Power the SOC of the Future with scale, speed and choice - Splunk Public Sector Summit 2024
0 likes130 views
The document details Splunk's vision for the future of security operations centers (SOCs), emphasizing the integration of AI and automation to enhance threat detection, investigation, and response efficiency. It outlines the importance of foundational and generative AI in predicting and analyzing security threats while automating workflows and operations. Additionally, it highlights Splunk's commitment to continuous innovation in security technology and the practical implementations of AI within their products.
Power the SOC of the Future with scale, speed and choice - Splunk Public Sector Summit 2024
- 1. © 2024 SPLUNK INC. Power the SOC of the Future with scale, speed and choice.
- 2. Forward- looking statements This presentation may contain forward-looking statements regarding future events, plans or the expected financial performance of our company, including our expectations regarding our products, technology, strategy, customers, markets, acquisitions and investments. These statements reflect management’s current expectations, estimates and assumptions based on the information currently available to us. These forward-looking statements are not guarantees of future performance and involve significant risks, uncertainties and other factors that may cause our actual results, performance or achievements to be materially different from results, performance or achievements expressed or implied by the forward-looking statements contained in this presentation. For additional information about factors that could cause actual results to differ materially from those described in the forward-looking statements made in this presentation, please refer to our periodic reports and other filings with the SEC, including the risk factors identified in our most recent quarterly reports on Form 10-Q and annual reports on Form 10-K, copies of which may be obtained by visiting the Splunk Investor Relations website at www.investors.splunk.com or the SEC's website at www.sec.gov. The forward-looking statements made in this presentation are made as of the time and date of this presentation. If reviewed after the initial presentation, even if made available by us, on our website or otherwise, it may not contain current or accurate information. We disclaim any obligation to update or revise any forward-looking statement based on new information, future events or otherwise, except as required by applicable law. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. We undertake no obligation either to develop the features or functionalities described, in beta or in preview (used interchangeably), or to include any such feature or functionality in a future release. Splunk, Splunk> and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2024 Splunk Inc. All rights reserved. © 2024 SPLUNK INC.
- 3. © 2024 SPLUNK INC. Matthias Maier Security Market Advisor, EMEA CEH, CISSP, CISM
- 4. The SOC of the future
- 5. © 2024 SPLUNK INC. The SOC of the Future Unified Threat Detection, Investigation and Response at the Core.
- 6. We gone a long way
- 7. © 2024 SPLUNK INC. Building on SIEM to drive continued innovation to evolve the SOC 2009 2015 2016 2017 2018 2019 2020 2021 2022 2023 Enterprise Security UBA Security Content & Threat Research Team SOAR Risk Based Alerting in Enterprise Security SURGe Threat Intelligence Management Open Cybersecurity Schema Framework Attack Analyzer Cloud-Based Behavioral Analytics Mission Control Today
- 8. You will go a long way, too! We will meet you wherever you are!
- 9. © 2024 SPLUNK INC. Forging a path to digital resilience Search, monitor and investigate for real- time security monitoring. Reduce noise, detect more threats and identify risk with AI/ML powered detections. Accelerate incident investigations and response using automation. Maximize SOC efficiency with integrated threat detection, investigation and response. Foundational Visibility Guided Insights Proactive Response Unified Workflows See across environments Detect threats and issues with context Get ahead of issues Collaborate Seamlessly Accelerated by Splunk AI
- 10. © 2024 SPLUNK INC. Foundational Visibility Guided Insights Proactive Response Unified Workflows See across environments Detect threats and issues with context Get ahead of issues Collaborate Seamlessly Foundational use cases Providing the critical capabilities on your resilience journey Automate Threat Analysis Automate Containment & Response Actions Orchestrate Response Workflows Automate Complete TDIR Life Cycle Standardize SOC Processes using Response Templates Automate Recovery Playbooks Federate Access & Analytics Data Optimization Security Monitoring Incident Management Asset Discovery & Management Compliance Visualization & Reporting Threat Intelligence Enrichment Leverage Cybersecurity Frameworks Risk Based Alerting Anomaly Detection Threat Hunting Accelerated by Splunk AI
- 11. The AI & Automation future ahead! The double click into advancements for SecOps
- 12. © 2024 SPLUNK INC. What’s next? Our critical security innovation areas Unified TDIR with automated workflows World-Class detections Insider threat, risk and compliance Federation AI-guided workflows
- 13. © 2024 SPLUNK INC. Foundational and Generative AI Combining predictive analytics, accelerated investigation, and workflow enhancements Correlate and Diagnose Aggregate and analyze all data to investigate and identify root causes Detect and Predict Real-time, streaming analysis to detect anomalies and forecast trends Make Everyone an Expert Reduce need for environment and tool expertise by simplifying content creation and investigation workflows Foundational AI Capabilities Generative AI Capabilities
- 14. © 2024 SPLUNK INC. Foundational and Generative AI Combining predictive analytics, accelerated investigation, and workflow enhancements Correlate and Diagnose Aggregate and analyze all data to investigate and identify root causes Detect and Predict Real-time, streaming analysis to detect anomalies and forecast trends Make Everyone an Expert Reduce need for environment and tool expertise by simplifying content creation and investigation workflows Foundational AI Capabilities Generative AI Capabilities
- 15. © 2024 SPLUNK INC. | Splunk Confidential and Internal - Do Not Distribute Upskill new and advanced Splunk users quickly. Translate bi-directionally between NL and SPL. Receive personalized recommendations. New: AI Assistant 1.0
- 16. AI Assistant 2.0 - In your Workflow
- 17. AI Assistant 3.0
- 18. © 2024 SPLUNK INC. Foundational and Generative AI Combining predictive analytics, accelerated investigation, and workflow enhancements Correlate and Diagnose Aggregate and analyze all data to investigate and identify root causes Detect and Predict Real-time, streaming analysis to detect anomalies and forecast trends Make Everyone an Expert Reduce need for environment and tool expertise by simplifying content creation and investigation workflows Foundational AI Capabilities Generative AI Capabilities
- 20. © 2024 SPLUNK INC. Introductory use cases for using AI for security. Foundational AI for Security
- 21. © 2024 SPLUNK INC. Splunk Enterprise Security with ML-Powered Content Updates from the Splunk Machine Learning for Security Team Foundational AI for Security Study Threats Identify emerging threats and understand how they operate Create Datasets Collect data and use Splunk to parse the data and identify patterns that can be used to detect the threat Build ML-Powered Detections Build a model based on data in order to make predictions or decisions; enable systems to learn from data, identify patterns, and make decisions with minimal human intervention; and craft rules or queries designed to identify specific activity associated with threats Test Detections Run queries against a dataset that simulates attacker behavior to improve accuracy and reduce false positives Release Package detections to deliver timely and effective protections against emerging threats to Splunk customers
- 22. Level 2 Workflow end-to-end to manage and operationalize anomaly detection tasks
- 23. © 2024 SPLUNK INC. Splunk App for Anomaly Detection Find anomalies in time-series datasets in just a few clicks! Beginner friendly No need for complex SPL queries, parameter tuning, or knowledge of statistics Quick and simple The app detects anomalies with a couple of clicks - no trial and error required Helps ensure accuracy Health check diagnostics determine if the user’s dataset is fit for anomaly detection with the app’s algorithm End-to-end operationalization workflow Create anomaly detection jobs to run at regular intervals and generate alerts Splunk Enterprise 9.1, Splunk Cloud Platform Foundational AI for Security
- 24. © 2024 SPLUNK INC. Splunk App for Behavioral Profiling Foundational AI for Security Deploy Behavioral Anomaly Rules Define and schedule behavioral indicators and scoring rules with the help of a guided workflow Investigate Entities Utilise the dashboards provided to view and drill-down on the entities which have the highest behavioral scores Monitor Performance Ensure your rules continue to execute effectively by monitoring their performance and output
- 25. Level 3 New techniques to defend
- 26. © 2024 SPLUNK INC. Splunk Attack Analyzer Examples of AI built into products
- 27. Level 4 Automated Investigation Automated Scoping Automated Remediation Unified Analyst Experience
- 30. What is the future of SIEM? What is the future with Cisco?
- 31. © 2024 SPLUNK INC. SIEM Spending Outlook - European
- 32. © 2024 SPLUNK INC. © 2024 SPLUNK INC. We will deliver with unparalleled data. Unparalleled data User feedback enriches the model Better Security & Observability outcomes High-efficacy LLM Stronger AI capabilities Unique data from Cisco network, endpoint, device, cloud Unique data from Splunk security and observability across diverse tech landscape
- 33. © 2024 SPLUNK INC. Thank You