This document discusses how Splunk can help organizations drive more value from their security operations through connecting security to the business. It introduces Splunk's Security Prescriptive Path, which provides a prescriptive guidance to help optimize security resources and processes. Examples are given of how Splunk customers have realized value through gaining better data visibility, integrating security tools, automating security tasks, and enabling business-focused security risk reporting with machine learning and analytics capabilities. The document advocates assessing a organization's security operations using Splunk's Prescriptive Value Path to identify priority areas for improving security and linking it to business objectives.

1. © 2019 SPLUNK INC.© 2019 SPLUNK INC.
Drive More Value from Your Security Operations:
Connecting Security to the Business
With Splunk
James Hanlon | Director of Security Specialization, EMEA
13 June 2019

2. © 2019 SPLUNK INC.
Who am I
▶ Director of Splunk Security
Specialization for EMEA
▶ Work with many large & small
Splunk security customers
▶ Provide customer security
advisory services
▶ 17+ years in Security

3. © 2019 SPLUNK INC.
We Listen
We Learn
We Understand
We Bring It Back
What is value in security
operations?

4. © 2019 SPLUNK INC.
What is the value of
Security in 2019?
Even for some security teams, this can be hard to define

5. © 2019 SPLUNK INC.
How much more valuable is a secure
company worth than an insecure one?
How much security is
enough?
How should security
resources be invested
and applied for optimal
ROI?
What is the impact of
the threat?

6. © 2019 SPLUNK INC.
Adequate Security
(Risk Managed)
Security ROI (SROI)
Sufficient Security
(Compliance Driven)
Differentiated
Security

7. © 2019 SPLUNK INC.
© 2019 SPLUNK INC.
▶ Organizational
Awareness
▶ Understanding
the threat
exposure &
profile
▶ Demonstrating
the value of
Security
Organizational Situational Awareness &
Threat Profile
© 2019 SPLUNK INC.
▶ Clarity of
mission
▶ Known
current and
future state
▶ How to
transform
security
The Security
Mission
© 2019 SPLUNK INC.
▶ Ownership
▶ Volume
▶ Technical know how
Getting Data Visibility
for the Security
© 2019 SPLUNK INC.
▶ Legacy IT complexity
▶ Emergent Technology
▶ Consolidation drives &
cost reduction
IT Complexity and Emerging Digital Channels
© 2019 SPLUNK INC.
Security Operations Processes & Resources
▶ Hire ▶ Automate▶ Develop ▶ Optimize▶ Retain
© 2019 SPLUNK INC.
Prescriptive Security Operations Guidance
What to do first, second and last (or not at all)?
© 2019 SPLUNK INC.
416
78
▶ MTTD
▶ MTTR
▶ Dwell Time
▶ TTV
Time
© 2019 SPLUNK INC.
▶ Security Analytics
▶ Machine Learning (AI)
▶ Automation
▶ Cloud based SecOps
The Expansive & Emergent Security
Technology Landscape

8. © 2019 SPLUNK INC.
So, the value of security can often be characterized by the
organizational strategy…and the barriers

9. © 2019 SPLUNK INC.
We Listen
We Learn
We Understand
We Bring It Back

10. © 2019 SPLUNK INC.
Translating the Value of Splunk Security
Security Data Analytics
Value: Gain full data visibility of any
legacy or emergent technology or platform
Driver: Risk mitigation Whether on-prem or cloud,
Splunk data and non-Splunk data sources can easily be
ingested into and segmented by the tool.
Security Automation
Value: lower human workloads, security
process inefficiency & MTTR
Driver: cost avoidance
Security Machine Learning (AI)
Value: Detect unknows / detect faster
Driver: cost avoidance, risk mitigation
Integrated Security Platform
Value: Increase TTV through integrated,
consolidated and contextual toolsets
Driver: cost avoidance r on-prem or cloud, Splunk
data and non-Splunk data sources can easily be ingested into
and segmented by the tool.
Flexible Visualisation & Reporting
Value: Increase security visibility and
organizational business insights
Driver: Risk mitigation
Prescriptive Security Content
Value: be guided by industry led advice
Driver: cost avoidance

11. © 2019 SPLUNK INC.
NETWORK
THREAT
INTELLIGENCE
MOBILE
ENDPOINTS
IDENTITY
AND ACCESS
CLOUD
SECURITY
WAF AND APP
SECURITY
WEB PROXY
FIREWALL
ANALYTICS
ORCHESTRATION
Observe
Decide
Orient
Act
Splunk’s Security Vision
90%
TIER 1 ANALYST WORK WILL BE
AUTOMATED
50%
TIME NOW SPENT TUNING DETECTION
AND RESPONSE LOGIC
1PLATFORM TO ORCHESTRATE THEM ALL

12. © 2019 SPLUNK INC.
Splunk Security Operations Suite
P L A T F O R M
D A T A
S O U R C E S
U S E C A S E S
A P P L I C A T I O N S
Security
ContentUpdates Security Monitoring
Logs Business Context Threat Intelligence
+
Compliance & Data
Privacy
Advanced Threat
Detection
Incident Investigation &
Forensics
Insider Threat
Detection
Incident Response
Fraud Analytics &
Detection
SOC Automation

13. © 2019 SPLUNK INC.
We Listen
We Learn
We Understand
We Bring It Back
Helping you unlock the
value of Splunk Security

14. © 2019 SPLUNK INC.
Introducing the Security Prescriptive Path
Helping You Drive More from your Splunk Investment

15. © 2019 SPLUNK INC.
>
>
Security Paths Value Paths
Security
Operations
Compliance
>Fraud
 faster detection and triage of
security alerts and insider threats
 better discovery of targeted and
advanced threats
 faster investigation and
remediation of security incidents
 reduced risk of breach, disruption,
damage and data leakage
 reduction in compliance
reporting time
 reduction in potential
compliance penalties
 reduction in risk of fraud
 reduction in fraud losses
Compliance
Fraud Monitoring and Investigation
Insider
Threat
SOAR
Security
Investigation
Security
Monitoring
Advanced
Thread
Incident
Response &
Forensics
3 Paths - 8 Security Use Cases - 70 Security Capabilities

16. © 2019 SPLUNK INC.
Examples of how Customers have realized value Splunk Security
“The How”

17. © 2019 SPLUNK INC.
Addressing The Barriers to Value:
Data Volume, Data Visibility & IT Complexity
How Splunk Security Analytics Drives Value
Any Data Analytics Investigative Platform

18. © 2019 SPLUNK INC.
Investigation & Analytics with Splunk
LEARN MORE

19. © 2019 SPLUNK INC.
Addressing The Barriers to Value:
Integrating Security Tooling | Industry Led Analytics Guidance
How Splunk Security Analytics Drives Value
Pre-built Security
Workflows
Guided Security
Analytics

20. © 2019 SPLUNK INC.
Triage & Investigation Workflows
LEARN MORE

21. © 2019 SPLUNK INC.
LEARN MORE
Operationalizing Security Analytics Content Development

22. © 2019 SPLUNK INC.
Addressing The Barriers to Value:
Human Workload | Process Repeatability
Automate Security
Tasks
Process Efficiency &
Repeatability
How Splunk Security Analytics Drives Value

23. © 2019 SPLUNK INC.
Security Automation with Splunk
LEARN MORE

24. © 2019 SPLUNK INC.
Addressing The Barriers to Value:
Reduce MTTD, MTTR I Connecting with the Business
Machine Learning for
Security
How Splunk Security Analytics Drives Value
Business & IT Risk
Reporting

25. © 2019 SPLUNK INC.
LEARN MORE
Security Risk Reporting with Splunk

26. © 2019 SPLUNK INC.

27. © 2019 SPLUNK INC.
Designed to help
optimize value in your
security operations
 Increase security visibility,
tackle IT complexity
 Provide prescriptive guidance
 Increase process efficiency,
lower MTTD, MTTR
 Enable business focused
security risk reporting
Security Mission

28. © 2019 SPLUNK INC.
We Listen
We Learn
We Understand
We Bring It Back
Using Analytics to
Connect Security to the
Business

29. © 2019 SPLUNK INC.

30. © 2019 SPLUNK INC.
Gartner 2017
Analytics is Now A Foundational Security Operations
Capability

31. © 2019 SPLUNK INC.
Logs Wired DB Mobile IoT APIMetrics
Any volume
Any location
Any type
Machine Data
Storage
Silo 1
Storage
Silo 2
Networ
k Silo
Proxy
Silo
App
Silo
VMs
Silo
SCADA
Silo
AWS
Silo
Azure
Silo
APM
Silo
more
Silos
Servers
Silo
Data sources
IT OPERATIONS SECURITY Business AnalyticsDevOps/App analytics
Use
Cases
IoT
Different people asking different questions on the same data, in real time
Splunkbase;
1900+ Free
Apps/add-ons
Splunk>
MINT
Splunk> Industrial Asset
Management
MQTT
Modular Input
Kepware
IDF to Metrics
Splunk>
App for Infrastructure
Splunk>
Stream
JMX
JAVA
Splunk>
DB Connect
Fast Time to Value
Premium
Apps
AI / Machine Learning
accelerators
30%↓ Risk* 4%↑ supply chain
throughput **
70%+↓ QA
troubleshooting*
25%+↓ power/facility***
• 3rd Party (ServiceNow, CMDB, SIEM…)
• Structured data
> Automate
> Collaborative
incident response
SAME DATA, MULTIPLE USE CASES
Splunk Platform
(Cloud / On-prem)
DATA SOURCES CORRELATION
Data to Answers
Splunk>
Machine Learning Toolkit
70% to 90%↓ MTTR*
But an Analytics capability can do much more across
across many IT domains

32. © 2019 SPLUNK INC.
Converged Analytics for Business Value
We call this..

33. © 2019 SPLUNK INC.
Extracting Value Through Converged Data Analytics
Security, IoT & Industrial Data Analytics

34. © 2019 SPLUNK INC.
UCAS
GDPR Compliance, IT Operations & Security

35. © 2019 SPLUNK INC.
SecOps / SOC
Strategy & Metrics
(Operational Security)
Adversary,Threat,Controls,Vulnerability
orITRiskDrivenSOCstrategies
Corporate/IT
Initiative 1
Corporate
Mission &
Goals
Corporate/IT
Initiative 2
Corporate/IT
Initiative 3
Corporate/IT
Initiative N
Reducing this gap provides business enabling alignment for Security & SOC teams
Business Enabling Data & Security
Insights
(Data Analytics Enabled)
Analytics Driven Approach to Connect Security to the Business

36. © 2019 SPLUNK INC.
DEMO
Splunk Security Prescriptive Value Path (PVP)

37. © 2019 SPLUNK INC.
Realities that Worry Executives?
Only 28 percent of companies
use project performance
techniques (PMI, 2017)
Most organizations have a 70%
project failure rate (4PM)
Only 64% of projects meet their
goals (Wrike)
Executives
need prescriptive plans to
mitigate these risks

38. © 2019 SPLUNK INC.
Introducing the Security Prescriptive Path
Helping You Drive More from your Splunk Investment

39. © 2019 SPLUNK INC.
>
>
Security Paths Value Paths
Security
Operations
Compliance
>Fraud
 faster detection and triage of
security alerts and insider threats
 better discovery of targeted and
advanced threats
 faster investigation and
remediation of security incidents
 reduced risk of breach, disruption,
damage and data leakage
 reduction in compliance
reporting time
 reduction in potential
compliance penalties
 reduction in risk of fraud
 reduction in fraud losses
Compliance
Fraud Monitoring and Investigation
Insider
Threat
SOAR
Security
Investigation
Security
Monitoring
Advanced
Thread
Incident
Response &
Forensics
3 Paths - 8 Security Use Cases - 70 Security Capabilities

40. © 2019 SPLUNK INC.
Final Thoughts
Takeaways

41. © 2019 SPLUNK INC.
Splunk are committed to
helping customer drive
more value from their
investments in Security
Read how other
customers have found
value from their
investments with Splunk
Speak to your account
team about conducting a
prescriptive value path
(PVP) assessment with
Splunk
Key Takeaways

42. © 2019 SPLUNK INC.
Learn how others have found value with Splunk
https://conf.splunk.com/

43. © 2019 SPLUNK INC.© 2019 SPLUNK INC.
Thank You.
Don’t forget to rate this session
in the SplunkLive! mobile app