lift off 2017: transforming security
TRANSCRIPT
Haiyan SongSVP Security Markets, Splunk
Transforming Security
Haiyan Song
SVP Security Markets, Splunk
S E C U R I T Y T R A N S F O R M AT I O N
S P L U N K S E C U R I T Y
D E L I V E R I N G S E C U R I T Y
E N D TO E N D
S E C U R I T Y T R A N S F O R M AT I O N
7
Data completeness & coverage
Multiple, dynamic relationships
New Approach to Security NeededTraditional New
Data reduction
Event correlation
IT risk Business risk
Event based … and time, user, phase, more…
Needle in a haystack
Power user
Detect attacks
Hay in haystack
All users
Detect & respond to attack lifecycle
On Premise or MSSP Hybrid deployment & management
Transforming SecuritySituational Awareness
Transforming SecuritySituational Awareness Analysis and Rapid Response
Transforming SecurityMonitoring Center
Transforming SecurityMonitoring Center Command Center
Share
Block
Context
Detect
Transforming SecurityHuman Authoring
Transforming SecurityHuman Authoring Human – Machine Learning
S P L U N K S E C U R I T Y
Analytics-Driven Security
RISK-BASED CONTEXT ANDINTELLIGENCE
CONNECTING DATA AND PEOPLE
110110111110101001000
01111011111010100110100 1101101111101010010000
01111011111010100110100
Splunk Security Use Cases
Fraud Detection
Insider Threat
AdvancedThreat
Detection
Security and Compliance
Reporting
Incident Investigations and Forensics
Real-Time Monitoring of
Known Threats
SPLUNK SECURITY FRAMEWORKMachine Learning, Threat Models, Risk Scoring, Threat Intel, Notable event, etc.
Splunk Security VisionSECURITY MARKET
SIEM (Security Information Event Management)
SECURITYANALYTICS
MANAGED SERVICE AND INTELLIGENCE SERVICE FRAUD
Enhance threat detection and SOC efficiency
User Entity Behavioral Analytics Analytics content for subscription
Behavior Analytics foundation
Platform for Machine Data
Splunk is the Security Nerve Center
WAF & AppSecurity
Orchestration
Network
Threat Intelligence
Internal Network Security
Identity and Access
Firewall
Web Proxy
Endpoints
Splunk is the Security Nerve Center
WAF & AppSecurity
Orchestration
Network
Threat Intelligence
Internal Network Security
Identity and Access
Firewall
Web Proxy
Endpoints
Splunk is the Security Nerve Center
WAF & AppSecurity
Orchestration
Network
Threat Intelligence
Internal Network Security
Identity and Access
Endpoints
Firewall
Web Proxy
Center for Security Command & Control
rules
Correlation
statisticalAnalysis/
Anomaly detection
AutomationBehavior analysis
EnablingCapability
Role / Function
Center for Security Situational
Awareness
Orchestrated,Analytics-
DrivenSecurity
Evolution of the SOC
alerting
forensics
log / eventaggregation
machinelearning
monitoringstation
operationsclearinghouse
proactive, adaptive nerve center
D E L I V E R I N G S E C U R I T Y
E N D TO E N D
Solution Architecture
SOLUTIONS
Ana
lytic
s, A
war
enes
s &
Act
ion
Adaptive Response Actions
(THIRD PARTY)
DATA SOURCES
PLATFORM
Mon
itorin
g
Real-Time Monitoring
Advanced Threat Detection
Anti-FraudInsider ThreatsSecurity and Compliance Reporting
Incident Investigationsand Forensics
USE CASES
Cloud Strategy is Critical to Security Transformation
Visibility is key to Security
24
25
Achieving Hybrid VisibilityIndex Untapped Data: Any Source, Type, Volume
Online Services
Web Services
Servers Security GPS Location
StorageDesktops
Networks
Messaging
TelecomsOnline
Shopping Cart
Web Clickstreams
Databases
Energy Meters
RFID
On-Premises
Private Cloud
End-to-End ContextIncluding Cloud Workloads
Application Delivery
Security, Compliance, and Fraud
IT Operations
Business Analytics
Industrial Data andthe Internet of Things
Public Cloud
Config
Lambda
EC2
Containers
CloudTrail
Automation and Service Standardization
Managed Security Services
• “Second set of eyes”• Help keep up with threats, APTs, breaches• Bifurcate responsibilities • Continuous monitoring (follow the sun)• Better alignment of internal skillsets / resources • Leverage more data without additional cost• Optimize resources / offload regulatory review
workload during audit
Delivering Security end to EndHerjavec Group + AWS + Splunk
Thank you