Splunk for Enterprise Security featuring UBA Breakout Session
•
11 j'aime•1,730 vues
Splunk for Enterprise Security featuringUBA Breakout Session
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (16)
Similaire à Splunk for Enterprise Security featuring UBA Breakout Session
Similaire à Splunk for Enterprise Security featuring UBA Breakout Session (20)
Plus de Splunk
Plus de Splunk (20)
Dernier
Dernier (20)
Splunk for Enterprise Security featuring UBA Breakout Session
- 1. Copyright © 2016 Splunk Inc. Enterprise Security & UBA Overview SplunkLive San Francisco 2016 Dave Herrald, Security Architect Splunk Security Practice
- 2. 2 2 > Dave Herrald dherrald@splunk.com | @daveherrald • Security Architect, Splunk Security Practice • 20+ years in IT and security • Operational security experience… • Information security officer, security architect, pen tester, consultant, SE, sysadmin, network engineer • GIAC GSE #79, former SANS Mentor whoami
- 3. 3 LEGAL NOTICES During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward- looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release.
- 4. 4 Agenda Splunk Portfolio Update Enterprise Security 4.1 User Behavior Analytics 2.2
- 5. 5 Splunk Solutions > Easy to Adopt VMware Platform for Machine Data Exchange PCISecurity Across Data Sources, Use Cases & Consumption Models IT Svc Int Splunk Premium Solutions Rich Ecosystem of Apps ITSI UBA UBA Mainframe Data Relational Databases MobileForwarders Syslog/TCP IoT Devices Network Wire Data Hadoop & NoSQL
- 6. 6 What’s New ? 6 UBA Results Across SIEM Workflow Rapid Investigation of Advanced Threats Enhanced Insider Threat & Cyber Attack Detection ES 4.1 + UBA 2.2 ES 4.1 UBA 2.2
- 7. Copyright © 2016 Splunk Inc. Enterprise Security 4.1 7
- 8. Machine data contains a definitive record of all interactions Splunk is a very effective platform to collect, store, and analyze all of that data Human Machine Machine Machine
- 9. 9 App Servers Network Threat Intelligence Firewall Web Proxy Internal Network Security Endpoints Splunk as the Security Nerve Center Identity
- 10. Rapid Ascent in the Gartner SIEM Magic Quadrant* *Gartner, Inc., SIEM Magic Quadrant 2011-2015. Gartner does not endorse any vendor, product or service depicted in its research publication and not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 2015 Leader and the only vendor to improve its visionary position 2014 Leader 2013 Leader 2012 Challenger 2011 Niche Player 2015
- 11. More Honors – March 2016 ● Best SIEM Solution ● Best Fraud Prevention Solution
- 12. 12 ES Fast Facts ● Current version: 4.1 announced at RSA ● Two releases per year ● Content comes from industry experts, market analysis, but most importantly YOU ● The best of Splunk carries through to ES – flexible, scalable, fast, and customizable ● ES has its own development team, dedicated support, services practice, and training courses
- 13. The best part of ES is free! ● You’ve got a bunch of systems… ● How to bring in: ● Network Gateway AV ● Windows + OS X + Linux AV ● Network Sandboxing ● Advanced Endpoint Protection Need: Common Information Model CIM = Data Normalization
- 14. Copyright © 2016 Splunk Inc. NORMALIZATION?!?
- 15. Copyright © 2016 Splunk Inc. NORMALIZATION?!? Relax. This is therefore, CIM gets applied at SEARCH TIME.
- 16. Data Normalization is Mandatory for your SOC “The organization consuming the data must develop and consistently use a standard format for log normalization.” – Jeff Bollinger et. al., Cisco CSIRT Your fields don’t match? Good luck creating investigative queries
- 17. 17 Splunk Enterprise Security – Basic, Advanced SIEM Use Cases and Security Intelligence 17 Q3 2014 Q4 2014 Q2 2015 ES 3.1 • Risk Framework • Guided Search • Unified Search Editor • Threatlist Scoring • Threatlist Audit ES 4.0 • Breach Analysis • Integration with Splunk UBA • Enterprise Security Framework ES 3.2 • Protocol Intelligence • Semantic Search ES 3.3 • Threat Intel Framework • User Activity Monitoring • Content Sharing • Data Ingestion Q4 2015 ES 4.1 • Behavior Anomalies • Risk and Search in Incident Review • Facebook ThreatExchange Q1 2016
- 18. 18 New Features in Enterprise Security 4.0 Optimize multi-step analyses to improve breach detection and response Extensible Analytics & Collaboration INVESTIGATION COLLABORATION • Investigator Journal • Attack & Investigation Timeline • Open Solutions Framework • Framework App : PCI
- 19. 19 …and, Integration with Splunk UBA SIGNATURES RULES HUMAN ANALYSIS Integrated with Splunk Enterprise Security
- 20. 20 Open Solutions Framework Supports critical security related management framework features 20 Enterprise Security Framework • Notable Events Framework • Thereat Intelligence Framework • Risk Scoring Framework • Identity & Asset Framework Customer Apps APPs / Content Partner Apps APPs / Content Splunk Apps APPs / Content • Export • Import • Share • Summarization Framework • Alerting & Scheduling • Visualization Framework • Application Framework External Instance
- 21. What’s new in Splunk Enterprise Security 4.1 ?
- 22. Splunk UBA and Splunk ES Integration SIEM, Hadoop Firewall, AD, DLP AWS, VM, Cloud, Mobile End-point, App, DB logs Netflow, PCAP Threat Feeds DATA SOURCES DATA SCIENCE DRIVEN THREAT DETECTION 99.99% EVENT REDUCTION UBA MACHINE LEARNING IN SIEM WORKFLOW ANOMALY-BASED CORRELATION 101111101010010001000001 111011111011101111101010 010001000001111011111011
- 23. 23 Behavioral Analytics in SIEM Workflow • All Splunk UBA results available in Enterprise Security • Workflows for SOC Manager, SOC analyst and Hunter/Investigator • Splunk UBA can be purchased/operated separately from Splunk Enterprise Security 23 ES 4.1 and UBA 2.2
- 24. 24 Prioritize and Speed Investigations Centralized incident review combining risk and quick search Use the new risk scores and quick searches to determine the impact of an incident quickly Use risk scores to generate actionable alerts to respond on matters that require immediate attention. ES 4.1
- 25. 25 Expanded Threat Intelligence ES 4.1 Supports Facebook ThreatExchange An additional threat intelligence feed that provides following threat indicators - domain names, IPs and hashes Use with ad hoc searches and investigations Extends Splunk’s Threat Intelligence Framework
- 26. Incident Response When working an incident which phase generally takes the longest to complete in your organization? 9% 32% 15% 16% 25% 3% 0% 5% 10% 15% 20% 25% 30% 35% Preparation Identification/Scoping Containment/Mitigation Eradication/Remediation Root Cause Analysis Lessons Learned/Recovery Column % Source: © 2016 Enterprise Management Associates, Inc. N=100
- 27. 27 Adaptive Response Initiative 27 App workflow Network Threat Intelligence Firewall Web Proxy Internal Network Security Identity Endpoints Mission: Bring together the best security technologies to help combat advanced attacks Challenge: Gather / analyze, share, act based on end- to-end context, across security domains Approach: Connect intelligence across best-of-breed: • improve security posture • quickly validate threats • systematically disrupt kill chain
- 28. ES Demo
- 29. Copyright © 2016 Splunk Inc. ES Questions? 29
- 31. 31 Enhanced Insider Threat and Cyber Attack Detection DETETION Threat Detection Framework • Custom threat modeling with anomalies Expanded Attack Coverage • Data access and physical data loss New Viewpoint • Precision, prioritization and correlation of alerts with anomalies UBA 2.2
- 32. 32 Create custom threats using 60+ anomalies. Create custom threat scenarios on top of anomalies detected by machine learning. Helps with real-time threat detection and leverage to detect threats on historical data. Analysts can create many combinations and permutations of threat detection scenarios along with automated threat detection. Detection : Custom Threat Modeling Framework UBA 2.2
- 33. 33 Detection : Enhanced Security Analytics Visibility and baseline metrics around user, device, application and protocol 30+ new metrics USER CENTRIC DEVICE CENTRIC APPLICATION CENTRIC PROTOCOL CENTRIC Detailed Visibility, Understand Normal Behavior UBA 2.2
- 34. 34 Context Enrichment Citrix NetScaler (AppFlow) FireEye Email (EX) Symantec DLP Bit9/Carbon Black Digital Guardian And many more…. Improved Precision and Prioritization of Threats Risk Percentile & Dynamic Peer Groups Support for Additional 3rd Party Device UBA 2.2
- 35. 35 TECHNOLOGY EVOLUTION 1995 2002 2008 2011 2015 END-POINT SECURITY NETWORK SECURITY EARLY CORRELATION PAYLOAD ANALYSIS BEHAVIOR ANALYSIS
- 36. 36 IN 2014, INDUSTRY SPENT $1.7 Billion SECURE EMAIL GATEWAY $1.3 Billion SECURE WEB GATEWAY $2.8 Billion ENDPOINT PROTECTION $1.2 Billion INTRUSION PREVENTION $9.4 Billion FIREWALL
- 37. 37 $16+ Billion But, we need even more tools
- 38. 38 FAMILIAR WITH THESE THREATS? January 2015 February 2015 February 2015 Morgan Stanley 730K PII Records Anthem Insurance 80M Patient Records Office of Personal Management 22M PII Records July 2015 Pentagon Unclassified Email System 4K PII Records
- 39. 39 SO, WHAT IS THE COMPROMISED / MISUSED CREDENTIALS OR DEVICES LACK OF RESOURCES (SECURITY EXPERTISE) LACK OF ALERT PRIORITIZATION & EXCESSIVE FALSE POSITIVES PROBLEM?
- 40. 40 EXTERNAL ATTACK USER ACTIVITY Peter and Sam access a compromised website - backdoor gets installed The attacker uses Peter’s stolen credential and VPNs into Domain Controller The attacker uses the backdoors to download and execute WCE – password cracker Peter’s and Sam’s devices begin communicating with CnC The attacker logs in as Sam and accesses sensitive documents from a file share The attacker steals the admin Kerberos ticket and escalates the privileges for Sam The attacker uses Peter’s VPN credential to connect, copies the docs to an external staging server, and logs out after three hours Day 1 . . Day 2 . . Day N
- 41. 41 INSIDER THREAT John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY Day 1 . . Day 2 . . Day N
- 42. 42 WHAT IS SPLUNK UBA? DETECT ADVANCED CYBERATTACKS DETECT MALICIOUS INSIDER THREATS
- 43. 43 THE FOUNDATION ANOMALY DETECTION THREAT DETECTION UNSUPERVISED MACHINE LEARNING BEHAVIOR BASELINING & MODELING REAL-TIME & BIG DATA ARCHITECTURE
- 44. 44 REAL-TIME & BIG DATA ARCHITECTURE SCALABLE ARCHITECTURE 500M EVENTS
- 45. 45 MULTI-ENTITY BEHAVIORAL MODEL Temporal Window USER HOST NETWORK APPLICATION DATA Activity A Activity N Activity A Activity N Activity A Activity N Activity A Activity N Activity A Activity N ACTIVITY A ACTIVITY C ACTIVITY F ACTIVITY B ACTIVITY L
- 46. 46 EVOLUTION COMPLEXITY RULES - THRESHOLD POLICY - THRESHOLD POLICY - STATISTICS UNSUPERVISED MACHINE LEARNING POLICY - PEER GROUP STATISTICS SUPERVISED MACHINE LEARNING LARGEST LIBRARY OF UNSUPERVISED ML ALGORITHMS
- 47. 47 DESIGNED FOR A HUNTER ANOMALY DETECTION APPLYING ML AGAINST BEHAVIOR BASELINES
- 48. 48 DESIGNED FOR A SOC ANALYST THREAT DETECTION ML DRIVEN AUTOMATED ANOMALY CORRELATION
- 49. 49 INSIDER THREAT Day 1 . . Day 2 . . Day N John connects via VPN Administrator performs ssh (root) to a file share - finance department John executes remote desktop to a system (administrator) - PCI zone John elevates his privileges root copies the document to another file share - Corporate zone root accesses a sensitive document from the file share root uses a set of Twitter handles to chop and copy the data outside the enterprise USER ACTIVITY Unusual Machine Access (Lateral Movement; Individual & Peer Group) Unusual Zone (CorpPCI) traversal (Lateral Movement) Unusual Activity Sequence Unusual Zone Combination (PCICorp) Unusual File Access (Individual & Peer Group) Multiple Outgoing Connections & Unusual SSL session duration
- 50. A Few CUSTOMER FINDINGS Malicious Domain Beaconing Activity Malware: Asprox Webshell Activity Pass The Hash Attack Suspicious Privileged Account activity Exploit Kit: Fiesta Lateral Movement Unusual Geo Location Privileged Account Abuse Access Violations IP Theft RETAIL HI-TECH MANUFACTURING FINANCIAL
- 51. UBA Demo
- 52. PROXY SERVER FIREWALL WHAT DOES SPLUNK UBA NEED? ACTIVE DIRECTORY / DOMAIN CONTROLLER DNS, DHCP SPLUNK ENTERPRISE ANY SIEM AT A MINIMUM
- 53. 53 WHAT CUSTOMERS HAVE TO SAY ABOUT SPLUNK UBA Splunk UBA is unique in its data-science driven approach to automatically finding hidden threats rather than the traditional rules-based approaches that doesn’t scale. We are pleased with the efficacy and efficiency of this solution as it makes the life of our SOC analysts’ way better. Mark Grimse, VP IT Security, Rambus A layered defense architecture is necessary to combat modern-day threats such as cyberattacks and insider threats, and it’s crucial to use a data science driven approach in order to find unknown patterns. I found Splunk UBA to be one of the most advanced technologies within the behavioral analytics space. Randolph Barr, CSO, Saba
- 54. 54 WHY SPLUNK UBA? THE MOST ADVANCED UEBA TECHNOLOGY THE LARGEST INVESTMENT IN MACHINE LEARNING A COMPLETE SOLUTION FROM SPLUNK DETECT THE UNKNOWNS IMPROVE SOC & HUNTER EFFICIENCY
- 55. UBA Questions?
- 56. 56 Northern Cal Tech Talks! Monthly WebEx Sessions • Ted Talk style presentation • Q&A Chat forum So what’s next on the agenda? • March 23rd @ 10AM PST - Building & Deploying Apps. • April 20th @ 10AM PST - Top 5 most useful search commands. See more at: http://live.splunk.com/NorCalTechTalks
- 57. 57 SEPT 26-29, 2016 WALT DISNEY WORLD, ORLANDO SWAN AND DOLPHIN RESORTS • 5000+ IT & Business Professionals • 3 days of technical content • 165+ sessions • 80+ Customer Speakers • 35+ Apps in Splunk Apps Showcase • 75+ Technology Partners • 1:1 networking: Ask The Experts and Security Experts, Birds of a Feather and Chalk Talks • NEW hands-on labs! • Expanded show floor, Dashboards Control Room & Clinic, and MORE! The 7th Annual Splunk Worldwide Users’ Conference PLUS Splunk University • Three days: Sept 24-26, 2016 • Get Splunk Certified for FREE! • Get CPE credits for CISSP, CAP, SSCP • Save thousands on Splunk education!
- 58. Thank You!
Notes de l'éditeur
- The Splunk platform consists of multiple products and deployment models to fit your needs. Splunk Enterprise – for on-premise deployment Splunk Cloud – Fully managed service with 100% SLA and all the capabilities of Splunk Enterprise…in the Cloud Splunk Light – log search and analytics for small IT environments Hunk – for analytics on data in Hadoop The products can pull in data from virtually any source to support multiple use cases. Splunk Apps extend and simplify deployments by providing pre-packaged content designed for specific use cases and data types.
- Splunk excels at creating a data fabric Machine data: Anything with a timestamp, regardless of incoming format. Throw it all in there! Collect it. Store it in one place. Make it accessible for search/analytics/reporting/alerting. DETECTION NOT PREVENTION! ASSUME BREACH! So we need a place we can go to DETECT attacks. DETECT breaches. DETECT the “weird.” So if you had a place to see “everything” that happened… ….what would that mean for your SOC and IR teams?
- We see Splunk as your security nerve center. Security organizations are moving towards putting Splunk at the center of everything. . There’s literally nothing in your environment today when it comes to data that Splunk cannot either ingest or leverage. Just a few of those categories are shown here – some of them are quite typical, like your proxy and firewall data. Others less so – your internal badge readers and cameras, for example. Or the ability to correlate all of your data artifacts with IOCs from your threat intelligence sources. All in one place, all at scale, all in real time. That doesn’t mean that Splunk is always the first place that people go – sometimes Splunk may be feeding another tool, like a traditional SIEM. But Splunk always ends up being the place to see “all of the detail” and the place where customers can mash up the data between many disparate sources.
- Our rapid ascent reflects the customer traction we have and value we deliver to customers – with thousands of security customers and 40% year-over-year growth, we are the fastest growing SIEM vendor in the market. 2011 was our first time in the MQ; In 2 short years we raced up to the top quadrant in the MQ.
- 3.3. 3.0 was the first release done against Splunk 6 and that was a huge step forward – mainly because of the use of CIM and accelerated data models. Unlike other competitive solutions ES is constantly evolving – on average twice a year. Upgrades are pretty seamless. Where does content come from? All of the typical places but most importantly it comes from YOU. We take the best ideas that you give us, and we productize them and make them scalable and supportable. Splunk is more than a product – it is a wide open platform that inspires. None of this is lost in ES – splunk with ES is just as flexible and customizable. And it leverages technology in the core product like mapreduce and data models. You need ES to scale to the security intelligence needs of a huge enterprise? No problem. ES has its own dev team and roadmap, dedicated support individuals, a services practice schooled in it and other complementary infosec. Also lots of training is available.
- Underneath ES, there’s this concept called the Common Information Model….This performs normalization on data so that if we have four different AV solutions, for example, in our environment, we can report on them and analyze them and correlate across all of their data regardless of vendor. So normally when we hear normalization…
- …that’s evil. Normalization=bad because it is difficult to customize and maintain, and brittle. But that applies to schema-based normalization, and with splunk…
- …we apply our normalization at search time. Which means that even if you have some old data lying around that was onboarded incorrectly, or if the format of the data changes suddenly, you can tweak the field extractions underneath the CIM and go on with your life.
- It isn’t just us that thinks some form of data normalization is a good idea, especially for security analytics. If you haven’t checked it out, there’s a fantastic book published recently by three guys that work in the Cisco CSIRT, and they detail their extensive use of Splunk for security analysis. They make a strong point early on in the book about the role of data normalization. They mention that each event generated should have the… -Date and Time -Type of action performed -Subsystem performing the action -Identifiers for the object requesting the action -Identifiers for the object providing the action -Status, outcome, or result of the action So CIM helps us get significant regularity out of similar but disparate data types. Also allows cross-domain correlation like IDS to Vuln.
- Let’s talk about “What’s new in Enterprise Security 4.0” First Pillar is investigation : It’s a major release because the design is to Optimized multi-step analyses, specifically for breach analysis. In order for us to accomplish the goal, we are introducing Investigator Journal which is a feature that tracks analyst’s action Attack & Investigation timeline that puts analysis events and notes in timeline to address our plan toward managing kill chain concept. Second pillar is Collaboration : We understand that security is coordination of people and expertise which involves team efforts. So, we believed that it is important to introduce, ES as Open Solutions Framework where analysts and communities can share knowledge objects or ES specific extended features. As an example, PCI app is re written on top of ES open Solutions Framework, PCI conveniently reuses features in ES, like notable events framework, threat intelligence framework, asset and identity framework.. Etc..
- UBA is an entirely new, separate product that applies unsupervised machine learning and data science to the behaviors of users, devices, applications, etc within the environment. It has 31 different models that it applies to incoming event data, within which anomalies are tracked and threats are surfaced. You’ll hear a whole lot more about UBA later, but in ES 4.0 we ship out of the box bidirectional integration. Threats from UBA show up as notable events in ES and can be interacted with. And these threats in turn can be analyzed in UBA to see all of the related anomalies.
- So our vision was to create flexible, yet powerful. Of course open frameworks where we can nurture and embrace our overall eco-system which includes, customer, resellers, technology partners and even students who wants to develop cools features, rules, intelligent feeds etc. on top of ES. the community can easily share the knowledge or provide a mechanism to accelerate the innovation trends. Customers, vendors and third parties can create and extend the functionality of ES, and run the contents within the ES framework. The content can be imported and exported. Developers can share new apps and modules internally, / or distribute them to the Splunk community on splunkbase Content packs have access to ES specific functionality, / including notable events, the risk framework, and the identity framework.
- Operational issues and challenges. Use dashboards, alert (correlation), correlate against observables Use them for adhoc searching and swimlanes
- a. Continuation of integration….enabled in depth investigation bring UBA anomaly as sourcetype. Significant because all field in ES is available b. Describe the solution. Value of ES, Notable Events…IR. Add context C. Increasing Threat Intel... Mention leadership and WP. Coverage.
- a. Continuation of integration….enabled in depth investigation bring UBA anomaly as sourcetype. Significant because all field in ES is available b. Describe the solution. Value of ES, Notable Events…IR. Add context C. Increasing Threat Intel... Mention leadership and WP. Coverage.
- The Adaptive Response Initiative represents the commitment and collective efforts of best-of-breed security industry vendors Participant vendors are collaborating to provide a defense strategy for multi-layered heterogeneous security architectures The strategy enables faster, better-informed decision making across multiple security domains This decision making efficiency helps SOC teams protect against advanced (multi-vector, multi-phased) attacks -- Adaptive Response presents users with new context gleaned from the collective intelligence of domain-specific technologies, to verify and/or apply as threat response Splunk is positioned at the center of Adaptive Response and the resulting coordinated response to advanced threats -- Adaptive Response enables timely, effective disruption of the kill chain and subsequent increase in cost of attacks to threat actors Core capabilities include elimination of manual data gathering steps, and ability to apply appropriate actions (or range of actions), specific to each security domain One key benefit is improved ability to respond and adapt – actions can be manual, approval-triggered, or analytics-driven -- Adaptive Response was conceived as a result of the successes of existing Splunk customers who compelled Splunk and partners to form the initiative Launched at RSA 2016, backed initially by Leading Security Domain Vendors: Carbon Black, CyberArk, Fortinet, Palo Alto Networks, Phantom Cyber, Splunk, Tanium, ThreatConnect and Ziften
- Highlights… Custom threat modelling Data access Easier Leadership, innovation
- Remind what UBA Highlight the pics on right…custom threat Point out the fact that we now have Rules now with ML. Competitors have rules with Stats
- We’re headed to the East Coast! 2 inspired Keynotes – General Session and Security Keynote + Super Sessions with Splunk Leadership in Cloud, IT Ops, Security and Business Analytics! 165+ Breakout sessions addressing all areas and levels of Operational Intelligence – IT, Business Analytics, Mobile, Cloud, IoT, Security…and MORE! 30+ hours of invaluable networking time with industry thought leaders, technologists, and other Splunk Ninjas and Champions waiting to share their business wins with you! Join the 50%+ of Fortune 100 companies who attended .conf2015 to get hands on with Splunk. You’ll be surrounded by thousands of other like-minded individuals who are ready to share exciting and cutting edge use cases and best practices. You can also deep dive on all things Splunk products together with your favorite Splunkers. Head back to your company with both practical and inspired new uses for Splunk, ready to unlock the unimaginable power of your data! Arrive in Orlando a Splunk user, leave Orlando a Splunk Ninja! REGISTRATION OPENS IN MARCH 2016 – STAY TUNED FOR NEWS ON OUR BEST REGISTRATION RATES – COMING SOON!