Contenu connexe Similaire à Drive More Value from your SOC Through Connecting Security to the Business (20) Drive More Value from your SOC Through Connecting Security to the Business1. © 2019 SPLUNK INC.© 2019 SPLUNK INC.
Drive More Value from Your Security Operations:
Connecting Security to the Business
With Splunk
James Hanlon | Director of Security Specialization, EMEA
13 June 2019
2. © 2019 SPLUNK INC.
Who am I
▶ Director of Splunk Security
Specialization for EMEA
▶ Work with many large & small
Splunk security customers
▶ Provide customer security
advisory services
▶ 17+ years in Security
3. © 2019 SPLUNK INC.
We Listen
We Learn
We Understand
We Bring It Back
What is value in security
operations?
4. © 2019 SPLUNK INC.
What is the value of
Security in 2019?
Even for some security teams, this can be hard to define
5. © 2019 SPLUNK INC.
How much more valuable is a secure
company worth than an insecure one?
How much security is
enough?
How should security
resources be invested
and applied for optimal
ROI?
What is the impact of
the threat?
6. © 2019 SPLUNK INC.
Adequate Security
(Risk Managed)
Security ROI (SROI)
Sufficient Security
(Compliance Driven)
Differentiated
Security
7. © 2019 SPLUNK INC.
© 2019 SPLUNK INC.
▶ Organizational
Awareness
▶ Understanding
the threat
exposure &
profile
▶ Demonstrating
the value of
Security
Organizational Situational Awareness &
Threat Profile
© 2019 SPLUNK INC.
▶ Clarity of
mission
▶ Known
current and
future state
▶ How to
transform
security
The Security
Mission
© 2019 SPLUNK INC.
▶ Ownership
▶ Volume
▶ Technical know how
Getting Data Visibility
for the Security
© 2019 SPLUNK INC.
▶ Legacy IT complexity
▶ Emergent Technology
▶ Consolidation drives &
cost reduction
IT Complexity and Emerging Digital Channels
© 2019 SPLUNK INC.
Security Operations Processes & Resources
▶ Hire ▶ Automate▶ Develop ▶ Optimize▶ Retain
© 2019 SPLUNK INC.
Prescriptive Security Operations Guidance
What to do first, second and last (or not at all)?
© 2019 SPLUNK INC.
416
78
▶ MTTD
▶ MTTR
▶ Dwell Time
▶ TTV
Time
© 2019 SPLUNK INC.
▶ Security Analytics
▶ Machine Learning (AI)
▶ Automation
▶ Cloud based SecOps
The Expansive & Emergent Security
Technology Landscape
8. © 2019 SPLUNK INC.
So, the value of security can often be characterized by the
organizational strategy…and the barriers
9. © 2019 SPLUNK INC.
We Listen
We Learn
We Understand
We Bring It Back
10. © 2019 SPLUNK INC.
Translating the Value of Splunk Security
Security Data Analytics
Value: Gain full data visibility of any
legacy or emergent technology or platform
Driver: Risk mitigation Whether on-prem or cloud,
Splunk data and non-Splunk data sources can easily be
ingested into and segmented by the tool.
Security Automation
Value: lower human workloads, security
process inefficiency & MTTR
Driver: cost avoidance
Security Machine Learning (AI)
Value: Detect unknows / detect faster
Driver: cost avoidance, risk mitigation
Integrated Security Platform
Value: Increase TTV through integrated,
consolidated and contextual toolsets
Driver: cost avoidance r on-prem or cloud, Splunk
data and non-Splunk data sources can easily be ingested into
and segmented by the tool.
Flexible Visualisation & Reporting
Value: Increase security visibility and
organizational business insights
Driver: Risk mitigation
Prescriptive Security Content
Value: be guided by industry led advice
Driver: cost avoidance
11. © 2019 SPLUNK INC.
NETWORK
THREAT
INTELLIGENCE
MOBILE
ENDPOINTS
IDENTITY
AND ACCESS
CLOUD
SECURITY
WAF AND APP
SECURITY
WEB PROXY
FIREWALL
ANALYTICS
ORCHESTRATION
Observe
Decide
Orient
Act
Splunk’s Security Vision
90%
TIER 1 ANALYST WORK WILL BE
AUTOMATED
50%
TIME NOW SPENT TUNING DETECTION
AND RESPONSE LOGIC
1PLATFORM TO ORCHESTRATE THEM ALL
12. © 2019 SPLUNK INC.
Splunk Security Operations Suite
P L A T F O R M
D A T A
S O U R C E S
U S E C A S E S
A P P L I C A T I O N S
Security
ContentUpdates Security Monitoring
Logs Business Context Threat Intelligence
+
Compliance & Data
Privacy
Advanced Threat
Detection
Incident Investigation &
Forensics
Insider Threat
Detection
Incident Response
Fraud Analytics &
Detection
SOC Automation
13. © 2019 SPLUNK INC.
We Listen
We Learn
We Understand
We Bring It Back
Helping you unlock the
value of Splunk Security
14. © 2019 SPLUNK INC.
Introducing the Security Prescriptive Path
Helping You Drive More from your Splunk Investment
15. © 2019 SPLUNK INC.
>
>
Security Paths Value Paths
Security
Operations
Compliance
>Fraud
faster detection and triage of
security alerts and insider threats
better discovery of targeted and
advanced threats
faster investigation and
remediation of security incidents
reduced risk of breach, disruption,
damage and data leakage
reduction in compliance
reporting time
reduction in potential
compliance penalties
reduction in risk of fraud
reduction in fraud losses
Compliance
Fraud Monitoring and Investigation
Insider
Threat
SOAR
Security
Investigation
Security
Monitoring
Advanced
Thread
Incident
Response &
Forensics
3 Paths - 8 Security Use Cases - 70 Security Capabilities
16. © 2019 SPLUNK INC.
Examples of how Customers have realized value Splunk Security
“The How”
17. © 2019 SPLUNK INC.
Addressing The Barriers to Value:
Data Volume, Data Visibility & IT Complexity
How Splunk Security Analytics Drives Value
Any Data Analytics Investigative Platform
18. © 2019 SPLUNK INC.
Investigation & Analytics with Splunk
LEARN MORE
19. © 2019 SPLUNK INC.
Addressing The Barriers to Value:
Integrating Security Tooling | Industry Led Analytics Guidance
How Splunk Security Analytics Drives Value
Pre-built Security
Workflows
Guided Security
Analytics
20. © 2019 SPLUNK INC.
Triage & Investigation Workflows
LEARN MORE
21. © 2019 SPLUNK INC.
LEARN MORE
Operationalizing Security Analytics Content Development
22. © 2019 SPLUNK INC.
Addressing The Barriers to Value:
Human Workload | Process Repeatability
Automate Security
Tasks
Process Efficiency &
Repeatability
How Splunk Security Analytics Drives Value
23. © 2019 SPLUNK INC.
Security Automation with Splunk
LEARN MORE
24. © 2019 SPLUNK INC.
Addressing The Barriers to Value:
Reduce MTTD, MTTR I Connecting with the Business
Machine Learning for
Security
How Splunk Security Analytics Drives Value
Business & IT Risk
Reporting
25. © 2019 SPLUNK INC.
LEARN MORE
Security Risk Reporting with Splunk
27. © 2019 SPLUNK INC.
Designed to help
optimize value in your
security operations
Increase security visibility,
tackle IT complexity
Provide prescriptive guidance
Increase process efficiency,
lower MTTD, MTTR
Enable business focused
security risk reporting
Security Mission
28. © 2019 SPLUNK INC.
We Listen
We Learn
We Understand
We Bring It Back
Using Analytics to
Connect Security to the
Business
30. © 2019 SPLUNK INC.
Gartner 2017
Analytics is Now A Foundational Security Operations
Capability
31. © 2019 SPLUNK INC.
Logs Wired DB Mobile IoT APIMetrics
Any volume
Any location
Any type
Machine Data
Storage
Silo 1
Storage
Silo 2
Networ
k Silo
Proxy
Silo
App
Silo
VMs
Silo
SCADA
Silo
AWS
Silo
Azure
Silo
APM
Silo
more
Silos
Servers
Silo
Data sources
IT OPERATIONS SECURITY Business AnalyticsDevOps/App analytics
Use
Cases
IoT
Different people asking different questions on the same data, in real time
Splunkbase;
1900+ Free
Apps/add-ons
Splunk>
MINT
Splunk> Industrial Asset
Management
MQTT
Modular Input
Kepware
IDF to Metrics
Splunk>
App for Infrastructure
Splunk>
Stream
JMX
JAVA
Splunk>
DB Connect
Fast Time to Value
Premium
Apps
AI / Machine Learning
accelerators
30%↓ Risk* 4%↑ supply chain
throughput **
70%+↓ QA
troubleshooting*
25%+↓ power/facility***
• 3rd Party (ServiceNow, CMDB, SIEM…)
• Structured data
> Automate
> Collaborative
incident response
SAME DATA, MULTIPLE USE CASES
Splunk Platform
(Cloud / On-prem)
DATA SOURCES CORRELATION
Data to Answers
Splunk>
Machine Learning Toolkit
70% to 90%↓ MTTR*
But an Analytics capability can do much more across
across many IT domains
32. © 2019 SPLUNK INC.
Converged Analytics for Business Value
We call this..
33. © 2019 SPLUNK INC.
Extracting Value Through Converged Data Analytics
Security, IoT & Industrial Data Analytics
34. © 2019 SPLUNK INC.
UCAS
GDPR Compliance, IT Operations & Security
35. © 2019 SPLUNK INC.
SecOps / SOC
Strategy & Metrics
(Operational Security)
Adversary,Threat,Controls,Vulnerability
orITRiskDrivenSOCstrategies
Corporate/IT
Initiative 1
Corporate
Mission &
Goals
Corporate/IT
Initiative 2
Corporate/IT
Initiative 3
Corporate/IT
Initiative N
Reducing this gap provides business enabling alignment for Security & SOC teams
Business Enabling Data & Security
Insights
(Data Analytics Enabled)
Analytics Driven Approach to Connect Security to the Business
36. © 2019 SPLUNK INC.
DEMO
Splunk Security Prescriptive Value Path (PVP)
37. © 2019 SPLUNK INC.
Realities that Worry Executives?
Only 28 percent of companies
use project performance
techniques (PMI, 2017)
Most organizations have a 70%
project failure rate (4PM)
Only 64% of projects meet their
goals (Wrike)
Executives
need prescriptive plans to
mitigate these risks
38. © 2019 SPLUNK INC.
Introducing the Security Prescriptive Path
Helping You Drive More from your Splunk Investment
39. © 2019 SPLUNK INC.
>
>
Security Paths Value Paths
Security
Operations
Compliance
>Fraud
faster detection and triage of
security alerts and insider threats
better discovery of targeted and
advanced threats
faster investigation and
remediation of security incidents
reduced risk of breach, disruption,
damage and data leakage
reduction in compliance
reporting time
reduction in potential
compliance penalties
reduction in risk of fraud
reduction in fraud losses
Compliance
Fraud Monitoring and Investigation
Insider
Threat
SOAR
Security
Investigation
Security
Monitoring
Advanced
Thread
Incident
Response &
Forensics
3 Paths - 8 Security Use Cases - 70 Security Capabilities
41. © 2019 SPLUNK INC.
Splunk are committed to
helping customer drive
more value from their
investments in Security
Read how other
customers have found
value from their
investments with Splunk
Speak to your account
team about conducting a
prescriptive value path
(PVP) assessment with
Splunk
Key Takeaways
42. © 2019 SPLUNK INC.
Learn how others have found value with Splunk
https://conf.splunk.com/
43. © 2019 SPLUNK INC.© 2019 SPLUNK INC.
Thank You.
Don’t forget to rate this session
in the SplunkLive! mobile app