Driving more value from your Security Operations Center (SOC) Platform. James Hanlon Director, Splunk Security Markets Specialization, EMEA

Similar documents
RSA NetWitness Suite Respond in Minutes, Not Months

MEETING ISO STANDARDS

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Security. Made Smarter.

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Bromium: Virtualization-Based Security

Cybersecurity Roadmap: Global Healthcare Security Architecture

Popular SIEM vs aisiem

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Automated Threat Management - in Real Time. Vectra Networks

RSA. The security division of EMC. Visibilidad total en el entorno de seguridad. Javier Galvan Systems Engineer Mexico & NOLA

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

68 Insider Threat Red Flags

Behavioral Analytics A Closer Look

User and Entity Behavior Analytics

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

Building a Threat-Based Cyber Team

RSA Security Analytics

Not your Father s SIEM

INTEGRATION BRIEF DFLabs and Jira: Streamline Incident Management and Issue Tracking.

Securing Digital Transformation

RiskSense Attack Surface Validation for IoT Systems

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

SIEM Overview with OSSIM Case Study. Mohammad Husain, PhD Cal Poly Pomona

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Proactive Approach to Cyber Security

The Critical Incident Response Maturity Journey

Cylance Axiom Alliances Program

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

how dtex fights insider threats

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Intelligent Edge Protection

Un SOC avanzato per una efficace risposta al cybercrime

Security Terminology Related to a SOC

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

EXTENDING BEHAVIORAL INSIGHTS INTO RISK-ADAPTIVE PROTECTION & ENFORCEMENT

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

CSP 2017 Network Virtualisation and Security Scott McKinnon

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

BUILDING AND MAINTAINING SOC

Symantec Endpoint Protection Family Feature Comparison

Colin Gibbens Director, Product Management

Deception: Deceiving the Attackers Step by Step

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Security Operations in Flux

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

ENDPOINT SECURITY AND THE CLOUD: HOW TO APPLY PREDICTIVE ANALYTICS AND BIG DATA

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Qualys Cloud Platform

Cloud and Cyber Security Expo 2019

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

SIEM Solutions from McAfee

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Readiness, Response & Resilence:

UBA User Behavior Analytics Interface Madison September 22, 2016

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CyberArk Privileged Threat Analytics

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

A Simple Guide to Understanding EDR

Microsoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Integrated, Intelligence driven Cyber Threat Hunting

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

REALIZE YOUR DIGITAL FUTURE

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Artificial Intelligence Drives the next Generation of Internet Security

ICS Security Monitoring

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

CloudSOC and Security.cloud for Microsoft Office 365

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Build a Software-Defined Network to Defend your Business

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

2018 Cyber Security Predictions

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

The Future of Threat Prevention

SOC AUTOMATION OF THREAT INVESTIGATION

SECURITY INSIDE THE PERIMETER - THE CALL IS COMING FROM INSIDE THE HOUSE

The Critical Assets Filter for the SOC Focus discovery and analytics to expedite security investigations

Pieter Wigleven Windows Technical Specialist

Transcription:

Driving more value from your Security Operations Center (SOC) Platform James Hanlon Director, Splunk Security Markets Specialization, EMEA

What is the value of the security operations in 2018? 2017 S P L U N K INC. For most SOCs and businesses, this is less than clear

Emergent SOC technology enables a new approach to realize more value from security Investments Cloud Security Operations (CSO) Breach & Attack Simulation Tools (BAS) Threat Intelligence Platform (TIP) Network Traffic Analysis (NTA) Data Analytics Platform User & Entity Behavioral Analytics (aka AI or ML) Security Automation, Orchestration & Response (SOAR) Network Intrusion Detection & Prevention System (NIDPS) Endpoint Detection & Response (EDR) Cloud Security Access Broker (CSAB) Vulnerability Management (VM)

What s most important to you? 2017 S P L U N K INC.

Inspection & Visibility Recognize More EDR VM NTA CASB Analysis & Detection Understand More Data Analytics SIEM UEBA ML & AI Actionability & Management Do More SOAR TIP CSO Different Technologies Provide Different Value to the SOC

Let your SOC SOAR Security Orchestration, Automation & Response

A pause: AI & ML for security

ML provides contextual threat detection value ML for Advanced and Insider Threat Security Detection 2017 S P L U N K INC. Account Takeover Suspicious Behavior Lateral Movement Cloud Security External Alarm Disabled account activity Suspicious badge activity Suspicious account lockout High downloads Aggregation of external alarms Terminated user activity Account recovery detection Privilege escalation after powershell High deletions with security analytics Interactive logins by svc accounts activity Unusual file access VPN logins by svc accounts Data Exfiltration Unusual USB device High USB attachments Local account creation Password policy circumvention Multiple auths and failures File relay Data destruction Data collection Watering hole Security Context Behavior-based fingerprinting of user roles and assets Suspicious new access

AI & ML for Security A Caution 2017 S P L U N K INC. http://www.cleverhans.io/security/privacy/ml/2017/02/15/why-attacking-machine-learning-is-easier-than-defending-it.html

Analytics is Now A Foundational Security Operations Capability 2017 S P L U N K INC. Gartner 2017

2017 S P L U N K INC.

Characteristics of a Data Analytics Platform Any Question, Any Data, In Real Time. Single Platform, Many Lenses Performance at Scale Open Ecosystem Hybrid Machine Learning

Extending Analytics for Security Operations 2018 SPLUNK INC. Machine Learning for Security Security Automation, Orchestration & Response ANALYTICS OPERATIONS SOC Operations DATA PLATFORM Data Analytics Platform 010100101010101010110101011010101010101101010110110101010101101010010100101 010101010110101011010101010101101010110110101010101101010010100101010101010 110101011010101010101101010110110101010101101010111010110100100100001010011

Converged Analytics for Business Value

Extracting Value Through Converged Data Analytics Security, IoT & Industrial Data Analytics

Last Thought: Connecting the SOC of 2020 to the Business with Emergent Technology & Converged Data Analytics 2017 S P L U N K INC. Corporate Mission & Goals Corporate/IT Initiative 1 Corporate/IT Initiative 2 Corporate/IT Initiative 3 Corporate/IT Initiative N Adversary, threat, Controls, Vulnerability or IT Risk Driven SOC strategies Business Enabler Security Strategy & Metrics (Data Analytics Enabled) SecOps / SOC Strategy & Metrics (Operational Security) Reducing this gap provides business enabling alignment for Security & SOC teams

Summary & Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback