Splunk. Plataforma de Datos. Denise Roca / Gerente de Software

Similar documents
Best Practices for Scoping Infections and Disrupting Breaches

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

RSA Security Analytics

Cybersecurity Roadmap: Global Healthcare Security Architecture

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Un SOC avanzato per una efficace risposta al cybercrime

Not your Father s SIEM

ForeScout Extended Module for Splunk

THE ACCENTURE CYBER DEFENSE SOLUTION

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

SIEM Overview with OSSIM Case Study. Mohammad Husain, PhD Cal Poly Pomona

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Integrated, Intelligence driven Cyber Threat Hunting

10 FOCUS AREAS FOR BREACH PREVENTION

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Managed Endpoint Defense

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

The New Era of Cognitive Security

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Speed Up Incident Response with Actionable Forensic Analytics

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Cyber Defense Operations Center

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Qualys Cloud Platform

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Automated Context and Incident Response

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Emerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Automated Threat Management - in Real Time. Vectra Networks

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Simplify, Streamline and Empower Security with ISecOps

Ransomware A case study of the impact, recovery and remediation events

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

PULLING OUR SOCS UP VODAFONE GROUP AT RSAC Emma Smith. Andy Talbot. Group Technology Security Director Vodafone Group Plc

Security. Risk Management. Compliance.

Cyber Resilience Solution for Smart Buildings

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

IT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA

Qualys Cloud Platform

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Pieter Wigleven Windows Technical Specialist

Technology Incident Response and Impact Reduction. May 9, David Litton

Cisco Ransomware Defense The Ransomware Threat Is Real

Building Resilience in a Digital Enterprise

RSA INCIDENT RESPONSE SERVICES

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

RSA INCIDENT RESPONSE SERVICES

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Securing Digital Transformation

Enterprise Security Solutions by Quick Heal. Seqrite.

Security and Compliance for Office 365

Deception: Deceiving the Attackers Step by Step

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

BUILDING AND MAINTAINING SOC

Security Information & Event Management (SIEM)

Power of the Threat Detection Trinity

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Continuous Data Analysis

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Built-in functionality of CYBERQUEST

Security Operations & Analytics Services

From Managed Security Services to the next evolution of CyberSoc Services

Artificial Intelligence Drives the next Generation of Internet Security

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Trend Micro and IBM Security QRadar SIEM

Changing face of endpoint security

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

CloudSOC and Security.cloud for Microsoft Office 365

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Beyond Firewalls: The Future Of Network Security

Stop Threats Before They Stop You

Incident Response Agility: Leverage the Past and Present into the Future

Security. Made Smarter.

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Censornet. CensorNet Unified Security Service (USS) FREEDOM. VISIBILITY. PROTECTION. Lars Gotlieb Regional Manager DACH

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Transcription:

Splunk Plataforma de Datos Denise Roca / droca@tecnoav.com Gerente de Software

2017 SPLUNK INC. This digital evolution is changing everything There s an explosion of data beyond anything our world has experienced SELF-DRIVING EVERYTHING MACHINE LEARNING 3D PRINTING SMART PHONES SMART APPLIANCES CLOUD SMART CITIES SMART BUILDINGS AUTONOMOUS EVERYTHING DRONES

2017 SPLUNK INC. Cómo convertir los datos del mundo en evolución en RESULTADOS DEL NEGOCIO SIGNIFICATIVOS?

The traditional approach to managing complexity Building relational, structured databases and heavy integrations 2017 SPLUNK INC. Hardened systems and databases Never Change! (or face never-ending integration and MDM projects) Attempt to gather all present and future requirements

But the traditional approach can t adapt to digital evolution Your structured systems miss critical business outcomes Machine data is messy and unpredictable Requires massive scale You don t always know which questions to ask

2017 SPLUNK INC. Splunk delivers a holistic approach to turning data into business outcomes Any User, Anywhere IT On-Premises Security IoT Business Users Powered by AI and ML Access to Expanding Data Universe Developers Cloud

Splunk Analytics-Driven Security Index Untapped Data: Any Source, Type, Volume Containers Online Services On-Premises Servers Security Web Services GPS Location Ad hoc search Monitor and alert Report and analyze Custom dashboards Developer Platform Private Cloud Storage Desktops Networks RFID Packaged Applications Messaging Custom Applications Real-Time Machine Data Online Shopping Cart Telecoms NGFW Firewall Call Detail Records Databases Threat Intelligence References Coded fields, mappings, aliases Public Cloud Smartphones and Devices Web Clickstreams Intrusion Prevention Dynamic information Stored in non-traditional formats Environmental context Human maintained files, documents System/application Available only using application request Intelligence/analytics Indicators, anomaly, research, white/blacklist

Splunk Features Search and investigate Search and navigate all of your machine data in real time Correlate and analyze Easily find relationships between events or activities. Correlate based on time, location, or custom search results. Monitor and alert Prioritize investigation + response with threshold based alerting Visualize and report Visualize long-term and historical trends; build reports and dashboards suited to any business, operational, or security need.

Security Investigation

Developing an Investigative Mindset What happened? Who was involved? When did it start? Where was it seen? How did it get in? How do I contain it? ALERT What specific questions do I want answered? What is the logic / methodology to apply? What s an example? Where do I look?

Investigative Mindset Questions to Ask What happened? Who was involved? When did it start? Where was it seen? How did it get in? How do I contain it? ALERT Question Logic Example Data Why did an alert trigger? Has a system actually been compromised? Search for events that match alert criteria and similar events leading up to the alert Find all failed authentication attempts by a user Endpoint logs Authentication logs Network logs Threat intelligence

Investigative Mindset Questions to Ask What happened? Who was involved? When did it start? Where was it seen? How did it get in? How do I contain it? ALERT Question Logic Example Data What accounts / users are associated with that system? Determine event to identity mapping John s account attempted to access a system it has never logged into before Identity system Authentication logs

Investigative Mindset Questions to Ask What happened? Who was involved? When did it start? Where was it seen? How did it get in? How do I contain it? ALERT Question Logic Example Data What does the timeline of activities leading up to and during the alert look like? Histogram and timeline Widen search to look over a wider set of historical data All Available Data

Investigative Mindset Questions to Ask What happened? Who was involved? When did it start? Where was it seen? How did it get in? How do I contain it? ALERT Question Logic Example Data What devices / assets are associated with the alert? Determine event to asset mapping IP 10.1.12.12 has the hostname of DC-Seltzer, is a Windows 10 Workstation and has 2 critical vulnerabilities Endpoint Network devices CMDB/Asset

Investigative Mindset Questions to Ask What happened? Who was involved? When did it start? Where was it seen? How did it get in? How do I contain it? ALERT Question Logic Example Data Is there a logical connection to other activity, IPs, hosts, malware, or other alerts? Search network and host event logs to determine initial entry USB key opened an infected ransomware file, user email indicates victim of spear phishing Endpoint Network devices Web proxy Mail proxy DNS Authentication

Investigative Mindset Questions to Ask What happened? Who was involved? When did it start? Where was it seen? How did it get in? How do I contain it? ALERT Question Logic Example Data Has the attack progressed beyond system infection? Identify whether malware has spread Observe indicators on other hosts or on the network Threat intelligence Endpoint Firewall Web proxy Mail proxy Wire data

Security Intelligence Use Cases Security Monitoring Compliance Fraud Detection Incident Response Advanced Threat Detection Insider Threat Incident Investigation & Forensics SOC Automation

Answer: Start with Top 5 CIS Controls Organizations that apply just the first five CIS Controls can reduce their risk of cyberattack by around 85 percent. SOURCE: Center for Internet Security https://www.cisecurity.org/critical-controls.cfm Implementing all 20 CIS Controls increases the risk reduction to around 94 percent.

CIS Critical Security Controls https://splunkbase.splunk.com/app/3064/#/overview https://www.splunk.com/goto/top20csc

THANK YOU Log, I am your father

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback