lift off 2017: transforming security

Haiyan SongSVP Security Markets, Splunk

Transforming Security

Haiyan Song

SVP Security Markets, Splunk

S E C U R I T Y T R A N S F O R M AT I O N

S P L U N K S E C U R I T Y

D E L I V E R I N G S E C U R I T Y

E N D TO E N D

S E C U R I T Y T R A N S F O R M AT I O N

7

Data completeness & coverage

Multiple, dynamic relationships

New Approach to Security NeededTraditional New

Data reduction

Event correlation

IT risk Business risk

Event based … and time, user, phase, more…

Needle in a haystack

Power user

Detect attacks

Hay in haystack

All users

Detect & respond to attack lifecycle

On Premise or MSSP Hybrid deployment & management

Transforming SecuritySituational Awareness

Transforming SecuritySituational Awareness Analysis and Rapid Response

Transforming SecurityMonitoring Center

Transforming SecurityMonitoring Center Command Center

Share

Block

Context

Detect

Transforming SecurityHuman Authoring

Transforming SecurityHuman Authoring Human – Machine Learning

S P L U N K S E C U R I T Y

Analytics-Driven Security

RISK-BASED CONTEXT ANDINTELLIGENCE

CONNECTING DATA AND PEOPLE

110110111110101001000

01111011111010100110100 1101101111101010010000

01111011111010100110100

Splunk Security Use Cases

Fraud Detection

Insider Threat

AdvancedThreat

Detection

Security and Compliance

Reporting

Incident Investigations and Forensics

Real-Time Monitoring of

Known Threats

SPLUNK SECURITY FRAMEWORKMachine Learning, Threat Models, Risk Scoring, Threat Intel, Notable event, etc.

Splunk Security VisionSECURITY MARKET

SIEM (Security Information Event Management)

SECURITYANALYTICS

MANAGED SERVICE AND INTELLIGENCE SERVICE FRAUD

Enhance threat detection and SOC efficiency

User Entity Behavioral Analytics Analytics content for subscription

Behavior Analytics foundation

Platform for Machine Data

Splunk is the Security Nerve Center

WAF & AppSecurity

Orchestration

Network

Threat Intelligence

Internal Network Security

Identity and Access

Firewall

Web Proxy

Endpoints

Splunk is the Security Nerve Center

WAF & AppSecurity

Orchestration

Network

Threat Intelligence

Internal Network Security

Identity and Access

Firewall

Web Proxy

Endpoints

Splunk is the Security Nerve Center

WAF & AppSecurity

Orchestration

Network

Threat Intelligence

Internal Network Security

Identity and Access

Endpoints

Firewall

Web Proxy

Center for Security Command & Control

rules

Correlation

statisticalAnalysis/

Anomaly detection

AutomationBehavior analysis

EnablingCapability

Role / Function

Center for Security Situational

Awareness

Orchestrated,Analytics-

DrivenSecurity

Evolution of the SOC

alerting

forensics

log / eventaggregation

machinelearning

monitoringstation

operationsclearinghouse

proactive, adaptive nerve center

D E L I V E R I N G S E C U R I T Y

E N D TO E N D

Solution Architecture

SOLUTIONS

Ana

lytic

s, A

war

enes

s &

Act

ion

Adaptive Response Actions

(THIRD PARTY)

DATA SOURCES

PLATFORM

Mon

itorin

g

Real-Time Monitoring

Advanced Threat Detection

Anti-FraudInsider ThreatsSecurity and Compliance Reporting

Incident Investigationsand Forensics

USE CASES

Cloud Strategy is Critical to Security Transformation

Visibility is key to Security

24

25

Achieving Hybrid VisibilityIndex Untapped Data: Any Source, Type, Volume

Online Services

Web Services

Servers Security GPS Location

StorageDesktops

Networks

Messaging

TelecomsOnline

Shopping Cart

Web Clickstreams

Databases

Energy Meters

RFID

On-Premises

Private Cloud

End-to-End ContextIncluding Cloud Workloads

Application Delivery

Security, Compliance, and Fraud

IT Operations

Business Analytics

Industrial Data andthe Internet of Things

Public Cloud

Config

Lambda

EC2

Containers

CloudTrail

Automation and Service Standardization

Managed Security Services

• “Second set of eyes”• Help keep up with threats, APTs, breaches• Bifurcate responsibilities • Continuous monitoring (follow the sun)• Better alignment of internal skillsets / resources • Leverage more data without additional cost• Optimize resources / offload regulatory review

workload during audit

Delivering Security end to EndHerjavec Group + AWS + Splunk

Thank you