Podcasts about splunk phantom

In this podcast, join Anne and her expert panel of security strategists as they analyse how organisations can plan to achieve security maturity with Splunk. The panel shares their insights on the importance of proactive security maturity planning and offers guidance on avoiding common mistakes when implementing Splunk for security.Featuring Matthias Maier, EMEA Director of Product Marketing at Splunk, the panel also explore how Splunk can assist in improving threat detection capabilities, reducing the risk of security breaches, and how Splunk can help organisations to achieve their security objectives.➡️ Have any questions for Ben at Somerford? https://www.somerfordassociates.com/about-us/➡️ Want to attend Splunk's upcoming user conference?https://conf.splunk.com/━━━━▶ Listen on Spotify: https://open.spotify.com/show/00soJ9kAQuVCh9EBRHOGzJ▶ Listen on Google Podcasts: https://podcasts.google.com/?feed=aHR0cHM6Ly9mZWVkcy5idXp6c3Byb3V0LmNvbS8xMDkyNTAwLnJzcw==▶ Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/the-somerford-podcast/id1515273563?uo=4♫ Background Music (Planeteer Reaction) Written by Bryan Teoh#Splunk #splunksecurity #securityoperations━━━━✓ Learn more about Somerford on our website:https://www.somerfordassociates.com/✓ View our complimentary partner discovery webinars and workshops:https://www.somerfordassociates.com/events/✓ Keep notified of news & announcements on Linkedin:https://www.linkedin.com/company/somerford-associates-limited/✓ Contact Somerford for more information regarding this video:https://www.somerfordassociates.com/contact-us/

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146223 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Manual sorting through spreadsheets, disparate applications, and scattered data sources to conduct link analysis for a fraud investigation is both painful and ineffective. There must be a better way, right? In this session we'll use Splunk Enterprise and Splunk Phantom to automate repeatable fraud investigation tasks, which will save your team time and better protect your assets from the bad guys. Speaker(s) Matthew Joseff, Director of Specialists - North Asia and Japan, Splunk Abhishek Dujari, Security Specialist, APAC, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1104.pdf?podcast=1577146252 Product: Splunk Enterprise, Splunk Cloud, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146235 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146234 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146234 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

You've probably heard examples of Splunk Phantom automating 90% of Tier 1 processes, but did you know that Phantom improves human-lead processes too? Come learn about the hidden value of validation and utility playbooks from Penn State University’s Enterprise Security Manager and Splunk’s Lead Technologist for Higher Education. Validation playbooks are automated tests run to validate a human judgement or request. Utility playbooks are short easy-to-create playbooks in Phantom that an analyst  runs during an investigation.  We’ll cover when to use validation and utility playbooks, how to get started creating them, and ideas for other playbooks you can use to improve your daily operations. Speaker(s) Craig Vincent, Lead Technologist,SLED, Splunk Chris Decker, Enterprise Security Manager, Penn State University Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2205.pdf?podcast=1577146223 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Ever wondered how to integrate or scale Splunk Enterprise Security (ES) and Splunk Phantom? Join us as we explore best practices involved in setting up clustered environments for ES and Phantom that yield a highly available and scalable security platform. You will leave this session better able to create scalable ES and Phantom deployments, tools, commands, cheat sheets, and troubleshooting methods at your own organizations. Speaker(s) Mayur Pipaliya, Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2233.pdf?podcast=1577146233 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

We developed an automation framework that classifies and mitigates emails reported to the SOC. The framework acts as an engine that consumes multiple data sources, including a supervised machine learning model and a risk scoring algorithm to assess with high confidence if an email is phishing, spam, or benign. We will discuss the benefits of our approach to phishing mitigation, such as enhancing our SOC's ability to automatically identify, prioritize, and mitigate malicious phishing attempts against employees before any damage is done. The session will outline the overall design of the framework, detail the primary components that are used within Splunk Phantom and Splunk Enterprise Security, and will outline the supervised machine learning model that we trained to aide the automation engine. Speaker(s) Mackenzie Kyle, Manager - Cybersecurity Operations Center, JPMorgan Chase Benji Arnold, Sr. Security Analyst , JPMorgan Chase Dennis Rhodes, Sr. Security Analyst, JPMorgan Chase Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1128.pdf?podcast=1577146233 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146233 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Learn from our experience implementing Splunk Phantom so that you can speed up your automation journey. We'll examine key decisions we made with our implementation and the good and the bad that resulted. We'll also cover our automation efforts in event triage, incident response and everything in between, with walkthroughs of our top playbooks. Additionally, we'll present how we tackled Splunk alert ingestion and what Phantom could look like in a cloud-first deployment. Speaker(s) John Murphy, Security Analyst, NAB Chris Hanlen, Lead Cyber Security Specialist, NAB Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1506.pdf?podcast=1577146229 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146229 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146229 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

We developed an automation framework that classifies and mitigates emails reported to the SOC. The framework acts as an engine that consumes multiple data sources, including a supervised machine learning model and a risk scoring algorithm to assess with high confidence if an email is phishing, spam, or benign. We will discuss the benefits of our approach to phishing mitigation, such as enhancing our SOC's ability to automatically identify, prioritize, and mitigate malicious phishing attempts against employees before any damage is done. The session will outline the overall design of the framework, detail the primary components that are used within Splunk Phantom and Splunk Enterprise Security, and will outline the supervised machine learning model that we trained to aide the automation engine. Speaker(s) Mackenzie Kyle, Manager - Cybersecurity Operations Center, JPMorgan Chase Benji Arnold, Sr. Security Analyst , JPMorgan Chase Dennis Rhodes, Sr. Security Analyst, JPMorgan Chase Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1128.pdf?podcast=1577146223 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Incident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts. Speaker(s) Mark Cooke, Staff Incident Responder, GE Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1577146223 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Ever wondered how to integrate or scale Splunk Enterprise Security (ES) and Splunk Phantom? Join us as we explore best practices involved in setting up clustered environments for ES and Phantom that yield a highly available and scalable security platform. You will leave this session better able to create scalable ES and Phantom deployments, tools, commands, cheat sheets, and troubleshooting methods at your own organizations. Speaker(s) Mayur Pipaliya, Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2233.pdf?podcast=1577146228 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146258 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146226 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

This session will give you a comprehensive look into automating the investigation and remediation of AWS security events using Splunk Phantom. The session will start with an overview and then progress to a live technical walkthrough of setting up Phantom to remediate an AWS security event. Speaker(s) Matt Tichenor, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2187.pdf?podcast=1577146225 Product: Phantom Track: Security, Compliance and Fraud Level: Intermediate

Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146225 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility. Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146225 Product: Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Learn from our experience implementing Splunk Phantom so that you can speed up your automation journey. We'll examine key decisions we made with our implementation and the good and the bad that resulted. We'll also cover our automation efforts in event triage, incident response and everything in between, with walkthroughs of our top playbooks. Additionally, we'll present how we tackled Splunk alert ingestion and what Phantom could look like in a cloud-first deployment. Speaker(s) John Murphy, Security Analyst, NAB Chris Hanlen, Lead Cyber Security Specialist, NAB Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1506.pdf?podcast=1577146225 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Ever wondered how to integrate or scale Splunk Enterprise Security (ES) and Splunk Phantom? Join us as we explore best practices involved in setting up clustered environments for ES and Phantom that yield a highly available and scalable security platform. You will leave this session better able to create scalable ES and Phantom deployments, tools, commands, cheat sheets, and troubleshooting methods at your own organizations. Speaker(s) Mayur Pipaliya, Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2233.pdf?podcast=1577146224 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146225 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146224 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146224 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Want to learn more about Splunk Phantom's platform architecture? Join us in this session for an in-depth technical review of all key processes, including ingestion, automation, action execution, health monitoring, the data store, and more. This session will give experienced users a much deeper understanding of the technology behind Splunk’s SOAR (Security Orchestration Automation & Response) platform. Speaker(s) Sourabh Sourabh, VP & Distinguished Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1709.pdf?podcast=1577146224 Product: Phantom Track: Security, Compliance and Fraud Level: Advanced

Manual sorting through spreadsheets, disparate applications, and scattered data sources to conduct link analysis for a fraud investigation is both painful and ineffective. There must be a better way, right? In this session we'll use Splunk Enterprise and Splunk Phantom to automate repeatable fraud investigation tasks, which will save your team time and better protect your assets from the bad guys. Speaker(s) Matthew Joseff, Director of Specialists - North Asia and Japan, Splunk Abhishek Dujari, Security Specialist, APAC, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1104.pdf?podcast=1577146224 Product: Splunk Enterprise, Splunk Cloud, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Whether you're a new or experienced Splunk Phantom user, you'll learn from the high-value, often overlooked features we discuss in this session. We'll showcase some of Phantom's most overlooked valuable features, as well as experienced users' top ranked features. Join us to learn more about how you can optimize your use of Splunk’s SOAR (Security Orchestration Automation & Response) platform. Speaker(s) Phil Royer, Research Engineer, Splunk Kavita Varadarajan, Product Manager - Phantom, Splunk Sam Hays, Sr. Technical Community Manager , Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1705.pdf?podcast=1577146224 Product: Phantom Track: Security, Compliance and Fraud Level: Intermediate

Manual sorting through spreadsheets, disparate applications, and scattered data sources to conduct link analysis for a fraud investigation is both painful and ineffective. There must be a better way, right? In this session we'll use Splunk Enterprise and Splunk Phantom to automate repeatable fraud investigation tasks, which will save your team time and better protect your assets from the bad guys. Speaker(s) Matthew Joseff, Director of Specialists - North Asia and Japan, Splunk Abhishek Dujari, Security Specialist, APAC, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1104.pdf?podcast=1577146229 Product: Splunk Enterprise, Splunk Cloud, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146214 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

We developed an automation framework that classifies and mitigates emails reported to the SOC. The framework acts as an engine that consumes multiple data sources, including a supervised machine learning model and a risk scoring algorithm to assess with high confidence if an email is phishing, spam, or benign. We will discuss the benefits of our approach to phishing mitigation, such as enhancing our SOC's ability to automatically identify, prioritize, and mitigate malicious phishing attempts against employees before any damage is done. The session will outline the overall design of the framework, detail the primary components that are used within Splunk Phantom and Splunk Enterprise Security, and will outline the supervised machine learning model that we trained to aide the automation engine. Speaker(s) Mackenzie Kyle, Manager - Cybersecurity Operations Center, JPMorgan Chase Benji Arnold, Sr. Security Analyst , JPMorgan Chase Dennis Rhodes, Sr. Security Analyst, JPMorgan Chase Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1128.pdf?podcast=1577146214 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

This session will give you a comprehensive look into automating the investigation and remediation of AWS security events using Splunk Phantom. The session will start with an overview and then progress to a live technical walkthrough of setting up Phantom to remediate an AWS security event. Speaker(s) Matt Tichenor, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2187.pdf?podcast=1577146216 Product: Phantom Track: Security, Compliance and Fraud Level: Intermediate

Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility. Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146216 Product: Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146216 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Learn from our experience implementing Splunk Phantom so that you can speed up your automation journey. We'll examine key decisions we made with our implementation and the good and the bad that resulted. We'll also cover our automation efforts in event triage, incident response and everything in between, with walkthroughs of our top playbooks. Additionally, we'll present how we tackled Splunk alert ingestion and what Phantom could look like in a cloud-first deployment. Speaker(s) John Murphy, Security Analyst, NAB Chris Hanlen, Lead Cyber Security Specialist, NAB Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1506.pdf?podcast=1577146216 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146215 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Would you be able to detect a sophisticated adversary targeting your Kubernetes clusters and workloads tonight? How do busy teams with stacked backlogs find time to learn how to attack Kubernetes clusters, detect those attacks, and build defenses to reduce the attack surface? We will demonstrate an effective purple team methodology that "uses every part of the buffalo" by 1) executing attacks on Kubernetes using the open source tool Peirates, 2) tracking the attack artifacts from the adversary simulation in Splunk, 3) teaching the defenders how the attack was performed and where to look for forensic artifacts, and 4) working together in the purple-est way possible to improve detection and response capabilities using Splunk Enterprise Security, Splunk Phantom, and Peirates. Speaker(s) Brian Genz, Senior Manager, Threat & Vulnerability Mgmt., Splunk Jay Beale, CTO, InGuardians Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2286.pdf?podcast=1577146237 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Want to learn more about Splunk Phantom's platform architecture? Join us in this session for an in-depth technical review of all key processes, including ingestion, automation, action execution, health monitoring, the data store, and more. This session will give experienced users a much deeper understanding of the technology behind Splunk’s SOAR (Security Orchestration Automation & Response) platform. Speaker(s) Sourabh Sourabh, VP & Distinguished Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1709.pdf?podcast=1577146215 Product: Phantom Track: Security, Compliance and Fraud Level: Advanced

Manual sorting through spreadsheets, disparate applications, and scattered data sources to conduct link analysis for a fraud investigation is both painful and ineffective. There must be a better way, right? In this session we'll use Splunk Enterprise and Splunk Phantom to automate repeatable fraud investigation tasks, which will save your team time and better protect your assets from the bad guys. Speaker(s) Matthew Joseff, Director of Specialists - North Asia and Japan, Splunk Abhishek Dujari, Security Specialist, APAC, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1104.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Cloud, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Whether you're a new or experienced Splunk Phantom user, you'll learn from the high-value, often overlooked features we discuss in this session. We'll showcase some of Phantom's most overlooked valuable features, as well as experienced users' top ranked features. Join us to learn more about how you can optimize your use of Splunk’s SOAR (Security Orchestration Automation & Response) platform. Speaker(s) Phil Royer, Research Engineer, Splunk Kavita Varadarajan, Product Manager - Phantom, Splunk Sam Hays, Sr. Technical Community Manager , Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1705.pdf?podcast=1577146215 Product: Phantom Track: Security, Compliance and Fraud Level: Intermediate

Ever wondered how to integrate or scale Splunk Enterprise Security (ES) and Splunk Phantom? Join us as we explore best practices involved in setting up clustered environments for ES and Phantom that yield a highly available and scalable security platform. You will leave this session better able to create scalable ES and Phantom deployments, tools, commands, cheat sheets, and troubleshooting methods at your own organizations. Speaker(s) Mayur Pipaliya, Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2233.pdf?podcast=1577146215 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Incident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts. Speaker(s) Mark Cooke, Staff Incident Responder, GE Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1577146214 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

You've probably heard examples of Splunk Phantom automating 90% of Tier 1 processes, but did you know that Phantom improves human-lead processes too? Come learn about the hidden value of validation and utility playbooks from Penn State University’s Enterprise Security Manager and Splunk’s Lead Technologist for Higher Education. Validation playbooks are automated tests run to validate a human judgement or request. Utility playbooks are short easy-to-create playbooks in Phantom that an analyst  runs during an investigation.  We’ll cover when to use validation and utility playbooks, how to get started creating them, and ideas for other playbooks you can use to improve your daily operations. Speaker(s) Craig Vincent, Lead Technologist,SLED, Splunk Chris Decker, Enterprise Security Manager, Penn State University Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2205.pdf?podcast=1577146214 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146217 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

We developed an automation framework that classifies and mitigates emails reported to the SOC. The framework acts as an engine that consumes multiple data sources, including a supervised machine learning model and a risk scoring algorithm to assess with high confidence if an email is phishing, spam, or benign. We will discuss the benefits of our approach to phishing mitigation, such as enhancing our SOC's ability to automatically identify, prioritize, and mitigate malicious phishing attempts against employees before any damage is done. The session will outline the overall design of the framework, detail the primary components that are used within Splunk Phantom and Splunk Enterprise Security, and will outline the supervised machine learning model that we trained to aide the automation engine. Speaker(s) Mackenzie Kyle, Manager - Cybersecurity Operations Center, JPMorgan Chase Benji Arnold, Sr. Security Analyst , JPMorgan Chase Dennis Rhodes, Sr. Security Analyst, JPMorgan Chase Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1128.pdf?podcast=1577146237 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

You've probably heard examples of Splunk Phantom automating 90% of Tier 1 processes, but did you know that Phantom improves human-lead processes too? Come learn about the hidden value of validation and utility playbooks from Penn State University’s Enterprise Security Manager and Splunk’s Lead Technologist for Higher Education. Validation playbooks are automated tests run to validate a human judgement or request. Utility playbooks are short easy-to-create playbooks in Phantom that an analyst  runs during an investigation.  We’ll cover when to use validation and utility playbooks, how to get started creating them, and ideas for other playbooks you can use to improve your daily operations. Speaker(s) Craig Vincent, Lead Technologist,SLED, Splunk Chris Decker, Enterprise Security Manager, Penn State University Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2205.pdf?podcast=1577146228 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Learn from our experience implementing Splunk Phantom so that you can speed up your automation journey. We'll examine key decisions we made with our implementation and the good and the bad that resulted. We'll also cover our automation efforts in event triage, incident response and everything in between, with walkthroughs of our top playbooks. Additionally, we'll present how we tackled Splunk alert ingestion and what Phantom could look like in a cloud-first deployment. Speaker(s) John Murphy, Security Analyst, NAB Chris Hanlen, Lead Cyber Security Specialist, NAB Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1506.pdf?podcast=1577146239 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

We developed an automation framework that classifies and mitigates emails reported to the SOC. The framework acts as an engine that consumes multiple data sources, including a supervised machine learning model and a risk scoring algorithm to assess with high confidence if an email is phishing, spam, or benign. We will discuss the benefits of our approach to phishing mitigation, such as enhancing our SOC's ability to automatically identify, prioritize, and mitigate malicious phishing attempts against employees before any damage is done. The session will outline the overall design of the framework, detail the primary components that are used within Splunk Phantom and Splunk Enterprise Security, and will outline the supervised machine learning model that we trained to aide the automation engine. Speaker(s) Mackenzie Kyle, Manager - Cybersecurity Operations Center, JPMorgan Chase Benji Arnold, Sr. Security Analyst , JPMorgan Chase Dennis Rhodes, Sr. Security Analyst, JPMorgan Chase Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1128.pdf?podcast=1577146228 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146240 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

This session will give you a comprehensive look into automating the investigation and remediation of AWS security events using Splunk Phantom. The session will start with an overview and then progress to a live technical walkthrough of setting up Phantom to remediate an AWS security event. Speaker(s) Matt Tichenor, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2187.pdf?podcast=1577146239 Product: Phantom Track: Security, Compliance and Fraud Level: Intermediate

Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility. Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146239 Product: Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts. Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146239 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies. Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146239 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

You've probably heard examples of Splunk Phantom automating 90% of Tier 1 processes, but did you know that Phantom improves human-lead processes too? Come learn about the hidden value of validation and utility playbooks from Penn State University’s Enterprise Security Manager and Splunk’s Lead Technologist for Higher Education. Validation playbooks are automated tests run to validate a human judgement or request. Utility playbooks are short easy-to-create playbooks in Phantom that an analyst  runs during an investigation.  We’ll cover when to use validation and utility playbooks, how to get started creating them, and ideas for other playbooks you can use to improve your daily operations. Speaker(s) Craig Vincent, Lead Technologist,SLED, Splunk Chris Decker, Enterprise Security Manager, Penn State University Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2205.pdf?podcast=1577146237 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Intermediate

How do you know if your alerting and response processes adequately cover the tactics and techniques that your adversaries will use against you? If you're not sure, then how do to you continuously improve to adapt to ever-evolving threats? This session will provide practical guidance on leveraging models like the diamond model, MITRE ATT&CK™, and OODA to deconstruct your monitoring and response program so that you can make strategic improvements and mature it on a strong foundation. Using these frameworks will help your team recognize its own bias in developing use cases, understand how its alerting and response coverage maps to adversary tactics/techniques, and develop and prioritize new use cases. The session will wrap up discussing practical tips for creating a continuous improvement program that helps you leverage Splunk Enterprise Security and Splunk Phantom to maintain a strong security posture. Speaker(s) Ed Svaleson, Accenture Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1545.pdf?podcast=1577146238 Product: Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Want to learn more about Splunk Phantom's platform architecture? Join us in this session for an in-depth technical review of all key processes, including ingestion, automation, action execution, health monitoring, the data store, and more. This session will give experienced users a much deeper understanding of the technology behind Splunk’s SOAR (Security Orchestration Automation & Response) platform. Speaker(s) Sourabh Sourabh, VP & Distinguished Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1709.pdf?podcast=1577146238 Product: Phantom Track: Security, Compliance and Fraud Level: Advanced

Manual sorting through spreadsheets, disparate applications, and scattered data sources to conduct link analysis for a fraud investigation is both painful and ineffective. There must be a better way, right? In this session we'll use Splunk Enterprise and Splunk Phantom to automate repeatable fraud investigation tasks, which will save your team time and better protect your assets from the bad guys. Speaker(s) Matthew Joseff, Director of Specialists - North Asia and Japan, Splunk Abhishek Dujari, Security Specialist, APAC, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1104.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Cloud, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Whether you're a new or experienced Splunk Phantom user, you'll learn from the high-value, often overlooked features we discuss in this session. We'll showcase some of Phantom's most overlooked valuable features, as well as experienced users' top ranked features. Join us to learn more about how you can optimize your use of Splunk’s SOAR (Security Orchestration Automation & Response) platform. Speaker(s) Phil Royer, Research Engineer, Splunk Kavita Varadarajan, Product Manager - Phantom, Splunk Sam Hays, Sr. Technical Community Manager , Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1705.pdf?podcast=1577146238 Product: Phantom Track: Security, Compliance and Fraud Level: Intermediate

Ever wondered how to integrate or scale Splunk Enterprise Security (ES) and Splunk Phantom? Join us as we explore best practices involved in setting up clustered environments for ES and Phantom that yield a highly available and scalable security platform. You will leave this session better able to create scalable ES and Phantom deployments, tools, commands, cheat sheets, and troubleshooting methods at your own organizations. Speaker(s) Mayur Pipaliya, Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2233.pdf?podcast=1577146238 Product: Splunk Enterprise, Splunk Enterprise Security, Phantom Track: Security, Compliance and Fraud Level: Advanced

Incident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts. Speaker(s) Mark Cooke, Staff Incident Responder, GE Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1577146237 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Incident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts. Speaker(s) Mark Cooke, Staff Incident Responder, GE Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1577146228 Product: Splunk Enterprise, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels