Splunk [Phantom] 2019 .conf Videos w/ Slides

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146240 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Does your small team also run a full-featured SOC that supports a global company? In this session we’ll show you how we’ve used Splunk Cloud and Splunk Enterprise Security to bring together all the relevant security intelligence from our technology stack, transforming our security operations from ad hoc and tactical to strategic and compliance-driven. We’ll discuss key takeaways from our journey, such as the benefits of ingesting data properly from the outset so you can reap the rewards as you scale; how we leverage multiple use cases out of single data sources; and how we created easy-to-understand visualizations that convey our firm’s security posture to management. Speaker(s) Edward Asiedu, Senior Professional Services Consultant, Splunk Craig Gilliver, Head Of SecOps, Johnson Matthey Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1511.pdf?podcast=1577146240 Product: Splunk Cloud, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146239 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

Learn from our experience implementing Splunk Phantom so that you can speed up your automation journey. We'll examine key decisions we made with our implementation and the good and the bad that resulted. We'll also cover our automation efforts in event triage, incident response and everything in between, with walkthroughs of our top playbooks. Additionally, we'll present how we tackled Splunk alert ingestion and what Phantom could look like in a cloud-first deployment. Speaker(s) John Murphy, Security Analyst, NAB Chris Hanlen, Lead Cyber Security Specialist, NAB Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1506.pdf?podcast=1577146239 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Last year, after our outrageously successful talk "Pull Up Your SOCs: A Splunk Primer on Building or Rebuilding your Security Operations", we wanted to revisit this topic to cover changes in Security Operations that have taken place over the last 12 months. Whether you’re starting from scratch or rebuilding your security program, the first twelve months of standing up your security operations is absolutely critical to success. Speaker(s) Dimitri McKay, Staff Security Architect | Jedi Master, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2186.pdf?podcast=1577146239 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Many government agencies and for-profit companies require that you run Splunk on a network disconnected from the outside Internet. This presents many challenges, including how to cross air gaps and one-way transfers, how to operate indexers in an air-gapped environment, and how to automate backwards. This session will cover lessons learned from a variety of air-gapped deployments. Speaker(s) Steve Schohn, Staff Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1190.pdf?podcast=1577146239 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Foundations/Platform Level: Intermediate

Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Endpoint security is more than detecting malware.  Most insider threats, however, don’t involve malware, but other security issues associated with the user and endpoint.  Learn how Cisco’s own InfoSec team uses Cisco Endpoint Security Analytics Built on Splunk and Cisco NGFW integration to increase its endpoint security and threat visibility. Speaker(s) Scott Pope, Cisco Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2899.pdf?podcast=1577146239 Product: Splunk Cloud, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Site Reliability Engineering: Easy to say, harder to do. It can be especially difficult to make sure that all of tenants of SRE are applied to the services you support in a way that is easy for your engineers to adopt. In this session, we will take a look at how you can use Splunk's ITSI, VictorOps and Phantom platforms to make robust solutions that can help your teams consistently solve complex problems and mature their services. Speaker(s) Chris Crocco, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1046.pdf?podcast=1577146239 Product: Splunk Enterprise, Splunk IT Service Intelligence, Phantom, VictorOps Track: IT Operations Level: Advanced

Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility. Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146239 Product: Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Winston Churchill once said, “Success is not final, failure is not fatal: it is the courage to continue that counts." Then again, Churchill wasn’t in cybersecurity...While our successes are certainly never final, our failures can absolutely be fatal—to a company and our continued employment. What's a good way to actually measure success and failure, though, outside of not appearing on the front page of the paper? Well, as CrowdStrike notes, you have on average one minute to detect an attack in progress, ten minutes to understand it, and sixty minutes to contain it. We will show how to use this 1-10-60 Rule as a measuring metric and leverage the data and capabilities within Splunk and its ecosystem to ensure that we win the survival of the fastest. Speaker(s) Wissam Ali-Ahmad, Lead Solutions Architect, Splunk Tim Sullivan, Global Senior Strategic Solutions Architect, CrowdStrike Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1573.pdf?podcast=1577146239 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

This session will give you a comprehensive look into automating the investigation and remediation of AWS security events using Splunk Phantom. The session will start with an overview and then progress to a live technical walkthrough of setting up Phantom to remediate an AWS security event. Speaker(s) Matt Tichenor, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2187.pdf?podcast=1577146239 Product: Phantom Track: Security, Compliance and Fraud Level: Intermediate

Nick Hayes, VP of Strategy at IntSights, will take you on a tour of the dark web and explain how CISOs can successfully implement a dark web intelligence strategy to neutralize threats outside the wire and at the earliest stages of the cyber kill chain. Now equipped with IntSights External Threat Intelligence, learn how you can take advantage of it through seamless integrations with your Splunk SIEM and Phantom toolsets. Enrich your threat data with internal network security observables, expedite incident reviews and prioritization, and automate your threat prevention and response with SOAR and integrated playbooks. Speaker(s) Nick Hayes, IntSights Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2887.pdf?podcast=1577146239 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

Ever wondered how to integrate or scale Splunk Enterprise Security (ES) and Splunk Phantom? Join us as we explore best practices involved in setting up clustered environments for ES and Phantom that yield a highly available and scalable security platform. You will leave this session better able to create scalable ES and Phantom deployments, tools, commands, cheat sheets, and troubleshooting methods at your own organizations. Speaker(s) Mayur Pipaliya, Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2233.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole. Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146238 Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Whether you're a new or experienced Splunk Phantom user, you'll learn from the high-value, often overlooked features we discuss in this session. We'll showcase some of Phantom's most overlooked valuable features, as well as experienced users' top ranked features. Join us to learn more about how you can optimize your use of Splunk’s SOAR (Security Orchestration Automation & Response) platform. Speaker(s) Phil Royer, Research Engineer, Splunk Kavita Varadarajan, Product Manager - Phantom, Splunk Sam Hays, Sr. Technical Community Manager , Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1705.pdf?podcast=1577146238 Product: Phantom Track: Security, Compliance and Fraud Level: Intermediate

Manual sorting through spreadsheets, disparate applications, and scattered data sources to conduct link analysis for a fraud investigation is both painful and ineffective. There must be a better way, right? In this session we'll use Splunk Enterprise and Splunk Phantom to automate repeatable fraud investigation tasks, which will save your team time and better protect your assets from the bad guys. Speaker(s) Matthew Joseff, Director of Specialists - North Asia and Japan, Splunk Abhishek Dujari, Security Specialist, APAC, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1104.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Cloud, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Want to learn more about Splunk Phantom's platform architecture? Join us in this session for an in-depth technical review of all key processes, including ingestion, automation, action execution, health monitoring, the data store, and more. This session will give experienced users a much deeper understanding of the technology behind Splunk’s SOAR (Security Orchestration Automation & Response) platform. Speaker(s) Sourabh Sourabh, VP & Distinguished Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1709.pdf?podcast=1577146238 Product: Phantom Track: Security, Compliance and Fraud Level: Advanced

Nutanix implemented Splunk to improve operations and security. Attend this session to learn how we started small and grew our Splunk footprint, going from 80 GB/day to 700GB-1.8TB/day, to satisfy key IT and business needs. You will also learn how we leveraged Splunk and our own Nutanix infrastructure for a successful data center migration that involved over 2000 clients and 80+TB of data. We’ll share best practices and insights into running virtualized Splunk Enterprise on hyperconverged infrastructure (HCI). You’ll also learn about an app for Phantom, which we’ll demo, we built to provide security operations teams the ability to quickly contain a VM by stopping or suspending it, then safely starting it, plus the other workloads, like firewall, Docker (incl. Splunk Docker), ETL, etc., we run alongside Splunk on the same infrastructure stack. Whether you’re a Splunk user or own the infrastructure that supports your Splunk team, you’ll get details to help you in your job. Speaker(s) Nicholas Pierini, Manager, Security Engineering, Nutanix Brandon Gagliardi, Sr. Security Engineer, Nutanix Slides PDF link - https://conf.splunk.com/files/2019/slides/FNS2584.pdf?podcast=1577146238 Product: Splunk Enterprise, Phantom Track: Foundations/Platform Level: Good for all skill levels

Discover how 3M is using Splunk to get more value and insights from their mission-critical SAP deployment and its complex legacy environment. You can see how far we have we come and where our vision will take us. Managing SAP is a complex and mission-critical challenge. With its proprietary and often-customized inner workings, SAP has become synonymous with complexity and has long been a difficult challenge for IT departments around the globe to manage. With even short outages carrying the potential of large impacts, it is more important than ever for large ERP customers to bring their systems management and monitoring practices into the data-driven world. In this session, learn what transformational outcomes have been and are being achieved as this 116-year-old global manufacturer partners with Splunk to embrace and overcome ERP and legacy operational data chaos. Speaker(s) Claw Clawson, SplunkYoda, Splunk Michael Flint, IT Operations Manager, 3M Nathan Carr, DevOps Engineer, 3M Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1642.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk IT Service Intelligence, Phantom Track: IT Operations Level: Good for all skill levels

WWT integrates Splunk in enterprise architectures for our joint customers. Rick Pina from WWT is going to describe how Splunk, when part of a larger architecture, is providing true mission and operational outcomes. Speaker(s) Rick Pina, WWT Slides PDF link - https://conf.splunk.com/files/2019/slides/BAS2765.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Business Analytics Level: Good for all skill levels

How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146238 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

You've probably heard examples of Splunk Phantom automating 90% of Tier 1 processes, but did you know that Phantom improves human-lead processes too? Come learn about the hidden value of validation and utility playbooks from Penn State University’s Enterprise Security Manager and Splunk’s Lead Technologist for Higher Education. Validation playbooks are automated tests run to validate a human judgement or request. Utility playbooks are short easy-to-create playbooks in Phantom that an analyst  runs during an investigation.  We’ll cover when to use validation and utility playbooks, how to get started creating them, and ideas for other playbooks you can use to improve your daily operations. Speaker(s) Craig Vincent, Lead Technologist,SLED, Splunk Chris Decker, Enterprise Security Manager, Penn State University Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2205.pdf?podcast=1577146237 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Incident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts. Speaker(s) Mark Cooke, Staff Incident Responder, GE Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1577146237 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

So you have a SIEM with security data, e.g. firewalls, proxy, endpoint data, etc. Now what? How do you effectively operationalize your investment? This session provides recipes, principles, patterns, and strategies for using Splunk and data-driven analytics to move your security monitoring and compliance effectiveness up the maturity curve. This session will cover how to identify key mixes of data sources, core OOTB content to use, and how to layer capabilities aligned with your maturity. We will help you go beyond the endless alerts and investigations and start creating value by reducing the impact of potential security events. We're excited to show you that there's no need for a PhD in security assurance and operations—just Splunk and a solid plan. Speaker(s) Paul Davilar, Security Consultant, Splunk Paul Pelletier, Sr. Security Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1391.pdf?podcast=1577146237 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146237 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Do you love the idea of the MITRE ATT&CK™ framework, but you’re not sure how to use it in your Splunk-centric security program? This talk will teach you practical ways to use the framework in your own organization and the Splunk security tools that will help you do so. We'll start the talk by identifying an adversary and some of their known techniques, and then we'll show how to choose an appropriate set of detections and how to test whether those detections are working as expected. You'll leave the talk better able to take advantage of threat intelligence, cover the right set of ATT&CK™ tactics and adversary groups, and eliminate organizational blind spots. Speaker(s) BOTSFATHER Kovar, Principal Security Strategist, Splunk John Stoner, Principal Security Strategist, Splunk Dave Herrald, Principal Security Strategist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1927.pdf?podcast=1577146237 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Beginner

We developed an automation framework that classifies and mitigates emails reported to the SOC. The framework acts as an engine that consumes multiple data sources, including a supervised machine learning model and a risk scoring algorithm to assess with high confidence if an email is phishing, spam, or benign. We will discuss the benefits of our approach to phishing mitigation, such as enhancing our SOC's ability to automatically identify, prioritize, and mitigate malicious phishing attempts against employees before any damage is done. The session will outline the overall design of the framework, detail the primary components that are used within Splunk Phantom and Splunk Enterprise Security, and will outline the supervised machine learning model that we trained to aide the automation engine. Speaker(s) Mackenzie Kyle, Manager - Cybersecurity Operations Center, JPMorgan Chase Benji Arnold, Sr. Security Analyst , JPMorgan Chase Dennis Rhodes, Sr. Security Analyst, JPMorgan Chase Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1128.pdf?podcast=1577146237 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Prevention and detection solutions are vital to maintain a healthy network but not sufficient.When a security incident occurs, the ability to investigate rapidly and recover is crucial but is manually intensive, especially when dealing with networks spanning on premise, public, and private cloud environments.Once an incident is detected, then what?Learn how RedSeal integrates within Splunk Enterprise Security and Phantom framework to provide you with immediate answers to burning questions. Speaker(s) Noam Syrkin, Sr. Technical Marketing Engineer, RedSeal Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2841.pdf?podcast=1577146237 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels