SlideShare a Scribd company logo

Better Threat Analytics: From Getting Started to Cloud Security Analytics and Machine Learning Algorithms

Download as PPTX, PDF
Splunk, profile picture
Splunk

The document discusses Splunk's solutions for improving security operations, including threat detection and analytics using machine learning and orchestration. It outlines key challenges, strategies for integrating data from multiple cloud environments, and tools for effective incident response. Additionally, it emphasizes the importance of automated recommendations and content alignment with industry standards such as MITRE ATT&CK.

Technology
Related topics:
Cloud Security Insights
1 of 31
Downloaded 29 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
© 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Better Threat Analytics: From Getting Started to Cloud Security Analytics and Machine Learning Algorithms Security Breakout
© 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Fighting the Eternal Challenge: Dealing with Alert Fatigue and Getting Insights into Security Productivity Security Breakout
© 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Lessons for a Fast Start in Automation and Orchestration Security Breakout
During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Data-to-Everything, D2E, and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved. Forward- Looking Statements © 2 0 2 0 S P L U N K I N C .
© 2 0 2 0 S P L U N K I N C . What Indicators of compromise should I look for? What data do I need? What about cloud services, they work differently? What about insider threat and compromised accounts? How can behavioural techniques / ML help and how difficult is it? Key Challenges Where do I start?
© 2 0 2 0 S P L U N K I N C . Key Takeaways Where to find and how to use Splunk Content aligned to MITRE? Multi Cloud Threat Detection is ready to go with Splunk Machine Learning & Data Science can boost your SOC 1 2 3
© 2 0 2 0 S P L U N K I N C . Customer Delivery Other Data Lakes CLOUDON-PREM HYBRID WITH BROKERS Platform for Machine DataPlatform Applications Future Splunk Solutions 3rd Party Plug-ins Solutions Mission Control Cloud-Based Unified Security Operations + Security Operations Suite Architecture SecurityUseCaseContent Enterprise Security User Behavior Analytics + Phantom
© 2 0 2 0 S P L U N K I N C . IngestDetect Predict Automate OrchestrateRecommend Collaborate Investigate Manage Cases Report Content Machine Learning
© 2 0 2 0 S P L U N K I N C . Splunk Security Content Detection made easier
© 2 0 2 0 S P L U N K I N C . Splunk Security Threat Detection Content Where to find it Security Essentials ES Content Update UBA Inventory of all content + guidance and reporting Bi weekly release Inc MLTK ML and Graph Analysis
© 2 0 2 0 S P L U N K I N C . Splunk Security Essentials • Common use cases and examples to get started • Data onboarding guides for top data sources • Understand use case needed to improve your security • Use cases & Playbooks ready for operationalization in Splunk ES, UBA & Phantom https://splunkbase.splunk.com/app/3435/
© 2 0 2 0 S P L U N K I N C . Prescriptive Content What to do next? SSE understands what data you have, and what content you already use. It uses that to recommend what to do next.
© 2 0 2 0 S P L U N K I N C . Includes Maps and Content from Splunk Premium Solutions Splunk ES Content Update
© 2 0 2 0 S P L U N K I N C . How to Find Content, By Use Case, Data Source, Threat Actor, MITRE ATT&CK Tactic, and Track Your Coverage Demo
© 2 0 2 0 S P L U N K I N C . Analytics Supporting Multi Cloud
© 2 0 2 0 S P L U N K I N C . You All* Have a Cloud Strategy
© 2 0 2 0 S P L U N K I N C . Centralised SOC view of all cloud security Platform for Machine Data Mission Control Cloud-Based Unified Security Operations +Enterprise Security User Behavior Analytics + Phantom
© 2 0 2 0 S P L U N K I N C . Analytics on Cloud Data is Hard?
© 2 0 2 0 S P L U N K I N C . Single Use Cases across Multiple Cloud
© 2 0 2 0 S P L U N K I N C . More Multi Cloud Security Usecases You’re ingesting advanced data sources and running better investigations.
© 2 0 2 0 S P L U N K I N C . Cloud Data Model – Coming Soon Now on GitHub!
© 2 0 2 0 S P L U N K I N C . What About Orchestration and Automation?
© 2 0 2 0 S P L U N K I N C . Advanced Detection & Machine Learning
© 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Using the power of Splunk for Security Machine Learning MLTK First Time Behavior STATS Security Analytics Correlation Time Series Spike Analysis STDEV Unsupervised ML & Graph Analysis OTB Splunk UBA
© 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Target, enrich, and prioritize with ES frameworks Asset and Identity Correlation Risk-Based Alerting Threat Intelligece
© 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Showcase Demo
© 2 0 2 0 S P L U N K I N C . SplunkUser Behavior Analytics • Multi-entity behavior profiling • Comprehensive unsupervised Machine Learning algorithms OTB • Multi-dimensional identity correlation • Continuous UBA content updates • Open SDK for Data Scientists
© 2 0 2 0 S P L U N K I N C . How Does Splunk UBA Work? 65+ Anomaly Classifications 25+ Threat Classifications Machine Learning Suspicious Data Movement Unusual Machine Access Flight Risk User Unusual Network Activity Machine Generated Beacon Lateral Movement Suspicious Behavior Compromised User Account Data Exfiltration Malware Activity Application logs Network logs Endpoint logs Server logs Identity logs Machine Learning & Graph Analysis 7 Use Cases
© 2 0 2 0 S P L U N K I N C . Trinity Reference?
© 2 0 2 0 S P L U N K I N C . Takeaways Where to find it Detection Content Ready for ES Threat Detection in Multi Cloud Out of the Box ML Capabilities
© 2 0 2 0 S P L U N K I N C . You! Thank

More Related Content

PPTX
Machine Learning and Social Good
Splunk
 
PPTX
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk
 
PPTX
Do You Really Need to Evolve From Monitoring to Observability?
Splunk
 
PPTX
Splunk Platform 2020 & Beyond
Splunk
 
PPTX
The Risks and Rewards of AI
Splunk
 
PPTX
Security Automation & Orchestration
Splunk
 
PDF
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk
 
PPTX
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
 
Machine Learning and Social Good
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Willkommen!
Splunk
 
Do You Really Need to Evolve From Monitoring to Observability?
Splunk
 
Splunk Platform 2020 & Beyond
Splunk
 
The Risks and Rewards of AI
Splunk
 
Security Automation & Orchestration
Splunk
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
 

What's hot (20)

PPTX
Splunk Discovery Köln - 17-01-2020 - Splunk for ITOps
Splunk
 
PPTX
Splunk Overview
Splunk
 
PDF
Splunk AI & Machine Learning Roundtable 2019 - Zurich
Splunk
 
PPTX
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
 
PPTX
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
Splunk
 
PPTX
SplunkLive! Stockholm 2019 - Customer presentation: ISS
Splunk
 
PPTX
Splunk4Leaders
Splunk
 
PPTX
Best Practices for Forwarder Hierarchies
Splunk
 
PPTX
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Splunk
 
PPTX
The Top 10 Glasstable Design Principles to Boost Your Career and Your Business
Splunk
 
PPTX
Catch these Sessions on-demand at .conf Online
Splunk
 
PPTX
Worst Splunk practices...and how to fix them
Splunk
 
PPTX
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk
 
PPTX
Introduction into Security Analytics Methods
Splunk
 
PDF
Manufacturing Webinar AMS
Splunk
 
PPTX
Clear the Mist from your Clouds with Splunk
Splunk
 
PPTX
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Splunk
 
PPTX
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
PPTX
Danfoss - Splunk for Vulnerability Management
Splunk
 
PPTX
Splunk at Airbus
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Splunk for ITOps
Splunk
 
Splunk Overview
Splunk
 
Splunk AI & Machine Learning Roundtable 2019 - Zurich
Splunk
 
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: Norlys
Splunk
 
SplunkLive! Stockholm 2019 - Customer presentation: ISS
Splunk
 
Splunk4Leaders
Splunk
 
Best Practices for Forwarder Hierarchies
Splunk
 
Wie erkenne ich die Auswirkungen von IT Ausfallen auf meine Produktion?
Splunk
 
The Top 10 Glasstable Design Principles to Boost Your Career and Your Business
Splunk
 
Catch these Sessions on-demand at .conf Online
Splunk
 
Worst Splunk practices...and how to fix them
Splunk
 
Splunk Discovery Köln - 17-01-2020 - Turning Data Into Business Outcomes
Splunk
 
Introduction into Security Analytics Methods
Splunk
 
Manufacturing Webinar AMS
Splunk
 
Clear the Mist from your Clouds with Splunk
Splunk
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Splunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
Danfoss - Splunk for Vulnerability Management
Splunk
 
Splunk at Airbus
Splunk
 
Ad

Similar to Better Threat Analytics: From Getting Started to Cloud Security Analytics and Machine Learning Algorithms (20)

PDF
Splunk-Presentation
PrasadThorat23
 
PPTX
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Splunk
 
PPTX
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
PPTX
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
PDF
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Splunk
 
PPTX
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
PPTX
Security crawl walk run presentation mckay v1 2017
Adam Tice
 
PDF
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
PPTX
Introduction into Security Analytics Methods
Splunk
 
PPTX
SplunkLive! Munich 2018: Intro to Security Analytics Methods
Splunk
 
PDF
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
PDF
March 2023 PNW User Group
Amanda Richardson
 
PPTX
Einführung in Security Analytics Methoden
Splunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
PPTX
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
NiketNilay
 
PPTX
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
PPTX
Make Your SOC Work Smarter, Not Harder
Splunk
 
PDF
Enterprise Security featuring UBA
Splunk
 
PPTX
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Splunk
 
Splunk-Presentation
PrasadThorat23
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Splunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
Security crawl walk run presentation mckay v1 2017
Adam Tice
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
Splunk EMEA
 
Introduction into Security Analytics Methods
Splunk
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
March 2023 PNW User Group
Amanda Richardson
 
Einführung in Security Analytics Methoden
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
NiketNilay
 
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk
 
Make Your SOC Work Smarter, Not Harder
Splunk
 
Enterprise Security featuring UBA
Splunk
 
SplunkLive! Zurich 2018: Intro to Security Analytics Methods
Splunk
 
Ad

More from Splunk (20)

PDF
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
PDF
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
PDF
Building Resilience with Energy Management for the Public Sector
Splunk
 
PDF
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
PDF
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
PDF
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
PDF
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
PDF
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
PDF
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
PDF
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
PDF
.conf Go 2023 - Data analysis as a routine
Splunk
 
PDF
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
PDF
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
PDF
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
PDF
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
PDF
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
PDF
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
PDF
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
PDF
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
PDF
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 

Recently uploaded (20)

PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Teaching material agriculture food technology
LiaRayya
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Approach and Philosophy of On baking technology
30anthuong17
 

Better Threat Analytics: From Getting Started to Cloud Security Analytics and Machine Learning Algorithms

  • 1. © 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Better Threat Analytics: From Getting Started to Cloud Security Analytics and Machine Learning Algorithms Security Breakout
  • 2. © 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Fighting the Eternal Challenge: Dealing with Alert Fatigue and Getting Insights into Security Productivity Security Breakout
  • 3. © 2 0 2 0 S P L U N K I N C . © 2 0 2 0 S P L U N K I N C . Lessons for a Fast Start in Automation and Orchestration Security Breakout
  • 4. During the course of this presentation, we may make forward‐looking statements regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Data-to-Everything, D2E, and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2020 Splunk Inc. All rights reserved. Forward- Looking Statements © 2 0 2 0 S P L U N K I N C .
  • 5. © 2 0 2 0 S P L U N K I N C . What Indicators of compromise should I look for? What data do I need? What about cloud services, they work differently? What about insider threat and compromised accounts? How can behavioural techniques / ML help and how difficult is it? Key Challenges Where do I start?
  • 6. © 2 0 2 0 S P L U N K I N C . Key Takeaways Where to find and how to use Splunk Content aligned to MITRE? Multi Cloud Threat Detection is ready to go with Splunk Machine Learning & Data Science can boost your SOC 1 2 3
  • 7. © 2 0 2 0 S P L U N K I N C . Customer Delivery Other Data Lakes CLOUDON-PREM HYBRID WITH BROKERS Platform for Machine DataPlatform Applications Future Splunk Solutions 3rd Party Plug-ins Solutions Mission Control Cloud-Based Unified Security Operations + Security Operations Suite Architecture SecurityUseCaseContent Enterprise Security User Behavior Analytics + Phantom
  • 8. © 2 0 2 0 S P L U N K I N C . IngestDetect Predict Automate OrchestrateRecommend Collaborate Investigate Manage Cases Report Content Machine Learning
  • 9. © 2 0 2 0 S P L U N K I N C . Splunk Security Content Detection made easier
  • 10. © 2 0 2 0 S P L U N K I N C . Splunk Security Threat Detection Content Where to find it Security Essentials ES Content Update UBA Inventory of all content + guidance and reporting Bi weekly release Inc MLTK ML and Graph Analysis
  • 11. © 2 0 2 0 S P L U N K I N C . Splunk Security Essentials • Common use cases and examples to get started • Data onboarding guides for top data sources • Understand use case needed to improve your security • Use cases & Playbooks ready for operationalization in Splunk ES, UBA & Phantom https://splunkbase.splunk.com/app/3435/
  • 12. © 2 0 2 0 S P L U N K I N C . Prescriptive Content What to do next? SSE understands what data you have, and what content you already use. It uses that to recommend what to do next.
  • 13. © 2 0 2 0 S P L U N K I N C . Includes Maps and Content from Splunk Premium Solutions Splunk ES Content Update
  • 14. © 2 0 2 0 S P L U N K I N C . How to Find Content, By Use Case, Data Source, Threat Actor, MITRE ATT&CK Tactic, and Track Your Coverage Demo
  • 15. © 2 0 2 0 S P L U N K I N C . Analytics Supporting Multi Cloud
  • 16. © 2 0 2 0 S P L U N K I N C . You All* Have a Cloud Strategy
  • 17. © 2 0 2 0 S P L U N K I N C . Centralised SOC view of all cloud security Platform for Machine Data Mission Control Cloud-Based Unified Security Operations +Enterprise Security User Behavior Analytics + Phantom
  • 18. © 2 0 2 0 S P L U N K I N C . Analytics on Cloud Data is Hard?
  • 19. © 2 0 2 0 S P L U N K I N C . Single Use Cases across Multiple Cloud
  • 20. © 2 0 2 0 S P L U N K I N C . More Multi Cloud Security Usecases You’re ingesting advanced data sources and running better investigations.
  • 21. © 2 0 2 0 S P L U N K I N C . Cloud Data Model – Coming Soon Now on GitHub!
  • 22. © 2 0 2 0 S P L U N K I N C . What About Orchestration and Automation?
  • 23. © 2 0 2 0 S P L U N K I N C . Advanced Detection & Machine Learning
  • 24. © 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Using the power of Splunk for Security Machine Learning MLTK First Time Behavior STATS Security Analytics Correlation Time Series Spike Analysis STDEV Unsupervised ML & Graph Analysis OTB Splunk UBA
  • 25. © 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Target, enrich, and prioritize with ES frameworks Asset and Identity Correlation Risk-Based Alerting Threat Intelligece
  • 26. © 2 0 2 0 S P L U N K I N C . Advanced Threat Detection Techniques Showcase Demo
  • 27. © 2 0 2 0 S P L U N K I N C . SplunkUser Behavior Analytics • Multi-entity behavior profiling • Comprehensive unsupervised Machine Learning algorithms OTB • Multi-dimensional identity correlation • Continuous UBA content updates • Open SDK for Data Scientists
  • 28. © 2 0 2 0 S P L U N K I N C . How Does Splunk UBA Work? 65+ Anomaly Classifications 25+ Threat Classifications Machine Learning Suspicious Data Movement Unusual Machine Access Flight Risk User Unusual Network Activity Machine Generated Beacon Lateral Movement Suspicious Behavior Compromised User Account Data Exfiltration Malware Activity Application logs Network logs Endpoint logs Server logs Identity logs Machine Learning & Graph Analysis 7 Use Cases
  • 29. © 2 0 2 0 S P L U N K I N C . Trinity Reference?
  • 30. © 2 0 2 0 S P L U N K I N C . Takeaways Where to find it Detection Content Ready for ES Threat Detection in Multi Cloud Out of the Box ML Capabilities
  • 31. © 2 0 2 0 S P L U N K I N C . You! Thank