POPULARITY
Categories
November 27th, 2023 Follow us on Facebook, Instagram and X Listen to past episodes on The Ticket's Website And follow The Ticket Top 10 on Apple, Spotify or Amazon Music See omnystudio.com/listener for privacy information.
It’s the return of Lee Overstreet! Tom is away on vacation this week, so our favorite pinch hitter is back. And that means an extra long episode! 00:00:00 – Intro & Lee’s new Tesla – https://twitter.com/LeeOverTweet – https://twitter.com/teslaloosa 00:13:19 – Listeners of the Week Our Listeners of the Week are our 128 Patreon Patrons, including Steve. We […] The post AV Rant #766: Kenwood-Level Good appeared first on AV Rant .
Check out our episode with former teammate and volunteer assistant coach for BU t&f/XC Connor Oropeza. We talk about COVID-19 affecting NCAA sports (specifically cross country), what teams are doing and what to expect. We also talk about getting into the coaching scene, memories from out own time as D1 distance runners and a lot of other random stuff. It's a good time so stick around for the good stuff! Follow us on Instagram: @PSAforPSAs https://instagram.com/psaforpsas?igshid=g32jr11j13kg Advertising/Business Inquiries: email us at psa4psas@gmail.com --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/psa--for-psas/support
Zendikar Rising has a new dual-faced cards with a spell on one side and a land on the other, and wow they are going to be everywhere! Which one's are you most excited about? Let us know! Join The MMCast Patreon https://www.Patreon.com/TheMMCast Discord: https://discord.gg/fjYdTwS MMcast Twitch: twitch.tv/themmcast Instagram: @TheMMCast Kess: Twitter: @Kesswylie Instagram: @Kess_Wylie Twitch: Twitch.tv/KessWylie Ben: Twitter: @benbatemanmedia Instagram: @BenBatemanMedia Twitch: Twitch.tv/BenBatemanStreaming Michael: Twitter @Dudardd Website: kess.co/themmcast Email: themmcast@kess.co Facebook: https://www.facebook.com/groups/170382890167965/?ref=share Produced by Time Traveler Media - https://www.timetravelermedia.com Check out Alex Kessler's Battle Bosses miniatures combat game! - https://www.kess.co/battlebosses Learn more about your ad choices. Visit megaphone.fm/adchoices
Watch these chefs cut the hell outta this chicken! This chicken is outta this world good! Meet Christopher Sanchez from Tonali's Meats! He brought down some chicken from Cooks Venture for chefs Carrie Baird and Blake Edmunds to play with; and let's just say we were blown away! Check it out!
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
We believe that to best defend against global security threats, an organization needs defenders who represent the diverse world that we live in. Every business will benefit greatly by bringing more people to the table with varying skills, backgrounds, leadership and views to combat the diverse adversaries out there. Here at Splunk, we have created initiatives like the "Developing Superwomen in Cybersecurity" program that works to diversify and equalize the cybersecurity workforce to women and other underrepresented groups. Come hear how we are taking action by making cybersecurity accessible to all with this program and some practical advice on how you can do the same when you go back to your organization! You'll receive tips on how to make information security inclusive to all with ways of engaging your staff at various levels and receive a blueprint for running your own gamified security experiences, allowing you to up-level staff while embracing their unique talents and backgrounds. Speaker(s) Kelly Kitagawa, Customer Success Manager, Splunk Lily Lee, Staff Security Specialist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SECD2004.pdf?podcast=1577146216 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Whether you have just SSE or all of Splunk's Premium Products, you can benefit from the ton of Security Content that Splunk produces. We'll start this session by setting a quick baseline on all of the fantastic detections that Security Essentials has had in the past, and then jump into the new prescriptive guides, MITRE ATT&CK™ integration, Auto-Dashboard-Magic, and all the related functionality that will help you plan your usage of any/all of Splunk's security products. We'll present all this information through the lens of helping you get the best possible detections deployed with the least amount of effort. Speaker(s) David Veuve, Principal Security Strategist, Splunk Johan Bjerke, Principal Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2013.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Nick Hayes, VP of Strategy at IntSights, will take you on a tour of the dark web and explain how CISOs can successfully implement a dark web intelligence strategy to neutralize threats outside the wire and at the earliest stages of the cyber kill chain. Now equipped with IntSights External Threat Intelligence, learn how you can take advantage of it through seamless integrations with your Splunk SIEM and Phantom toolsets. Enrich your threat data with internal network security observables, expedite incident reviews and prioritization, and automate your threat prevention and response with SOAR and integrated playbooks. Speaker(s) Nick Hayes, IntSights Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2887.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
What happens when the call is coming from inside the house? Data exfiltration by insiders is a dangerous threat, but one that often doesn't get the same level of attention as the sexier external ones. We'll start this session with a brief overview of why and how users exfiltrate information, and we'll progress to tactics, such as effective SPL searches, for operationalizing insider threat detection. You'll leave this session better able to catch insider threats in the in the act of exfiltration instead of days, weeks, or months later. Speaker(s) David Doyle, Splunk Puncher, Bechtel Eric Secules, Forensic Investigator, Bechtel Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1179.pdf?podcast=1577146216 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
This presentation will discuss how Security Operation Centers (SOCs) will need to change to meet the cybersecurity challenges of the 2020s. The speaker will draw on his experience as a founder of the first SOC-as-a-Service company that delivers managed security services using Splunk. Most industry analysts envision that the next generation of SOCs will leverage AI, Big Data, and the Cloud, but how far can automation take us and is the concept of an autonomous SOC really practical? How will the SOC of the Future address the global shortage of cyber professionals? How will the role of security analysts need to change? Will the SOC of the Future still need to be housed in dedicated physical facilities? The speaker will provide a blueprint of Proficio’s vision of the SOC of the Future using Splunk and provide a playbook for IT leaders and aspiring IT leaders on how to drive continuous improvement in productivity and measurable outcomes. Speaker(s) Brad Taylor, Proficio Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2839.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Intel is transforming its approach to security by deploying a new Cyber Intelligence Platform (CIP) based on Splunk, Kafka, and other leading-edge technologies. Our new platform ingests data from hundreds of data sources and security tools, providing context-rich visibility and a common work surface, and improving the efficiency of our entire information security organization. This session will address how we partnered with Splunk architects to deploy and realize benefits from this solution in just five weeks. We will detail how our solution uses real-time data, streams processing, machine learning tools and consistent data models to decrease time to detect and respond to sophisticated threats. This session will cover everything from our platform's business value to its solution architecture. Speaker(s) Jac Noel, Security Solutions Architect, Intel Aubrey Sharwarko, Data Scientist, Intel Jerome Swanson, Security Data Scientist, Intel Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2253.pdf?podcast=1577146216 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Vectra customers and security researchers respond to some of the world’s most consequential threats. And they tell us that there’s a consistent set of questions they must answer when investigating any attack scenario.Yet, security data today is broken and unable to effectively answer those questions. It is either incomplete or storage and performance intensive. Most teams don’t have the information necessary to properly answer the questions required to support their use cases; whether it be for threat hunting, investigations or supporting custom tools and models.In this session, hear about real-world use cases where security teams use machine learning engines to derive unique security attributes and how it is embedded into security workflows. Speaker(s) Kevin Sheu, Vectra Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2589.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Cloud Track: Security, Compliance and Fraud Level: Good for all skill levels
Prevention and detection solutions are vital to maintain a healthy network but not sufficient.When a security incident occurs, the ability to investigate rapidly and recover is crucial but is manually intensive, especially when dealing with networks spanning on premise, public, and private cloud environments.Once an incident is detected, then what?Learn how RedSeal integrates within Splunk Enterprise Security and Phantom framework to provide you with immediate answers to burning questions. Speaker(s) Noam Syrkin, Sr. Technical Marketing Engineer, RedSeal Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2841.pdf?podcast=1577146237 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146217 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Does your small team also run a full-featured SOC that supports a global company? In this session we’ll show you how we’ve used Splunk Cloud and Splunk Enterprise Security to bring together all the relevant security intelligence from our technology stack, transforming our security operations from ad hoc and tactical to strategic and compliance-driven. We’ll discuss key takeaways from our journey, such as the benefits of ingesting data properly from the outset so you can reap the rewards as you scale; how we leverage multiple use cases out of single data sources; and how we created easy-to-understand visualizations that convey our firm’s security posture to management. Speaker(s) Edward Asiedu, Senior Professional Services Consultant, Splunk Craig Gilliver, Head Of SecOps, Johnson Matthey Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1511.pdf?podcast=1577146217 Product: Splunk Cloud, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately. Speaker(s) James Brodsky, Director, Global Security Kittens, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor Track: Security, Compliance and Fraud Level: Good for all skill levels
You've probably heard examples of Splunk Phantom automating 90% of Tier 1 processes, but did you know that Phantom improves human-lead processes too? Come learn about the hidden value of validation and utility playbooks from Penn State University’s Enterprise Security Manager and Splunk’s Lead Technologist for Higher Education. Validation playbooks are automated tests run to validate a human judgement or request. Utility playbooks are short easy-to-create playbooks in Phantom that an analyst runs during an investigation. We’ll cover when to use validation and utility playbooks, how to get started creating them, and ideas for other playbooks you can use to improve your daily operations. Speaker(s) Craig Vincent, Lead Technologist,SLED, Splunk Chris Decker, Enterprise Security Manager, Penn State University Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2205.pdf?podcast=1577146237 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Incident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts. Speaker(s) Mark Cooke, Staff Incident Responder, GE Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1577146237 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Nutanix implemented Splunk to improve operations and security. Attend this session to learn how we started small and grew our Splunk footprint, going from 80 GB/day to 700GB-1.8TB/day, to satisfy key IT and business needs. You will also learn how we leveraged Splunk and our own Nutanix infrastructure for a successful data center migration that involved over 2000 clients and 80+TB of data. We’ll share best practices and insights into running virtualized Splunk Enterprise on hyperconverged infrastructure (HCI). You’ll also learn about an app for Phantom, which we’ll demo, we built to provide security operations teams the ability to quickly contain a VM by stopping or suspending it, then safely starting it, plus the other workloads, like firewall, Docker (incl. Splunk Docker), ETL, etc., we run alongside Splunk on the same infrastructure stack. Whether you’re a Splunk user or own the infrastructure that supports your Splunk team, you’ll get details to help you in your job. Speaker(s) Nicholas Pierini, Manager, Security Engineering, Nutanix Brandon Gagliardi, Sr. Security Engineer, Nutanix Slides PDF link - https://conf.splunk.com/files/2019/slides/FNS2584.pdf?podcast=1577146238 Product: Splunk Enterprise, Phantom Track: Foundations/Platform Level: Good for all skill levels
Discover how 3M is using Splunk to get more value and insights from their mission-critical SAP deployment and its complex legacy environment. You can see how far we have we come and where our vision will take us. Managing SAP is a complex and mission-critical challenge. With its proprietary and often-customized inner workings, SAP has become synonymous with complexity and has long been a difficult challenge for IT departments around the globe to manage. With even short outages carrying the potential of large impacts, it is more important than ever for large ERP customers to bring their systems management and monitoring practices into the data-driven world. In this session, learn what transformational outcomes have been and are being achieved as this 116-year-old global manufacturer partners with Splunk to embrace and overcome ERP and legacy operational data chaos. Speaker(s) Claw Clawson, SplunkYoda, Splunk Michael Flint, IT Operations Manager, 3M Nathan Carr, DevOps Engineer, 3M Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1642.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk IT Service Intelligence, Phantom Track: IT Operations Level: Good for all skill levels
WWT integrates Splunk in enterprise architectures for our joint customers. Rick Pina from WWT is going to describe how Splunk, when part of a larger architecture, is providing true mission and operational outcomes. Speaker(s) Rick Pina, WWT Slides PDF link - https://conf.splunk.com/files/2019/slides/BAS2765.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Business Analytics Level: Good for all skill levels
How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146238 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility. Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146216 Product: Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Prevention and detection solutions are vital to maintain a healthy network but not sufficient.When a security incident occurs, the ability to investigate rapidly and recover is crucial but is manually intensive, especially when dealing with networks spanning on premise, public, and private cloud environments.Once an incident is detected, then what?Learn how RedSeal integrates within Splunk Enterprise Security and Phantom framework to provide you with immediate answers to burning questions. Speaker(s) Noam Syrkin, Sr. Technical Marketing Engineer, RedSeal Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2841.pdf?podcast=1577146214 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
You've probably heard examples of Splunk Phantom automating 90% of Tier 1 processes, but did you know that Phantom improves human-lead processes too? Come learn about the hidden value of validation and utility playbooks from Penn State University’s Enterprise Security Manager and Splunk’s Lead Technologist for Higher Education. Validation playbooks are automated tests run to validate a human judgement or request. Utility playbooks are short easy-to-create playbooks in Phantom that an analyst runs during an investigation. We’ll cover when to use validation and utility playbooks, how to get started creating them, and ideas for other playbooks you can use to improve your daily operations. Speaker(s) Craig Vincent, Lead Technologist,SLED, Splunk Chris Decker, Enterprise Security Manager, Penn State University Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2205.pdf?podcast=1577146214 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
To secure the modern endpoint, you need sufficient data, the right visibility and analysis, and the technology necesary to stop an intrusion. We will leverage BOTSv4 data in this session to help you test and validate Splunk use cases related to hunting threats using endpoint data. We’ll cover several real world case studies as described in MITRE ATT&CK™, and we will simulate adversary groups by executing a single Atomic test and building an elaborate chain reaction. We will then show you in Splunk how to confirm your data quality and confirm you have what you need to detect and evict an adversary from your environment. We will demonstrate practical hunt techniques using BOTSv4 data and how to raise the flag when data is missing or is not required. Speaker(s) Michael Haag, Director of Advanced Threat Detection, Red Canary Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1952.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Cloud Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
As organizations shift away from legacy Governance, Risk, and Compliance (GRC) approaches towards an integrated risk management (IRM) strategy, cyber risk management paradigms must also shift. This presentation will address why firms are shifting to IRM and how the shift to IRM will affect security organizations globally. We will showcase strategies used by forward-leaning peers and thought leaders to operationalize integrated risk management programs in their organizations. Speaker(s) Matt Coose, Qmulos Anthony Perez, Director of Field Technology - Public Sector, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1930.pdf?podcast=1577146214 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Incident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts. Speaker(s) Mark Cooke, Staff Incident Responder, GE Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1577146214 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Where did you come up with the idea for your last use case? Traditional approaches to use case ideation focus on identifying new use cases based on the data already available to the security operations center. However, the threat landscape is constantly changing, and attackers are constantly getting more sophisticated. To detect these advanced threats, our use cases must be based on both business and threat context. In this session, we will share our approach to building innovative use cases based on real-world threats. Starting with industry-specific threat intelligence, we identify the threat actors and their specific tactics, techniques, and procedures. With these insights, we identify use cases relevant to the business, map them to both existing and new data sources, and prioritize implementation based on the specific threats. Speaker(s) John Rubey, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2797.pdf?podcast=1577146214 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Malware infection, lateral movement, data exfiltration, oh my! If you’ve spent any time around the wizarding world of security, you know how much effort goes into preventing dark magic from happening. What if you could use machine learning to stay one step ahead of the adversary? Fasten your seatbelts, because in this talk we will show you how Splunk can utilize machine learning models to take your security detections to the next level. We’ll demonstrate how Splunk's Machine Learning Toolkit can be used to train, validate, and then deploy models to identify anomalies and discover clusters of bad behavior via user-friendly guided workflows—all this while training your models with more data then you’ve ever been able to before. Prepare to leave Las Vegas equipped to incorporate machine learning in your organization’s security detections and jump from reactive to proactive. Mischief managed! Speaker(s) Melisa Napoles, Sales Engineer, Splunk Erika Strano, Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2129.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole. Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Manual sorting through spreadsheets, disparate applications, and scattered data sources to conduct link analysis for a fraud investigation is both painful and ineffective. There must be a better way, right? In this session we'll use Splunk Enterprise and Splunk Phantom to automate repeatable fraud investigation tasks, which will save your team time and better protect your assets from the bad guys. Speaker(s) Matthew Joseff, Director of Specialists - North Asia and Japan, Splunk Abhishek Dujari, Security Specialist, APAC, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1104.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Cloud, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
This is one of multiple sessions in a series at .conf this year focused on getting valuable intel and insights from your Azure and Office 365 environments. Throw on your hoodie and join Ryan as we Splunk our way through all things Azure, Office365, security, compliance, and visibility in the Microsoft-as-a-Service world. Speaker(s) Ry Lait, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1432.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Failure to log everything needed for maximum visibility in your environment can leave huge gaps in your ability to remediate threats. But running an enterprise-level logging program can be difficult: how do you know if you're logging everything necessary to detect threats? Are all of your technologies configured to send the right logs? Are they all logging to Splunk? In this session we will help you answer these and other critical questions of your logging program, which will ultimately help you remediate issues and better use log analysis to mitigate threats. Speaker(s) Kevin Kaminski, Threat Management R&D Lead, ReliaQuest Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2179.pdf?podcast=1577146215 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Splunk's Incident Management Framework is used extensively in support of the notable event creation, and it serves as a bridge that associates the Risk, Asset & Identity, and Threat frameworks together. In this session we will discuss how incident management functions, what occurs behind the scenes to prepare events that are correlated, and how to present correlated events to analysts. Attendees will leave this talk with a greater understanding of the Incident Management Framework and methods to work more effectively with it within Splunk Enterprise Security. Speaker(s) John Stoner, Principal Security Strategist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1544.pdf?podcast=1577146215 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Going beyond basic perimeter defense, Threat Hunting cuts through the noise of endpoint telemetry and anti-virus data to find nation-state level Advanced Persistent Threats (APTs) that hide below the alert threshold. We will demonstrate, through 4 hunt analytic use cases, how to overcome the legacy challenge of relying on Packet Capture (PCAP) data to detect adversaries, highlighting the need to transform Hunt operations by combining Endpoint Detection and Response (EDR) telemetry data with knowledge of APT behavior to find hidden adversaries. This talk will provide a framework for planning and executing hunts, demonstrate why focusing on EDR telemetry data can add additional value over and beyond traditional network data, and how to strengthen hunting through a Purple Team approach. Speaker(s) Max Moerles, Cyber Threat Analyst , Booz Allen Hamilton Jay Novak, Threat Hunt Team Lead, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1250.pdf?podcast=1577146215 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Are you a security analyst? Do you like bright and shiny new things? Attend this session to get the inside scoop on the latest and greatest coming out of our security product and engineering teams. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2371.pdf?podcast=1577146215 Product: Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Are you a security analyst? Do you like bright and shiny new things? Attend this session to get the inside scoop on the latest and greatest coming out of our security product and engineering teams. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2295.pdf?podcast=1577146215 Product: Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Splunk User Behavioral Analytics (UBA) is a machine learning driven solution that helps organizations find hidden threats and anomalous behavior across users, devices, and applications. In this session we'll answer questions that came up during our large-scale deployment such as, once you've got UBA installed, how do you know if it is working well in your environment? And how long after installation does it take for the system to be operational and produce results? We'll also share best practices for validating outputs and tuning the system. This session will help you jumpstart your understanding of UBA and help you get your UBA deployment into production and detecting threats faster. Speaker(s) Teresa Chila, Data Scientist, Chevron Maria Sanchez, Technical Support Engineer, User Behavioral Analytics (UBA), Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1490.pdf?podcast=1577146215 Product: Splunk User Behavior Analytics, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
This session will give you the tools to tackle compliance with Splunk Enterprise Security. The session will showcase why you might want to grant different compliance views to your teams based on the compliance standard they are responsible for adhering to, and how to do so. We'll also cover how to present the compliance standards that a notable event relates to and how to grant your compliance officers visibility into only the notable events that are relevant to them. Speaker(s) Jason Timlin, Professional Services, Splunk Darren Dance, Staff PS Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1852.pdf?podcast=1577146215 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
We will share our journey, lessons, and observations from the past year of implementing compliance at the MITRE Corporation. We'll recap our path from initially learning about Defense Federal Acquisition Regulation Supplement (DFARS), also known as NIST 800-171, to complying with it. We'll share insights from the process that may help you in your compliance journey, but we'll also discuss how your journey might be different than ours, as one size never fits all with compliance. Speaker(s) Bob Clasen, Computer Engineer, MITRE Eugene Katz, Splunk Evangelist, MITRE Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1372.pdf?podcast=1577146216 Product: Splunk Enterprise Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Learn from our experience implementing Splunk Phantom so that you can speed up your automation journey. We'll examine key decisions we made with our implementation and the good and the bad that resulted. We'll also cover our automation efforts in event triage, incident response and everything in between, with walkthroughs of our top playbooks. Additionally, we'll present how we tackled Splunk alert ingestion and what Phantom could look like in a cloud-first deployment. Speaker(s) John Murphy, Security Analyst, NAB Chris Hanlen, Lead Cyber Security Specialist, NAB Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1506.pdf?podcast=1577146216 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
After breaches, incident response teams often end up with an overwhelming amount of forensic evidence data, including disk images, memory captures, PCAP, and more. We'll show you how one of our IR/forensics teams is ingesting this data into Splunk to answer the who, what, where, when and why of breaches. Our presentation will show you how to use Splunk Enterprise and Splunk Enterprise Security for Incident Response (IR) workflow tracking and reporting on multi-source forensic data captures. Speaker(s) Josh Wilson, Consulting Engineer, August Schell Dave Martin, Supervisory Special Agent, Federal Bureau of Investigation Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1796.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
The Census is the nation’s largest peacetime mobilization effort and determines congressional representation. Census data is used by businesses, governments and civic organizations to inform decision-making and this year the Census is going mobile and online for the first time. This means that security is a top priority in ensuring the success of the 2020 Decennial. This segment of the conference will explore security related topics to include vulnerabilities, scalability and performance, with a special focus on Data Privacy, Compliance and Reputational Threat Management. If all things data and IT Security excite you, then this session is for you. Census executives Atri Kalluri and Zack Schwartz will provide a behind the scenes overview of the systems supporting the 2020 Decennial, including Splunk, and real world case studies on how the Census Bureau is adopting best practices across IT security and social media monitoring to ensure the security of respondent data. Speaker(s) Atri Kalluri, Senior Advocate, Response Security and Data Integrity, U.S. Census Bureau Zack Scwhartz, IT Program Manager, U.S. Census Bureau Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2638.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Last year, after our outrageously successful talk "Pull Up Your SOCs: A Splunk Primer on Building or Rebuilding your Security Operations", we wanted to revisit this topic to cover changes in Security Operations that have taken place over the last 12 months. Whether you’re starting from scratch or rebuilding your security program, the first twelve months of standing up your security operations is absolutely critical to success. Speaker(s) Dimitri McKay, Staff Security Architect | Jedi Master, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2186.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Endpoint security is more than detecting malware. Most insider threats, however, don’t involve malware, but other security issues associated with the user and endpoint. Learn how Cisco’s own InfoSec team uses Cisco Endpoint Security Analytics Built on Splunk and Cisco NGFW integration to increase its endpoint security and threat visibility. Speaker(s) Scott Pope, Cisco Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2899.pdf?podcast=1577146216 Product: Splunk Cloud, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels