Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Nick Hayes, VP of Strategy at IntSights, will take you on a tour of the dark web and explain how CISOs can successfully implement a dark web intelligence strategy to neutralize threats outside the wire and at the earliest stages of the cyber kill chain. Now equipped with IntSights External Threat Intelligence, learn how you can take advantage of it through seamless integrations with your Splunk SIEM and Phantom toolsets. Enrich your threat data with internal network security observables, expedite incident reviews and prioritization, and automate your threat prevention and response with SOAR and integrated playbooks. Speaker(s) Nick Hayes, IntSights Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2887.pdf?podcast=1577146235 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Have you ever wondered what Joe meant when he referred to “Wire Data”? Today, you'll see the applicability of wire data in your organization, and you'll be amazed. Solve fraud, cybersecurity, ops, and business challenges, all with one single source of data. Wire data is the information that passes over computer and telecommunications networks to define communications between client and server devices. It is the result of decoding wire and transport protocols containing the bi-directional data payload. We will cover the use of wire data to solve security, IT operations, and business use cases, and see how the Splunk Stream platform is easily integrated into your existing data flows. The Splunk Essentials for Wire Data app from Splunkbase will be used to showcase dozens of examples using wire data to solve common business and technical issues. We will cover how to deploy and configure Splunk Stream in a distributed environment, including a demonstration. Speaker(s) Simon O’Brien, Principal Sales Engineer, Splunk Vinu Alazath, Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1206.pdf?podcast=1577146235 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk IT Service Intelligence Track: Foundations/Platform Level: Good for all skill levels

This presentation will discuss how Security Operation Centers (SOCs) will need to change to meet the cybersecurity challenges of the 2020s. The speaker will draw on his experience as a founder of the first SOC-as-a-Service company that delivers managed security services using Splunk. Most industry analysts envision that the next generation of SOCs will leverage AI, Big Data, and the Cloud, but how far can automation take us and is the concept of an autonomous SOC really practical? How will the SOC of the Future address the global shortage of cyber professionals? How will the role of security analysts need to change? Will the SOC of the Future still need to be housed in dedicated physical facilities? The speaker will provide a blueprint of Proficio’s vision of the SOC of the Future using Splunk and provide a playbook for IT leaders and aspiring IT leaders on how to drive continuous improvement in productivity and measurable outcomes. Speaker(s) Brad Taylor, Proficio Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2839.pdf?podcast=1577146235 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Good for all skill levels

Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels

Intel is transforming its approach to security by deploying a new Cyber Intelligence Platform (CIP) based on Splunk, Kafka, and other leading-edge technologies. Our new platform ingests data from hundreds of data sources and security tools, providing context-rich visibility and a common work surface, and improving the efficiency of our entire information security organization. This session will address how we partnered with Splunk architects to deploy and realize benefits from this solution in just five weeks. We will detail how our solution uses real-time data, streams processing, machine learning tools and consistent data models to decrease time to detect and respond to sophisticated threats. This session will cover everything from our platform's business value to its solution architecture. Speaker(s) Jac Noel, Security Solutions Architect, Intel Aubrey Sharwarko, Data Scientist, Intel Jerome Swanson, Security Data Scientist, Intel Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2253.pdf?podcast=1577146235 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

Most of us have had (or still have) nightmares about an alert that someone's exfltrating data from our organization. We've lived that nightmare at Harris, and we've learned from it. In this session, we'll discuss how we used red and purple teaming to improve our security posture post-breach. Learn from our experience so that you can strengthen your team's alerting, staff comptency, and policies, and reduce the risk of a breach at your company. Speaker(s) Nate Piquette, Sr. Detection & Response Engineer, L3Harris Technologies Adam Parsons, Sr. Detection & Response Engineer, L3Harris Technologies Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1375.pdf?podcast=1577146235 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using Splunk and RFC’s like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. A precondition is access to the DNS logging. By means of this technique, insight can be obtained where the phishing e-mails are sent from and to whom the phishing e-mails are sent. In this talk we will start by explaining which standards are available to increase e-mail security and how we have build an app in Splunk, including dashboard and a wizard to create the necessary DNS records to gain insight information about the abuse of our domains. Speaker(s) Karl Lovink, Lead Security Operations Center, Dutch Tax and Customs Administration Arnold Holzel, Senior Security Consultant, SMT Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1106.pdf?podcast=1577146235 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

We helped our client use Splunk to disrupt theft rings plaguing its retail stores. We'll present how we took in public wifi data, tracked MAC addresses that appeared in multiple stores, and ultimately created a system in Splunk that alerted in-store loss prevention teams when individuals likely to be involved in theft rings entered the store. We'll go over the steps taken to operationalize our theft deterrence program so that you can adopt it in your organization or modify it to fit your needs. Speaker(s) Nic Haag, Splunk Professional Services Consultant, Aditum Partners Logan Foshee, Threat Analyst, Lowe's Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1336.pdf?podcast=1577146235 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Never used Splunk before, have no Splunk admins and you’ve just bought Splunk Enterprise Security? That was us, and now we're using Splunk in ways that we could've only dreamed of using IBM QRadar. In this session we’ll share our implementation story, how we worked with Splunk to accelerate our learning curve, and how we went from 0 to 3TB in 3 months with no Splunk admins. We'll also cover how Splunk allows us to onboard data sources that we couldn't with QRadar. Speaker(s) Nick Ho, Sales Engineer, Splunk Ross Rutherford, Information Security Engineer, Western Union Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1264.pdf?podcast=1577146235 Product: Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Beginner

Does your small team also run a full-featured SOC that supports a global company? In this session we’ll show you how we’ve used Splunk Cloud and Splunk Enterprise Security to bring together all the relevant security intelligence from our technology stack, transforming our security operations from ad hoc and tactical to strategic and compliance-driven. We’ll discuss key takeaways from our journey, such as the benefits of ingesting data properly from the outset so you can reap the rewards as you scale; how we leverage multiple use cases out of single data sources; and how we created easy-to-understand visualizations that convey our firm’s security posture to management. Speaker(s) Edward Asiedu, Senior Professional Services Consultant, Splunk Craig Gilliver, Head Of SecOps, Johnson Matthey Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1511.pdf?podcast=1577146235 Product: Splunk Cloud, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

We've run a risk-based approach with our security alerts for over a year, and we're excited to review our progress with you. We'll discuss how we increased the number of behavioral indicators by 300% while reducing our alerts by 50%. We'll also discuss how we expanded our risk approach to handle on premise and cloud environments within the same framework, which yielded a single alerting mechanism that leverages all of our data enrichment. We'll also share the roadmap for our risk-based approach, which incorporates risk rules that utilize algorithms to identify risks not discovered by traditional detection approaches. Speaker(s) Stuart McIntosh, Threat Intelligence, Outpost Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1908.pdf?podcast=1577146235 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

WWT integrates Splunk in enterprise architectures for our joint customers. Rick Pina from WWT is going to describe how Splunk, when part of a larger architecture, is providing true mission and operational outcomes. Speaker(s) Rick Pina, WWT Slides PDF link - https://conf.splunk.com/files/2019/slides/BAS2765.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Business Analytics Level: Good for all skill levels

You finally got Authority To Operate (ATO) in the Cloud, and you're feeling the budgetary and political pressure to transition your workloads to AWS. But how do you actually transition a workload securely? This session covers the essentials of using Splunk to quickly increase your security posture and awareness in the Cloud. Learn from our experiences and leave with more confidence that you're asking smart questions of your data, monitoring and alerting on the right things, assigning responsibilities to your team appropriately, and have an actionable security plan in place to protect your Cloud assets. Speaker(s) Patrick Shumate, Solutions Architect, Splunk Stephen Alexander, Sr. Solutions Architect , Amazon Web Services Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1518.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Beginner

How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

The digital convergence of IT and OT infrastructures promises huge efficiencies, cost savings and opportunities; but it is not without risk. OT was primarily built to run all types of manufacturing & critical infrastructure processes while IT was built to store, transmit and manipulate data in order to conduct business. The two worlds could not be more different in purpose or design; and this can expose even the most secure organizations to new types of cyber threats. In this session we will discuss the current challenges we face in the drive to convergence and how to secure your industrial or critical infrastructure organization from the clear and present threat. Speaker(s) Michael Rothschild, Indegy Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1066.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Advanced

Are your analysts spending too much time clearing through notable events? Ours were too, but today our analysts are living the dream: they have all the details they want right there on the Incident Review screen, all while our alerts fine-tune themselves (with workflow action human input). Come and see how we achieved Incident Review Screen 2.0. by using Splunk's Machine Learning Toolkit to transition to smarter correlation searches. Speaker(s) Lukasz Antoniak, Cyber Detection Crafting Chief, Viasat Ryan Rake, Viasat Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1673.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

“You should be looking at Indicators of Compromise!” exclaims your CISO, regulator, vendor, and mom. No problem, right? You have the most expensive security intelligence vendor and all you have to do is correlate in your expensive SIEM. If you've tried this, then you are laughing with me. Come hear my exploration into implementing IOCs at a major US insurance company and a major US bank. I’ll address the differences between Indicators of Compromise vs Indicators of Attack, and I will show you how not to use the MITRE ATT&CK™ framework, plus some tips on how it use it well. My goal is to save you from falling into the same pitfalls when dealing with Indicators of Crap. Speaker(s) Xavier Ashe, VP, Security Engineering, SunTrust Banks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1111.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Threat hunting is hard, and threat hunting in an enterprise network with thousands of endpoints is even harder. We will demonstrate how we leveraged Splunk Enterprise to build an Advanced Threat Hunting platform designed for large scale threat hunting of 100,000 or more endpoints. Using Splunk Enterprise allows us to combine analytics, data enrichment, and custom workflows to display in one platform the most important data to analysts. Our threat hunting platform addresses the challenges of data retention and collection, high false positive rates, and analyst fatigue, all while lowering the time to detection of malicious incidents and improving the efficiency of enterprise SOC operations. Speaker(s) Dan Rossell, Analyst, Booz Allen Hamilton Ashleigh Moriarty, Lead Technologist, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1071.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit Track: Security, Compliance and Fraud Level: Intermediate

We will share experiences and best practices for implementing notable events, the various Splunk Enterprise Security frameworks, and adaptive response actions, and we'll share our approach for building a program to consistently develop, measure, and iterate on correlation searches. We will discuss how to integrate lessons learned from incidents, red team engagements, threat intelligence, threat hunting, and requirements from business units into the program. Example tactics we'll cover include leveraging low-fidelity detections to develop higher-fidelity and higher-value ones, managing detection content simply and easily through macros, and building a formula to assess the efficacy of your detection content. Speaker(s) Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1674.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels

This session will give you the tools to tackle compliance with Splunk Enterprise Security. The session will showcase why you might want to grant different compliance views to your teams based on the compliance standard they are responsible for adhering to, and how to do so. We'll also cover how to present the compliance standards that a notable event relates to and how to grant your compliance officers visibility into only the notable events that are relevant to them. Speaker(s) Jason Timlin, Professional Services, Splunk Darren Dance, Staff PS Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1852.pdf?podcast=1577146234 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

Today SOCs are in desperate need of a different alerting approach. Texas Instruments (TI) decided to transform its SOC by using risk-based alerting to generate fewer, higher fidelity alerts, and by aligning to the MITRE ATT&CK™ framework, which provides more situational awareness to analysts. This risk-based approach reduces false positives and the situational numbness associated with the legacy whitelisting process. Splunk and TI will walk you through TI's SOC successes as it transitioned to risk-based alerting. TI will detail a few real-life risk-based rule examples, discuss learning curves to fast track your transition, and discuss how MITRE ATT&CK™ fits in with this approach. After this session, you will have the foundation to embark on your risk-based alerting journey, allowing you to increase detection mechanisms, increase your coverage of the ATT&CK™ techniques, and improve the overall effectiveness of your SOC. Speaker(s) Jim Apger, Staff Security Architect, Splunk Jimi Mills, Security Operations Center Manager, Texas Instruments Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1803.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Transform your SOC into a Cyber Fusion Center. Learn how to address alert fatigue and cut down on missed alerts by implementing AI technology in your SOC. Speaker(s) Lesly White, Sr. Director, Cyber Operations SIEM and Sensor, Optiv Slides PDF link - https://conf.splunk.com/files/2019/slides/ITS2583.pdf?podcast=1577146234 Product: Splunk Cloud, Splunk Enterprise Security Track: IT Operations Level: Good for all skill levels

The mega event Expo brings together ideas, innovations, and inventions is will open its doors in the UAE on 20 October 2020 for a period of six months. This celebration of human ingenuity offers a glimpse into the future and is anticipated to attract 25 million visits, 70 percent of those visitors from 190 countries. The Expo 2020 Dubai is teaming up with the DarkMatter Group, which is the region’s first and only fully-integrated digital transformation, defense, and cybersecurity solutions provider, to fully deploy advanced cybersecurity technologies to oversee the entire digital platform, as well as the applications and data to secure the Expo 2020’s digital experience. This session will cover why Expo 2020 and DarkMatter chose Splunk as the right solution to reduce their operational requirements to single solution that is able to ingest and analyze events from every single asset (IT&IoT) supported by the automation frameworks in the solution. Speaker(s) Eric Eifert, DarkMatter Eman Alawadhi, VP Cyber Security and Resilience , Expo 2020 Slides PDF link - https://conf.splunk.com/files/2019/slides/IoT1897.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk IT Service Intelligence Track: Internet of Things Level: Advanced

Splunk SmartStore not only reduces the storage requirements for the aged data by maintaining only one copy of the data across the indexer cluster but significantly improves the operational aspects of the indexer cluster be it recovery from node failures or data rebalancing activities. In this session, the speaker will go over the operational efficiency tests performed on traditional and SmartStore indexes and review the results. Speaker(s) Somu Rajarathinam, Pure Storage Slides PDF link - https://conf.splunk.com/files/2019/slides/ITS2633.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk IT Service Intelligence Track: IT Operations Level: Good for all skill levels

What if you can scale test your Splunk Enterprise with multi-terabyte of data ingest followed by concurrent search tests on the loaded data? Attend this session to learn more about the framework for multi-terabyte data generation and multi-user search tests on Splunk Enterprise 7.2+. Speaker(s) Somu Rajarathinam, Pure Storage Slides PDF link - https://conf.splunk.com/files/2019/slides/ITS2634.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk IT Service Intelligence Track: IT Operations Level: Good for all skill levels

After breaches, incident response teams often end up with an overwhelming amount of forensic evidence data, including disk images, memory captures, PCAP, and more. We'll show you how one of our IR/forensics teams is ingesting this data into Splunk to answer the who, what, where, when and why of breaches. Our presentation will show you how to use Splunk Enterprise and Splunk Enterprise Security for Incident Response (IR) workflow tracking and reporting on multi-source forensic data captures. Speaker(s) Josh Wilson, Consulting Engineer, August Schell Dave Martin, Supervisory Special Agent, Federal Bureau of Investigation Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1796.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

The Census is the nation’s largest peacetime mobilization effort and determines congressional representation. Census data is used by businesses, governments and civic organizations to inform decision-making and this year the Census is going mobile and online for the first time. This means that security is a top priority in ensuring the success of the 2020 Decennial. This segment of the conference will explore security related topics to include vulnerabilities, scalability and performance, with a special focus on Data Privacy, Compliance and Reputational Threat Management. If all things data and IT Security excite you, then this session is for you. Census executives Atri Kalluri and Zack Schwartz will provide a behind the scenes overview of the systems supporting the 2020 Decennial, including Splunk, and real world case studies on how the Census Bureau is adopting best practices across IT security and social media monitoring to ensure the security of respondent data. Speaker(s) Atri Kalluri, Senior Advocate, Response Security and Data Integrity, U.S. Census Bureau Zack Scwhartz, IT Program Manager, U.S. Census Bureau Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2638.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Last year, after our outrageously successful talk "Pull Up Your SOCs: A Splunk Primer on Building or Rebuilding your Security Operations", we wanted to revisit this topic to cover changes in Security Operations that have taken place over the last 12 months. Whether you’re starting from scratch or rebuilding your security program, the first twelve months of standing up your security operations is absolutely critical to success. Speaker(s) Dimitri McKay, Staff Security Architect | Jedi Master, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2186.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Many government agencies and for-profit companies require that you run Splunk on a network disconnected from the outside Internet. This presents many challenges, including how to cross air gaps and one-way transfers, how to operate indexers in an air-gapped environment, and how to automate backwards. This session will cover lessons learned from a variety of air-gapped deployments. Speaker(s) Steve Schohn, Staff Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1190.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Foundations/Platform Level: Intermediate

Copper River ES, a strategic partner for Splunk public sector, is working with a large federal agency that has restructured their NOC and SOC organizations into a single unified entity as part of operational optimization.  The agency is responsible for protecting IP and other assets totaling $4.3 trillion as part of safeguarding the nation’s food supply chain.   The goal was to enhance the ability to handle problem escalations quickly and improve communications between teams. They are currently ingesting more than 3TB daily across 65 data sources where Splunk is leveraged as an integrated data platform and framework service to act as a nerve center for the combined NOC and SOC teams. Implementation has resulted in dramatically reducing MTTD to an average of less than 30 min compared to previous times of up to 12 hours, MTTR times from 16 hours to often less than 1 with overall outage times having now been reduced by about 68%. From a security perspective, it is used to identify data exfiltration and insider threats, as well as for security operations and compliance.  Increasing visibility into all aspects of system operations and troubleshooting efforts is now supported through a series of custom Splunk App’s, glass tables, reports and alerts with operational guides and training to best leverage the capabilities Splunk has generated. Speaker(s) Sandy Voellinger, Copper River Enterprise Services Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1921.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Foundations/Platform Level: Good for all skill levels

As the types of devices and applications used in IT organizations increase exponentially, scaling the analytics-driven SOC becomes even more imperative. In this session Splunk Professional Services will help you learn from its past experiences architecting Splunk Enterprise Security environments for scale into the terabytes per day. We will share technical details on improvements to search technology and Data Model Acceleration in Splunk Enterprise that will help you increase performance and decrease total cost of ownership. We will also take a deep dive under-the-hood into Splunk Enterprise Security Frameworks in which you should make special considerations for high volume.  Finally, we'll share important metrics on how to monitor the ongoing health of your Enterprise Security deployment, ensuring you stay on track over time, even in periods of rapid growth. Speaker(s) Marquis Montgomery, Principal Security Architect, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2120.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Join this session to learn the do’s and dont’s of rolling an effective cloud security visibility platform for a global organization. We will cover topics such as why we moved away from our previous SIEM provider, deploying and managing a cloud-based SIEM, and effectively using a third party organization to provide tier 1 and 2 event and incident support. Speaker(s) Simon O’Brien, Principal Sales Engineer, Splunk Grant Slender, Chief Information Security Officer, QIC Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1205.pdf?podcast=1577146234 Product: Splunk Cloud, Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

Women are underrepresented across all levels of the technology industry. Find out how these four female leaders advanced their careers to lead the industry. Join us for an in-depth discussion about female diversity and the importance of including women in leadership from those who've made it to the top. Speaker(s) Suzanne McGovern, Chief Diversity Officer & Head of Talent, Splunk Jane Hite-Syed, NGS CIO, National Government Services Patty Morrison, Splunk Board Member, Splunk Monika Panpaliya, Senior Director, Digital Common Services, Boeing Carol Jones, CIO, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/FND1268.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security Track: Foundations/Platform Level: Good for all skill levels

Let's face it, sometimes you don't know what you don't know. With vast amounts of cloud data coming in at cloud-speed, it can be difficult to see through the noise and know what to look for. Are malicious adversaries attempting to comprise the environment? Is my environment under- or over-provisioned? Do I have an insider possibly exfiltrating company data? Are employees actually using the services? What is all of this costing per service, department, business unit? Don't worry, we will help you figure all this out in a prescriptive manner by showcasing these and other use cases. Then, we will show you the "how" by exposing the searches, the data needed, and showing you how to onboard that data. You will walk away with use cases that can be implemented immediately in your own environment. Speaker(s) Jason Conger, Solution Architect, Splunk Ry Lait, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1328.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit Track: Foundations/Platform Level: Intermediate

Endpoint security is more than detecting malware.  Most insider threats, however, don’t involve malware, but other security issues associated with the user and endpoint.  Learn how Cisco’s own InfoSec team uses Cisco Endpoint Security Analytics Built on Splunk and Cisco NGFW integration to increase its endpoint security and threat visibility. Speaker(s) Scott Pope, Cisco Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2899.pdf?podcast=1577146234 Product: Splunk Cloud, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels