How to Leverage Splunk s Security Intelligence PlaKorm for Security OperaNons Environments



Similar documents
Gain Insight into Your Cloud Usage with the Splunk App for AWS

More Comprehensive Digital Intelligence - CorrelaFng Client and Server- side Data

Splunk Enterprise in the Cloud Vision and Roadmap

Splunk Apps for Monitoring Microso< Based Infrastructure

Splunk for Networking and SDN

Deployment Best PracHces for Splunk Apps Monitoring MicrosoK- based Infrastructure

Workflow ProducCvity in Splunk Enterprise

Incident Response Using Splunk for State and Local Governments

End- to- End Monitoring Unified Performance Dashboard (UPD)

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Windows Inputs and MicrosoC Apps Strategy

Architec;ng Splunk for High Availability and Disaster Recovery

CA Service Desk Manager - Mobile Enabler 2.0

CyberSecurity: Trends, Careers, & the Next Generation

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

From the Datacenter to the Dean s office

Technical Deep Dive: Hunk: Splunk Analy<cs for Hadoop Beta

Workday Mobile Security FAQ

Intelligence Driven Security

Automating Healthcare Claim Processing

Leveraging Machine Data to Deliver New Insights for Business Analytics

#splunkconf. Analyzing & Mitigating Malicious Web Activity using Splunk Enterprise

How To Use Splunk For Android (Windows) With A Mobile App On A Microsoft Tablet (Windows 8) For Free (Windows 7) For A Limited Time (Windows 10) For $99.99) For Two Years (Windows 9

Gregg Gerber. Strategic Engagement, Emerging Markets

Splunk Cloud as a SIEM for Cybersecurity CollaboraFon

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Splunk Company Overview

Patching, AlerFng, BYOD and More: Managing Security in the Enterprise with Splunk Enterprise

HIPAA and Meaningful User Audit Reports Using Splunk

Deploying the Splunk App for Microso> Exchange

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

The session is about to commence. Please switch your phone to silent!

Secret Server Splunk Integration Guide

Statement of Direction

Oracle Business Intelligence Mobile

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

How to Turn the Promise of the Cloud into an Operational Reality

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Telemetry: The Customer Experience

Industrial Security Solutions

APPLICATION MANAGEMENT: RACING AHEAD OF THE COMPETITION WHITE PAPER

EnCase Forensic Product Overview

Real World Big Data Architecture - Splunk, Hadoop, RDBMS

Security OperaCons with Splunk App for Enterprise Security

Practical Threat Intelligence. with Bromium LAVA

Data Governance Tips & Advice

Addressing Security for Hybrid Cloud

CBIO Security White Paper

activecho Frequently Asked Questions

CA Mobile Device Management 2014 Q1 Getting Started

Ensuring the security of your mobile business intelligence

Security Overview Enterprise-Class Secure Mobile File Sharing

How To Manage Threat Intelligence On A Microsoft Microsoft Iphone Or Ipad Or Ipa Device

Simplified Forwarder Deployment and Deployment Server Techniques

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Mobile Communicator for Mobile Devices

Threat Intelligence: STIX and Stones Will Break Your Foes

To Catch A Thief: Preventing the Next Fortune 500 Data Breach

Extended Process Modeling: LEADing Practice Modeling with igrafx. Ed Maddock VP of Development and Process Management Solutions

Sophos Mobile Control Installation guide. Product version: 3

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

Mobile Applications. Sysco e-meeting

Combining new technologies: SAP Cloud for Sales and HANA Cloud Integration at Cavalier

NetFlow Analytics for Splunk

DEPLOYMENT ROADMAP March 2015

SIEM Implementation Approach Discussion. April 2012

Splunk for.net Developers

Sophos Mobile Control Installation guide. Product version: 3.5

Developing a successful Big Data strategy. Using Big Data to improve business outcomes

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Understanding the Digital Audience

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

THE REAL-TIME OPERATIONAL VALUE OF BIG DATA MATT DAVIES

White Paper. Emergency Incident Response: 10 Common Mistakes of Incident Responders

Splunk: Using Big Data for Cybersecurity

CLOUD FORENSICS WITH F-RESPONSE

The Comprehensive National Cybersecurity Initiative

Operationally Focused CYBER Training Framework

WatchDox Administrator's Guide. Application Version 3.7.5

Foundations and Concepts

Live Chat WordPress Plugin Reviewer's Guide

IntroducJon to Splunk Cloud & Case Study: MindTouch. Praveen Rangnath Splunk César López- Natarén MindTouch Aaron Fulkerson MindTouch

/Endpoint Security and More Rondi Jamison

Crowdsourcing the Matrix: Improving the Service Desk Experience and ITIL/ SDLC Processes

Transcription:

Copyright 2013 Splunk Inc. How to Leverage Splunk s Security Intelligence PlaKorm for Security OperaNons Environments Enoch Long Prin Sec Strategist/Client Architect, Splunk(Fed) #splunkconf

Legal NoNces During the course of this presentanon, we may make forward- looking statements regarding future events or the expected performance of the company. We caunon you that such statements reflect our current expectanons and esnmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in this presentanon are being made as of the Nme and date of its live presentanon. If reviewed ayer its live presentanon, this presentanon may not contain current or accurate informanon. We do not assume any obliganon to update any forward- looking statements we may make. In addinon, any informanon about our roadmap outlines our general product direcnon and is subject to change at any Nme without nonce. It is for informanonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obliganon either to develop the features or funcnonality described or to include any such feature or funcnonality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respeccve owners. 2013 Splunk Inc. All rights reserved. 2

Enoch Long Principal Security Strategist elong@splunk.com! EducaNon: Computer Science, Temple University! Skills: Network Security, Cyber Content Developer, Cyber OperaNons! Career: 10yrs! Jobs: Cyber SME 7yrs, SOC Mgr 2yrs, Security Strategist 1yr! Govt Agencies: NSA, DHS, NRO, Dept of Edu! Defense Companies: Northrop Grumman, General Dynamics, AT&T! Accomplishments: 2012 Modern Day Technology Leader of the Year, BEYA 3

Agenda! Overview of Splunk s Security Intelligence PlaKorm! Alignment of Security OperaNons to Splunk! Overview of Security OperaNons Third Eye! Security Intangibles! QuesNons 4

Security Intelligence PlaKorm Security ApplicaNon Security CompuNng Security Data Security InformaNon Security Network Security Intelligence Logic CreaNvity Visual Processing Abstract Thought Learning PlaKorm MulN- tenanted Framework Flexible Development Scale Diverse Use Cases 5

Overview of Security OperaNons

OrganizaNons within SecOps Security Monitoring Incident/Intelligence & Response Counter Intel 7

Splunk Alignment with Ops Technology Alignment to OperaNons 8

Security Monitoring Using Splunk! Job Roles! Job Skills! The Mission! Leveraging Splunk! Scenario 9

Incident/Intelligence Response Using Splunk! Job Roles! Job Skills! The Mission! Leveraging Splunk! Scenario 10

Counter- Intelligence Using Splunk! Job Roles! Job Skills! The Mission! Leveraging Splunk! Scenario 11

Overview Security Ops Third Eye

"Third Eye" OrganizaNons! Messaging Team! AcNve Directory Team! Firewall Team! Web Server Team! Data Loss PrevenNon Team! AnN- Virus Team Third Eye = is a mysncal concept but in the security realm.it s the inner eye the invisible eye that monitors/protects the network.operanons intelligence teams 13

Splunk for OperaNons Intelligence Scenarios 14

Mail Team SOC Analyst Exchange Admins CI Analyst 15

AcNve Directory Team SOC Analyst AD Admins Incident Responder 16

Firewall Team SOC Analyst Firewall Admins Incident Responder 17

Web Server Team SOC Analyst Web Server Admins App Developer 18

Security Intangibles! Data Sources! Common Mistakes! Capability LimitaNons! Lessons Learned 19

Data Sources!! Insight Tradi&onal logs Network device Server Web applica&ons An&- virus Mail logs Non- tradi&onal logs Chat logs Phone call logs War- dialing logs Custom script logs HR database logs Honey- pot The secret sauce 20

Common Mistakes! Misalignment of personnel to product core capabilines! Wrong data sources! No content strategy! Lack of tech integranon! Minimal usage of SDK/API framework 21

Capability LimitaNons! Out of the box content/ updates! Complex search language! Real- Nme at large scale! No core case NckeNng system! Robust asset modeling tool 22

Lessons Learned! 1. Monitor role- based controls! 2. PrioriNze data! 3. PrioriNze concurrent searches! 4. Align skills with Splunk capability! 5. Not enough backend Splunk ninjas 23

Next Steps 1 Download the.conf2013 Mobile App If not iphone, ipad or Android, use the Web App 2 Take the survey & WIN A PASS FOR.CONF2014 Or one of these bags! 24

THANK YOU