Podcasts about splunk enterprise security

During the earnings call, Cisco Systems acknowledged the competitive landscape in cybersecurity and observability, as evidenced by Palo Alto Networks' acquisition of Exabeam. However, Cisco highlighted its strategic strengths in these areas, emphasizing the value of an integrated, unified platform for end-to-end security and insightful solutions.The company stated its focus on the immediate integration of its XDR (Extended Detection and Response) solution with Splunk Enterprise Security, showcasing its commitment to harnessing the combined strengths of Cisco and Splunk. This integration represents progress in developing seamless product alliances, innovative solutions, and robust go-to-market strategies.Furthermore, Cisco has integrated AI capabilities into its cybersecurity offerings, such as Cisco Hypershield, to differentiate itself from competitors relying on standalone products. The company asserted that embedding security within the network fabric provides a unique and significant market differentiation.Cisco's strategic emphasis on integration, AI capabilities, and unified platforms in cybersecurity and observability positions the company to leverage market opportunities and address evolving industry challenges effectively.Navigating Macroeconomic Challenges and Sector-Specific DynamicsWhile Cisco experienced revenue declines in its core networking business due to inventory implementations, its security and observability segments saw growth driven by innovations and the integration of Splunk. The company acknowledged the ongoing macroeconomic challenges, particularly in the telco and cable segments, although some stabilization was noted in the Webscale sector.Cisco's CEO, Chuck Robbins, stated, "So from a macro perspective, what I would say is that ironically, we saw the quarter actually slow -- showed slight improvement as we move through the quarter." The company's strong cash flow and strategic investments in AI, security, and the Splunk integration position it well for future growth, despite these headwinds.Balancing Growth Opportunities and Competitive PressuresCisco Systems reported mixed financial results, with revenues for Q3 down 13% year-over-year at $12.7 billion, primarily due to reduced product revenue. However, service revenue saw a 6% uptick, and the recent acquisition of Splunk added $413 million post-close, boosting annualized recurring revenue to $29.2 billion. Gross margins remained strong at 68.3%, and operating margins stayed steady.While the company faced declines in its core networking business, key customer sectors like data center and campus switching, security, and collaboration witnessed order increases. Capital returns to shareholders amounted to a robust $2.9 billion in Q3.Moving forward, Cisco Systems must navigate the competitive waters while capitalizing on growth opportunities in cybersecurity and observability. The company's strategic focus on integration, AI capabilities, and unified platforms positions it to address evolving industry challenges and leverage market opportunities effectively. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit theearningscall.substack.com

In this podcast, join Anne and her expert panel of security strategists as they analyse how organisations can plan to achieve security maturity with Splunk. The panel shares their insights on the importance of proactive security maturity planning and offers guidance on avoiding common mistakes when implementing Splunk for security.Featuring Matthias Maier, EMEA Director of Product Marketing at Splunk, the panel also explore how Splunk can assist in improving threat detection capabilities, reducing the risk of security breaches, and how Splunk can help organisations to achieve their security objectives.➡️ Have any questions for Ben at Somerford? https://www.somerfordassociates.com/about-us/➡️ Want to attend Splunk's upcoming user conference?https://conf.splunk.com/━━━━▶ Listen on Spotify: https://open.spotify.com/show/00soJ9kAQuVCh9EBRHOGzJ▶ Listen on Google Podcasts: https://podcasts.google.com/?feed=aHR0cHM6Ly9mZWVkcy5idXp6c3Byb3V0LmNvbS8xMDkyNTAwLnJzcw==▶ Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/the-somerford-podcast/id1515273563?uo=4♫ Background Music (Planeteer Reaction) Written by Bryan Teoh#Splunk #splunksecurity #securityoperations━━━━✓ Learn more about Somerford on our website:https://www.somerfordassociates.com/✓ View our complimentary partner discovery webinars and workshops:https://www.somerfordassociates.com/events/✓ Keep notified of news & announcements on Linkedin:https://www.linkedin.com/company/somerford-associates-limited/✓ Contact Somerford for more information regarding this video:https://www.somerfordassociates.com/contact-us/

Today I will discuss: 1. What are the security requirements of a company? 2. How does Splunk Enterprise Security work? 3. What are the main features of Splunk Enterprise Security? Watch

Endpoint security is more than detecting malware.  Most insider threats, however, don’t involve malware, but other security issues associated with the user and endpoint.  Learn how Cisco’s own InfoSec team uses Cisco Endpoint Security Analytics Built on Splunk and Cisco NGFW integration to increase its endpoint security and threat visibility. Speaker(s) Scott Pope, Cisco Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2899.pdf?podcast=1577146216 Product: Splunk Cloud, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

Today SOCs are in desperate need of a different alerting approach. Texas Instruments (TI) decided to transform its SOC by using risk-based alerting to generate fewer, higher fidelity alerts, and by aligning to the MITRE ATT&CK™ framework, which provides more situational awareness to analysts. This risk-based approach reduces false positives and the situational numbness associated with the legacy whitelisting process. Splunk and TI will walk you through TI's SOC successes as it transitioned to risk-based alerting. TI will detail a few real-life risk-based rule examples, discuss learning curves to fast track your transition, and discuss how MITRE ATT&CK™ fits in with this approach. After this session, you will have the foundation to embark on your risk-based alerting journey, allowing you to increase detection mechanisms, increase your coverage of the ATT&CK™ techniques, and improve the overall effectiveness of your SOC. Speaker(s) Jim Apger, Staff Security Architect, Splunk Jimi Mills, Security Operations Center Manager, Texas Instruments Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1803.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

After breaches, incident response teams often end up with an overwhelming amount of forensic evidence data, including disk images, memory captures, PCAP, and more. We'll show you how one of our IR/forensics teams is ingesting this data into Splunk to answer the who, what, where, when and why of breaches. Our presentation will show you how to use Splunk Enterprise and Splunk Enterprise Security for Incident Response (IR) workflow tracking and reporting on multi-source forensic data captures. Speaker(s) Josh Wilson, Consulting Engineer, August Schell Dave Martin, Supervisory Special Agent, Federal Bureau of Investigation Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1796.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

The Census is the nation’s largest peacetime mobilization effort and determines congressional representation. Census data is used by businesses, governments and civic organizations to inform decision-making and this year the Census is going mobile and online for the first time. This means that security is a top priority in ensuring the success of the 2020 Decennial. This segment of the conference will explore security related topics to include vulnerabilities, scalability and performance, with a special focus on Data Privacy, Compliance and Reputational Threat Management. If all things data and IT Security excite you, then this session is for you. Census executives Atri Kalluri and Zack Schwartz will provide a behind the scenes overview of the systems supporting the 2020 Decennial, including Splunk, and real world case studies on how the Census Bureau is adopting best practices across IT security and social media monitoring to ensure the security of respondent data. Speaker(s) Atri Kalluri, Senior Advocate, Response Security and Data Integrity, U.S. Census Bureau Zack Scwhartz, IT Program Manager, U.S. Census Bureau Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2638.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Last year, after our outrageously successful talk "Pull Up Your SOCs: A Splunk Primer on Building or Rebuilding your Security Operations", we wanted to revisit this topic to cover changes in Security Operations that have taken place over the last 12 months. Whether you’re starting from scratch or rebuilding your security program, the first twelve months of standing up your security operations is absolutely critical to success. Speaker(s) Dimitri McKay, Staff Security Architect | Jedi Master, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2186.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

As the types of devices and applications used in IT organizations increase exponentially, scaling the analytics-driven SOC becomes even more imperative. In this session Splunk Professional Services will help you learn from its past experiences architecting Splunk Enterprise Security environments for scale into the terabytes per day. We will share technical details on improvements to search technology and Data Model Acceleration in Splunk Enterprise that will help you increase performance and decrease total cost of ownership. We will also take a deep dive under-the-hood into Splunk Enterprise Security Frameworks in which you should make special considerations for high volume.  Finally, we'll share important metrics on how to monitor the ongoing health of your Enterprise Security deployment, ensuring you stay on track over time, even in periods of rapid growth. Speaker(s) Marquis Montgomery, Principal Security Architect, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2120.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Whether you have just SSE or all of Splunk's Premium Products, you can benefit from the ton of Security Content that Splunk produces. We'll start this session by setting a quick baseline on all of the fantastic detections that Security Essentials has had in the past, and then jump into the new prescriptive guides, MITRE ATT&CK™ integration, Auto-Dashboard-Magic, and all the related functionality that will help you plan your usage of any/all of Splunk's security products. We'll present all this information through the lens of helping you get the best possible detections deployed with the least amount of effort. Speaker(s) David Veuve, Principal Security Strategist, Splunk Johan Bjerke, Principal Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2013.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Good for all skill levels

We will share experiences and best practices for implementing notable events, the various Splunk Enterprise Security frameworks, and adaptive response actions, and we'll share our approach for building a program to consistently develop, measure, and iterate on correlation searches. We will discuss how to integrate lessons learned from incidents, red team engagements, threat intelligence, threat hunting, and requirements from business units into the program. Example tactics we'll cover include leveraging low-fidelity detections to develop higher-fidelity and higher-value ones, managing detection content simply and easily through macros, and building a formula to assess the efficacy of your detection content. Speaker(s) Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1674.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels

Winston Churchill once said, “Success is not final, failure is not fatal: it is the courage to continue that counts." Then again, Churchill wasn’t in cybersecurity...While our successes are certainly never final, our failures can absolutely be fatal—to a company and our continued employment. What's a good way to actually measure success and failure, though, outside of not appearing on the front page of the paper? Well, as CrowdStrike notes, you have on average one minute to detect an attack in progress, ten minutes to understand it, and sixty minutes to contain it. We will show how to use this 1-10-60 Rule as a measuring metric and leverage the data and capabilities within Splunk and its ecosystem to ensure that we win the survival of the fastest. Speaker(s) Wissam Ali-Ahmad, Lead Solutions Architect, Splunk Tim Sullivan, Global Senior Strategic Solutions Architect, CrowdStrike Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1573.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

We've run a risk-based approach with our security alerts for over a year, and we're excited to review our progress with you. We'll discuss how we increased the number of behavioral indicators by 300% while reducing our alerts by 50%. We'll also discuss how we expanded our risk approach to handle on premise and cloud environments within the same framework, which yielded a single alerting mechanism that leverages all of our data enrichment. We'll also share the roadmap for our risk-based approach, which incorporates risk rules that utilize algorithms to identify risks not discovered by traditional detection approaches. Speaker(s) Stuart McIntosh, Threat Intelligence, Outpost Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1908.pdf?podcast=1577146216 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

Nick Hayes, VP of Strategy at IntSights, will take you on a tour of the dark web and explain how CISOs can successfully implement a dark web intelligence strategy to neutralize threats outside the wire and at the earliest stages of the cyber kill chain. Now equipped with IntSights External Threat Intelligence, learn how you can take advantage of it through seamless integrations with your Splunk SIEM and Phantom toolsets. Enrich your threat data with internal network security observables, expedite incident reviews and prioritization, and automate your threat prevention and response with SOAR and integrated playbooks. Speaker(s) Nick Hayes, IntSights Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2887.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

This presentation will discuss how Security Operation Centers (SOCs) will need to change to meet the cybersecurity challenges of the 2020s. The speaker will draw on his experience as a founder of the first SOC-as-a-Service company that delivers managed security services using Splunk. Most industry analysts envision that the next generation of SOCs will leverage AI, Big Data, and the Cloud, but how far can automation take us and is the concept of an autonomous SOC really practical? How will the SOC of the Future address the global shortage of cyber professionals? How will the role of security analysts need to change? Will the SOC of the Future still need to be housed in dedicated physical facilities? The speaker will provide a blueprint of Proficio’s vision of the SOC of the Future using Splunk and provide a playbook for IT leaders and aspiring IT leaders on how to drive continuous improvement in productivity and measurable outcomes. Speaker(s) Brad Taylor, Proficio Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2839.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Good for all skill levels

Most of us have had (or still have) nightmares about an alert that someone's exfltrating data from our organization. We've lived that nightmare at Harris, and we've learned from it. In this session, we'll discuss how we used red and purple teaming to improve our security posture post-breach. Learn from our experience so that you can strengthen your team's alerting, staff comptency, and policies, and reduce the risk of a breach at your company. Speaker(s) Nate Piquette, Sr. Detection & Response Engineer, L3Harris Technologies Adam Parsons, Sr. Detection & Response Engineer, L3Harris Technologies Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1375.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using Splunk and RFC’s like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. A precondition is access to the DNS logging. By means of this technique, insight can be obtained where the phishing e-mails are sent from and to whom the phishing e-mails are sent. In this talk we will start by explaining which standards are available to increase e-mail security and how we have build an app in Splunk, including dashboard and a wizard to create the necessary DNS records to gain insight information about the abuse of our domains. Speaker(s) Karl Lovink, Lead Security Operations Center, Dutch Tax and Customs Administration Arnold Holzel, Senior Security Consultant, SMT Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1106.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

We helped our client use Splunk to disrupt theft rings plaguing its retail stores. We'll present how we took in public wifi data, tracked MAC addresses that appeared in multiple stores, and ultimately created a system in Splunk that alerted in-store loss prevention teams when individuals likely to be involved in theft rings entered the store. We'll go over the steps taken to operationalize our theft deterrence program so that you can adopt it in your organization or modify it to fit your needs. Speaker(s) Nic Haag, Splunk Professional Services Consultant, Aditum Partners Logan Foshee, Threat Analyst, Lowe's Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1336.pdf?podcast=1577146216 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

This session will give you the tools to tackle compliance with Splunk Enterprise Security. The session will showcase why you might want to grant different compliance views to your teams based on the compliance standard they are responsible for adhering to, and how to do so. We'll also cover how to present the compliance standards that a notable event relates to and how to grant your compliance officers visibility into only the notable events that are relevant to them. Speaker(s) Jason Timlin, Professional Services, Splunk Darren Dance, Staff PS Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1852.pdf?podcast=1577146215 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk User Behavior Analytics (UBA) contains the largest library of unsupervised machine learning in the market. In this session we'll show how to analyze data from both cloud and on-premises data sources in both types of deployment (cloud/on-premises) to convey the unique benefits of Splunk UBA. We'll discuss real world examples that showcase the importance of using UBA and all other tools at your disposal for day-to-day threat hunting. Specifically, we'll show how to use Splunk Enterprise, Splunk Enterprise Security, and Splunk UBA together to hunt and detect anomalies that can reveal significant threats. We'll wrap up with best and worst practices from deployments seen throughout the world. Speaker(s) Tom Smit, Staff Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1248.pdf?podcast=1577146214 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146214 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

When is a 20MB email to an external Gmail account dangerous? It all depends on context. Understanding what normal behavior is will reveal whether specific behavior is malicious or ordinary. We’ll walk you through how using Splunk’s Machine Learning Toolkit and Splunk Enterprise Security together provides actionable insight for analysts to improve security. We'll also detail how we caught insider threats in our environment with these tools. Speaker(s) Karthik Subramanian, Principal Senior Cybersecurity Engineer, SAIC Tyler Williams, Cybersecurity Data Analyst, SAIC Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1305.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Advanced

In this session we will discuss using Splunk to detect a range of Linux-based adversary techniques from MITRE’s ATT&CK™ framework. We will also demonstrate how event sequencing can be used to map a path through the ATT&CK™ matrix and improve overall detection fidelity. We will provide auditd configuration suggestions for Linux endpoints to support greater coverage. Speaker(s) Doug Brown, Senior Information Security Analyst, Red Hat Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1156.pdf?podcast=1577146214 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Advanced

Do you love the idea of the MITRE ATT&CK™ framework, but you’re not sure how to use it in your Splunk-centric security program? This talk will teach you practical ways to use the framework in your own organization and the Splunk security tools that will help you do so. We'll start the talk by identifying an adversary and some of their known techniques, and then we'll show how to choose an appropriate set of detections and how to test whether those detections are working as expected. You'll leave the talk better able to take advantage of threat intelligence, cover the right set of ATT&CK™ tactics and adversary groups, and eliminate organizational blind spots. Speaker(s) BOTSFATHER Kovar, Principal Security Strategist, Splunk John Stoner, Principal Security Strategist, Splunk Dave Herrald, Principal Security Strategist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1927.pdf?podcast=1577146214 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Beginner

We developed an automation framework that classifies and mitigates emails reported to the SOC. The framework acts as an engine that consumes multiple data sources, including a supervised machine learning model and a risk scoring algorithm to assess with high confidence if an email is phishing, spam, or benign. We will discuss the benefits of our approach to phishing mitigation, such as enhancing our SOC's ability to automatically identify, prioritize, and mitigate malicious phishing attempts against employees before any damage is done. The session will outline the overall design of the framework, detail the primary components that are used within Splunk Phantom and Splunk Enterprise Security, and will outline the supervised machine learning model that we trained to aide the automation engine. Speaker(s) Mackenzie Kyle, Manager - Cybersecurity Operations Center, JPMorgan Chase Benji Arnold, Sr. Security Analyst , JPMorgan Chase Dennis Rhodes, Sr. Security Analyst, JPMorgan Chase Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1128.pdf?podcast=1577146214 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Prevention and detection solutions are vital to maintain a healthy network but not sufficient.When a security incident occurs, the ability to investigate rapidly and recover is crucial but is manually intensive, especially when dealing with networks spanning on premise, public, and private cloud environments.Once an incident is detected, then what?Learn how RedSeal integrates within Splunk Enterprise Security and Phantom framework to provide you with immediate answers to burning questions. Speaker(s) Noam Syrkin, Sr. Technical Marketing Engineer, RedSeal Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2841.pdf?podcast=1577146214 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

So you have a SIEM with security data, e.g. firewalls, proxy, endpoint data, etc. Now what? How do you effectively operationalize your investment? This session provides recipes, principles, patterns, and strategies for using Splunk and data-driven analytics to move your security monitoring and compliance effectiveness up the maturity curve. This session will cover how to identify key mixes of data sources, core OOTB content to use, and how to layer capabilities aligned with your maturity. We will help you go beyond the endless alerts and investigations and start creating value by reducing the impact of potential security events. We're excited to show you that there's no need for a PhD in security assurance and operations—just Splunk and a solid plan. Speaker(s) Paul Davilar, Security Consultant, Splunk Paul Pelletier, Sr. Security Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1391.pdf?podcast=1577146214 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Advanced attackers that live off your land add insult to what can be very serious injury. In this session we'll show you how to use behavioral analysis to identify advanced attackers that evade traditional signature-based detection methods. We do so in our organization by using Splunk to combine insights from traditional data sources to detect activity across multiple phases of the MITRE ATT&CK™ framework. We'll focus on how to build queries  tune them for your environment, and start catching these threat actors with behavioral detections as soon as you get back from .conf. Speaker(s) Haylee Mills, Security Engineer, Charles Schwab Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1556.pdf?podcast=1577146214 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Where did you come up with the idea for your last use case? Traditional approaches to use case ideation focus on identifying new use cases based on the data already available to the security operations center. However, the threat landscape is constantly changing, and attackers are constantly getting more sophisticated. To detect these advanced threats, our use cases must be based on both business and threat context. In this session, we will share our approach to building innovative use cases based on real-world threats. Starting with industry-specific threat intelligence, we identify the threat actors and their specific tactics, techniques, and procedures. With these insights, we identify use cases relevant to the business, map them to both existing and new data sources, and prioritize implementation based on the specific threats. Speaker(s) John Rubey, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2797.pdf?podcast=1577146214 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

In this session, we tackle data breaches and information exfiltration from cloud file stores. Beyond the attacks that make headlines and result in millions of stolen personal records, we will also focus on the far less publicized risks related to exposure of intellectual property, infrastructure details or finances. We will share our experience in building a defensive strategy that now detects highly-covert exfiltration attempts.To this end, we first shed a lot of light on how companies use general-purpose file stores, such as Box, Office365 or Google Drive. We cover the types of files that commonly get stored in the cloud, file sharing practices, access properties, as well as uses of cloud stores by various departments. There are a lot of unexpected insights which eventually invalidate common security assumptions.As the boundary between good and bad gets blurred, we will provide you with a peek into how to design an effective data-driven defense. This approach helped us hone our detection to just tens of validly suspicious exfiltration files in a massive cloud store. Speaker(s) Stanislav Miskovic, Security Data Science, Splunk Ignacio Bermudez Corrales, Senior Data Scientist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2083.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Advanced

Malware infection, lateral movement, data exfiltration, oh my! If you’ve spent any time around the wizarding world of security, you know how much effort goes into preventing dark magic from happening. What if you could use machine learning to stay one step ahead of the adversary? Fasten your seatbelts, because in this talk we will show you how Splunk can utilize machine learning models to take your security detections to the next level. We’ll demonstrate how Splunk's Machine Learning Toolkit can be used to train, validate, and then deploy models to identify anomalies and discover clusters of bad behavior via user-friendly guided workflows—all this while training your models with more data then you’ve ever been able to before. Prepare to leave Las Vegas equipped to incorporate machine learning in your organization’s security detections and jump from reactive to proactive. Mischief managed! Speaker(s) Melisa Napoles, Sales Engineer, Splunk Erika Strano, Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2129.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels

Ever wondered how to integrate or scale Splunk Enterprise Security (ES) and Splunk Phantom? Join us as we explore best practices involved in setting up clustered environments for ES and Phantom that yield a highly available and scalable security platform. You will leave this session better able to create scalable ES and Phantom deployments, tools, commands, cheat sheets, and troubleshooting methods at your own organizations. Speaker(s) Mayur Pipaliya, Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2233.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole. Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

This is one of multiple sessions in a series at .conf this year focused on getting valuable intel and insights from your Azure and Office 365 environments. Throw on your hoodie and join Ryan as we Splunk our way through all things Azure, Office365, security, compliance, and visibility in the Microsoft-as-a-Service world. Speaker(s) Ry Lait, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1432.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk's Incident Management Framework is used extensively in support of the notable event creation, and it serves as a bridge that associates the Risk, Asset & Identity, and Threat frameworks together. In this session we will discuss how incident management functions, what occurs behind the scenes to prepare events that are correlated, and how to present correlated events to analysts. Attendees will leave this talk with a greater understanding of the Incident Management Framework and methods to work more effectively with it within Splunk Enterprise Security. Speaker(s) John Stoner, Principal Security Strategist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1544.pdf?podcast=1577146215 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Good for all skill levels

20+ million subscribers, 290PB network traffic daily, and tens of millions of IoT, IPTV and ICT devices—a bigger network means more attacks from all over the world. Learn how SK Broadband, the biggest telco/ISP provider in South Korea, leverages Splunk Enterprise Security (ES) to protect their subscribers from countless DDoS and malware attacks. We will cover detailed use cases for analyzing a high volume of data—500 million security events over 7 billion logs per day—as well as how we met a high bar of operational efficiency by customizing our ES deployment. Speaker(s) Daesoo Choi, Senior Sales Engineer, Splunk Kyoung Geun Lee, SoC Senior Manager, SK Broadband Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2274.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit Track: Security, Compliance and Fraud Level: Intermediate

Risk-based alerting is gaining traction in the SOC: by using multiple-lower fidelity searches to yield higher-fidelity investigations, it allows analysts to rapidly prioritize investigations, correlate “risk objects” between alerts, identify gaps in monitoring, and generally understand attack narratives. We'll discuss the first steps needed to transition from the traditional one-to-one ticket investigation model to this holistic approach, i.e. how risk-based alerting works, a description of prerequisites, and dashboard optimization. We will also discuss how to start building a comprehensive search inventory based on Splunk analytics, MITRE, and your own threat intelligence. Speaker(s) Bryan Turner, IT Security Analyst, Publix Super Markets Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1538.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Attackers are increasingly using a 'living off the land' approach, often using crypto mining malware, EternalBlue, timing, or other attacks that leverage the Windows Management Instrumentation Command Line. These attacks typically don't generate any events via conventional Sysmon and PowerShell, so even if you're pulling in those logs you likely won't see them. Join this session to learn how to detect and protect your organization from these advanced WMI-based attacks. Speaker(s) Ryan Becwar, Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1550.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Want to scale Splunk Enterprise Security to 100TB/day? We've done it! In Splunk labs, we built workloads that closely simulate our customers' usage patterns, and we scaled beyond a 100TB per day ingest rate with search head clustering. In this session we'll share key aspects of our Splunk Enterprise Security workload design: diverse source types, major data models, search scenarios, data enrichment, and hardware choices for search head and indexer. We will also share how different configurations impact search performance and how to tune Splunk Enterprise Security effectively with parameters such as max_searches_per_cpu, acceleration.max_concurrent, allow_skew, and maxBundleSize to name a few. Come see how we scaled to large volumes while efficiently utilizing hardware capacity for maximum performance. Speaker(s) Devendra Badhani, Sr Engineering Manager, Splunk Jesse Chen, Principal Performance Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1554.pdf?podcast=1577146215 Product: Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

You finally got Authority To Operate (ATO) in the Cloud, and you're feeling the budgetary and political pressure to transition your workloads to AWS. But how do you actually transition a workload securely? This session covers the essentials of using Splunk to quickly increase your security posture and awareness in the Cloud. Learn from our experiences and leave with more confidence that you're asking smart questions of your data, monitoring and alerting on the right things, assigning responsibilities to your team appropriately, and have an actionable security plan in place to protect your Cloud assets. Speaker(s) Patrick Shumate, Solutions Architect, Splunk Stephen Alexander, Sr. Solutions Architect , Amazon Web Services Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1518.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Cloud, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Beginner

How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Are your analysts spending too much time clearing through notable events? Ours were too, but today our analysts are living the dream: they have all the details they want right there on the Incident Review screen, all while our alerts fine-tune themselves (with workflow action human input). Come and see how we achieved Incident Review Screen 2.0. by using Splunk's Machine Learning Toolkit to transition to smarter correlation searches. Speaker(s) Lukasz Antoniak, Cyber Detection Crafting Chief, Viasat Ryan Rake, Viasat Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1673.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

“You should be looking at Indicators of Compromise!” exclaims your CISO, regulator, vendor, and mom. No problem, right? You have the most expensive security intelligence vendor and all you have to do is correlate in your expensive SIEM. If you've tried this, then you are laughing with me. Come hear my exploration into implementing IOCs at a major US insurance company and a major US bank. I’ll address the differences between Indicators of Compromise vs Indicators of Attack, and I will show you how not to use the MITRE ATT&CK™ framework, plus some tips on how it use it well. My goal is to save you from falling into the same pitfalls when dealing with Indicators of Crap. Speaker(s) Xavier Ashe, VP, Security Engineering, SunTrust Banks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1111.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security Track: Security, Compliance and Fraud Level: Intermediate

Threat hunting is hard, and threat hunting in an enterprise network with thousands of endpoints is even harder. We will demonstrate how we leveraged Splunk Enterprise to build an Advanced Threat Hunting platform designed for large scale threat hunting of 100,000 or more endpoints. Using Splunk Enterprise allows us to combine analytics, data enrichment, and custom workflows to display in one platform the most important data to analysts. Our threat hunting platform addresses the challenges of data retention and collection, high false positive rates, and analyst fatigue, all while lowering the time to detection of malicious incidents and improving the efficiency of enterprise SOC operations. Speaker(s) Dan Rossell, Analyst, Booz Allen Hamilton Ashleigh Moriarty, Lead Technologist, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1071.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit Track: Security, Compliance and Fraud Level: Intermediate