Driving more value from your Security Operations Center (SOC) Platform. James Hanlon Director, Splunk Security Markets Specialization, EMEA

Transcription

1 Driving more value from your Security Operations Center (SOC) Platform James Hanlon Director, Splunk Security Markets Specialization, EMEA

2 What is the value of the security operations in 2018? 2017 S P L U N K INC. For most SOCs and businesses, this is less than clear

3 Emergent SOC technology enables a new approach to realize more value from security Investments Cloud Security Operations (CSO) Breach & Attack Simulation Tools (BAS) Threat Intelligence Platform (TIP) Network Traffic Analysis (NTA) Data Analytics Platform User & Entity Behavioral Analytics (aka AI or ML) Security Automation, Orchestration & Response (SOAR) Network Intrusion Detection & Prevention System (NIDPS) Endpoint Detection & Response (EDR) Cloud Security Access Broker (CSAB) Vulnerability Management (VM)

4 What s most important to you? 2017 S P L U N K INC.

5 Inspection & Visibility Recognize More EDR VM NTA CASB Analysis & Detection Understand More Data Analytics SIEM UEBA ML & AI Actionability & Management Do More SOAR TIP CSO Different Technologies Provide Different Value to the SOC

6 Let your SOC SOAR Security Orchestration, Automation & Response

7 A pause: AI & ML for security

8 ML provides contextual threat detection value ML for Advanced and Insider Threat Security Detection 2017 S P L U N K INC. Account Takeover Suspicious Behavior Lateral Movement Cloud Security External Alarm Disabled account activity Suspicious badge activity Suspicious account lockout High downloads Aggregation of external alarms Terminated user activity Account recovery detection Privilege escalation after powershell High deletions with security analytics Interactive logins by svc accounts activity Unusual file access VPN logins by svc accounts Data Exfiltration Unusual USB device High USB attachments Local account creation Password policy circumvention Multiple auths and failures File relay Data destruction Data collection Watering hole Security Context Behavior-based fingerprinting of user roles and assets Suspicious new access

9 AI & ML for Security A Caution 2017 S P L U N K INC.

10 Analytics is Now A Foundational Security Operations Capability 2017 S P L U N K INC. Gartner 2017

11 2017 S P L U N K INC.

12 Characteristics of a Data Analytics Platform Any Question, Any Data, In Real Time. Single Platform, Many Lenses Performance at Scale Open Ecosystem Hybrid Machine Learning

13 Extending Analytics for Security Operations 2018 SPLUNK INC. Machine Learning for Security Security Automation, Orchestration & Response ANALYTICS OPERATIONS SOC Operations DATA PLATFORM Data Analytics Platform

14 Converged Analytics for Business Value

15 Extracting Value Through Converged Data Analytics Security, IoT & Industrial Data Analytics

16 Last Thought: Connecting the SOC of 2020 to the Business with Emergent Technology & Converged Data Analytics 2017 S P L U N K INC. Corporate Mission & Goals Corporate/IT Initiative 1 Corporate/IT Initiative 2 Corporate/IT Initiative 3 Corporate/IT Initiative N Adversary, threat, Controls, Vulnerability or IT Risk Driven SOC strategies Business Enabler Security Strategy & Metrics (Data Analytics Enabled) SecOps / SOC Strategy & Metrics (Operational Security) Reducing this gap provides business enabling alignment for Security & SOC teams

17 Summary & Thank You