building an analytics enables soc
TRANSCRIPT
![Page 2: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/2.jpg)
2
SafeHarborStatementDuring the course of this presentation, wemaymake forward looking statements regarding future eventsor the expected performance of the company. We caution you that such statements reflect our currentexpectations and estimates based on factors currently known to us and that actual events or results coulddiffermaterially. For important factors that may cause actual results to differ from those contained in ourforward-looking statements, please review our filings with the SEC. The forward-looking statementsmade in this presentation are being made as of the time and date of its live presentation. If reviewedafter its live presentation, this presentationmay not contain current or accurate information. We do notassume any obligation to update any forward looking statements we may make. In addition, anyinformation about our roadmap outlines our general product direction and is subject to change at anytime without notice. It is for informational purposes only and shall not be incorporated into any contractor other commitment. Splunk undertakes no obligation either to develop the features or functionalitydescribed or to include any such feature or functionality in a future release.
![Page 3: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/3.jpg)
33
> Dave Herrald [email protected]|@daveherrald
- Senior Security Architect, Splunk Security Practice
- 20+ years in IT and security-Information security officer, security architect, pen tester, consultant, SE, system/network engineer
- GIAC GSE #79, former SANS Mentor
#whoami
![Page 4: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/4.jpg)
Agenda
4
Alookattraditionalsecurityoperations
1Bestpracticesandemergingtrends
2Thesecurityopstechnologystack
3SplunkandtheAnalyticsDrivenSOC
4
![Page 5: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/5.jpg)
5
Splunk– LeaderinSecurityCompany(NASDAQ:SPLK)• Founded2004,firstsoftwarereleasein2006• HQ:SanFrancisco/RegionalHQ:London,HongKong• Over2,000employees,basedin12countries
BusinessModel/Products• Freedownloadtomassivescale• SplunkEnterprise,SplunkCloud,SplunkLight• SplunkEnterpriseSecurity,UserBehaviorAnalytics
12,000+Customers• Customersin100countries• 80+oftheFortune100• Largestlicense:Over1 Petabyteperday
![Page 6: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/6.jpg)
6
Splunk:ThePlatformforMachineData
DeveloperPlatform
Reportand
analyze
Customdashboards
Monitorandalert
Adhocsearch
OnlineServices
WebProxy
DataLossPrevention
Storage Desktops
PackagedApplications
CustomApplications
Databases
CallDetailRecords
SmartphonesandDevices
FirewallAuthentication
Fileservers
Endpoint
ThreatIntelligence
Asset&CMDB
Employee/HRInfo
DataStoresApplications
ExternalLookups
Badgingrecords
Emailservers
VPN
![Page 7: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/7.jpg)
7
SplunkSecuritySolutions
SECURITY&COMPLIANCEREPORTING
MONITORINGOFKNOWNTHREATS
ADVANCEDANDUNKNOWNTHREAT
DETECTION
INCIDENTINVESTIGATIONS&
FORENSICS
FRAUDDETECTION
INSIDERTHREAT
MORE…
SECURITYAPPS&ADD-ONS SPLUNKUSERBEHAVIORANALYTICS
Wiredata
Windows= SIEMintegration
RDBMS(any)data
SPLUNKENTERPRISESECURITY
SPLUNKAPPFORPCI
![Page 8: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/8.jpg)
8
Source:EYGlobalInformationSecuritySurvey2015
![Page 9: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/9.jpg)
9
How-toguides…
![Page 10: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/10.jpg)
TraditionalSecurityOperations
![Page 11: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/11.jpg)
11
TraditionalSecurityProgram:TheBigPicture
11
![Page 12: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/12.jpg)
12
TraditionalSecurityProgram:TheBigPicture
12
It’scomplicated…
![Page 13: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/13.jpg)
13
TraditionalSecurityCriticalPath
13
Risk&Compliance
SecurityArchitecture
SecurityEngineering
SecurityOperations
(IncludesSOC)
SecurityOperations:partofthebiggerpicture…
![Page 14: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/14.jpg)
14
TraditionalSOC
“Alerttriage”
“Alertpipeline”
![Page 15: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/15.jpg)
15
WhatisaSOC?
● A place?● A personorateam?● A setofpractices?● Asetoftools?
![Page 16: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/16.jpg)
16
SecurityOperations
Theorganizationalcapabilitytodetectandrespondtothreats.
![Page 17: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/17.jpg)
17
ASOCbyanyothername…
Theorganizationalcapabilitytodetectandrespondtothreats.
● VSOC● CyberDefenseCenter● CyberFusionCenter● CybersecurityOperationCenter● MultifunctionNOC/SOC● CommandSOC● CrewSOC?https://www.gartner.com/doc/3479617
![Page 18: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/18.jpg)
18
ThreeInterrelatedComponentsofSecurity
18
Process
PeopleTechnology
![Page 19: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/19.jpg)
19
BottomLine
Technologyexiststoservepeopleandprocesses.
![Page 20: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/20.jpg)
20
ChallengeswiththetraditionalSOC(1)
Efficacy
![Page 21: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/21.jpg)
21
ChallengeswiththetraditionalSOC(2)
Staffing
![Page 22: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/22.jpg)
22
ChallengeswiththetraditionalSOC(3)
Remember
this?
Risk&Compliance
SecurityArchitecture
SecurityEngineering
SecurityOperations
(IncludesSOC)
![Page 23: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/23.jpg)
23
ChallengeswiththetraditionalSOC(3)
Silo-ization
![Page 24: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/24.jpg)
24
ChallengeswiththetraditionalSOC(4)
Cost…andopportunitycost
![Page 25: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/25.jpg)
TrendsinSecurityOperations
![Page 26: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/26.jpg)
26
NewCapabilitiesintheSOC● AlertManagement● IncidentResponse● Toolchainengineering● Threatintelligence
(consumptionand creation)
● Threathunting● Vulnerabilitymanagement● Redteam
SOC++
AlertManagement
IR/CSIRT
ToolchainEngineering
ThreatintelHunting
Vuln.Management
RedTeam
![Page 27: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/27.jpg)
27
WhatAboutManagedSecurityServices?● AlertManagement● IncidentResponse● Toolchainengineering● Threatintelligence
(consumptionand creation)
● Threathunting● Vulnerabilitymanagement● Redteam
SOC++
AlertManagement
IR/CSIRT
ToolchainEngineering
ThreatintelHunting
Vuln.Management
RedTeam
![Page 28: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/28.jpg)
28
AutomationintheSOC
• Response– maybe• Contextgathering– definitely• Automate“Tier1”• Placesahighpremiumontoolchainintegration
![Page 29: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/29.jpg)
29
ProcessesintheSOC
https://conf.splunk.com/files/2016/slides/maturing-workdays-soc-with-splunk.pdf
![Page 30: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/30.jpg)
30
MaturingUseofThreatIntelligence
Threatlist+ rawnetwork data=DNS
webproxyemail
endpoint…
The“Threatlistwindtunnel”
![Page 31: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/31.jpg)
31
EffectiveThreatIntelligenceConsumption
alerts+threatintel =insightHunting Newdetection
mechanism
![Page 32: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/32.jpg)
32
Network(Meta)data
![Page 33: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/33.jpg)
33
Network(Meta)data
NetFlow(orvariant)Succinct5-tuple+trafficsizeEasytm toanalyzeGoodcontextforbuckNopayload
PCAPVoluminousGroundtruthLotsofstorage/overheadUltimatecontextFullpayload
Stream/BroSuccinct5-tuple+trafficsizeEasilysearchable!
Tune-ableAdaptivefidelityCustomizablePayloadelements
![Page 34: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/34.jpg)
34
ThreatHunting(ActiveDefense)
…effortbyanalystswhopurposelysetouttoidentifyandcounteractadversariesthatmayalreadybeintheenvironment.
https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785
![Page 35: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/35.jpg)
35
HowareSOCTeamsHunting?
https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785
● Startwithahypothesis thatconsiders:§ Assets(oftencrownjewels)§ Threats§ Vulnerabilities§ Countermeasures
● Requireslotsofdata● Flexibleplatformtoask/answerquestions● Datascience/ML/Analytics
![Page 36: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/36.jpg)
36
HowareSOCTeamsHunting?
https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785
Mostimportant,huntersareinnovativeanalystswhounderstandtheirthreatlandscapeandtheirorganizationwellenoughtoasktherightquestionsandfindtheanswers.
![Page 37: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/37.jpg)
37
DataScience,ML,andAnalytics
![Page 38: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/38.jpg)
TheSecurityOperationsToolchain
![Page 39: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/39.jpg)
39
LogDataPlatform• Singlesourceoftruth• Retentionandintegrity• Anydatasource• Easycorrelation• Automation/integration• Performantandscalable• Fullfidelity
• Normalized?• Hunting• Forensicinvestigation• Alerting• Dashboards• Visualization• Analytics(ML?)
![Page 40: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/40.jpg)
DataNormalizationisMandatoryforyourSOC
“Theorganizationconsumingthedatamustdevelopandconsistently
useastandardformatforlognormalization.”– JeffBollingeret.
al.,CiscoCSIRT
Yourfieldsdon’tmatch?Goodluckcreatinginvestigativequeries
![Page 41: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/41.jpg)
41
AssetInventoryandIdentityData
Oftenmultiplesourcesofrecord– that’sOK• CMDB,Vuln scans,Passivedetection,DHCP,NAC• Activedirectory,LDAP,IAM
NetworkdiagramsCategorization• PCI,ICS,Administrative,Default,
ComprehensiveyetlightweightandeasytomaintainMustbeeasytocorrelatetologdata
![Page 42: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/42.jpg)
42
CaseandInvestigationManagement• Ticketingsystem• Workflow• Supportsprioritization• Supportscollaborativeinvestigation• Providesmetrics• Supportsautomation• Auditable
![Page 43: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/43.jpg)
43
CommonSOCDataSources• Firewall• Networkmetadata• Authentication• Server• Windows/Linux
• Endpoint• EDR,AV,HD/RAMimages
• IDS/IPS• VPN• Application• Threatintel• Vulnerability• AssetsandIdentities
![Page 44: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/44.jpg)
SplunkastheSecurityOperationsNerveCenter
![Page 45: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/45.jpg)
45
SplunkastheSecurityOperationsNerveCenter
![Page 46: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/46.jpg)
46
1.AdoptanAdaptiveSecurityArchitecture
ToPrevent,Detect,Respond andPredictneed:- Correlationacrossallsecurityrelevantdata- Insights fromexistingsecurityarchitectures- Advancedanalyticstechniquessuchasmachinelearning
PlatformforOperationalIntelligence
4000+AppsandAdd-Ons
SplunkSecuritySolutions
![Page 47: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/47.jpg)
47
2.ThreatIntelligence– SplunkThreatIntelFrameworkAutomatically collect,aggregateandde-duplicatethreatfeedsfromabroadsetofsources
SupportforSTIX/TAXII,OpenIOC,Facebookandmore
BuildyourowndatatocreateyourownThreatIntel
OutoftheboxActivity andArtifact dashboards
Prioritize,contextualizeandanalyzethreatsandremediate
LawEnforcementFeeds
ISACFeed
AgencyFeeds
CommercialService
CommunityFeed
Open-SourceFeed
OtherEnrichmentServices
• Monitorandtriagealerts• Determineimpactonnetwork,assets
• Useforanalysis/IR• Collect/provideforensics• Usetohunt/uncover/linkevents
• Shareinfowithpartners
![Page 48: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/48.jpg)
48
3.UseAdvancedAnalytics– NativeMLandUBASimplifydetectionandfocusonrealalerts
Accelerateanomalyandthreatdetection– minimizeattacksandinsiderthreat
UseMachineLearningtoolkit- solutionstosuityourworkflow
PremiumMachinelearningsolution- UserBehaviorAnalytics– FlexibleworkflowsforSOCManager,SOCanalystandHunter/InvestigatorwithinSIEM
![Page 49: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/49.jpg)
49
4.ProactivelyHuntandInvestigate- Considerations● Organizationalmaturity
● Domainandproductexperience
● Tools:Network,Endpoint,ThreatIntel,Access
● Securityrelevantdata,historical,rawdata● Flexibilityandadhoc
![Page 50: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/50.jpg)
50
5.Automatewheneverfeasible
App Servers
Network
ThreatIntelligence
Firewall
InternalNetworkSecurity Endpoints
Userulesandmachinelearningtoautomateroutineaspectsofdetectionandinvestigation
Extractinsights fromexistingsecuritystackbyuseofcommoninterface
Takeactionswithconfidenceforfaster decisionsandresponseAutomateanyprocessalongthecontinuousmonitoring,response&analyticscycle
SplunkAdaptiveResponse
![Page 51: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/51.jpg)
51
WhatisSplunkEnterpriseSecurity?
51
EnterpriseSecurityAssetandIdentity
Correlation
NotableEvent
ThreatIntelligence
RiskAnalysis
AdaptiveResponse
AcollectionofFrameworks
![Page 52: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/52.jpg)
52
SplunkSecurityPartnershttps://www.splunk.com/partners/
![Page 53: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/53.jpg)
CustomerSuccess
![Page 54: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/54.jpg)
54
BuildinganIntelligenceDrivenSOCChallenges• ExistingSIEMnotadequate- struggledtobringinappropriatedata• Unabletoperformadvancedinvestigations,severescale/performanceissues• LookingtobuildanewSOCwithmodernsolution
CustomerSolution• Centralizedloggingofallrequiredmachinedataatscaleandfullvisibility• Retainallrelevantdatafrom10+datasources whichisusedby25+SOC/CSIRTusers• Tailoredadvancedcorrelationsearches&IRworkflow• Fasteranddeeperincidentinvestigations• GreaterSOCefficiencies - allSOC/CSIRTworkingoffsameUI/data• Executivedashboardstomeasureandmanagerisk
54
![Page 55: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/55.jpg)
55
CitywideSOCforsituationalawarenessChallenges• Slowresponsestosecurityincidents
• Inadequatesituationalawarenessofsecurityevents
• Limitedthreatintelligence
• Disparatelogsfromover40departmentsweredifficulttoaggregate
CustomerSolution:SplunkCloudwithEnterpriseSecurity• Real-time,citywide,24/7networksurveillance
• Strongerprotectionofdigitalassetsandinfrastructure
• Sharedthreatintelligencewithfederalagencies
• Reducedheadcountandloweroperationalcosts
![Page 56: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/56.jpg)
56
BuildaninsourcedSOCinmonthsChallenges• Widerangeofsecurityrequirements
– Internalaudits(financial,PCI)– Protectinternalinfoandassets– Cloudfirewall,DDOS
• CulturalandOrganizational– Securitynotapriority,OutsourcedSecOps– Informationhoardinganddatasilos
CustomerSolution:SplunkEnterpriseSecurity• Changedculture- securityfirstmindsetwithcontrols
• Detect,preventandrespondtoattacksinownenvironment,with24/7securityanalysisofcustomers
• Rapiddetectionanddeepinvestigation
• DetectWebAppattacks,discovercompromisedcards
![Page 57: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/57.jpg)
57
MaturingSOCChallenges• LegacySIEM:Unstable,Inflexible,Clunky
• Limitedskilledresources
• Highfalsenegativeandfalsepositive
CustomerSolution:SplunkCloudwithEnterpriseSecurity• Developedprocesses:Ruleset,naming
• SOCprocess:Playbook,training,automateddocumentation
• EnabledSOCtoidentifypatternsofbehaviorinasingleeventratherthanbebombardedbythousandsoflow-valueincidents
![Page 58: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/58.jpg)
Wrappingup
![Page 59: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/59.jpg)
FreeCloudTrial
FreeSoftwareDownload
FreeEnterpriseSecurity
Sandbox
Getstartedinminutes– splunk.com
1 32
![Page 60: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/60.jpg)
Copyright©2016SplunkInc.
• 5,000+ITandBusinessProfessionals• 175+Sessions• 80+CustomerSpeakers
PLUSSplunk University• Threedays:Sept23-25,2017• GetSplunk CertifiedforFREE!• GetCPEcreditsforCISSP,CAP,SSCP
SEPT25-28,2017WalterE.WashingtonConventionCenterWashington,D.C.CONF.SPLUNK.COM
The8th AnnualSplunkWorldwideUsers’Conference
![Page 61: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/61.jpg)
Copyright©2016SplunkInc.
![Page 62: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/62.jpg)
62
CanIplayBOTS?
62
Yes!
• RSAConference2017
• Splunk.conf2017
• Online/continuous?Staytuned
Newscenariosanddatasets
![Page 63: Building an Analytics Enables SOC](https://reader033.vdocument.in/reader033/viewer/2022051318/586fb2ef1a28abe57d8b6a93/html5/thumbnails/63.jpg)
63
ResourcesCitedHowtoPlan,Design,OperateandEvolveaSOC
https://www.gartner.com/doc/3479617CraftingtheInfoSecPlaybook
https://www.amazon.com/Crafting-InfoSec-Playbook-Security-Monitoring/dp/1491949406SplunkSOCAdvisoryServices
https://www.splunk.com/pdfs/professional-services/soc-advisory-services.pdfTenStrategiesofaWorld-ClassCybersecurityOperationsCenter
https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdfMaturingWorkday’sSOCwithSplunk
https://conf.splunk.com/files/2016/slides/maturing-workdays-soc-with-splunk.pdfTheFiveCharacteristicsofanIntelligenceDrivenSecurityOperationsCenter
https://www.gartner.com/doc/3160820/characteristics-intelligencedriven-security-operations-centerTheWho,What,Where,When,WhyandHowofEffectiveThreatHunting
https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-hunting-36785
ExploringtheFrameworksofSplunkEnterpriseSecurityhttps://conf.splunk.com/files/2016/slides/exploring-the-frameworks-of-splunk-enterprise-security.pdf