Splunk: Using Big Data for Cybersecurity



Similar documents
GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

Security & Threat Detection: Go Beyond Monitoring

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Comprehensive Security with Splunk and Cisco

Splunk Company Overview

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

BIG DATA FOR SECURITY: HOW CAN I PUT BIG DATA TO WORK FOR ME? Joe Goldberg. Splunk. Session ID: HT-T08 Session Classification: Intermediate

Using SIEM for Real- Time Threat Detection

QRadar SIEM and FireEye MPS Integration

SOC ESSENTIALS What I Learned Building the St. Jude Medical. Russ Staiger, Sr. Information Security Analyst

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

SANS Top 20 Critical Controls for Effective Cyber Defense

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

BEST PRACTICES RESEARCH

Security Analytics for Smart Grid

Information Technology Policy

Security Coordination with IF-MAP

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

SourceFireNext-Generation IPS

STRATEGIC ADVANTAGE: CONSULTING & ISIGHT INTELLIGENCE

IBM QRadar Security Intelligence April 2013

Security Information & Event Management (SIEM)

Technology Highlights Of. (Medusa)

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

McAfee Network Security Platform

A Love Affair: Cyber Security, Big-data and Risk

Leveraging Machine Data to Deliver New Insights for Business Analytics

Q1 Labs Corporate Overview

What is Security Intelligence?

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

QRadar SIEM and Zscaler Nanolog Streaming Service

Speed Up Incident Response with Actionable Forensic Analytics

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

How To Create Situational Awareness

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

Endpoint Threat Detection without the Pain

End-user Security Analytics Strengthens Protection with ArcSight

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

Discover Security That s Highly Intelligent.

Clavister InSight TM. Protecting Values

How To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)

Average annual cost of security incidents

All Information is derived from Mandiant consulting in a non-classified environment.

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

WhatWorks in Detecting and Blocking Advanced Threats:

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

The SIEM Evaluator s Guide

POLIWALL: AHEAD OF THE FIREWALL

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

Vulnerability Management

Security Analytics The Beginning of the End(Point)

POLIWALL: AHEAD OF THE FIREWALL

What s New in Security Analytics Be the Hunter.. Not the Hunted

The session is about to commence. Please switch your phone to silent!

Cisco & Big Data Security

Building a cloud- based SIEM with Splunk Cloud and AWS

Secret Server Splunk Integration Guide

High End Information Security Services

Information Security for the Rest of Us

User Behavior Analytics: A New Approach to Detection and Response

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

The Cyber Threat Landscape

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?

QRadar SIEM 6.3 Datasheet

EnCase Endpoint Security Product Overview

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

Active Response: Automated Risk Reduction or Manual Action?

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

GOOD PRACTICE GUIDE 13 (GPG13)

Whitepaper BEST PRACTICES FOR INTEGRATION AND AUTOMATION OF INCIDENT RESPONSE USING ENCASE ENDPOINT SECURITY

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

McAfee - Overview. Anthony Albisser

Combating a new generation of cybercriminal with in-depth security monitoring

About SecuPi. Your business runs on applications We secure them. Tel Aviv, Founded

IBM Security IBM Corporation IBM Corporation

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Performing Advanced Incident Response Interactive Exercise

SECURITY 2.0 LUNCHEON

Can We Become Resilient to Cyber Attacks?

IBM Endpoint Manager Product Introduction and Overview

Using Big Data to Align IT Security with Business Risk Mark Seward, Senior Director, Security and Compliance

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Netzwerkvirtualisierung? Aber mit Sicherheit!

IBM Security Intelligence Strategy

Transcription:

Next Session Begins at 14:40 Splunk: Using Big Data for Cybersecurity Joe Goldberg Splunk

Splunk: Using Big Data for Cybersecurity Joseph Goldberg Splunk

Advanced Threats in the Headlines Cyber Criminals Nation States Insider Threats Another Day, Another Retailer in a Massive Credit Card Breach Bloomberg Businessweek, March 2014 Iranian hackers compromised airlines, airports, critical infrastructure firms Computerworld, Dec 2014 Edward Snowden Tells SXSW He'd Leak Those Secrets Again NPR, March 2014

Advanced Threats Are Hard to Detect 100% Valid credentials were used 205 Median # of days before detection 40 Average # of systems accessed 69% Of victims were notified by external entity Source: Mandiant M-Trends Report 2012, 2013, 2014, 2015 4

All Machine Data is Security Relevant Threat Intelligence Email Web Desktops Servers Traditional SIEM DHCP/ DNS CMBD Hypervisor Badges Firewall Authentication Vulnerability Scans Custom Apps Network Flows Storage Mobile Intrusion Detection Data Loss Prevention Anti- Malware Physical Access Transaction Records 5

Big Data Solution Big Data Architecture Data Inclusion Model All the original data from any source No database schema to limit investigations/detection; flat file data store Distributed architecture scales horizontally to PB+ day on commodity H/W Search and reporting flexibility Advanced correlations Math/statistics to baseline and find outliers/anomalies Real-time indexing and alerting 6

Solution: Splunk: Big Data Platform Online Services Smartphones and Devices Firewall Packaged Applications Custom Applications Badging records Storage VPN IDS Call Detail Records Ad hoc search Monitor and alert Report and analyze Real-Time Custom dashboards Data Loss Prevention Web Any amount, any location, any source Proxy Desktops File servers Schemaon-the-fly Vuln scans Databases Anti malware Email servers Endpoint Real-Time Authentication Universal indexing Asset & CMDB No back-end RDBMS Employee / HR Info External Lookups No need to filter data Developer Platform Threat Network Segments / Data Intelligence Honeypots Stores 7

Thousands of Security Customers; MQ SIEM Leader Gartner MQ for SIEM 2015 8

Top Splunk Security Use Cases Splunk Can Complement OR Replace an Existing SIEM INCIDENT INVESTIGATIONS & FORENSICS SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS MONITORING OF UNKNOWN THREATS INSIDER THREAT FRAUD DETECTION 9

Splunk Security Intelligence Platform Splunk Enterprise Security 315+ security apps Palo Alto Blue Coat Networks Proxy SG Cisco Security Suite OSSEC F5 Security NetFlow Logic Juniper FireEye Active Directory Sourcefire Splunk User Behavior Analytics 10

Splunk App for Enterprise Security Pre-built searches, alerts, reports, dashboards, incident workflow, and threat intelligence feeds Incident Investigations & Management Alerts & Dashboards & Reports Statistical Outliers & Risk Scoring & User Activity Threat Intel & Asset & Identity Integration 11

Splunk Is Used Across IT and the Business Strong ROI & facilitates cross-department collaboration Application Delivery IT Operations Security, Compliance and Fraud Business Analytics Industrial Data and Internet of Things 12

Splunk for Security Key Differentiators Traditional SIEM is the Opposite Single product, UI, data store Traditional Splunk SIEM Software-only; install on commodity hardware Quick deployment + ease-of-use = fast time-to-value Can easily index any data type All original/raw data indexed and searchable Big data architecture enables scale and speed Flexible search and reporting enables better/faster threat investigations and detection, incl finding outliers/anomalies Open platform with API, SDKs, Apps Use cases beyond security support collaboration and ROI 13

Try Splunk for free! Next Steps Download Splunk at www.splunk.com Traditional Splunk SIEM Go to Splunk.com > Community > Documentation > Search Tutorial In 30 minutes will have imported data, run searches, created reports More security information at Splunk.com > Solutions > Security & Fraud Contact sales team at sales@splunk.com Get Splunk t-shirt at front of booth 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information