aws loft london: finding the signal in the noise - effective secops with sophos & splunk cloud
TRANSCRIPT
![Page 1: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/1.jpg)
Copyright © 2015 Splunk Inc.
Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud
Ross McKerchar, Sophos
![Page 2: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/2.jpg)
Introduction and Splunk Overview
Andrew Morris, Splunk
![Page 3: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/3.jpg)
3
Agenda
6:30 Introduction and Splunk Overview
6:50 Finding the signal in the noise: Effective SecOps with
Sophos & Splunk Cloud
7:20 Demo: Splunk Enterprise Security and App for AWS
7:50 Q&A
![Page 4: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/4.jpg)
Andrew MorrisDirector of Cloud, EMEA
#Splunk
SECURITY INTELLIGENCE IN THE CLOUD
![Page 5: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/5.jpg)
CLOUD AND HYBRID IT
SOFTWARE-DEFINED DATACENTERS
CONTINUOUS APP DELIVERY
ANALYTICS-DRIVEN SECURITY
INTERNET OF THINGS
![Page 6: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/6.jpg)
Make machine data accessible,usable and valuable to everyone.
![Page 7: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/7.jpg)
Why Splunk?
FAST TIME-TO-VALUE
CLOUD, ON-PREMISE & HYBRID DEPLOYMENT
VISIBILITY ACROSS STACK, NOT JUST SILOS
ONE PLATFORM, MULTIPLE USE CASES
ANY DATA, ANY SOURCE, ASK ANY QUESTION
![Page 8: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/8.jpg)
Disruptive Approach to Unstructured Data
StructuredRDBMS
SQL Search
Schema at Write Schema at Read
Traditional Splunk
ETL Universal Indexing
8
Volume Velocity Variety
Unstructured
![Page 9: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/9.jpg)
Turning Machine Data Into Business ValueIndex Untapped Data: Any Source, Type, Volume
Online Services Web
Services
ServersSecurity GPS
Location
StorageDesktops
Networks
Packaged Applications
CustomApplicationsMessaging
TelecomsOnline
Shopping Cart
Web Clickstreams
Databases
Energy Meters
Call Detail Records
Smartphones and Devices
RFID
On-Premises
Private Cloud
Public Cloud
Ask Any Question
Application Delivery
Security, Compliance and Fraud
IT Operations
Business Analytics
Industrial Data andthe Internet of Things
![Page 10: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/10.jpg)
Proven Customer Value Across Use Cases & Industries
Increased revenues from higher uptime
Savings from fraud prevention
Revenues from faster
product launch
Optimizing fuel use with sensor data
Reduction in SLA payouts
Value from preventing
APTs
$11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0 + B$11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0+ B
Oil & GasServices
TelecomProvider
TransportationFinancialServices
High TechManufacturing
OnlineServices
10
![Page 11: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/11.jpg)
Platform for Machine Data
ApplicationDelivery
Security,Complianceand Fraud
BusinessAnalytics Internet
of Things andIndustrial
Data
ITOperations
![Page 12: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/12.jpg)
Platform for Operational Intelligence
The Splunk Portfolio
1000+ Apps and Add-Ons
Splunk PremiumSolutions
MainframeData
RelationalDatabasesMobileForwarders Syslog/TCP IoT
DevicesNetworkWire Data
Hadoop
![Page 13: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/13.jpg)
13
Fully Integrated Enterprise Platform
HA / DR Admin Data Security Apps SDKs/APIScale
CollectData
IndexData
Enrich Data
Search & Explore
Analyze& Predict
Report &Visualize
Alert & Action
![Page 14: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/14.jpg)
Cloud Is a Journey and Splunk Is Your Partner
Instant Secure Reliable
100% Uptime SLA
Hybrid
![Page 15: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/15.jpg)
15
How Gatwick Airport Ensures Better Passenger Experience With Splunk Cloud
On-time efficiency & dramatic queue reduction with 925 flights per day
Real-time, predictive airfield analyticsdeliver on mobile app & Apple watch
Data from airport gates, board pass scans, x-ray, travel, passenger flow
![Page 16: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/16.jpg)
![Page 17: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/17.jpg)
![Page 18: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/18.jpg)
Modern Threat Landscape Realities
CompromisesVulnerabilitiesYou Can Disrupt Breaches
![Page 19: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/19.jpg)
Splunk Security Intelligence
Security and Compliance Reporting
Monitor and Detect Known/Unknown Threats
Fraud Detection
Insider Threat
Incident Investigations and Forensics
Security Analytics
![Page 20: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/20.jpg)
20
Single Platform for Security Intelligence
SECURITY & COMPLIANCE REPORTING
REAL-TIME MONITORING OF KNOWN THREATS
DETECT UNKNOWN
THREATS
INCIDENT INVESTIGATIONS
& FORENSICS
FRAUD DETECTION
INSIDER THREAT
Splunk Complements, Replaces and Goes Beyond Existing SIEMs
![Page 21: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/21.jpg)
21
Rapid Ascent in the Gartner SIEM Magic Quadrant*
*Gartner, Inc., SIEM Magic Quadrant 2011-2015. Gartner does not endorse any vendor, product or service depicted in its research publication and not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
2015 Leader and the only vendor to improve its visionary position
2014 Leader
2013 Leader
2012 Challenger
2011 Niche Player
2015
![Page 22: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/22.jpg)
How Telenor protects their networkusing Splunk Enterprise Security
1TB of Daily Data with “Splunk Everything” Strategy for Network, Security and IT Data
Detect and Prevent Security IssuesEnabling “Central Emergency Response Team”
Baseline “Normal” Monitoring of Security and Operations – Real-time Analysis of Deviation
![Page 23: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/23.jpg)
Security Operations
IT Operations
Business Operations
With Splunk, Your Enterprise Data Platform
SAME DATAOf the
Asking Different QUESTIONS
Different PEOPLE
23
![Page 24: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/24.jpg)
Dev.splunk.com65,000+ questionsand answers
Over 1000 Apps Local User Groups and
SplunkLive! events
Thriving Community
![Page 25: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/25.jpg)
FreeCloud Trial
Free SoftwareDownload
FreeEnterprise Security
Sandbox
Easy to Try and Get Started
1 32
![Page 26: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/26.jpg)
Copyright © 2015 Splunk Inc.
Join us to hear more:Wednesday 11th May 2016Westminster Park Plaza, LondonRegister at: http://live.splunk.com/london
![Page 27: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/27.jpg)
Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud
Ross McKerchar, Sophos
![Page 28: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/28.jpg)
About Sophos
• Founded 1985 in Abingdon, UK• 2,200 employees• Over 200,000 customers• 100+ million users
![Page 29: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/29.jpg)
Our challengeKeeping up with this…
![Page 30: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/30.jpg)
Our strategy
Make change easy
‘Brutal’ prioritisation
Focus on the achievable
![Page 31: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/31.jpg)
Operational Intelligence Maturity
IT Operations
Security
Customer experience
Log gathering
![Page 32: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/32.jpg)
Security Operations Maturity
Automation
Protection
Governance
1. Log gathering
2. Threat detection
3. Governance
4. Security automation
Reactive
Proactive
Optimising
![Page 33: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/33.jpg)
33
Our Splunk Deployment
SophosPureMessage
Windows Logs
Amazon Web Services Logs
SophosMobile Control
Sophos Endpoint Security
SophosUTM
SophosFirewall
SophosCloud
SophosWireless
SophosSafeguard
![Page 34: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/34.jpg)
Demo
![Page 35: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/35.jpg)
Q&A
![Page 36: AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud](https://reader036.vdocument.in/reader036/viewer/2022062902/58ee6b9a1a28abaa7b8b45d1/html5/thumbnails/36.jpg)
Thank You