Splunk, profile picture
Uploaded bySplunk
PPTX, PDF758 views

AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud

This document outlines an agenda for a presentation on effective security operations with Sophos and Splunk Cloud. The agenda includes an introduction and overview of Splunk by Andrew Morris, followed by a presentation from Ross McKerchar of Sophos on finding threats in machine data using Sophos and Splunk Cloud. The agenda concludes with a demo of Splunk Enterprise Security and App for AWS and a question and answer session.

Embed presentation

Downloaded 12 times
Copyright © 2015 Splunk Inc. Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud Ross McKerchar, Sophos
Introduction and Splunk Overview Andrew Morris, Splunk
Agenda 6:30 Introduction and Splunk Overview 6:50 Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud 7:20 Demo: Splunk Enterprise Security and App for AWS 7:50 Q&A 3
Andrew Morris Director of Cloud, EMEA #Splunk SECURITY INTELLIGENCE IN THE CLOUD
CLOUD AND HYBRID IT SOFTWARE-DEFINED DATACENTERS CONTINUOUS APP DELIVERY ANALYTICS-DRIVEN SECURITY INTERNET OF THINGS
Make machine data accessible, usable and valuable to everyone.
Why Splunk? FAST TIME-TO-VALUE CLOUD, ON-PREMISE & HYBRID DEPLOYMENT VISIBILITY ACROSS STACK, NOT JUST SILOS ONE PLATFORM, MULTIPLE USE CASES ANY DATA, ANY SOURCE, ASK ANY QUESTION
Disruptive Approach to Unstructured Data Structured RDBMS SQL Search Schema at Write Schema at Read Traditional Splunk ETL Universal Indexing 8 Volume Velocity Variety Unstructured
Turning Machine Data Into Business Value Index Untapped Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance and Fraud IT Operations Business Analytics Industrial Data and the Internet of Things
Proven Customer Value Across Use Cases & Industries Increased revenues from higher uptime Savings from fraud prevention Revenues from faster product launch Optimizing fuel use with sensor data Reduction in SLA payouts Value from preventing APTs $11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0 + B $11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0+ B Oil & Gas Services Telecom Provider TransportationFinancial Services High Tech Manufacturing Online Services 10
Platform for Machine Data Application Delivery Security, Compliance and Fraud Business Analytics Internet of Things and Industrial Data IT Operations
Platform for Operational Intelligence The Splunk Portfolio 1000+ Apps and Add-Ons Splunk Premium Solutions Mainframe Data Relational Databases MobileForwarders Syslog/TCP IoT Devices Network Wire Data Hadoop
Fully Integrated Enterprise Platform HA / DR Admin Data Security Apps SDKs/APIScale Collect Data Index Data Enrich Data Search & Explore Analyze & Predict Report & Visualize Alert & Action 13
Cloud Is a Journey and Splunk Is Your Partner Instant Secure Reliable 100% Uptime SLA Hybrid
15 How Gatwick Airport Ensures Better Passenger Experience With Splunk Cloud On-time efficiency & dramatic queue reduction with 925 flights per day Real-time, predictive airfield analytics deliver on mobile app & Apple watch Data from airport gates, board pass scans, x-ray, travel, passenger flow
Modern Threat Landscape Realities CompromisesVulnerabilities You Can Disrupt Breaches
Splunk Security Intelligence Security and Compliance Reporting Monitor and Detect Known/ Unknown Threats Fraud Detection Insider Threat Incident Investigations and Forensics Security Analytics
20 Single Platform for Security Intelligence SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS DETECT UNKNOWN THREATS INCIDENT INVESTIGATIONS & FORENSICS FRAUD DETECTION INSIDER THREAT Splunk Complements, Replaces and Goes Beyond Existing SIEMs
21 Rapid Ascent in the Gartner SIEM Magic Quadrant* *Gartner, Inc., SIEM Magic Quadrant 2011-2015. Gartner does not endorse any vendor, product or service depicted in its research publication and not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 2015 Leader and the only vendor to improve its visionary position 2014 Leader 2013 Leader 2012 Challenger 2011 Niche Player 2015
How Telenor protects theirnetwork using Splunk Enterprise Security 1TB of Daily Data with “Splunk Everything” Strategy for Network, Security and IT Data Detect and Prevent Security Issues Enabling “Central Emergency Response Team” Baseline “Normal” Monitoring of Security and Operations – Real-time Analysis of Deviation
Security Operations IT Operations Business Operations With Splunk, Your Enterprise Data Platform SAME DATAOf the Asking Different QUESTIONS Different PEOPLE 23
Dev.splunk.com65,000+ questions and answers Over 1000 Apps Local User Groups and SplunkLive! events Thriving Community
Free Cloud Trial Free Software Download Free Enterprise Security Sandbox Easy to Try and Get Started 1 32
Copyright © 2015 Splunk Inc. Join us to hear more: Wednesday 11th May 2016 Westminster Park Plaza, London Register at: http://live.splunk.com/london
Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud Ross McKerchar, Sophos
About Sophos • Founded 1985 in Abingdon, UK • 2,200 employees • Over 200,000 customers • 100+ million users
Our challenge Keeping up with this…
Our strategy Make change easy ‘Brutal’ prioritisation Focus on the achievable
Operational Intelligence Maturity IT Operations Security Customer experience Log gathering
Security Operations Maturity Automation Protection Governance 1. Log gathering 2. Threat detection 3. Governance 4. Security automation Reactive Proactive Optimising
Our Splunk Deployment 33 Sophos PureMessage Windows Logs Amazon Web Services Logs Sophos Mobile Control Sophos Endpoint Security Sophos UTM Sophos Firewall Sophos Cloud Sophos Wireless Sophos Safeguard
Demo
Q&A
Thank You

More Related Content

PPTX
Taking Splunk to the Next Level - Manager
bySplunk
 
PPTX
Devops Powered by Splunk
bySplunk
 
PPTX
Machine Learning and Analytics Breakout Session
bySplunk
 
PPTX
Splunk for Enterprise Security featuring UBA Breakout Session
bySplunk
 
PPTX
Machine Learning and Analytics Breakout Session
bySplunk
 
PPTX
Operational Security Intelligence Breakout Session
bySplunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
PPTX
Splunk for Developers
bySplunk
 
Taking Splunk to the Next Level - Manager
bySplunk
 
Devops Powered by Splunk
bySplunk
 
Machine Learning and Analytics Breakout Session
bySplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
bySplunk
 
Machine Learning and Analytics Breakout Session
bySplunk
 
Operational Security Intelligence Breakout Session
bySplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
Splunk for Developers
bySplunk
 

What's hot

PPTX
Splunk EMEA Webinar: Scoping infections and disrupting breaches
bySplunk
 
PPTX
Splunk for Enterprise Security Featuring User Behavior Analytics
bySplunk
 
PPTX
How to Design, Build and Map IT and Biz Services Breakout Session
bySplunk
 
PPTX
Splunk Enterprise for InfoSec Hands-On Breakout Session
bySplunk
 
PPTX
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
bySplunk
 
PPTX
Machine Learning and Analytics Breakout Session
bySplunk
 
PPTX
SplunkLive! London 2016 Splunk for Devops
bySplunk
 
PPTX
Machine Learning and Analytics Breakout Session
bySplunk
 
PDF
Republic Services Customer Presentation
bySplunk
 
PPTX
Getting Started with Splunk Enterprise Hands-On
bySplunk
 
PPTX
IT Service Intelligence Hands On Breakout Session
bySplunk
 
PPTX
Splunk for Enterprise Security featuring UBA Breakout Session
bySplunk
 
PPTX
Getting Started with Splunk Enterprise
bySplunk
 
PDF
Splunk @ Adobe
bySplunk
 
PPTX
Getting Started with Splunk Enterprise Hands-On Breakout Session
bySplunk
 
PPTX
Splunk for Monitoring and Diagnostics Breakout Session
bySplunk
 
PPTX
DevOps Powered by Splunk
bySplunk
 
PPTX
Best Practices For Sharing Data Across The Enteprrise
bySplunk
 
PPTX
Design, Build and Map IT and Business Services in Splunk
bySplunk
 
PDF
How to Design, Build and Map IT and Business Services in Splunk
bySplunk
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
bySplunk
 
Splunk for Enterprise Security Featuring User Behavior Analytics
bySplunk
 
How to Design, Build and Map IT and Biz Services Breakout Session
bySplunk
 
Splunk Enterprise for InfoSec Hands-On Breakout Session
bySplunk
 
Splunk Webinar: Webinar: Die Effizienz Ihres SOC verbessern mit neuen Funktio...
bySplunk
 
Machine Learning and Analytics Breakout Session
bySplunk
 
SplunkLive! London 2016 Splunk for Devops
bySplunk
 
Machine Learning and Analytics Breakout Session
bySplunk
 
Republic Services Customer Presentation
bySplunk
 
Getting Started with Splunk Enterprise Hands-On
bySplunk
 
IT Service Intelligence Hands On Breakout Session
bySplunk
 
Splunk for Enterprise Security featuring UBA Breakout Session
bySplunk
 
Getting Started with Splunk Enterprise
bySplunk
 
Splunk @ Adobe
bySplunk
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
bySplunk
 
Splunk for Monitoring and Diagnostics Breakout Session
bySplunk
 
DevOps Powered by Splunk
bySplunk
 
Best Practices For Sharing Data Across The Enteprrise
bySplunk
 
Design, Build and Map IT and Business Services in Splunk
bySplunk
 
How to Design, Build and Map IT and Business Services in Splunk
bySplunk
 

Viewers also liked

PDF
Ecetera uses Splunk to facilitate DevOps in forex
byOcean Software
 
PDF
DevOps with Sec-ops
byAbhishek Kumar
 
PPTX
DevOps and Splunk
byNeev Technologies
 
PPTX
SplunkLive! Customer Presentation - Dow Jones
bySplunk
 
PPTX
Computing DevOps Summit, London, July 5, 2016
bySplunk
 
PPTX
SplunkLive! Customer Presentation - Garmin International
bySplunk
 
PPTX
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
bySplunk
 
PDF
Viasat Customer Presentation
bySplunk
 
PPTX
Get your Service Intelligence off to a Flying Start
bySplunk
 
PPTX
Splunk for ITOA Breakout Session
bySplunk
 
PDF
Integra Customer Presentation
bySplunk
 
PPTX
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
byjenny_splunk
 
PPTX
Splunk Implementation and Usage - Garmin
bySplunk
 
PPTX
Splunk for Industrial Data and the Internet of Things
bySplunk
 
PPTX
SplunkLive! Customer Presentation - Satcom Direct
bySplunk
 
PPTX
Driving Efficiency with Splunk Cloud at Gatwick Airport
bySplunk
 
PPTX
SplunkLive! Utrecht 2016 - Exact
bySplunk
 
PDF
Splunk for DevOps - Faster Insights - Better Code
byPhilipp Drieger
 
PDF
Splunk conf2014 - Onboarding Data Into Splunk
bySplunk
 
PPTX
AWS on Splunk, Splunk on AWS
bySplunk
 
Ecetera uses Splunk to facilitate DevOps in forex
byOcean Software
 
DevOps with Sec-ops
byAbhishek Kumar
 
DevOps and Splunk
byNeev Technologies
 
SplunkLive! Customer Presentation - Dow Jones
bySplunk
 
Computing DevOps Summit, London, July 5, 2016
bySplunk
 
SplunkLive! Customer Presentation - Garmin International
bySplunk
 
SplunkLive! Wien 2016 - Use Case TTTech Computertechnik
bySplunk
 
Viasat Customer Presentation
bySplunk
 
Get your Service Intelligence off to a Flying Start
bySplunk
 
Splunk for ITOA Breakout Session
bySplunk
 
Integra Customer Presentation
bySplunk
 
Daten anonymisieren und pseudonymisieren in Splunk Enterprise
byjenny_splunk
 
Splunk Implementation and Usage - Garmin
bySplunk
 
Splunk for Industrial Data and the Internet of Things
bySplunk
 
SplunkLive! Customer Presentation - Satcom Direct
bySplunk
 
Driving Efficiency with Splunk Cloud at Gatwick Airport
bySplunk
 
SplunkLive! Utrecht 2016 - Exact
bySplunk
 
Splunk for DevOps - Faster Insights - Better Code
byPhilipp Drieger
 
Splunk conf2014 - Onboarding Data Into Splunk
bySplunk
 
AWS on Splunk, Splunk on AWS
bySplunk
 

Similar to AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud

PPTX
Splunk Discovery Day Dubai 2017 - Security Keynote
bySplunk
 
PDF
Splunk-Presentation
byPrasadThorat23
 
PPTX
Make Your SOC Work Smarter, Not Harder
bySplunk
 
PPTX
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
bySplunk
 
PPTX
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
bySplunk
 
PDF
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
bySplunk
 
PDF
Enterprise Security featuring UBA
bySplunk
 
PPTX
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
byNiketNilay
 
PPTX
Enterprise Security and User Behavior Analytics
bySplunk
 
PPTX
SplunkLive! - Splunk for Security
bySplunk
 
PPTX
SplunkLive! Paris 2016 - Plenary session
bySplunk
 
PPTX
Learn how to use an Analytics-Driven SIEM for your Security Operations
bySplunk
 
PPTX
Security crawl walk run presentation mckay v1 2017
byAdam Tice
 
PPTX
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
bySplunk
 
PPTX
Splunk for Security Breakout Session
bySplunk
 
PPTX
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
PPTX
Splunk Enterprise Security
bySplunk
 
PDF
March 2023 PNW User Group
byAmanda Richardson
 
Splunk Discovery Day Dubai 2017 - Security Keynote
bySplunk
 
Splunk-Presentation
byPrasadThorat23
 
Make Your SOC Work Smarter, Not Harder
bySplunk
 
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
bySplunk
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
bySplunk
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
bySplunk
 
Enterprise Security featuring UBA
bySplunk
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
byNiketNilay
 
Enterprise Security and User Behavior Analytics
bySplunk
 
SplunkLive! - Splunk for Security
bySplunk
 
SplunkLive! Paris 2016 - Plenary session
bySplunk
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
bySplunk
 
Security crawl walk run presentation mckay v1 2017
byAdam Tice
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
bySplunk
 
Splunk for Security Breakout Session
bySplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
bySplunk
 
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
Splunk Enterprise Security
bySplunk
 
March 2023 PNW User Group
byAmanda Richardson
 

More from Splunk

PDF
Splunk Leadership Forum Wien - 20.05.2025
bySplunk
 
PDF
Splunk Security Update | Public Sector Summit Germany 2025
bySplunk
 
PDF
Building Resilience with Energy Management for the Public Sector
bySplunk
 
PDF
IT-Lagebild: Observability for Resilience (SVA)
bySplunk
 
PDF
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
bySplunk
 
PDF
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
bySplunk
 
PDF
Praktische Erfahrungen mit dem Attack Analyser (gematik)
bySplunk
 
PDF
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
bySplunk
 
PDF
Security - Mit Sicherheit zum Erfolg (Telekom)
bySplunk
 
PDF
One Cisco - Splunk Public Sector Summit Germany April 2025
bySplunk
 
PDF
.conf Go 2023 - Data analysis as a routine
bySplunk
 
PDF
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
bySplunk
 
PDF
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
bySplunk
 
PDF
.conf Go 2023 - Raiffeisen Bank International
bySplunk
 
PDF
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
bySplunk
 
PDF
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
bySplunk
 
PDF
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
bySplunk
 
PDF
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
bySplunk
 
PDF
.conf go 2023 - De NOC a CSIRT (Cellnex)
bySplunk
 
PDF
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
bySplunk
 
Splunk Leadership Forum Wien - 20.05.2025
bySplunk
 
Splunk Security Update | Public Sector Summit Germany 2025
bySplunk
 
Building Resilience with Energy Management for the Public Sector
bySplunk
 
IT-Lagebild: Observability for Resilience (SVA)
bySplunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
bySplunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
bySplunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
bySplunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
bySplunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
bySplunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
bySplunk
 
.conf Go 2023 - Data analysis as a routine
bySplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
bySplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
bySplunk
 
.conf Go 2023 - Raiffeisen Bank International
bySplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
bySplunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
bySplunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
bySplunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
bySplunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
bySplunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
bySplunk
 

Recently uploaded

PDF
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
PDF
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
PDF
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
PDF
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
PDF
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
PDF
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Getting started with Agent Framework.pdf
byNilesh Gule
 
PDF
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PDF
Upskill to Agentic Automation - Accelerating Your Job Search using AI
byDianaGray10
 
PDF
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
Wrapping up unowned UTF8 C strings: CStringView
byIgalia
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Enhancing Web Security: Key Concepts & Strategies.pptx
byParham Abolghasemi
 
Supercharge Your JVM with Project Leyden
byAna-Maria Mihalceanu
 
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Getting started with Agent Framework.pdf
byNilesh Gule
 
Analyze and Store Logs - RHCSA (RH124).pdf
byLinuxCert Guru
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
Upskill to Agentic Automation - Accelerating Your Job Search using AI
byDianaGray10
 
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 

AWS Loft London: Finding the signal in the noise - Effective SecOps with Sophos & Splunk Cloud

  • 1.
    Copyright © 2015Splunk Inc. Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud Ross McKerchar, Sophos
  • 2.
  • 3.
    Agenda 6:30 Introduction andSplunk Overview 6:50 Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud 7:20 Demo: Splunk Enterprise Security and App for AWS 7:50 Q&A 3
  • 4.
    Andrew Morris Director ofCloud, EMEA #Splunk SECURITY INTELLIGENCE IN THE CLOUD
  • 5.
    CLOUD AND HYBRIDIT SOFTWARE-DEFINED DATACENTERS CONTINUOUS APP DELIVERY ANALYTICS-DRIVEN SECURITY INTERNET OF THINGS
  • 6.
    Make machine dataaccessible, usable and valuable to everyone.
  • 7.
    Why Splunk? FAST TIME-TO-VALUE CLOUD,ON-PREMISE & HYBRID DEPLOYMENT VISIBILITY ACROSS STACK, NOT JUST SILOS ONE PLATFORM, MULTIPLE USE CASES ANY DATA, ANY SOURCE, ASK ANY QUESTION
  • 8.
    Disruptive Approach toUnstructured Data Structured RDBMS SQL Search Schema at Write Schema at Read Traditional Splunk ETL Universal Indexing 8 Volume Velocity Variety Unstructured
  • 9.
    Turning Machine DataInto Business Value Index Untapped Data: Any Source, Type, Volume Online Services Web Services Servers Security GPS Location Storage Desktops Networks Packaged Applications Custom ApplicationsMessaging Telecoms Online Shopping Cart Web Clickstreams Databases Energy Meters Call Detail Records Smartphones and Devices RFID On- Premises Private Cloud Public Cloud Ask Any Question Application Delivery Security, Compliance and Fraud IT Operations Business Analytics Industrial Data and the Internet of Things
  • 10.
    Proven Customer ValueAcross Use Cases & Industries Increased revenues from higher uptime Savings from fraud prevention Revenues from faster product launch Optimizing fuel use with sensor data Reduction in SLA payouts Value from preventing APTs $11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0 + B $11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0+ B Oil & Gas Services Telecom Provider TransportationFinancial Services High Tech Manufacturing Online Services 10
  • 11.
    Platform for MachineData Application Delivery Security, Compliance and Fraud Business Analytics Internet of Things and Industrial Data IT Operations
  • 12.
    Platform for OperationalIntelligence The Splunk Portfolio 1000+ Apps and Add-Ons Splunk Premium Solutions Mainframe Data Relational Databases MobileForwarders Syslog/TCP IoT Devices Network Wire Data Hadoop
  • 13.
    Fully Integrated EnterprisePlatform HA / DR Admin Data Security Apps SDKs/APIScale Collect Data Index Data Enrich Data Search & Explore Analyze & Predict Report & Visualize Alert & Action 13
  • 14.
    Cloud Is aJourney and Splunk Is Your Partner Instant Secure Reliable 100% Uptime SLA Hybrid
  • 15.
    15 How Gatwick AirportEnsures Better Passenger Experience With Splunk Cloud On-time efficiency & dramatic queue reduction with 925 flights per day Real-time, predictive airfield analytics deliver on mobile app & Apple watch Data from airport gates, board pass scans, x-ray, travel, passenger flow
  • 18.
    Modern Threat LandscapeRealities CompromisesVulnerabilities You Can Disrupt Breaches
  • 19.
    Splunk Security Intelligence Securityand Compliance Reporting Monitor and Detect Known/ Unknown Threats Fraud Detection Insider Threat Incident Investigations and Forensics Security Analytics
  • 20.
    20 Single Platform forSecurity Intelligence SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS DETECT UNKNOWN THREATS INCIDENT INVESTIGATIONS & FORENSICS FRAUD DETECTION INSIDER THREAT Splunk Complements, Replaces and Goes Beyond Existing SIEMs
  • 21.
    21 Rapid Ascent inthe Gartner SIEM Magic Quadrant* *Gartner, Inc., SIEM Magic Quadrant 2011-2015. Gartner does not endorse any vendor, product or service depicted in its research publication and not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 2015 Leader and the only vendor to improve its visionary position 2014 Leader 2013 Leader 2012 Challenger 2011 Niche Player 2015
  • 22.
    How Telenor protectstheirnetwork using Splunk Enterprise Security 1TB of Daily Data with “Splunk Everything” Strategy for Network, Security and IT Data Detect and Prevent Security Issues Enabling “Central Emergency Response Team” Baseline “Normal” Monitoring of Security and Operations – Real-time Analysis of Deviation
  • 23.
    Security Operations IT Operations Business Operations With Splunk, YourEnterprise Data Platform SAME DATAOf the Asking Different QUESTIONS Different PEOPLE 23
  • 24.
    Dev.splunk.com65,000+ questions and answers Over1000 Apps Local User Groups and SplunkLive! events Thriving Community
  • 25.
    Free Cloud Trial Free Software Download Free EnterpriseSecurity Sandbox Easy to Try and Get Started 1 32
  • 26.
    Copyright © 2015Splunk Inc. Join us to hear more: Wednesday 11th May 2016 Westminster Park Plaza, London Register at: http://live.splunk.com/london
  • 27.
    Finding the signalin the noise: Effective SecOps with Sophos & Splunk Cloud Ross McKerchar, Sophos
  • 28.
    About Sophos • Founded1985 in Abingdon, UK • 2,200 employees • Over 200,000 customers • 100+ million users
  • 29.
  • 30.
    Our strategy Make changeeasy ‘Brutal’ prioritisation Focus on the achievable
  • 31.
    Operational Intelligence Maturity ITOperations Security Customer experience Log gathering
  • 32.
    Security Operations Maturity Automation Protection Governance 1.Log gathering 2. Threat detection 3. Governance 4. Security automation Reactive Proactive Optimising
  • 33.
    Our Splunk Deployment 33 Sophos PureMessage WindowsLogs Amazon Web Services Logs Sophos Mobile Control Sophos Endpoint Security Sophos UTM Sophos Firewall Sophos Cloud Sophos Wireless Sophos Safeguard
  • 34.
  • 35.
  • 36.

Editor's Notes

  • #23 Industry: Telco Use case: Security, IT Ops More can be found at: http://www.splunk.com/view/splunk-at-telenor/SP-CAAAE98 The Business Founded in 1855, Telenor, Norway's largest telecom services provider, has over 150 years of telecoms experience. The company believes "growth comes from truly understanding the needs of people to drive relevant change." Considering that Telenor's mobile subscribers globally grew from 15 to 160 million in less than a decade, its belief that deeper insight leads to success is holding true. Telenor's service portfolio in Norway includes fixed and mobile telephony, broadband and data communication. Customers rely on Telenor to provide always-on voice, data and content services. Challenges With millions of customers, thousands of servers and routers, and datacenters located throughout Norway, Telenor needed to understand the essential operating details of its infrastructure. Communication between far-flung departments was challenging and there were frequent miscommunications. While some log event data was being collected, the logs were difficult to analyze. In addition, granting access to certain logs on a server often meant giving access to all the logs collected on that server, which posed definite security and privacy risks. The few people with authorized access faced the impossible task of manually browsing through hundreds of millions of log records a day. Unsurprisingly, kernel errors and other issues sporadically slipped by unnoticed. Enter Splunk Splunk has provided Telenor Norway the visibility and operational insight to keep its IT systems and networks running at peak performance. Telenor is using Splunk Enterprise for troubleshooting, monitoring and security investigations. The network operations team runs dashboards visualizing network health and monitors for error events and unfamiliar patterns. The security team uses Splunk for correlation and analysis of security alarms. With Splunk they can look for, and be proactively alerted on, abnormal remote access patterns and investigate attacks on Internet-exposed services. Finally, Splunk also underpins the Telenor Computer Emergency Response Team (CERT), which is a cross-departmental incident response team. This virtual team uses Splunk for incident investigation, pinpointing the origin of large issues and performing rapid manual analysis of failing components to limit business impact. Telenor indexes 400GBs of data per day with Splunk, including data from thousands of servers, routers and data sources ranging from the datacenter, the IP infrastructure and the mobile network, to applications and services like web, email and IPTV. This constitutes about half of Telenor's entire IT estate, and there is now a 'Splunk first' policy in place, so any new data has to be put into Splunk. Telenor forwards data to a pool of Splunk indexers. Role-based access control ensures users get the access to the data they need without compromising security or violating customer privacy regulations. Breakthroughs Incident investigation and troubleshooting When something goes wrong, it is now quick and easy for Telenor to get to the root cause of the issue and resolve it. For example, the team noticed that Telenor WebMail accounts were being abused to send hundreds of thousands of SMS messages abroad. They used Splunk to analyze the incident and were immediately able to identify which accounts were being abused and how many SMS were being sent, as well as when and where the logins were coming from. Armed with this insight, it was a simple job to shut down the offending accounts and stop the abuse, preventing further revenue loss. Stronger security Using Splunk, the security teams can now determine the baseline for "normal" and track any deviations from that standard. This gives Telenor the ability to quickly and efficiently detect brute force login attacks and other security issues. With this established, they can now use easy-to-compose dashboards to monitor systems and services for anomalous activity. Other examples include correlating timing and IP addresses to determine if attacks from multiple countries are coordinated, and the ability to identify vulnerable Internet exposed services. Increased availability Not only can the CERT, security and operations teams troubleshoot problems faster than ever, the insights gained through Splunk software lets Telenor identify a problem long before it turns into a crisis. These valuable searches are now saved and run on a schedule, providing proactive alerts in front of recurring issues. Telenor can now spot an error as soon as it occurs and start working on correcting it immediately, which can prevent or reduce downtime. Business-critical insights Over time, the knowledge built into Splunk has enabled Telenor to learn more about the organization's IT and network infrastructure and its potential for the business. Telenor is now responding to incidents more proactively and providing better service as a result. The network operations team uses baseline measurements so they can understand what constitutes normal. They have created Splunk alerts to monitor for error spikes and unfamiliar patterns. This advanced visibility lets them troubleshoot problems before users notice them or services fail. In summary, since deploying Splunk, Telenor Norway has dramatically improved visibility into its complex IT infrastructure and networks. Not only can the internal teams now investigate and resolve issues much more quickly, they are also able to use operational intelligence to create baseline views to catch errors or anomalies early on, often addressing these issues before they impact the customer experience.
  • #24  By giving different people the ability to ask different questions of the Same data, when they need to, we’re helping customers across all of our core use cases move from reactive to proactive.