SlideShare a Scribd company logo

Splunk conf2014 - Operationalizing Advanced Threat Defense

Splunk, profile picture
Splunk

This document summarizes a presentation about operationalizing advanced threat defense. It discusses how advanced threat actors have established a mature economy of cyber threats with global reach. It then outlines an approach to combat these threats by connecting all security and operational data sources to gain comprehensive visibility, and leveraging threat intelligence and security analytics to detect threats across the entire kill chain. The presentation also demonstrates Enterprise Security 3.x software for continuous monitoring and advanced threat detection.

Technology
1 of 31
Downloaded 26 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Copyright  ©  2014  Splunk  Inc.   Monzy  Merza   Minister  of  Defense,  Splunk,  Inc.   OperaAonalizing   Advanced  Threat   Defense  
Disclaimer   2   During  the  course  of  this  presentaAon,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cauAon  you  that  such  statements  reflect  our  current  expectaAons  and   esAmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaAon  are  being  made  as   of  the  Ame  and  date  of  its  live  presentaAon.  If  reviewed  aQer  its  live  presentaAon,  this  presentaAon  may  not  contain   current  or  accurate  informaAon.  We  do  not  assume  any  obligaAon  to  update  any  forward-­‐looking  statements  we  may   make.  In  addiAon,  any  informaAon  about  our  roadmap  outlines  our  general  product  direcAon  and  is  subject  to  change   at  any  Ame  without  noAce.  It  is  for  informaAonal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obligaAon  either  to  develop  the  features  or  funcAonality  described  or  to   include  any  such  feature  or  funcAonality  in  a  future  release.  
Advanced  Threat  Defense  Requires   Visibility   Context   &   Intelligence   Human   Empowerment   3  
Agenda   !   The  advanced  threat  actors  and  their  success   !   An  approach  to  combat  advanced  threat  actors   !   ProducAonizing  and  operaAonalizing  advanced  threat  defense   !   Demo   !   Q&A   4  
5   Mature  Economy  of  Cyber  Threats  
6   Image:  eyeswideopen.org   Threat  Actors  Have  Global  Reach  
Source:  Mandiant  M-­‐Trends  Report  2012/2013/2014   7   229   40   100%   67%  
The  Adversary’s  M.O.  :  Kill  Chain   8   •  The  adversary  works  to  understand  your  organizaAon  looking  for  opportuniAes   Reconnaissance   •  Your  system  is  compromised  and  the  adversary  goes  to  work   ExploitaAon   •  The  afacker  steals  data,  disrupts  your  operaAons  or  causes  damage…   AcAng  on  Intent    
OperaAonalizing  Advanced  Threat  Defense     9  
Intrusion     DetecAon   Firewall   Data  Loss   PrevenAon   AnA-­‐ Malware   Vulnerability   Scans   Tradi.onal  Security  Strategy   AuthenAcaAon   10  
Connect  the  Dots  Across  All  Data   Servers   Storage   Desktops  Email   Web   TransacAon   Records   Network   Flows  Hypervisor   Custom   Apps   Physical   Access   Badges   Threat   Intelligence   Mobile   CMBD  DHCP/  DNS   Intrusion     DetecAon   Firewall   Data  Loss   PrevenAon   AnA-­‐ Malware   Vulnerability   Scans   AuthenAcaAon   11  
12   Threat  Intelligence  Network   Endpoint   AuthenAcaAon   Minimum  Set  of  Sources  
13   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Security  Intelligence   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
Security  Intelligence   14   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
Security  Intelligence   15   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
Security  Intelligence   16   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
17   Enterprise  Security  3.x   ConAnuous  Monitoring  and  Advanced  Threat  DetecAon  
18  
19  
20  
21  
22  
What’s  New  in  ES  3.1   RISK-­‐BASED  ANALYTICS   VISUALIZE  AND  DISCOVER   RELATIONSHIPS   ENRICH  SECURITY  ANALYSIS   WITH  THREAT  INTELLIGENCE   Risk  Scoring  Framework   KSI/KPI/KRI  Edi.ng   Contribu.ng  Factors  Analysis   GUI  Edi.ng  of  Swimlanes   Guided  Search  Builder     Domain  and  URL  threat  Intel   Aggrega.on  and  Deduplica.on   Threat  Intel  Source  Weights   23  
24   Demo  
25   Threat  Intelligence  Network   Endpoint   AuthenAcaAon   Advanced  Threat  Defense  Starts  Here  
Security  Intelligence   26   Developer   PlaUorm   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
Thousands  of  Global  Security  Customers   27  
Industry  RecogniAon   28   2012   2013   Product/Service Rating AccelOps AlienVault BlackStratus EventTracker HP(ArcSight) IBMSecurity(QRadar) LogRhythm McAfee(ESM) Real-Time Monitoring 3.50 3.00 3.00 2.9 4.1 4.0 3.75 3.75 Threat Intelligence 3.00 3.50 2.50 1.5 4.0 4.0 3.25 4.00 Behavior Profiling 2.50 3.50 2.50 2.8 4.0 4.5 3.38 3.50 Data and User Monitoring 2.97 2.43 2.16 3.2 4.2 3.8 3.41 4.44 Application Monitoring 2.90 3.65 2.90 3.2 4.5 4.3 4.10 4.20 Analytics 2.44 3.19 2.94 2.9 3.8 3.7 3.30 3.59 Log Management and Reporting 2.75 3.00 2.50 3.4 4.0 3.8 3.75 3.25 Deployment/Support Simplicity 3.50 4.00 3.00 4.3 3.7 4.3 4.25 4.00 Source: Gartner (June 2014)
29   Enterprise  Security   Office  Hours     @Room  103   Best  Kept  Secrets  of   Enterprise  Security    Dimitri  McKay   Automated  MiAgaAon  With   Enterprise  Security   Jose  Hernandez   Enterprise  Security   @Apps  Showcase   CPE,  CISSP  Credits   For  Security  Talks    
30   Security  office  hours:  11:00  AM  –  2:00  PM  @Room  103  Everyday    Geek  out,  share  ideas  with  Enterprise  Security  developers   Red  Team  /  Blue  Team  -­‐  Challenge  your  skills  and  learn  new  tricks   Mon-­‐Wed:  3:00  PM  –  6:00  PM  @Splunk  Community  Lounge   Thurs:  11:00  AM  –  2:00  PM   Learn,  share  and  hack   Birds  of  a  feather-­‐  Collaborate  and  brainstorm  with  security  ninjas       Thurs:  12:00  PM  –  1:00  PM  @Meal  Room    
THANK  YOU!!!   monzy@splunk.com  

More Related Content

PDF
Conf2014_SplunkSecurityNinjutsu
Splunk
 
DOCX
Security Hands-On - Splunklive! Houston
Splunk
 
PPTX
Security investigation hands-on workshop 2018
YoungCho50
 
PPTX
Threat Hunting with Splunk
Splunk
 
PDF
SplunkSummit 2015 - ES Hands On Workshop
Splunk
 
PDF
Analytics Driven SIEM Workshop
Splunk
 
PDF
Building an Analytics Enables SOC
Splunk
 
PPTX
Using Splunk for Information Security
Shannon Cuthbertson
 
Conf2014_SplunkSecurityNinjutsu
Splunk
 
Security Hands-On - Splunklive! Houston
Splunk
 
Security investigation hands-on workshop 2018
YoungCho50
 
Threat Hunting with Splunk
Splunk
 
SplunkSummit 2015 - ES Hands On Workshop
Splunk
 
Analytics Driven SIEM Workshop
Splunk
 
Building an Analytics Enables SOC
Splunk
 
Using Splunk for Information Security
Shannon Cuthbertson
 

What's hot (20)

PDF
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
PDF
SplunkLive! Stockholm 2015 breakout - Analytics based security
Splunk
 
PPTX
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk
 
PPTX
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
PDF
Splunk for Security
Gabrielle Knowles
 
PPTX
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
Splunk
 
PPTX
SplunkLive! Paris 2018: Intro to Security Analytics Methods
Splunk
 
PPTX
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
PPTX
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Splunk
 
PPTX
Building an Analytics - Enabled SOC Breakout Session
Splunk
 
PPTX
Gov Day Sacramento 2015 - User Behavior Analytics
Splunk
 
PPTX
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
Splunk
 
PDF
Webinar: Neues zur Splunk App for Enterprise Security
Georg Knon
 
PPTX
Threat Hunting with Splunk Hands-on
Splunk
 
PPTX
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk
 
PDF
Threat Hunting with Splunk
Splunk
 
PPTX
SplunkLive! Paris 2018: Plenary Session
Splunk
 
PPTX
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
 
PPTX
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Splunk Discovery: Warsaw 2018 - Intro to Security Analytics Methods
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
SplunkLive! Stockholm 2015 breakout - Analytics based security
Splunk
 
SplunkLive! Frankfurt 2018 - Intro to Security Analytics Methods
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
Splunk for Security
Gabrielle Knowles
 
SplunkLive! Frankfurt 2018 - Getting Hands On with Splunk Enterprise
Splunk
 
SplunkLive! Paris 2018: Intro to Security Analytics Methods
Splunk
 
SplunkLive! Zurich 2018: Monitoring the End User Experience with Splunk
Splunk
 
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...
Splunk
 
Building an Analytics - Enabled SOC Breakout Session
Splunk
 
Gov Day Sacramento 2015 - User Behavior Analytics
Splunk
 
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
Splunk
 
Webinar: Neues zur Splunk App for Enterprise Security
Georg Knon
 
Threat Hunting with Splunk Hands-on
Splunk
 
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service Intelligence
Splunk
 
Threat Hunting with Splunk
Splunk
 
SplunkLive! Paris 2018: Plenary Session
Splunk
 
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
 
Ad

Viewers also liked (7)

PDF
SplunkSummit 2015 - Security Ninjitsu
Splunk
 
PPTX
Real-Time Status Commands
Splunk
 
PDF
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk
 
PPTX
Using Splunk for Information Security
Splunk
 
PDF
Conf2014_SplunkSearchOptimization
Splunk
 
PDF
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
PDF
Finding attacks with these 6 events
Michael Gough
 
SplunkSummit 2015 - Security Ninjitsu
Splunk
 
Real-Time Status Commands
Splunk
 
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...
Splunk
 
Using Splunk for Information Security
Splunk
 
Conf2014_SplunkSearchOptimization
Splunk
 
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
Finding attacks with these 6 events
Michael Gough
 
Ad

Similar to Splunk conf2014 - Operationalizing Advanced Threat Defense (20)

PDF
Splunk Webinar Best Practices für Incident Investigation
Georg Knon
 
PPTX
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk
 
PPT
Core.co.enterprise.deck.06.16.10
Core Security Technologies
 
PDF
SplunkLive! Zürich - Splunk für Security
Splunk
 
PDF
SplunkLive! Wien - Splunk für Security
Splunk
 
PPTX
Operational Security
Splunk
 
PPTX
Best Practices for Scoping Infections and Disrupting Breaches
Splunk
 
PPTX
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
PDF
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
PDF
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
 
PPTX
Securing Your Public Cloud Infrastructure
Qualys
 
PPTX
Splunk for Security Breakout Session
Splunk
 
PDF
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Cisco do Brasil
 
PPTX
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk
 
PDF
inSOC Sales Deck Dec 2020.pdf
ChristopherSumner7
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
PPTX
NetWatcher Customer Overview
Scott Suhy
 
PDF
SplunkSummit 2015 - Splunking the Endpoint
Splunk
 
PPTX
Overview of Haystax Technology
Haystax Technology
 
PDF
Advanced threat security - Cyber Security For The Real World
Cisco Canada
 
Splunk Webinar Best Practices für Incident Investigation
Georg Knon
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk
 
Core.co.enterprise.deck.06.16.10
Core Security Technologies
 
SplunkLive! Zürich - Splunk für Security
Splunk
 
SplunkLive! Wien - Splunk für Security
Splunk
 
Operational Security
Splunk
 
Best Practices for Scoping Infections and Disrupting Breaches
Splunk
 
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
 
Securing Your Public Cloud Infrastructure
Qualys
 
Splunk for Security Breakout Session
Splunk
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Cisco do Brasil
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk
 
inSOC Sales Deck Dec 2020.pdf
ChristopherSumner7
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
NetWatcher Customer Overview
Scott Suhy
 
SplunkSummit 2015 - Splunking the Endpoint
Splunk
 
Overview of Haystax Technology
Haystax Technology
 
Advanced threat security - Cyber Security For The Real World
Cisco Canada
 

More from Splunk (20)

PDF
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
PDF
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
PDF
Building Resilience with Energy Management for the Public Sector
Splunk
 
PDF
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
PDF
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
PDF
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
PDF
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
PDF
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
PDF
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
PDF
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
PDF
.conf Go 2023 - Data analysis as a routine
Splunk
 
PDF
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
PDF
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
PDF
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
PDF
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
PDF
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
PDF
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
PDF
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
PDF
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
PDF
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 

Recently uploaded (20)

PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Cloud computing and distributed systems.
kkkkkhan
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 

Splunk conf2014 - Operationalizing Advanced Threat Defense

  • 1. Copyright  ©  2014  Splunk  Inc.   Monzy  Merza   Minister  of  Defense,  Splunk,  Inc.   OperaAonalizing   Advanced  Threat   Defense  
  • 2. Disclaimer   2   During  the  course  of  this  presentaAon,  we  may  make  forward-­‐looking  statements  regarding  future  events  or  the   expected  performance  of  the  company.  We  cauAon  you  that  such  statements  reflect  our  current  expectaAons  and   esAmates  based  on  factors  currently  known  to  us  and  that  actual  events  or  results  could  differ  materially.  For   important  factors  that  may  cause  actual  results  to  differ  from  those  contained  in  our  forward-­‐looking  statements,   please  review  our  filings  with  the  SEC.  The  forward-­‐looking  statements  made  in  the  this  presentaAon  are  being  made  as   of  the  Ame  and  date  of  its  live  presentaAon.  If  reviewed  aQer  its  live  presentaAon,  this  presentaAon  may  not  contain   current  or  accurate  informaAon.  We  do  not  assume  any  obligaAon  to  update  any  forward-­‐looking  statements  we  may   make.  In  addiAon,  any  informaAon  about  our  roadmap  outlines  our  general  product  direcAon  and  is  subject  to  change   at  any  Ame  without  noAce.  It  is  for  informaAonal  purposes  only,  and  shall  not  be  incorporated  into  any  contract  or   other  commitment.  Splunk  undertakes  no  obligaAon  either  to  develop  the  features  or  funcAonality  described  or  to   include  any  such  feature  or  funcAonality  in  a  future  release.  
  • 3. Advanced  Threat  Defense  Requires   Visibility   Context   &   Intelligence   Human   Empowerment   3  
  • 4. Agenda   !   The  advanced  threat  actors  and  their  success   !   An  approach  to  combat  advanced  threat  actors   !   ProducAonizing  and  operaAonalizing  advanced  threat  defense   !   Demo   !   Q&A   4  
  • 5. 5   Mature  Economy  of  Cyber  Threats  
  • 6. 6   Image:  eyeswideopen.org   Threat  Actors  Have  Global  Reach  
  • 7. Source:  Mandiant  M-­‐Trends  Report  2012/2013/2014   7   229   40   100%   67%  
  • 8. The  Adversary’s  M.O.  :  Kill  Chain   8   •  The  adversary  works  to  understand  your  organizaAon  looking  for  opportuniAes   Reconnaissance   •  Your  system  is  compromised  and  the  adversary  goes  to  work   ExploitaAon   •  The  afacker  steals  data,  disrupts  your  operaAons  or  causes  damage…   AcAng  on  Intent    
  • 9. OperaAonalizing  Advanced  Threat  Defense     9  
  • 10. Intrusion     DetecAon   Firewall   Data  Loss   PrevenAon   AnA-­‐ Malware   Vulnerability   Scans   Tradi.onal  Security  Strategy   AuthenAcaAon   10  
  • 11. Connect  the  Dots  Across  All  Data   Servers   Storage   Desktops  Email   Web   TransacAon   Records   Network   Flows  Hypervisor   Custom   Apps   Physical   Access   Badges   Threat   Intelligence   Mobile   CMBD  DHCP/  DNS   Intrusion     DetecAon   Firewall   Data  Loss   PrevenAon   AnA-­‐ Malware   Vulnerability   Scans   AuthenAcaAon   11  
  • 12. 12   Threat  Intelligence  Network   Endpoint   AuthenAcaAon   Minimum  Set  of  Sources  
  • 13. 13   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Security  Intelligence   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 14. Security  Intelligence   14   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 15. Security  Intelligence   15   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 16. Security  Intelligence   16   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Raw  Events   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 17. 17   Enterprise  Security  3.x   ConAnuous  Monitoring  and  Advanced  Threat  DetecAon  
  • 18. 18  
  • 19. 19  
  • 20. 20  
  • 21. 21  
  • 22. 22  
  • 23. What’s  New  in  ES  3.1   RISK-­‐BASED  ANALYTICS   VISUALIZE  AND  DISCOVER   RELATIONSHIPS   ENRICH  SECURITY  ANALYSIS   WITH  THREAT  INTELLIGENCE   Risk  Scoring  Framework   KSI/KPI/KRI  Edi.ng   Contribu.ng  Factors  Analysis   GUI  Edi.ng  of  Swimlanes   Guided  Search  Builder     Domain  and  URL  threat  Intel   Aggrega.on  and  Deduplica.on   Threat  Intel  Source  Weights   23  
  • 25. 25   Threat  Intelligence  Network   Endpoint   AuthenAcaAon   Advanced  Threat  Defense  Starts  Here  
  • 26. Security  Intelligence   26   Developer   PlaUorm   Report  and     analyze   Custom     dashboards   Monitor     and  alert   Ad  hoc     search   Threat   Intelligence   Asset     &  CMDB   Employee   Info   Data   Stores  Applica.ons   Online   Services   Web   Services   Security   GPS   LocaAon   Storage   Desktops   Networks   Packaged   ApplicaAons   Custom   ApplicaAons   Messaging   Telecoms   Online   Shopping   Cart   Web   Clickstreams   Databases   Energy   Meters   Call  Detail   Records   Smartphones   and  Devices   Firewall   AuthenAcaAon   Threat   Intelligence   Servers   Endpoint  
  • 27. Thousands  of  Global  Security  Customers   27  
  • 28. Industry  RecogniAon   28   2012   2013   Product/Service Rating AccelOps AlienVault BlackStratus EventTracker HP(ArcSight) IBMSecurity(QRadar) LogRhythm McAfee(ESM) Real-Time Monitoring 3.50 3.00 3.00 2.9 4.1 4.0 3.75 3.75 Threat Intelligence 3.00 3.50 2.50 1.5 4.0 4.0 3.25 4.00 Behavior Profiling 2.50 3.50 2.50 2.8 4.0 4.5 3.38 3.50 Data and User Monitoring 2.97 2.43 2.16 3.2 4.2 3.8 3.41 4.44 Application Monitoring 2.90 3.65 2.90 3.2 4.5 4.3 4.10 4.20 Analytics 2.44 3.19 2.94 2.9 3.8 3.7 3.30 3.59 Log Management and Reporting 2.75 3.00 2.50 3.4 4.0 3.8 3.75 3.25 Deployment/Support Simplicity 3.50 4.00 3.00 4.3 3.7 4.3 4.25 4.00 Source: Gartner (June 2014)
  • 29. 29   Enterprise  Security   Office  Hours     @Room  103   Best  Kept  Secrets  of   Enterprise  Security    Dimitri  McKay   Automated  MiAgaAon  With   Enterprise  Security   Jose  Hernandez   Enterprise  Security   @Apps  Showcase   CPE,  CISSP  Credits   For  Security  Talks    
  • 30. 30   Security  office  hours:  11:00  AM  –  2:00  PM  @Room  103  Everyday    Geek  out,  share  ideas  with  Enterprise  Security  developers   Red  Team  /  Blue  Team  -­‐  Challenge  your  skills  and  learn  new  tricks   Mon-­‐Wed:  3:00  PM  –  6:00  PM  @Splunk  Community  Lounge   Thurs:  11:00  AM  –  2:00  PM   Learn,  share  and  hack   Birds  of  a  feather-­‐  Collaborate  and  brainstorm  with  security  ninjas       Thurs:  12:00  PM  –  1:00  PM  @Meal  Room