Podcasts about product splunk enterprise security

  • 9PODCASTS
  • 77EPISODES
  • AVG DURATION
  • ?INFREQUENT EPISODES
  • Dec 23, 2019LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about product splunk enterprise security

Latest podcast episodes about product splunk enterprise security

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Attacking and Defending Kubernetes: A Purple Team Approach to Improving Detection Using Splunk Enterprise Security, Splunk Phantom and Peirates [Splunk Enterprise Security, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146214 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker improving threats fraud cto phantom defending compliance senior manager attacking detection slides kubernetes splunk team approach purple team jay beale level advanced inguardians splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker data conference videos streaming fraud investigation phantom compliance generate automated detection slides obtaining splunk cim research engineer level advanced splunk enterprise security track security product splunk enterprise security splunk user behavior analytics
Splunk [All Products] 2019 .conf Videos w/ Slides
Helping Women in Technology to Boost Their Careers by Getting Public Recognition for Intellectual Property that They Create [Splunk Enterprise Security]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


This session will illuminate the world of Intellectual Property (IP) so that women are more empowered to gain recognition. The underrepresentation of women in STEM has meant that, historically, men have had a reputational advantage, but women can gain ground. IP rights provide an avenue for increased acknowledgement, both inside and outside the company. This session will cover the issues of ownership as well as the different types of IP, and which IP may be most valuable to the company. It also will explain the role of an IP group in a company, and how women can take advantage of their efforts to see their contributions being acknowledged. It also will discuss the business pressures at play, with different company groups and products vying for limited resources. The goal of this session is to give women the information and tools they need to take advantage of opportunities, gaining the much-deserved recognition they deserve, and boosting their professional career in technology! Speaker(s) Rimma Budnitskaya, Director, Legal (IP), Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FND1502.pdf?podcast=1577146224 Product: Splunk Enterprise Security Track: Foundations/Platform Level: Good for all skill levels

Splunk [All Products] 2019 .conf Videos w/ Slides
Enterprise Security Biology III: Dissecting the Incident Management Framework [Splunk Enterprise Security]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Splunk's Incident Management Framework is used extensively in support of the notable event creation, and it serves as a bridge that associates the Risk, Asset & Identity, and Threat frameworks together. In this session we will discuss how incident management functions, what occurs behind the scenes to prepare events that are correlated, and how to present correlated events to analysts. Attendees will leave this talk with a greater understanding of the Incident Management Framework and methods to work more effectively with it within Splunk Enterprise Security. Speaker(s) John Stoner, Principal Security Strategist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1544.pdf?podcast=1577146224 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

identity speaker risk threats fraud biology framework compliance asset dissecting slides attendees splunk incident management john stoner level good splunk enterprise security track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole. Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146224 Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker evil fraud phantom compliance slides differentiating abnormal benign carbon black mitre att rick mcelroy level good splunk enterprise security splunk it service intelligence track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Building a Security Monitoring Strategy 2.0 [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


So you have a SIEM with security data, e.g. firewalls, proxy, endpoint data, etc. Now what? How do you effectively operationalize your investment? This session provides recipes, principles, patterns, and strategies for using Splunk and data-driven analytics to move your security monitoring and compliance effectiveness up the maturity curve. This session will cover how to identify key mixes of data sources, core OOTB content to use, and how to layer capabilities aligned with your maturity. We will help you go beyond the endless alerts and investigations and start creating value by reducing the impact of potential security events. We're excited to show you that there's no need for a PhD in security assurance and operations—just Splunk and a solid plan. Speaker(s) Paul Davilar, Security Consultant, Splunk Paul Pelletier, Sr. Security Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1391.pdf?podcast=1577146223 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom Track: Security, Compliance and Fraud Level: Intermediate

strategy phd speaker sr fraud phantom compliance slides splunk siem security consultant paul pelletier security monitoring level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Attacking and Defending Kubernetes: A Purple Team Approach to Improving Detection Using Splunk Enterprise Security, Splunk Phantom and Peirates [Splunk Enterprise Security, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146223 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker improving threats fraud cto phantom defending compliance senior manager attacking detection slides kubernetes splunk team approach purple team jay beale level advanced inguardians splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker data conference defense videos streaming threats fraud researchers deception phantom compliance proactive automated slides ai ml splunk emulation sandia national laboratories level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Improve Your Cyber Monitoring & Response Strategy with Splunk Enterprise Security and Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146224 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

strategy speaker fraud phantom cyber compliance monitoring accenture slides ck ooda mitre att level good splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Transforming Intel’s Security Posture with Innovations in Data Intelligence [Splunk Enterprise Security]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Intel is transforming its approach to security by deploying a new Cyber Intelligence Platform (CIP) based on Splunk, Kafka, and other leading-edge technologies. Our new platform ingests data from hundreds of data sources and security tools, providing context-rich visibility and a common work surface, and improving the efficiency of our entire information security organization. This session will address how we partnered with Splunk architects to deploy and realize benefits from this solution in just five weeks. We will detail how our solution uses real-time data, streams processing, machine learning tools and consistent data models to decrease time to detect and respond to sophisticated threats. This session will cover everything from our platform's business value to its solution architecture. Speaker(s) Jac Noel, Security Solutions Architect, Intel Aubrey Sharwarko, Data Scientist, Intel Jerome Swanson, Security Data Scientist, Intel Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2253.pdf?podcast=1577146235 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Threat Hunting in Industrial (ICS\OT) Environments [Splunk Enterprise Security, Splunk for Industrial IoT]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels

speaker data conference videos streaming threats ot industrial internet of things environments sis slides splunk threat intelligence dragos industrial iot threat hunting industrial control systems ics level good splunk enterprise security trisis track internet xenotime product splunk enterprise security
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Tales From a Threat Team: Lessons and Strategies for Succeeding with a Risk-Based Approach [Splunk Enterprise Security]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


We've run a risk-based approach with our security alerts for over a year, and we're excited to review our progress with you. We'll discuss how we increased the number of behavioral indicators by 300% while reducing our alerts by 50%. We'll also discuss how we expanded our risk approach to handle on premise and cloud environments within the same framework, which yielded a single alerting mechanism that leverages all of our data enrichment. We'll also share the roadmap for our risk-based approach, which incorporates risk rules that utilize algorithms to identify risks not discovered by traditional detection approaches. Speaker(s) Stuart McIntosh, Threat Intelligence, Outpost Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1908.pdf?podcast=1577146235 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data conference security videos streaming fraud investigation phantom compliance step up detection slides maturing defenses soc splunk jose hernandez security researcher bhavin patel level good splunk enterprise security track security product splunk enterprise security splunk phantom splunk user behavior analytics
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data conference videos scary streaming spooky intelligence fraud hunting phantom organizations compliance ey slides splunk level good splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Make Compliance a Breeze with Splunk Enterprise Security [Splunk Enterprise Security]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


This session will give you the tools to tackle compliance with Splunk Enterprise Security. The session will showcase why you might want to grant different compliance views to your teams based on the compliance standard they are responsible for adhering to, and how to do so. We'll also cover how to present the compliance standards that a notable event relates to and how to grant your compliance officers visibility into only the notable events that are relevant to them. Speaker(s) Jason Timlin, Professional Services, Splunk Darren Dance, Staff PS Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1852.pdf?podcast=1577146234 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data conference videos streaming fraud compliance breeze slides professional services splunk level good splunk enterprise security track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
How We Scaled Splunk Enterprise Security to 100TB with Search Head Clustering [Splunk Enterprise Security]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Want to scale Splunk Enterprise Security to 100TB/day? We've done it! In Splunk labs, we built workloads that closely simulate our customers' usage patterns, and we scaled beyond a 100TB per day ingest rate with search head clustering. In this session we'll share key aspects of our Splunk Enterprise Security workload design: diverse source types, major data models, search scenarios, data enrichment, and hardware choices for search head and indexer. We will also share how different configurations impact search performance and how to tune Splunk Enterprise Security effectively with parameters such as max_searches_per_cpu, acceleration.max_concurrent, allow_skew, and maxBundleSize to name a few. Come see how we scaled to large volumes while efficiently utilizing hardware capacity for maximum performance. Speaker(s) Devendra Badhani, Sr Engineering Manager, Splunk Jesse Chen, Principal Performance Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1554.pdf?podcast=1577146224 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

head speaker search fraud compliance slides scaled splunk clustering level intermediate splunk enterprise security track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Industrial Cyber Security In A Converging IT/OT World [Splunk Enterprise Security, Splunk for Industrial IoT]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


The digital convergence of IT and OT infrastructures promises huge efficiencies, cost savings and opportunities; but it is not without risk. OT was primarily built to run all types of manufacturing & critical infrastructure processes while IT was built to store, transmit and manipulate data in order to conduct business. The two worlds could not be more different in purpose or design; and this can expose even the most secure organizations to new types of cyber threats. In this session we will discuss the current challenges we face in the drive to convergence and how to secure your industrial or critical infrastructure organization from the clear and present threat. Speaker(s) Michael Rothschild, Indegy Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1066.pdf?podcast=1577146224 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Advanced

speaker cybersecurity ot internet of things slides splunk converging industrial iot level advanced splunk enterprise security track internet product splunk enterprise security
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Industrial Cyber Security In A Converging IT/OT World [Splunk Enterprise Security, Splunk for Industrial IoT]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


The digital convergence of IT and OT infrastructures promises huge efficiencies, cost savings and opportunities; but it is not without risk. OT was primarily built to run all types of manufacturing & critical infrastructure processes while IT was built to store, transmit and manipulate data in order to conduct business. The two worlds could not be more different in purpose or design; and this can expose even the most secure organizations to new types of cyber threats. In this session we will discuss the current challenges we face in the drive to convergence and how to secure your industrial or critical infrastructure organization from the clear and present threat. Speaker(s) Michael Rothschild, Indegy Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1066.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Advanced

speaker data conference videos streaming cybersecurity ot internet of things slides splunk converging industrial iot level advanced splunk enterprise security track internet product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146226 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker data fraud investigation phantom compliance generate automated detection slides obtaining splunk cim research engineer level advanced splunk enterprise security track security product splunk enterprise security splunk user behavior analytics
Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides
Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker data conference videos streaming fraud investigation phantom compliance generate automated detection slides obtaining splunk cim research engineer level advanced splunk enterprise security track security product splunk enterprise security splunk user behavior analytics
Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides
Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker data conference defense videos streaming threats fraud researchers deception phantom compliance proactive automated slides ai ml splunk emulation sandia national laboratories level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides
Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146258 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data conference security videos streaming fraud investigation phantom compliance step up detection slides maturing defenses soc splunk jose hernandez security researcher bhavin patel level good splunk enterprise security track security product splunk enterprise security splunk phantom splunk user behavior analytics
Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides
Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146258 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides
Integrating the Analyst, the Logic, and the Machine [Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML]

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Are your analysts spending too much time clearing through notable events? Ours were too, but today our analysts are living the dream: they have all the details they want right there on the Incident Review screen, all while our alerts fine-tune themselves (with workflow action human input). Come and see how we achieved Incident Review Screen 2.0. by using Splunk's Machine Learning Toolkit to transition to smarter correlation searches. Speaker(s) Lukasz Antoniak, Cyber Detection Crafting Chief, Viasat Ryan Rake, Viasat Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1673.pdf?podcast=1577146257 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker data conference videos streaming fraud logic analysts compliance integrating slides ai ml splunk viasat level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security splunk's machine learning toolkit
Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides
Building a Security Monitoring Strategy 2.0 [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom]

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


So you have a SIEM with security data, e.g. firewalls, proxy, endpoint data, etc. Now what? How do you effectively operationalize your investment? This session provides recipes, principles, patterns, and strategies for using Splunk and data-driven analytics to move your security monitoring and compliance effectiveness up the maturity curve. This session will cover how to identify key mixes of data sources, core OOTB content to use, and how to layer capabilities aligned with your maturity. We will help you go beyond the endless alerts and investigations and start creating value by reducing the impact of potential security events. We're excited to show you that there's no need for a PhD in security assurance and operations—just Splunk and a solid plan. Speaker(s) Paul Davilar, Security Consultant, Splunk Paul Pelletier, Sr. Security Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1391.pdf?podcast=1577146257 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom Track: Security, Compliance and Fraud Level: Intermediate

strategy phd speaker data conference videos streaming sr fraud phantom compliance slides splunk siem security consultant paul pelletier security monitoring level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146226 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

director speaker sr fraud phantom compliance product managers product management slides what's new product marketing senior product manager splunk product marketing manager sr director chris simmons level good splunk enterprise security track security product splunk enterprise security splunk phantom splunk user behavior analytics
Splunk [All Products] 2019 .conf Videos w/ Slides
Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker defense threats fraud researchers deception phantom compliance proactive automated slides ai ml emulation sandia national laboratories level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Integrating the Analyst, the Logic, and the Machine [Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Are your analysts spending too much time clearing through notable events? Ours were too, but today our analysts are living the dream: they have all the details they want right there on the Incident Review screen, all while our alerts fine-tune themselves (with workflow action human input). Come and see how we achieved Incident Review Screen 2.0. by using Splunk's Machine Learning Toolkit to transition to smarter correlation searches. Speaker(s) Lukasz Antoniak, Cyber Detection Crafting Chief, Viasat Ryan Rake, Viasat Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1673.pdf?podcast=1577146224 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker fraud logic analysts compliance integrating slides ai ml viasat level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security splunk's machine learning toolkit
Splunk [All Products] 2019 .conf Videos w/ Slides
Transforming Intel’s Security Posture with Innovations in Data Intelligence [Splunk Enterprise Security]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Intel is transforming its approach to security by deploying a new Cyber Intelligence Platform (CIP) based on Splunk, Kafka, and other leading-edge technologies. Our new platform ingests data from hundreds of data sources and security tools, providing context-rich visibility and a common work surface, and improving the efficiency of our entire information security organization. This session will address how we partnered with Splunk architects to deploy and realize benefits from this solution in just five weeks. We will detail how our solution uses real-time data, streams processing, machine learning tools and consistent data models to decrease time to detect and respond to sophisticated threats. This session will cover everything from our platform's business value to its solution architecture. Speaker(s) Jac Noel, Security Solutions Architect, Intel Aubrey Sharwarko, Data Scientist, Intel Jerome Swanson, Security Data Scientist, Intel Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2253.pdf?podcast=1577146225 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker innovation transforming fraud intel compliance posture slides kafka data scientists splunk data intelligence level good splunk enterprise security track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Threat Hunting in Industrial (ICS\OT) Environments [Splunk Enterprise Security, Splunk for Industrial IoT]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels

speaker threats ot industrial internet of things environments sis slides splunk threat intelligence dragos industrial iot threat hunting industrial control systems ics level good splunk enterprise security trisis track internet xenotime product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Tales From a Threat Team: Lessons and Strategies for Succeeding with a Risk-Based Approach [Splunk Enterprise Security]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


We've run a risk-based approach with our security alerts for over a year, and we're excited to review our progress with you. We'll discuss how we increased the number of behavioral indicators by 300% while reducing our alerts by 50%. We'll also discuss how we expanded our risk approach to handle on premise and cloud environments within the same framework, which yielded a single alerting mechanism that leverages all of our data enrichment. We'll also share the roadmap for our risk-based approach, which incorporates risk rules that utilize algorithms to identify risks not discovered by traditional detection approaches. Speaker(s) Stuart McIntosh, Threat Intelligence, Outpost Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1908.pdf?podcast=1577146225 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

strategy lessons speaker risk tales threats fraud compliance succeeding slides threat intelligence level advanced splunk enterprise security track security product splunk enterprise security
Splunk [All Products] 2019 .conf Videos w/ Slides
Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker security fraud investigation phantom compliance step up detection slides maturing defenses soc splunk jose hernandez security researcher bhavin patel level good splunk enterprise security track security product splunk enterprise security splunk phantom splunk user behavior analytics
Splunk [All Products] 2019 .conf Videos w/ Slides
Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker scary spooky intelligence fraud hunting phantom organizations compliance ey slides level good splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [All Products] 2019 .conf Videos w/ Slides
Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

speaker starbucks fraud phantom compliance day in the life product management slides splunk mission control sr director security analysts splunk enterprise security track security product splunk enterprise security splunk user behavior analytics
Splunk [All Products] 2019 .conf Videos w/ Slides
Make Compliance a Breeze with Splunk Enterprise Security [Splunk Enterprise Security]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


This session will give you the tools to tackle compliance with Splunk Enterprise Security. The session will showcase why you might want to grant different compliance views to your teams based on the compliance standard they are responsible for adhering to, and how to do so. We'll also cover how to present the compliance standards that a notable event relates to and how to grant your compliance officers visibility into only the notable events that are relevant to them. Speaker(s) Jason Timlin, Professional Services, Splunk Darren Dance, Staff PS Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1852.pdf?podcast=1577146225 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker fraud compliance breeze slides professional services splunk level good splunk enterprise security track security product splunk enterprise security
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Integrating the Analyst, the Logic, and the Machine [Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Are your analysts spending too much time clearing through notable events? Ours were too, but today our analysts are living the dream: they have all the details they want right there on the Incident Review screen, all while our alerts fine-tune themselves (with workflow action human input). Come and see how we achieved Incident Review Screen 2.0. by using Splunk's Machine Learning Toolkit to transition to smarter correlation searches. Speaker(s) Lukasz Antoniak, Cyber Detection Crafting Chief, Viasat Ryan Rake, Viasat Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1673.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker data conference videos streaming fraud logic analysts compliance integrating slides ai ml splunk viasat level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security splunk's machine learning toolkit
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Improve Your Cyber Monitoring & Response Strategy with Splunk Enterprise Security and Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

strategy speaker data conference videos streaming fraud phantom cyber compliance monitoring accenture slides ck splunk ooda mitre att level good splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Building a Security Monitoring Strategy 2.0 [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


So you have a SIEM with security data, e.g. firewalls, proxy, endpoint data, etc. Now what? How do you effectively operationalize your investment? This session provides recipes, principles, patterns, and strategies for using Splunk and data-driven analytics to move your security monitoring and compliance effectiveness up the maturity curve. This session will cover how to identify key mixes of data sources, core OOTB content to use, and how to layer capabilities aligned with your maturity. We will help you go beyond the endless alerts and investigations and start creating value by reducing the impact of potential security events. We're excited to show you that there's no need for a PhD in security assurance and operations—just Splunk and a solid plan. Speaker(s) Paul Davilar, Security Consultant, Splunk Paul Pelletier, Sr. Security Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1391.pdf?podcast=1577146214 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom Track: Security, Compliance and Fraud Level: Intermediate

strategy phd speaker sr fraud phantom compliance slides splunk siem security consultant paul pelletier security monitoring level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker security fraud investigation phantom compliance step up detection slides maturing defenses soc splunk jose hernandez security researcher bhavin patel level good splunk enterprise security track security product splunk enterprise security splunk phantom splunk user behavior analytics
Splunk [Phantom] 2019 .conf Videos w/ Slides
Attacking and Defending Kubernetes: A Purple Team Approach to Improving Detection Using Splunk Enterprise Security, Splunk Phantom and Peirates [Splunk Enterprise Security, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146237 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker data conference videos improving streaming threats fraud cto phantom defending compliance senior manager attacking detection slides kubernetes splunk team approach purple team jay beale level advanced inguardians splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146217 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

director speaker sr fraud phantom compliance product managers product management slides what's new product marketing senior product manager splunk product marketing manager sr director chris simmons level good splunk enterprise security track security product splunk enterprise security splunk phantom splunk user behavior analytics
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker data fraud investigation phantom compliance generate automated detection slides obtaining splunk cim research engineer level advanced splunk enterprise security track security product splunk enterprise security splunk user behavior analytics
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker defense threats fraud researchers deception phantom compliance proactive automated slides ai ml emulation sandia national laboratories level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Transforming Intel’s Security Posture with Innovations in Data Intelligence [Splunk Enterprise Security]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Intel is transforming its approach to security by deploying a new Cyber Intelligence Platform (CIP) based on Splunk, Kafka, and other leading-edge technologies. Our new platform ingests data from hundreds of data sources and security tools, providing context-rich visibility and a common work surface, and improving the efficiency of our entire information security organization. This session will address how we partnered with Splunk architects to deploy and realize benefits from this solution in just five weeks. We will detail how our solution uses real-time data, streams processing, machine learning tools and consistent data models to decrease time to detect and respond to sophisticated threats. This session will cover everything from our platform's business value to its solution architecture. Speaker(s) Jac Noel, Security Solutions Architect, Intel Aubrey Sharwarko, Data Scientist, Intel Jerome Swanson, Security Data Scientist, Intel Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2253.pdf?podcast=1577146216 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker innovation transforming fraud intel compliance posture slides kafka data scientists splunk data intelligence level good splunk enterprise security track security product splunk enterprise security
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Tales From a Threat Team: Lessons and Strategies for Succeeding with a Risk-Based Approach [Splunk Enterprise Security]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


We've run a risk-based approach with our security alerts for over a year, and we're excited to review our progress with you. We'll discuss how we increased the number of behavioral indicators by 300% while reducing our alerts by 50%. We'll also discuss how we expanded our risk approach to handle on premise and cloud environments within the same framework, which yielded a single alerting mechanism that leverages all of our data enrichment. We'll also share the roadmap for our risk-based approach, which incorporates risk rules that utilize algorithms to identify risks not discovered by traditional detection approaches. Speaker(s) Stuart McIntosh, Threat Intelligence, Outpost Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1908.pdf?podcast=1577146216 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

strategy lessons speaker risk tales threats fraud compliance succeeding slides threat intelligence level advanced splunk enterprise security track security product splunk enterprise security
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker scary spooky intelligence fraud hunting phantom organizations compliance ey slides level good splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Phantom] 2019 .conf Videos w/ Slides
Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole. Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146238 Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data evil conference videos streaming fraud phantom compliance slides differentiating abnormal splunk benign carbon black mitre att rick mcelroy level good splunk enterprise security splunk it service intelligence track security product splunk enterprise security
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

speaker starbucks fraud phantom compliance day in the life product management slides splunk mission control sr director security analysts splunk enterprise security track security product splunk enterprise security splunk user behavior analytics
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Make Compliance a Breeze with Splunk Enterprise Security [Splunk Enterprise Security]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


This session will give you the tools to tackle compliance with Splunk Enterprise Security. The session will showcase why you might want to grant different compliance views to your teams based on the compliance standard they are responsible for adhering to, and how to do so. We'll also cover how to present the compliance standards that a notable event relates to and how to grant your compliance officers visibility into only the notable events that are relevant to them. Speaker(s) Jason Timlin, Professional Services, Splunk Darren Dance, Staff PS Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1852.pdf?podcast=1577146215 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker fraud compliance breeze slides professional services lj splunk level good splunk enterprise security track security product splunk enterprise security
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Integrating the Analyst, the Logic, and the Machine [Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Are your analysts spending too much time clearing through notable events? Ours were too, but today our analysts are living the dream: they have all the details they want right there on the Incident Review screen, all while our alerts fine-tune themselves (with workflow action human input). Come and see how we achieved Incident Review Screen 2.0. by using Splunk's Machine Learning Toolkit to transition to smarter correlation searches. Speaker(s) Lukasz Antoniak, Cyber Detection Crafting Chief, Viasat Ryan Rake, Viasat Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1673.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker fraud logic analysts compliance integrating slides ai ml viasat level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security splunk's machine learning toolkit
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Improve Your Cyber Monitoring & Response Strategy with Splunk Enterprise Security and Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

strategy speaker fraud phantom cyber compliance monitoring accenture slides ck ooda mitre att level good splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
How We Scaled Splunk Enterprise Security to 100TB with Search Head Clustering [Splunk Enterprise Security]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Want to scale Splunk Enterprise Security to 100TB/day? We've done it! In Splunk labs, we built workloads that closely simulate our customers' usage patterns, and we scaled beyond a 100TB per day ingest rate with search head clustering. In this session we'll share key aspects of our Splunk Enterprise Security workload design: diverse source types, major data models, search scenarios, data enrichment, and hardware choices for search head and indexer. We will also share how different configurations impact search performance and how to tune Splunk Enterprise Security effectively with parameters such as max_searches_per_cpu, acceleration.max_concurrent, allow_skew, and maxBundleSize to name a few. Come see how we scaled to large volumes while efficiently utilizing hardware capacity for maximum performance. Speaker(s) Devendra Badhani, Sr Engineering Manager, Splunk Jesse Chen, Principal Performance Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1554.pdf?podcast=1577146215 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

head speaker search fraud compliance slides scaled splunk clustering level intermediate splunk enterprise security track security product splunk enterprise security
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Enterprise Security Biology III: Dissecting the Incident Management Framework [Splunk Enterprise Security]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Splunk's Incident Management Framework is used extensively in support of the notable event creation, and it serves as a bridge that associates the Risk, Asset & Identity, and Threat frameworks together. In this session we will discuss how incident management functions, what occurs behind the scenes to prepare events that are correlated, and how to present correlated events to analysts. Attendees will leave this talk with a greater understanding of the Incident Management Framework and methods to work more effectively with it within Splunk Enterprise Security. Speaker(s) John Stoner, Principal Security Strategist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1544.pdf?podcast=1577146215 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

identity speaker risk threats fraud biology framework compliance asset dissecting slides attendees splunk incident management john stoner level good splunk enterprise security track security product splunk enterprise security
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole. Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker evil fraud phantom compliance slides differentiating abnormal benign carbon black mitre att rick mcelroy level good splunk enterprise security splunk it service intelligence track security product splunk enterprise security
Splunk [Phantom] 2019 .conf Videos w/ Slides
Building a Security Monitoring Strategy 2.0 [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


So you have a SIEM with security data, e.g. firewalls, proxy, endpoint data, etc. Now what? How do you effectively operationalize your investment? This session provides recipes, principles, patterns, and strategies for using Splunk and data-driven analytics to move your security monitoring and compliance effectiveness up the maturity curve. This session will cover how to identify key mixes of data sources, core OOTB content to use, and how to layer capabilities aligned with your maturity. We will help you go beyond the endless alerts and investigations and start creating value by reducing the impact of potential security events. We're excited to show you that there's no need for a PhD in security assurance and operations—just Splunk and a solid plan. Speaker(s) Paul Davilar, Security Consultant, Splunk Paul Pelletier, Sr. Security Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1391.pdf?podcast=1577146237 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom Track: Security, Compliance and Fraud Level: Intermediate

strategy phd speaker data conference videos streaming sr fraud phantom compliance slides splunk siem security consultant paul pelletier security monitoring level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [Phantom] 2019 .conf Videos w/ Slides
Improve Your Cyber Monitoring & Response Strategy with Splunk Enterprise Security and Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146238 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

strategy speaker data conference videos streaming fraud phantom cyber compliance monitoring accenture slides ck splunk ooda mitre att level good splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
How We Scaled Splunk Enterprise Security to 100TB with Search Head Clustering [Splunk Enterprise Security]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Want to scale Splunk Enterprise Security to 100TB/day? We've done it! In Splunk labs, we built workloads that closely simulate our customers' usage patterns, and we scaled beyond a 100TB per day ingest rate with search head clustering. In this session we'll share key aspects of our Splunk Enterprise Security workload design: diverse source types, major data models, search scenarios, data enrichment, and hardware choices for search head and indexer. We will also share how different configurations impact search performance and how to tune Splunk Enterprise Security effectively with parameters such as max_searches_per_cpu, acceleration.max_concurrent, allow_skew, and maxBundleSize to name a few. Come see how we scaled to large volumes while efficiently utilizing hardware capacity for maximum performance. Speaker(s) Devendra Badhani, Sr Engineering Manager, Splunk Jesse Chen, Principal Performance Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1554.pdf?podcast=1577146233 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

head speaker data search conference videos streaming fraud compliance slides scaled splunk clustering level intermediate splunk enterprise security track security product splunk enterprise security
Splunk [Industrial IoT | Mobile | SignalFx | VictorOps] 2019 .conf Videos w/ Slides
Industrial Cyber Security In A Converging IT/OT World [Splunk Enterprise Security, Splunk for Industrial IoT]

Splunk [Industrial IoT | Mobile | SignalFx | VictorOps] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


The digital convergence of IT and OT infrastructures promises huge efficiencies, cost savings and opportunities; but it is not without risk. OT was primarily built to run all types of manufacturing & critical infrastructure processes while IT was built to store, transmit and manipulate data in order to conduct business. The two worlds could not be more different in purpose or design; and this can expose even the most secure organizations to new types of cyber threats. In this session we will discuss the current challenges we face in the drive to convergence and how to secure your industrial or critical infrastructure organization from the clear and present threat. Speaker(s) Michael Rothschild, Indegy Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1066.pdf?podcast=1577146262 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Advanced

speaker data conference videos streaming cybersecurity ot internet of things slides splunk converging industrial iot level advanced splunk enterprise security track internet product splunk enterprise security
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Helping Women in Technology to Boost Their Careers by Getting Public Recognition for Intellectual Property that They Create [Splunk Enterprise Security]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


This session will illuminate the world of Intellectual Property (IP) so that women are more empowered to gain recognition. The underrepresentation of women in STEM has meant that, historically, men have had a reputational advantage, but women can gain ground. IP rights provide an avenue for increased acknowledgement, both inside and outside the company. This session will cover the issues of ownership as well as the different types of IP, and which IP may be most valuable to the company. It also will explain the role of an IP group in a company, and how women can take advantage of their efforts to see their contributions being acknowledged. It also will discuss the business pressures at play, with different company groups and products vying for limited resources. The goal of this session is to give women the information and tools they need to take advantage of opportunities, gaining the much-deserved recognition they deserve, and boosting their professional career in technology! Speaker(s) Rimma Budnitskaya, Director, Legal (IP), Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FND1502.pdf?podcast=1577146233 Product: Splunk Enterprise Security Track: Foundations/Platform Level: Good for all skill levels

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Enterprise Security Biology III: Dissecting the Incident Management Framework [Splunk Enterprise Security]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Splunk's Incident Management Framework is used extensively in support of the notable event creation, and it serves as a bridge that associates the Risk, Asset & Identity, and Threat frameworks together. In this session we will discuss how incident management functions, what occurs behind the scenes to prepare events that are correlated, and how to present correlated events to analysts. Attendees will leave this talk with a greater understanding of the Incident Management Framework and methods to work more effectively with it within Splunk Enterprise Security. Speaker(s) John Stoner, Principal Security Strategist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1544.pdf?podcast=1577146233 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole. Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146233 Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data evil conference videos streaming fraud phantom compliance slides differentiating abnormal splunk benign carbon black mitre att rick mcelroy level good splunk enterprise security splunk it service intelligence track security product splunk enterprise security
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Building a Security Monitoring Strategy 2.0 [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


So you have a SIEM with security data, e.g. firewalls, proxy, endpoint data, etc. Now what? How do you effectively operationalize your investment? This session provides recipes, principles, patterns, and strategies for using Splunk and data-driven analytics to move your security monitoring and compliance effectiveness up the maturity curve. This session will cover how to identify key mixes of data sources, core OOTB content to use, and how to layer capabilities aligned with your maturity. We will help you go beyond the endless alerts and investigations and start creating value by reducing the impact of potential security events. We're excited to show you that there's no need for a PhD in security assurance and operations—just Splunk and a solid plan. Speaker(s) Paul Davilar, Security Consultant, Splunk Paul Pelletier, Sr. Security Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1391.pdf?podcast=1577146233 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom Track: Security, Compliance and Fraud Level: Intermediate

strategy phd speaker data conference videos streaming sr fraud phantom compliance slides splunk siem security consultant paul pelletier security monitoring level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [Enterprise Security] 2019 .conf Videos w/ Slides
Attacking and Defending Kubernetes: A Purple Team Approach to Improving Detection Using Splunk Enterprise Security, Splunk Phantom and Peirates [Splunk Enterprise Security, Phantom]

Splunk [Enterprise Security] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146233 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker data conference videos improving streaming threats fraud cto phantom defending compliance senior manager attacking detection slides kubernetes splunk team approach purple team jay beale level advanced inguardians splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [Foundations/Platform Track] 2019 .conf Videos w/ Slides
Helping Women in Technology to Boost Their Careers by Getting Public Recognition for Intellectual Property that They Create [Splunk Enterprise Security]

Splunk [Foundations/Platform Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


This session will illuminate the world of Intellectual Property (IP) so that women are more empowered to gain recognition. The underrepresentation of women in STEM has meant that, historically, men have had a reputational advantage, but women can gain ground. IP rights provide an avenue for increased acknowledgement, both inside and outside the company. This session will cover the issues of ownership as well as the different types of IP, and which IP may be most valuable to the company. It also will explain the role of an IP group in a company, and how women can take advantage of their efforts to see their contributions being acknowledged. It also will discuss the business pressures at play, with different company groups and products vying for limited resources. The goal of this session is to give women the information and tools they need to take advantage of opportunities, gaining the much-deserved recognition they deserve, and boosting their professional career in technology! Speaker(s) Rimma Budnitskaya, Director, Legal (IP), Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FND1502.pdf?podcast=1577146201 Product: Splunk Enterprise Security Track: Foundations/Platform Level: Good for all skill levels

Splunk [Industrial IoT | Mobile | SignalFx | VictorOps] 2019 .conf Videos w/ Slides
Threat Hunting in Industrial (ICS\OT) Environments [Splunk Enterprise Security, Splunk for Industrial IoT]

Splunk [Industrial IoT | Mobile | SignalFx | VictorOps] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146263 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels

speaker data conference videos streaming threats ot industrial internet of things environments sis slides splunk threat intelligence dragos industrial iot threat hunting industrial control systems ics level good splunk enterprise security trisis track internet xenotime product splunk enterprise security
Splunk [Internet of Things Track] 2019 .conf Videos w/ Slides
Threat Hunting in Industrial (ICS\OT) Environments [Splunk Enterprise Security, Splunk for Industrial IoT]

Splunk [Internet of Things Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Industrial operations comprise a diverse blend of technology that run critical processes. The proliferation of automation and networking has increased the sophistication of Industrial Control Systems (ICS), also known as Operational Technology (OT) environments.Threats targeting OT are increasing in both frequency and sophistication. Dragos tracks 9 OT-targeting activity groups, the most significant of which, XENOTIME, was responsible for the TRISIS malware that targeted safety systems (SIS) resulting in multiple plant shutdowns and the potential to cause harm to human operators.Traditional IT threat hunting is not well-suited to OT environments. This session will outline the differences between IT and OT assessments, highlight the most significant threats facing OT, and review best practices for OT-specific threat hunting engagements, including techniques that empower defenders to detect and respond more efficiently to existing and future threats, therefore reducing adversary dwell time. Speaker(s) Amy Bejtlich, Threat Intelligence, Dragos Marc Seitz, Threat Analyst, Dragos Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1641.pdf?podcast=1577146207 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels

speaker threats ot industrial internet of things environments sis slides splunk threat intelligence dragos industrial iot threat hunting industrial control systems ics level good splunk enterprise security trisis track internet xenotime product splunk enterprise security
Splunk [Phantom] 2019 .conf Videos w/ Slides
Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

Splunk [Internet of Things Track] 2019 .conf Videos w/ Slides
Industrial Cyber Security In A Converging IT/OT World [Splunk Enterprise Security, Splunk for Industrial IoT]

Splunk [Internet of Things Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


The digital convergence of IT and OT infrastructures promises huge efficiencies, cost savings and opportunities; but it is not without risk. OT was primarily built to run all types of manufacturing & critical infrastructure processes while IT was built to store, transmit and manipulate data in order to conduct business. The two worlds could not be more different in purpose or design; and this can expose even the most secure organizations to new types of cyber threats. In this session we will discuss the current challenges we face in the drive to convergence and how to secure your industrial or critical infrastructure organization from the clear and present threat. Speaker(s) Michael Rothschild, Indegy Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1066.pdf?podcast=1577146206 Product: Splunk Enterprise Security, Splunk for Industrial IoT Track: Internet of Things Level: Advanced

speaker cybersecurity ot internet of things slides splunk converging industrial iot level advanced splunk enterprise security track internet product splunk enterprise security
Splunk [IT Service Intelligence] 2019 .conf Videos w/ Slides
Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

Splunk [IT Service Intelligence] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole. Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146242 Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data evil conference videos streaming fraud phantom compliance slides differentiating abnormal splunk benign carbon black mitre att rick mcelroy level good splunk enterprise security splunk it service intelligence track security product splunk enterprise security
Splunk [Phantom] 2019 .conf Videos w/ Slides
What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146240 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk [Phantom] 2019 .conf Videos w/ Slides
Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

speaker data conference videos streaming fraud investigation phantom compliance generate automated detection slides obtaining splunk cim research engineer level advanced splunk enterprise security track security product splunk enterprise security splunk user behavior analytics
Splunk [Phantom] 2019 .conf Videos w/ Slides
Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

speaker data conference defense videos streaming threats fraud researchers deception phantom compliance proactive automated slides ai ml splunk emulation sandia national laboratories level intermediate splunk enterprise security splunk machine learning toolkit track security product splunk enterprise security
Splunk [Phantom] 2019 .conf Videos w/ Slides
Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data conference security videos streaming fraud investigation phantom compliance step up detection slides maturing defenses soc splunk jose hernandez security researcher bhavin patel level good splunk enterprise security track security product splunk enterprise security splunk phantom splunk user behavior analytics
Splunk [Phantom] 2019 .conf Videos w/ Slides
Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker data conference videos scary streaming spooky intelligence fraud hunting phantom organizations compliance ey slides splunk level good splunk enterprise security track security product splunk enterprise security splunk phantom
Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides
What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels