SlideShare a Scribd company logo

Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response

Download as PPTX, PDF
Splunk, profile picture
Splunk

The document discusses Splunk Incident Response, orchestration and automation capabilities. It notes that incident response currently takes significant time, from months for detection to days for containment and remediation. Splunk aims to accelerate this process through automation, orchestration and its security operations platform to integrate tools, streamline workflows and automate repetitive tasks. The presentation demonstrates Splunk's Phantom security orchestration product and how it can automate security tasks like malware investigations to reduce response times.

Technology
1 of 39
Downloaded 29 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
© 2019 SPLUNK INC. Splunk Incident Response, Orchestrierung und Automation Splunk Discovery Köln 17. Januar 2020
During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2019 SPLUNK INC.
© 2019 SPLUNK INC. Beate Passul Senior Sales Engineer
© 2019 SPLUNK INC. Security Operations Practices Need to Change • Too Many Alerts • Not Enough Insights • Too Many • No Integration • Attracting • Training • Retaining Incident Response Tools Skills • Orchestration & Automation • Horizontal & Vertical Scale
© 2019 SPLUNK INC. Incident Response Challenge
© 2019 SPLUNK INC. Incident Response Takes Significant Time Source: SANS 2017 Incident Response Survey 1-3 months 2–7 days Time from Compromise To Detection Time from Detection To Containment Time from Containment To Remediation
© 2019 SPLUNK INC. Where Does Your Time Go? When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
© 2019 SPLUNK INC. Time-to-Contain + Time-to-Remediate = 86% When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
© 2019 SPLUNK INC. Tools
© 2019 SPLUNK INC. Poll #1 How many security tools and technologies does your company use? • < 10 • 10–25 • 26–50 • 51–75+
© 2019 SPLUNK INC. Tools and Technologies Galore TOO MANY TOOLS On average, organizations are using between 25 and 30 different security technologies and services. Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
© 2019 SPLUNK INC. Skills and Scale Orchestration and Automation
© 2019 SPLUNK INC. Orchestration vs. Automation Orchestration • Security Orchestration is the machine-based coordination of security actions across tools and technologies. • Brings together or integrates different technologies and tools • Provides the ability to coordinate informed decision making, formalize and automate responsive actions Automation • Security Automation is the machine-based execution of security actions. • Focus is on how to make machines do task-oriented "human work” • Improve repetitive work, with high confidence in the outcome • Allows multiple tasks or "playbooks" to potentially execute numerous tasks
© 2019 SPLUNK INC. Poll #2 Do you use Security Orchestration Automation and Response (SOAR)?
© 2019 SPLUNK INC. SOAR Maestro App actions App actions App actions App actions App actions App actions App actions App actions App actions App actions Playbook
© 2019 SPLUNK INC. Automation & Orchestration Adoption Growing Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
© 2019 SPLUNK INC. Security Nerve Center Overview
© 2019 SPLUNK INC. Security Nerve Center Orient Observe Decide Act Network Identity & Access Threat Intelligence Mobile EndpointsCloud Security WAF & App Security Web Proxy Firewall Analytics Orchestration
© 2019 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
© 2019 SPLUNK INC. Adaptive Operations Framework Mission • Deeply integrate with the best security technologies to improve cyber defenses and maximize operational efficiency. Approach • Gather, analyze, share, and take action using end-to-end context across across multiple security domains. Partner ecosystem enables the Security Nerve Center Network Identity & Access Threat Intelligence EndpointsCloud Security WAF & App Security Web Proxy Firewall Operations Data / Analytics Splunk Phantom Apps & Playbooks Splunk Enterprise Security Adaptive Response Actions Splunkbase Apps & Add-Ons 240+ Integrations / 1,200+ APIs
© 2019 SPLUNK INC. Phantom Security Operations
© 2019 SPLUNK INC. Operationalizing Security Integrate your team, processes, and tools together. • Work smarter by automating repetitive tasks allowing analysts to focus on more mission-critical tasks. • Respond faster and reduce dwell times with automated detection, investigation, and response. • Strengthen defenses by integrating existing security infrastructure together so that each part is an active participant. With Phantom Automation Event Management
© 2019 SPLUNK INC. Automation • Automate repetitive tasks to force multiply team efforts. • Execute automated actions in seconds versus hours. • Pre-fetch intelligence to support decision making. Automation Event Management
© 2019 SPLUNK INC. Orchestration • Coordinate complex workflows across your SOC. • 200+ Apps & growing • 1000+ API’s Automation Event Management
© 2019 SPLUNK INC. Case Management • Create case templates that replicate your SOPs. • Manage your response to threats with precision. • Embed automation within a case task. Automation Event Management
© 2019 SPLUNK INC. How it Works Automated Malware Investigation • “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” — Adam Fletcher, CISO A Phantom Case Study SANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT
© 2019 SPLUNK INC. Demo
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2 0 1 9 S P L U N K I N C . Splunk Phantom on your mobile device • Phantom on Splunk Mobile brings the power of Phantom security orchestration, automation, and response (SOAR) capabilities to your mobile device. • No need to open your laptop. Orchestrate security operations from the palm of your hand. • Respond faster than ever before, because you’re reachable from anywhere. • Run playbooks, triage events, and collaborate with colleagues – all on-the-go.
© 2019 SPLUNK INC. Key Takeaways Splunk offers options to accelerate incident response with orchestration and automation 1) Use Phantom with Splunk or Splunk Enterprise Security to accelerate Incident Investigation and Response 2) Use Adaptive Operations Framework to realize your security nerve center 3) Splunk offers market proven, comprehensive solutions for Incident Response 4) Use with all Security domains and related IT domains to solve incident response use cases and more
© 2019 SPLUNK INC. Join our community get access to playbooks and app integrations https://my.phantom.us
© 2019 SPLUNK INC. Agenda Splunk Discovery Köln 17. Januar 2020 09:00–10:30 Keynote und Demo – Die Data-to-Everything Plattform 10:30–11:00 Pause Tech Track (Jupiter I+II) Business Track (Saturn I+II) 11:00–11:45 Mit der Splunk Plattform Daten in Mehrwert umwandeln ROI in Datenprojekten (in English) 11:45–12:30 Abenteuer bei Monitoring und Troubleshooting Kunden Use Cases 12:30–13:30 Mittagessen 13:30–14:15 Security Analytics Methoden Die Zukunft von Security Operations 14:15–15:00 Splunk Incident Response, Orchestrierung und Automation Die Zukunft von ITOA – von Monitoring zu Observability 15:00–15:30 Pause 15:30–16:15 Kunden Use Case: TÜV Trust IT 16:15–17:00 Networking Drinks
Thank You © 2019 SPLUNK INC.

More Related Content

PPTX
Splunk Discovery Köln - 17-01-2020 - Splunk for ITOps
Splunk
 
PPTX
Do You Really Need to Evolve From Monitoring to Observability?
Splunk
 
PPTX
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk
 
PPTX
Splunk Overview
Splunk
 
PDF
Splunk AI & Machine Learning Roundtable 2019 - Zurich
Splunk
 
PPTX
Splunk Platform 2020 & Beyond
Splunk
 
PPTX
The Risks and Rewards of AI
Splunk
 
PPTX
Security Automation & Orchestration
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Splunk for ITOps
Splunk
 
Do You Really Need to Evolve From Monitoring to Observability?
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk
 
Splunk Overview
Splunk
 
Splunk AI & Machine Learning Roundtable 2019 - Zurich
Splunk
 
Splunk Platform 2020 & Beyond
Splunk
 
The Risks and Rewards of AI
Splunk
 
Security Automation & Orchestration
Splunk
 

What's hot (20)

PPTX
Machine Learning and Social Good
Splunk
 
PDF
Manufacturing Webinar AMS
Splunk
 
PPTX
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
Splunk
 
PPTX
IoT Analytics @ splunk
Splunk
 
PPTX
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Splunk
 
PPTX
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk
 
PDF
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk
 
PPTX
The Top 10 Glasstable Design Principles to Boost Your Career and Your Business
Splunk
 
PPTX
How to justify the economic value of your data investment
Splunk
 
PPTX
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Splunk
 
PPTX
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
 
PPTX
Introduction into Security Analytics Methods
Splunk
 
PPTX
SplunkLive! Stockholm 2019 - Customer presentation: ISS
Splunk
 
PPTX
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Splunk
 
PPTX
Worst Splunk practices...and how to fix them
Splunk
 
PPTX
Extending Splunk to Business Use Cases With Automated Process Mining
Splunk
 
PPTX
Turning Data Into Business Outcomes with the Splunk Platform
Splunk
 
PPTX
Make Your SOC Work Smarter, Not Harder
Splunk
 
PPTX
What's New with the Latest Splunk Platform Release
Splunk
 
PPTX
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Splunk
 
Machine Learning and Social Good
Splunk
 
Manufacturing Webinar AMS
Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
Splunk
 
IoT Analytics @ splunk
Splunk
 
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk
 
The Top 10 Glasstable Design Principles to Boost Your Career and Your Business
Splunk
 
How to justify the economic value of your data investment
Splunk
 
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Splunk
 
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
 
Introduction into Security Analytics Methods
Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
Splunk
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Splunk
 
Worst Splunk practices...and how to fix them
Splunk
 
Extending Splunk to Business Use Cases With Automated Process Mining
Splunk
 
Turning Data Into Business Outcomes with the Splunk Platform
Splunk
 
Make Your SOC Work Smarter, Not Harder
Splunk
 
What's New with the Latest Splunk Platform Release
Splunk
 
Still Suffering from IT Outages? Accept Failure, Learn from Failure and Get R...
Splunk
 
Ad

Similar to Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response (20)

PPTX
Accelerate Incident Response with Orchestration & Automation
Splunk
 
PPTX
Accelerate incident Response Using Orchestration and Automation
Splunk
 
PPTX
Accelerate incident Response Using Orchestration and Automation
Splunk
 
PPTX
Splunk Incident Response, Orchestrierung und Automation
Splunk
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
PPTX
Splunk Enterprise Security
Splunk
 
PDF
Splunk-Presentation
PrasadThorat23
 
PPTX
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
PPTX
Drive More Value from your SOC Through Connecting Security to the Business
Splunk
 
PDF
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
PDF
December Bengaluru Splunk User Group Meetup
kamlesh2410
 
PPTX
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
PPTX
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
PPTX
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
PPTX
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
PDF
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
Rod Soto
 
PPTX
Splunk Phantom SOAR Roundtable
Splunk
 
PPTX
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
PPTX
SplunkLive! London 2017 - Splunk Overview
Splunk
 
Accelerate Incident Response with Orchestration & Automation
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Splunk Incident Response, Orchestrierung und Automation
Splunk
 
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
Exploring Frameworks of Splunk Enterprise Security
Splunk
 
Splunk Enterprise Security
Splunk
 
Splunk-Presentation
PrasadThorat23
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Drive More Value from your SOC Through Connecting Security to the Business
Splunk
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
December Bengaluru Splunk User Group Meetup
kamlesh2410
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
 
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
Rod Soto
 
Splunk Phantom SOAR Roundtable
Splunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
SplunkLive! London 2017 - Splunk Overview
Splunk
 
Ad

More from Splunk (20)

PDF
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
PDF
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
PDF
Building Resilience with Energy Management for the Public Sector
Splunk
 
PDF
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
PDF
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
PDF
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
PDF
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
PDF
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
PDF
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
PDF
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
PDF
.conf Go 2023 - Data analysis as a routine
Splunk
 
PDF
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
PDF
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
PDF
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
PDF
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
PDF
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
PDF
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
PDF
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
PDF
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
PDF
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Teaching material agriculture food technology
LiaRayya
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
MYSQL Presentation for SQL database connectivity
Swati270511
 

Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response

  • 1. © 2019 SPLUNK INC. Splunk Incident Response, Orchestrierung und Automation Splunk Discovery Köln 17. Januar 2020
  • 2. During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward- Looking Statements © 2019 SPLUNK INC.
  • 3. © 2019 SPLUNK INC. Beate Passul Senior Sales Engineer
  • 4. © 2019 SPLUNK INC. Security Operations Practices Need to Change • Too Many Alerts • Not Enough Insights • Too Many • No Integration • Attracting • Training • Retaining Incident Response Tools Skills • Orchestration & Automation • Horizontal & Vertical Scale
  • 5. © 2019 SPLUNK INC. Incident Response Challenge
  • 6. © 2019 SPLUNK INC. Incident Response Takes Significant Time Source: SANS 2017 Incident Response Survey 1-3 months 2–7 days Time from Compromise To Detection Time from Detection To Containment Time from Containment To Remediation
  • 7. © 2019 SPLUNK INC. Where Does Your Time Go? When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
  • 8. © 2019 SPLUNK INC. Time-to-Contain + Time-to-Remediate = 86% When working an incident, which phase generally takes the longest to complete in your organization? Day in the life of a security professional survey © 2016 EMA, Inc.
  • 9. © 2019 SPLUNK INC. Tools
  • 10. © 2019 SPLUNK INC. Poll #1 How many security tools and technologies does your company use? • < 10 • 10–25 • 26–50 • 51–75+
  • 11. © 2019 SPLUNK INC. Tools and Technologies Galore TOO MANY TOOLS On average, organizations are using between 25 and 30 different security technologies and services. Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
  • 12. © 2019 SPLUNK INC. Skills and Scale Orchestration and Automation
  • 13. © 2019 SPLUNK INC. Orchestration vs. Automation Orchestration • Security Orchestration is the machine-based coordination of security actions across tools and technologies. • Brings together or integrates different technologies and tools • Provides the ability to coordinate informed decision making, formalize and automate responsive actions Automation • Security Automation is the machine-based execution of security actions. • Focus is on how to make machines do task-oriented "human work” • Improve repetitive work, with high confidence in the outcome • Allows multiple tasks or "playbooks" to potentially execute numerous tasks
  • 14. © 2019 SPLUNK INC. Poll #2 Do you use Security Orchestration Automation and Response (SOAR)?
  • 15. © 2019 SPLUNK INC. SOAR Maestro App actions App actions App actions App actions App actions App actions App actions App actions App actions App actions Playbook
  • 16. © 2019 SPLUNK INC. Automation & Orchestration Adoption Growing Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
  • 17. © 2019 SPLUNK INC. Security Nerve Center Overview
  • 18. © 2019 SPLUNK INC. Security Nerve Center Orient Observe Decide Act Network Identity & Access Threat Intelligence Mobile EndpointsCloud Security WAF & App Security Web Proxy Firewall Analytics Orchestration
  • 19. © 2019 SPLUNK INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data
  • 20. © 2019 SPLUNK INC. Adaptive Operations Framework Mission • Deeply integrate with the best security technologies to improve cyber defenses and maximize operational efficiency. Approach • Gather, analyze, share, and take action using end-to-end context across across multiple security domains. Partner ecosystem enables the Security Nerve Center Network Identity & Access Threat Intelligence EndpointsCloud Security WAF & App Security Web Proxy Firewall Operations Data / Analytics Splunk Phantom Apps & Playbooks Splunk Enterprise Security Adaptive Response Actions Splunkbase Apps & Add-Ons 240+ Integrations / 1,200+ APIs
  • 21. © 2019 SPLUNK INC. Phantom Security Operations
  • 22. © 2019 SPLUNK INC. Operationalizing Security Integrate your team, processes, and tools together. • Work smarter by automating repetitive tasks allowing analysts to focus on more mission-critical tasks. • Respond faster and reduce dwell times with automated detection, investigation, and response. • Strengthen defenses by integrating existing security infrastructure together so that each part is an active participant. With Phantom Automation Event Management
  • 23. © 2019 SPLUNK INC. Automation • Automate repetitive tasks to force multiply team efforts. • Execute automated actions in seconds versus hours. • Pre-fetch intelligence to support decision making. Automation Event Management
  • 24. © 2019 SPLUNK INC. Orchestration • Coordinate complex workflows across your SOC. • 200+ Apps & growing • 1000+ API’s Automation Event Management
  • 25. © 2019 SPLUNK INC. Case Management • Create case templates that replicate your SOPs. • Manage your response to threats with precision. • Embed automation within a case task. Automation Event Management
  • 26. © 2019 SPLUNK INC. How it Works Automated Malware Investigation • “Automation with Phantom enables us to process malware email alerts in about 40 seconds vs. 30 minutes or more.” — Adam Fletcher, CISO A Phantom Case Study SANDBOX QUERY RECIPIENTS USER PROFILE HUNT FILE HUNT FILE FILE REPUTATION FILE ASSESSMENT RUN PLAYBOOK “REMEDIATE" EMAIL ALERT
  • 27. © 2019 SPLUNK INC. Demo
  • 35. © 2 0 1 9 S P L U N K I N C . Splunk Phantom on your mobile device • Phantom on Splunk Mobile brings the power of Phantom security orchestration, automation, and response (SOAR) capabilities to your mobile device. • No need to open your laptop. Orchestrate security operations from the palm of your hand. • Respond faster than ever before, because you’re reachable from anywhere. • Run playbooks, triage events, and collaborate with colleagues – all on-the-go.
  • 36. © 2019 SPLUNK INC. Key Takeaways Splunk offers options to accelerate incident response with orchestration and automation 1) Use Phantom with Splunk or Splunk Enterprise Security to accelerate Incident Investigation and Response 2) Use Adaptive Operations Framework to realize your security nerve center 3) Splunk offers market proven, comprehensive solutions for Incident Response 4) Use with all Security domains and related IT domains to solve incident response use cases and more
  • 37. © 2019 SPLUNK INC. Join our community get access to playbooks and app integrations https://my.phantom.us
  • 38. © 2019 SPLUNK INC. Agenda Splunk Discovery Köln 17. Januar 2020 09:00–10:30 Keynote und Demo – Die Data-to-Everything Plattform 10:30–11:00 Pause Tech Track (Jupiter I+II) Business Track (Saturn I+II) 11:00–11:45 Mit der Splunk Plattform Daten in Mehrwert umwandeln ROI in Datenprojekten (in English) 11:45–12:30 Abenteuer bei Monitoring und Troubleshooting Kunden Use Cases 12:30–13:30 Mittagessen 13:30–14:15 Security Analytics Methoden Die Zukunft von Security Operations 14:15–15:00 Splunk Incident Response, Orchestrierung und Automation Die Zukunft von ITOA – von Monitoring zu Observability 15:00–15:30 Pause 15:30–16:15 Kunden Use Case: TÜV Trust IT 16:15–17:00 Networking Drinks
  • 39. Thank You © 2019 SPLUNK INC.