Copyright © 2015 Splunk Inc.

Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud

Ross McKerchar, Sophos

Introduction and Splunk Overview

Andrew Morris, Splunk

3

Agenda

6:30 Introduction and Splunk Overview

6:50 Finding the signal in the noise: Effective SecOps with

Sophos & Splunk Cloud

7:20 Demo: Splunk Enterprise Security and App for AWS

7:50 Q&A

Andrew MorrisDirector of Cloud, EMEA

#Splunk

SECURITY INTELLIGENCE IN THE CLOUD

CLOUD AND HYBRID IT

SOFTWARE-DEFINED DATACENTERS

CONTINUOUS APP DELIVERY

ANALYTICS-DRIVEN SECURITY

INTERNET OF THINGS

Make machine data accessible,usable and valuable to everyone.

Why Splunk?

FAST TIME-TO-VALUE

CLOUD, ON-PREMISE & HYBRID DEPLOYMENT

VISIBILITY ACROSS STACK, NOT JUST SILOS

ONE PLATFORM, MULTIPLE USE CASES

ANY DATA, ANY SOURCE, ASK ANY QUESTION

Disruptive Approach to Unstructured Data

StructuredRDBMS

SQL Search

Schema at Write Schema at Read

Traditional Splunk

ETL Universal Indexing

8

Volume Velocity Variety

Unstructured

Turning Machine Data Into Business ValueIndex Untapped Data: Any Source, Type, Volume

Online Services Web

Services

ServersSecurity GPS

Location

StorageDesktops

Networks

Packaged Applications

CustomApplicationsMessaging

TelecomsOnline

Shopping Cart

Web Clickstreams

Databases

Energy Meters

Call Detail Records

Smartphones and Devices

RFID

On-Premises

Private Cloud

Public Cloud

Ask Any Question

Application Delivery

Security, Compliance and Fraud

IT Operations

Business Analytics

Industrial Data andthe Internet of Things

Proven Customer Value Across Use Cases & Industries

Increased revenues from higher uptime

Savings from fraud prevention

Revenues from faster

product launch

Optimizing fuel use with sensor data

Reduction in SLA payouts

Value from preventing

APTs

$11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0 + B$11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0+ B

Oil & GasServices

TelecomProvider

TransportationFinancialServices

High TechManufacturing

OnlineServices

10

Platform for Machine Data

ApplicationDelivery

Security,Complianceand Fraud

BusinessAnalytics Internet

of Things andIndustrial

Data

ITOperations

Platform for Operational Intelligence

The Splunk Portfolio

1000+ Apps and Add-Ons

Splunk PremiumSolutions

MainframeData

RelationalDatabasesMobileForwarders Syslog/TCP IoT

DevicesNetworkWire Data

Hadoop

13

Fully Integrated Enterprise Platform

HA / DR Admin Data Security Apps SDKs/APIScale

CollectData

IndexData

Enrich Data

Search & Explore

Analyze& Predict

Report &Visualize

Alert & Action

Cloud Is a Journey and Splunk Is Your Partner

Instant Secure Reliable

100% Uptime SLA

Hybrid

15

How Gatwick Airport Ensures Better Passenger Experience With Splunk Cloud

On-time efficiency & dramatic queue reduction with 925 flights per day

Real-time, predictive airfield analyticsdeliver on mobile app & Apple watch

Data from airport gates, board pass scans, x-ray, travel, passenger flow

Modern Threat Landscape Realities

CompromisesVulnerabilitiesYou Can Disrupt Breaches

Splunk Security Intelligence

Security and Compliance Reporting

Monitor and Detect Known/Unknown Threats

Fraud Detection

Insider Threat

Incident Investigations and Forensics

Security Analytics

20

Single Platform for Security Intelligence

SECURITY & COMPLIANCE REPORTING

REAL-TIME MONITORING OF KNOWN THREATS

DETECT UNKNOWN

THREATS

INCIDENT INVESTIGATIONS

& FORENSICS

FRAUD DETECTION

INSIDER THREAT

Splunk Complements, Replaces and Goes Beyond Existing SIEMs

21

Rapid Ascent in the Gartner SIEM Magic Quadrant*

*Gartner, Inc., SIEM Magic Quadrant 2011-2015. Gartner does not endorse any vendor, product or service depicted in its research publication and not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

2015 Leader and the only vendor to improve its visionary position

2014 Leader

2013 Leader

2012 Challenger

2011 Niche Player

2015

How Telenor protects their networkusing Splunk Enterprise Security

1TB of Daily Data with “Splunk Everything” Strategy for Network, Security and IT Data

Detect and Prevent Security IssuesEnabling “Central Emergency Response Team”

Baseline “Normal” Monitoring of Security and Operations – Real-time Analysis of Deviation

Security Operations

IT Operations

Business Operations

With Splunk, Your Enterprise Data Platform

SAME DATAOf the

Asking Different QUESTIONS

Different PEOPLE

23

Dev.splunk.com65,000+ questionsand answers

Over 1000 Apps Local User Groups and

SplunkLive! events

Thriving Community

FreeCloud Trial

Free SoftwareDownload

FreeEnterprise Security

Sandbox

Easy to Try and Get Started

1 32

Copyright © 2015 Splunk Inc.

Join us to hear more:Wednesday 11th May 2016Westminster Park Plaza, LondonRegister at: http://live.splunk.com/london

Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud

Ross McKerchar, Sophos

About Sophos

• Founded 1985 in Abingdon, UK• 2,200 employees• Over 200,000 customers• 100+ million users

Our challengeKeeping up with this…

Our strategy

Make change easy

‘Brutal’ prioritisation

Focus on the achievable

Operational Intelligence Maturity

IT Operations

Security

Customer experience

Log gathering

Security Operations Maturity

Automation

Protection

Governance

1. Log gathering

2. Threat detection

3. Governance

4. Security automation

Reactive

Proactive

Optimising

33

Our Splunk Deployment

SophosPureMessage

Windows Logs

Amazon Web Services Logs

SophosMobile Control

Sophos Endpoint Security

SophosUTM

SophosFirewall

SophosCloud

SophosWireless

SophosSafeguard

Demo

Q&A

Thank You