.conf Go 2023 - Data analysis as a routine
Splunk
 
PDF
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
PDF
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
PDF
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
PDF
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
PDF
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
PDF
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
PDF
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
PDF
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
PDF
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 

Recently uploaded (20)

DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
KodekX | Application Modernization Development
KodekX
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 

Drive More Value from your SOC Through Connecting Security to the Business

  • 1. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Drive More Value from Your Security Operations: Connecting Security to the Business With Splunk James Hanlon | Director of Security Specialization, EMEA 13 June 2019
  • 2. © 2019 SPLUNK INC. Who am I ▶ Director of Splunk Security Specialization for EMEA ▶ Work with many large & small Splunk security customers ▶ Provide customer security advisory services ▶ 17+ years in Security
  • 3. © 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back What is value in security operations?
  • 4. © 2019 SPLUNK INC. What is the value of Security in 2019? Even for some security teams, this can be hard to define
  • 5. © 2019 SPLUNK INC. How much more valuable is a secure company worth than an insecure one? How much security is enough? How should security resources be invested and applied for optimal ROI? What is the impact of the threat?
  • 6. © 2019 SPLUNK INC. Adequate Security (Risk Managed) Security ROI (SROI) Sufficient Security (Compliance Driven) Differentiated Security
  • 7. © 2019 SPLUNK INC. © 2019 SPLUNK INC. ▶ Organizational Awareness ▶ Understanding the threat exposure & profile ▶ Demonstrating the value of Security Organizational Situational Awareness & Threat Profile © 2019 SPLUNK INC. ▶ Clarity of mission ▶ Known current and future state ▶ How to transform security The Security Mission © 2019 SPLUNK INC. ▶ Ownership ▶ Volume ▶ Technical know how Getting Data Visibility for the Security © 2019 SPLUNK INC. ▶ Legacy IT complexity ▶ Emergent Technology ▶ Consolidation drives & cost reduction IT Complexity and Emerging Digital Channels © 2019 SPLUNK INC. Security Operations Processes & Resources ▶ Hire ▶ Automate▶ Develop ▶ Optimize▶ Retain © 2019 SPLUNK INC. Prescriptive Security Operations Guidance What to do first, second and last (or not at all)? © 2019 SPLUNK INC. 416 78 ▶ MTTD ▶ MTTR ▶ Dwell Time ▶ TTV Time © 2019 SPLUNK INC. ▶ Security Analytics ▶ Machine Learning (AI) ▶ Automation ▶ Cloud based SecOps The Expansive & Emergent Security Technology Landscape
  • 8. © 2019 SPLUNK INC. So, the value of security can often be characterized by the organizational strategy…and the barriers
  • 9. © 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back
  • 10. © 2019 SPLUNK INC. Translating the Value of Splunk Security Security Data Analytics Value: Gain full data visibility of any legacy or emergent technology or platform Driver: Risk mitigation Whether on-prem or cloud, Splunk data and non-Splunk data sources can easily be ingested into and segmented by the tool. Security Automation Value: lower human workloads, security process inefficiency & MTTR Driver: cost avoidance Security Machine Learning (AI) Value: Detect unknows / detect faster Driver: cost avoidance, risk mitigation Integrated Security Platform Value: Increase TTV through integrated, consolidated and contextual toolsets Driver: cost avoidance r on-prem or cloud, Splunk data and non-Splunk data sources can easily be ingested into and segmented by the tool. Flexible Visualisation & Reporting Value: Increase security visibility and organizational business insights Driver: Risk mitigation Prescriptive Security Content Value: be guided by industry led advice Driver: cost avoidance
  • 11. © 2019 SPLUNK INC. NETWORK THREAT INTELLIGENCE MOBILE ENDPOINTS IDENTITY AND ACCESS CLOUD SECURITY WAF AND APP SECURITY WEB PROXY FIREWALL ANALYTICS ORCHESTRATION Observe Decide Orient Act Splunk’s Security Vision 90% TIER 1 ANALYST WORK WILL BE AUTOMATED 50% TIME NOW SPENT TUNING DETECTION AND RESPONSE LOGIC 1PLATFORM TO ORCHESTRATE THEM ALL
  • 12. © 2019 SPLUNK INC. Splunk Security Operations Suite P L A T F O R M D A T A S O U R C E S U S E C A S E S A P P L I C A T I O N S Security ContentUpdates Security Monitoring Logs Business Context Threat Intelligence + Compliance & Data Privacy Advanced Threat Detection Incident Investigation & Forensics Insider Threat Detection Incident Response Fraud Analytics & Detection SOC Automation
  • 13. © 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back Helping you unlock the value of Splunk Security
  • 14. © 2019 SPLUNK INC. Introducing the Security Prescriptive Path Helping You Drive More from your Splunk Investment
  • 15. © 2019 SPLUNK INC. > > Security Paths Value Paths Security Operations Compliance >Fraud  faster detection and triage of security alerts and insider threats  better discovery of targeted and advanced threats  faster investigation and remediation of security incidents  reduced risk of breach, disruption, damage and data leakage  reduction in compliance reporting time  reduction in potential compliance penalties  reduction in risk of fraud  reduction in fraud losses Compliance Fraud Monitoring and Investigation Insider Threat SOAR Security Investigation Security Monitoring Advanced Thread Incident Response & Forensics 3 Paths - 8 Security Use Cases - 70 Security Capabilities
  • 16. © 2019 SPLUNK INC. Examples of how Customers have realized value Splunk Security “The How”
  • 17. © 2019 SPLUNK INC. Addressing The Barriers to Value: Data Volume, Data Visibility & IT Complexity How Splunk Security Analytics Drives Value Any Data Analytics Investigative Platform
  • 18. © 2019 SPLUNK INC. Investigation & Analytics with Splunk LEARN MORE
  • 19. © 2019 SPLUNK INC. Addressing The Barriers to Value: Integrating Security Tooling | Industry Led Analytics Guidance How Splunk Security Analytics Drives Value Pre-built Security Workflows Guided Security Analytics
  • 20. © 2019 SPLUNK INC. Triage & Investigation Workflows LEARN MORE
  • 21. © 2019 SPLUNK INC. LEARN MORE Operationalizing Security Analytics Content Development
  • 22. © 2019 SPLUNK INC. Addressing The Barriers to Value: Human Workload | Process Repeatability Automate Security Tasks Process Efficiency & Repeatability How Splunk Security Analytics Drives Value
  • 23. © 2019 SPLUNK INC. Security Automation with Splunk LEARN MORE
  • 24. © 2019 SPLUNK INC. Addressing The Barriers to Value: Reduce MTTD, MTTR I Connecting with the Business Machine Learning for Security How Splunk Security Analytics Drives Value Business & IT Risk Reporting
  • 25. © 2019 SPLUNK INC. LEARN MORE Security Risk Reporting with Splunk
  • 27. © 2019 SPLUNK INC. Designed to help optimize value in your security operations  Increase security visibility, tackle IT complexity  Provide prescriptive guidance  Increase process efficiency, lower MTTD, MTTR  Enable business focused security risk reporting Security Mission
  • 28. © 2019 SPLUNK INC. We Listen We Learn We Understand We Bring It Back Using Analytics to Connect Security to the Business
  • 30. © 2019 SPLUNK INC. Gartner 2017 Analytics is Now A Foundational Security Operations Capability
  • 31. © 2019 SPLUNK INC. Logs Wired DB Mobile IoT APIMetrics Any volume Any location Any type Machine Data Storage Silo 1 Storage Silo 2 Networ k Silo Proxy Silo App Silo VMs Silo SCADA Silo AWS Silo Azure Silo APM Silo more Silos Servers Silo Data sources IT OPERATIONS SECURITY Business AnalyticsDevOps/App analytics Use Cases IoT Different people asking different questions on the same data, in real time Splunkbase; 1900+ Free Apps/add-ons Splunk> MINT Splunk> Industrial Asset Management MQTT Modular Input Kepware IDF to Metrics Splunk> App for Infrastructure Splunk> Stream JMX JAVA Splunk> DB Connect Fast Time to Value Premium Apps AI / Machine Learning accelerators 30%↓ Risk* 4%↑ supply chain throughput ** 70%+↓ QA troubleshooting* 25%+↓ power/facility*** • 3rd Party (ServiceNow, CMDB, SIEM…) • Structured data > Automate > Collaborative incident response SAME DATA, MULTIPLE USE CASES Splunk Platform (Cloud / On-prem) DATA SOURCES CORRELATION Data to Answers Splunk> Machine Learning Toolkit 70% to 90%↓ MTTR* But an Analytics capability can do much more across across many IT domains
  • 32. © 2019 SPLUNK INC. Converged Analytics for Business Value We call this..
  • 33. © 2019 SPLUNK INC. Extracting Value Through Converged Data Analytics Security, IoT & Industrial Data Analytics
  • 34. © 2019 SPLUNK INC. UCAS GDPR Compliance, IT Operations & Security
  • 35. © 2019 SPLUNK INC. SecOps / SOC Strategy & Metrics (Operational Security) Adversary,Threat,Controls,Vulnerability orITRiskDrivenSOCstrategies Corporate/IT Initiative 1 Corporate Mission & Goals Corporate/IT Initiative 2 Corporate/IT Initiative 3 Corporate/IT Initiative N Reducing this gap provides business enabling alignment for Security & SOC teams Business Enabling Data & Security Insights (Data Analytics Enabled) Analytics Driven Approach to Connect Security to the Business
  • 36. © 2019 SPLUNK INC. DEMO Splunk Security Prescriptive Value Path (PVP)
  • 37. © 2019 SPLUNK INC. Realities that Worry Executives? Only 28 percent of companies use project performance techniques (PMI, 2017) Most organizations have a 70% project failure rate (4PM) Only 64% of projects meet their goals (Wrike) Executives need prescriptive plans to mitigate these risks
  • 38. © 2019 SPLUNK INC. Introducing the Security Prescriptive Path Helping You Drive More from your Splunk Investment
  • 39. © 2019 SPLUNK INC. > > Security Paths Value Paths Security Operations Compliance >Fraud  faster detection and triage of security alerts and insider threats  better discovery of targeted and advanced threats  faster investigation and remediation of security incidents  reduced risk of breach, disruption, damage and data leakage  reduction in compliance reporting time  reduction in potential compliance penalties  reduction in risk of fraud  reduction in fraud losses Compliance Fraud Monitoring and Investigation Insider Threat SOAR Security Investigation Security Monitoring Advanced Thread Incident Response & Forensics 3 Paths - 8 Security Use Cases - 70 Security Capabilities
  • 40. © 2019 SPLUNK INC. Final Thoughts Takeaways
  • 41. © 2019 SPLUNK INC. Splunk are committed to helping customer drive more value from their investments in Security Read how other customers have found value from their investments with Splunk Speak to your account team about conducting a prescriptive value path (PVP) assessment with Splunk Key Takeaways
  • 42. © 2019 SPLUNK INC. Learn how others have found value with Splunk https://conf.splunk.com/
  • 43. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Thank You. Don’t forget to rate this session in the SplunkLive! mobile app