Abstract image of a woman sitting on books and studying on a laptop

Speaker0 session7874 1

Shaveta Datta, profile picture
Shaveta Datta

AI tools and machine learning can help security teams address challenges around escalating alert volumes, resource shortages, and slow detection and response times. Splunk's AI-powered User Behavior Analytics (UBA) uses unsupervised machine learning to detect unknown threats and anomalous user behavior across devices and applications. It analyzes data from various sources and classifies anomalies and threats to help security teams solve advanced use cases and stay ahead of insider and external attacks. Splunk's security orchestration, automation and response (SOAR) tool, Phantom, further helps teams respond faster by automating incident response workflows and reducing manual tasks.

Devices & Hardware
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
© 2018 SPLUNK INC. © 2018 SPLUNK INC. AI Tools Deliver Faster, Better Decisions for Defense and Offense Ray Cruciata, GMON – Security Specialist
© 2018 SPLUNK INC. Security Operations Problems Escalating volume of security alerts Resource shortage of 1 million security professionals Endless assembly line of point products Static independent controls with no orchestration Speed of detection, triage, & response time must improve Costs continue to increase Alerts Resources Products Static Speed Costs
© 2018 SPLUNK INC. Typical Security Team
© 2018 SPLUNK INC. © 2018 SPLUNK INC. Tier 1 Tier 2 Tier 3 Tier 1 Tier 2 Tier 3
© 2018 SPLUNK INC. How an AI tool can deliver • Automate detection and response to threats • Have machine learning capabilities to help detect anomalies • Orchestrate interaction with point security solutions (SOAR tool) • But also still have a way to keep human in the loop
© 2018 SPLUNK INC. AI
© 2018 SPLUNK INC. Detect and Investigate
© 2018 SPLUNK INC. Beyond the Known COMMAND CENTER ANALYZE INVESTIGATE REMEDIATE KNOWN BAD GOOD Driven by rules and correlation UNKNOWN ??? Driven by machine learning Alerts Insights
© 2018 SPLUNK INC. What is Splunk UBA? critical and actionable unknown threats Splunk UBA provides advanced and insider threat detection using unsupervised machine learning helping organizations find unknown threats and anomalous user behavior across devices and applications.
© 2018 SPLUNK INC. How Does Splunk UBA Work? 65+ ANOMALY CLASSIFICATIONS 25+ THREAT CLASSIFICATIONS Machine Learning Suspicious Data Movement Unusual Machine Access Flight Risk User Unusual Network Activity Machine Generated Beacon Lateral Movement Suspicious Behavior Compromised User Account Data Exfiltration Malware Activity Application logs Network logs Endpoint logs Server logs Identity logs Machine Learning DATA SOURCES 7 USE CASES
© 2018 SPLUNK INC. Stay Ahead of Advanced and Insider Threats Solve more advanced use cases powered by ML in Splunk UBA Compromised User Account Lateral Movement Account Misuse Compromised & Infected Machine (Malware) Suspicious Behavior & Unknown Threat Data Exfiltration Contextual Intelligence External Attack
© 2018 SPLUNK INC. Security Orchestration Automation and Response (SOAR)
© 2018 SPLUNK INC. D A T A P L A T F O R M A N A L Y T I C S O P E R A T I O N S Security Vision How does Phantom help Splunk’s Nerve Center security vision? • Advance cyber defense and reduce risk using an analytics-driven approach • Respond faster by accelerating incident response • Work smarter and reduce staffing and skills challenges
© 2018 SPLUNK INC. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
© 2018 SPLUNK INC. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
© 2018 SPLUNK INC. Q & A
© 2018 SPLUNK INC. © 2018 SPLUNK INC. Thank You

More Related Content

PPTX
Splunk for Enterprise Security Featuring UBA
Splunk
 
PDF
Overview
Nathan Burke
 
PDF
Security Orchestration and Automation with Hexadite+
Nathan Burke
 
PPTX
Gov Day Sacramento 2015 - User Behavior Analytics
Splunk
 
PPTX
Splunk at the Bank of England
Splunk
 
PDF
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
PPTX
Gov & Education Day 2015 - User Behavior Analytics
Splunk
 
PDF
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Splunk for Enterprise Security Featuring UBA
Splunk
 
Overview
Nathan Burke
 
Security Orchestration and Automation with Hexadite+
Nathan Burke
 
Gov Day Sacramento 2015 - User Behavior Analytics
Splunk
 
Splunk at the Bank of England
Splunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
Gov & Education Day 2015 - User Behavior Analytics
Splunk
 
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 

What's hot (20)

PDF
8 Reasons to Choose Logrhythm
LogRhythm
 
PDF
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Chris Ross
 
PDF
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
PPTX
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk
 
PPTX
User Behavior Analytics And The Benefits To Companies
Spectorsoft
 
PPTX
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
PPTX
Splunk Enterprise Security
Splunk
 
PPTX
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
PPTX
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
PPTX
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
PPTX
Building an Analytics - Enabled SOC Breakout Session
Splunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
PPTX
PPT-Splunk-LegacySIEM-101_FINAL
Risi Avila
 
PPTX
Practioners Guide to SOC
AlienVault
 
PDF
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
PDF
SplunkLive! Houston IT Service Intelligence Hands On Version
Splunk
 
PDF
5 Mobile App Security MUST-DOs in 2018
NowSecure
 
PPTX
Building a Security Information and Event Management platform at Travis Per...
Splunk
 
PPTX
SplunkLive! Zurich 2018: Event Analytics
Splunk
 
8 Reasons to Choose Logrhythm
LogRhythm
 
Automation and Orchestration - Harnessing Threat Intelligence for Better Inci...
Chris Ross
 
Preparing for the inevitable: The mobile incident response playbook
NowSecure
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk
 
User Behavior Analytics And The Benefits To Companies
Spectorsoft
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
 
Splunk Enterprise Security
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
Building an Analytics - Enabled SOC Breakout Session
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
PPT-Splunk-LegacySIEM-101_FINAL
Risi Avila
 
Practioners Guide to SOC
AlienVault
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
SplunkLive! Houston IT Service Intelligence Hands On Version
Splunk
 
5 Mobile App Security MUST-DOs in 2018
NowSecure
 
Building a Security Information and Event Management platform at Travis Per...
Splunk
 
SplunkLive! Zurich 2018: Event Analytics
Splunk
 
Ad

Similar to Speaker0 session7874 1 (20)

PPTX
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Splunk
 
PPTX
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
PPTX
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
PPTX
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
PPTX
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Splunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
PDF
Splunk-Presentation
PrasadThorat23
 
PPTX
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk
 
PPTX
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
PPTX
Make Your SOC Work Smarter, Not Harder
Splunk
 
PPTX
SplunkLive! Munich 2018: Intro to Security Analytics Methods
Splunk
 
PPTX
Accelerate Incident Response with Orchestration & Automation
Splunk
 
PDF
Threat Hunting Workshop
Splunk
 
PPTX
SplunkLive! Paris 2018: Intro to Security Analytics Methods
Splunk
 
PPTX
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
PPTX
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk
 
PPTX
Security Automation & Orchestration
Splunk
 
PPT
Infosecurity Europe 2016: Detect Insider and Advanced Threats by Leveraging M...
Splunk
 
PPTX
Accelerate incident Response Using Orchestration and Automation
Splunk
 
PPTX
Accelerate incident Response Using Orchestration and Automation
Splunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
 
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
Splunk-Presentation
PrasadThorat23
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk
 
Make Your SOC Work Smarter, Not Harder
Splunk
 
SplunkLive! Munich 2018: Intro to Security Analytics Methods
Splunk
 
Accelerate Incident Response with Orchestration & Automation
Splunk
 
Threat Hunting Workshop
Splunk
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
Splunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
 
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
Splunk
 
Security Automation & Orchestration
Splunk
 
Infosecurity Europe 2016: Detect Insider and Advanced Threats by Leveraging M...
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Accelerate incident Response Using Orchestration and Automation
Splunk
 
Ad

Recently uploaded (20)

PPTX
Computer Hardware - Technology and Livelihood Education
ShielaGuevarra6
 
PPT
System Unit Components and its Functions
JdAnadon
 
PPTX
Unit-1.pptxgeyeuueueu7r7r7r77r7r7r7uriruru
SanketDawbhat
 
DOCX
Copy-OT LIST 12.8.25.docxjdjfufufufufuuffuf
somusachin100
 
PDF
Topic-1-Main-Features-of-Data-Processing.pdf
Moises Tenyosa
 
PDF
PakistanCoinageAct-906.pdfdbnsshsjjsbsbb
toyin38280
 
PDF
SAHIL PROdhdjejss yo yo pdf TOCOL PPT.pdf
akansharohilla2002
 
PPTX
SAI-CAO-24CSEN2021-PPT-UNIT-------1.pptx
disappointedsalad716
 
PPTX
AI_ML_Internship_WReport_Template_v2.pptx
deepanshkalra5185
 
PPTX
Group 4 [BSIT-1C] Computer Network (1).pptx
gevenharold
 
PPTX
AIR BAG SYStYEM mechanical enginweering.pptx
kumarmanish33957
 
PPTX
ppt to the world finance to the world in growing
HarshBansal604875
 
PPTX
Presentation (1).pptx gjkbhhjk hjjgtihkk
shalinthebe
 
PPTX
ELETRONIC-PRODUCTS-ASSEMBLY-AND-SERVICING-NC-II-WEEK-1-Copy.pptx
criszellehidden
 
PPTX
Operating_Systems_Presentation_With_Icons (1).pptx
MaryJoyCortez2
 
PPTX
vortex flow measurement in instrumentation
vijaykumarnarayanasw
 
PPTX
Growth Capital Investment - Espresso Capital.pptx
EspressoCapital
 
PPT
COA______________₹₹_₹₹33₹₹₹33₹₹₹3UNIT1V8.ppt
disappointedsalad716
 
PPTX
RTS MASTER DECK_Household Convergence Scorecards. Use this file copy.pptx
6xdj6pmy9m
 
PDF
Maxon CINEMA 4D 2025 Crack Free Download Latest Version
mubashar0malik
 
Computer Hardware - Technology and Livelihood Education
ShielaGuevarra6
 
System Unit Components and its Functions
JdAnadon
 
Unit-1.pptxgeyeuueueu7r7r7r77r7r7r7uriruru
SanketDawbhat
 
Copy-OT LIST 12.8.25.docxjdjfufufufufuuffuf
somusachin100
 
Topic-1-Main-Features-of-Data-Processing.pdf
Moises Tenyosa
 
PakistanCoinageAct-906.pdfdbnsshsjjsbsbb
toyin38280
 
SAHIL PROdhdjejss yo yo pdf TOCOL PPT.pdf
akansharohilla2002
 
SAI-CAO-24CSEN2021-PPT-UNIT-------1.pptx
disappointedsalad716
 
AI_ML_Internship_WReport_Template_v2.pptx
deepanshkalra5185
 
Group 4 [BSIT-1C] Computer Network (1).pptx
gevenharold
 
AIR BAG SYStYEM mechanical enginweering.pptx
kumarmanish33957
 
ppt to the world finance to the world in growing
HarshBansal604875
 
Presentation (1).pptx gjkbhhjk hjjgtihkk
shalinthebe
 
ELETRONIC-PRODUCTS-ASSEMBLY-AND-SERVICING-NC-II-WEEK-1-Copy.pptx
criszellehidden
 
Operating_Systems_Presentation_With_Icons (1).pptx
MaryJoyCortez2
 
vortex flow measurement in instrumentation
vijaykumarnarayanasw
 
Growth Capital Investment - Espresso Capital.pptx
EspressoCapital
 
COA______________₹₹_₹₹33₹₹₹33₹₹₹3UNIT1V8.ppt
disappointedsalad716
 
RTS MASTER DECK_Household Convergence Scorecards. Use this file copy.pptx
6xdj6pmy9m
 
Maxon CINEMA 4D 2025 Crack Free Download Latest Version
mubashar0malik
 

Speaker0 session7874 1

  • 1. © 2018 SPLUNK INC. © 2018 SPLUNK INC. AI Tools Deliver Faster, Better Decisions for Defense and Offense Ray Cruciata, GMON – Security Specialist
  • 2. © 2018 SPLUNK INC. Security Operations Problems Escalating volume of security alerts Resource shortage of 1 million security professionals Endless assembly line of point products Static independent controls with no orchestration Speed of detection, triage, & response time must improve Costs continue to increase Alerts Resources Products Static Speed Costs
  • 3. © 2018 SPLUNK INC. Typical Security Team
  • 4. © 2018 SPLUNK INC. © 2018 SPLUNK INC. Tier 1 Tier 2 Tier 3 Tier 1 Tier 2 Tier 3
  • 5. © 2018 SPLUNK INC. How an AI tool can deliver • Automate detection and response to threats • Have machine learning capabilities to help detect anomalies • Orchestrate interaction with point security solutions (SOAR tool) • But also still have a way to keep human in the loop
  • 6. © 2018 SPLUNK INC. AI
  • 7. © 2018 SPLUNK INC. Detect and Investigate
  • 8. © 2018 SPLUNK INC. Beyond the Known COMMAND CENTER ANALYZE INVESTIGATE REMEDIATE KNOWN BAD GOOD Driven by rules and correlation UNKNOWN ??? Driven by machine learning Alerts Insights
  • 9. © 2018 SPLUNK INC. What is Splunk UBA? critical and actionable unknown threats Splunk UBA provides advanced and insider threat detection using unsupervised machine learning helping organizations find unknown threats and anomalous user behavior across devices and applications.
  • 10. © 2018 SPLUNK INC. How Does Splunk UBA Work? 65+ ANOMALY CLASSIFICATIONS 25+ THREAT CLASSIFICATIONS Machine Learning Suspicious Data Movement Unusual Machine Access Flight Risk User Unusual Network Activity Machine Generated Beacon Lateral Movement Suspicious Behavior Compromised User Account Data Exfiltration Malware Activity Application logs Network logs Endpoint logs Server logs Identity logs Machine Learning DATA SOURCES 7 USE CASES
  • 11. © 2018 SPLUNK INC. Stay Ahead of Advanced and Insider Threats Solve more advanced use cases powered by ML in Splunk UBA Compromised User Account Lateral Movement Account Misuse Compromised & Infected Machine (Malware) Suspicious Behavior & Unknown Threat Data Exfiltration Contextual Intelligence External Attack
  • 12. © 2018 SPLUNK INC. Security Orchestration Automation and Response (SOAR)
  • 13. © 2018 SPLUNK INC. D A T A P L A T F O R M A N A L Y T I C S O P E R A T I O N S Security Vision How does Phantom help Splunk’s Nerve Center security vision? • Advance cyber defense and reduce risk using an analytics-driven approach • Respond faster by accelerating incident response • Work smarter and reduce staffing and skills challenges
  • 14. © 2018 SPLUNK INC. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED MANUAL (TODAY) FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security
  • 15. © 2018 SPLUNK INC. Decision Making Acting SIEM THREAT INTEL PLATFORM HADOOP GRC AUTOMATED AUTOMATED WITH PHANTOM FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION FIREWALL IDS / IPS ENDPOINT WAF ADVANCED MALWARE FORENSICS MALWARE DETONATION TIER 1 TIER 2 TIER 3 Observe Point Products Orient Analytics SOAR for Security Operations Faster execution through the loop yields better security ACTION RESULTS / FEEDBACK LOOP
  • 16. © 2018 SPLUNK INC. Q & A
  • 17. © 2018 SPLUNK INC. © 2018 SPLUNK INC. Thank You