Contenu connexe Similaire à Enterprise Security featuring UBA (17) Enterprise Security featuring UBA2. 2
DISCLAIMER
During the course of this presentation, we may make forward-looking statements regarding future
events or the expected performance of the company. We caution you that such statements reflect our
current expectations and estimates based on factors currently known to us and that actual events or
results could differ materially. For important factors that may cause actual results to differ from those
contained in our forward-looking statements, please review our filings with the SEC. The forward-
looking statements made in this presentation are being made as of the time and date of its live
presentation. If reviewed after its live presentation, this presentation may not contain current or
accurate information. We do not assume any obligation to update any forward-looking statements
we may make. In addition, any information about our roadmap outlines our general product direction
and is subject to change at any time without notice. It is for informational purposes only and shall
not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to
develop the features or functionality described or to include any such feature or functionality in a
future release.
7. 7
Enterprise Security
Provides: SIEM and Security Nerve Center for security operations/command centers
Functions: alert management, detects using correlation rules (pre-built), incident
response, security monitoring, breach response, threat intelligence automation,
statistical analysis, reporting, auditing
Persona service: SOC Analyst, security teams, incident responders, hunters, security
managers
Detections: pre-built advanced threat detection using statistical analysis, user
activity tracking, attacks using correlation searches, dynamic baselines
7
10. 10
Splunk Positioned as a Leader in Gartner 2016 Magic Quadrant
for Security Information and Event Management*
*Gartner, Inc., 2016 Magic Quadrant for Security Information and Event Management, and Critical Capabilities for Security Information and Event Management, Oliver Rochford, Kelly M. Kavanagh, Toby Bussa. 10 August 2016 This graphic
was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Splunk. Gartner does not endorse any vendor,
product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Four Years in a Row as a Leader
Furthest overall in Completeness
of Vision
Splunk also scores highest in 2016
Critical Capabilities for SIEM
report in all three Use Cases
11. 11
11
Splunk scores highest in 2016 Critical Capabilities for SIEM* report
in all three Use Cases
*Gartner, Inc., Critical Capabilities for Security Information and Event Management, Oliver Rochford, Kelly M. Kavanagh, Toby Bussa. 10 August 2016 This graphic was published by Gartner, Inc. as part of a larger research document and
should be evaluated in the context of the entire document. The Gartner document is available upon request from Splunk. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise
technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner
disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
12. 12
SIEM Use Cases
* Gartner Research Document : 2016 Critical Capabilities for SIEM
Basic Security Monitoring
Advanced Threat Defense
Forensics and Incident
Management
Real-time Monitoring
User monitoring
Incident Response and Management
Advanced Analytics
Threat intelligence & Business Context
Advanced Threat Defense
Data and application monitoring
Deployment and Support Flexibility
Critical Capabilities* ES Frameworks
Notable Events
Asset & Identity
Threat Intelligence
Risk Analysis
Adaptive Response
14. 14
Splunk Enterprise Security – SIEM and Security Nerve Center
14
Q2 2015 Q4 2015
ES 4.5
• Adaptive
Response
• Glass Tables
• Adaptive
Response
partner
enablement
ES 4.1
• Behavior
Anomalies
• Risk and Search in
Incident Review
• Facebook
ThreatExchange
ES 3.3
• Threat Intel
Framework
• User Activity
Monitoring
• Content Sharing
• Data Ingestion
ES 4.0
• Breach Analysis
• Integration with
Splunk UBA
• Enterprise
Security
Framework
Q2 2016
ES 4.2
• Adaptive
Response
enablement
• Performance
• Actions
Dashboard
• Search Driven
Lookup
Q3 2016
35. A Few CUSTOMER FINDINGS
q Malicious Domain
q Beaconing Activity
q Malware: Asprox
q Webshell Activity
q Pass The Hash Attack
q Suspicious Privileged
Account activity
q Exploit Kit: Fiesta
q Lateral Movement
q Unusual Geo Location
q Privileged Account
Abuse
q Access Violations
q IP Theft
RETAIL HI-TECH MANUFACTURING FINANCIAL