Upload
splunk
View
386
Download
0
Embed Size (px)
Citation preview
Copyright © 2015 Splunk Inc.
Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud
Ross McKerchar, Sophos
Introduction and Splunk Overview
Andrew Morris, Splunk
3
Agenda
6:30 Introduction and Splunk Overview
6:50 Finding the signal in the noise: Effective SecOps with
Sophos & Splunk Cloud
7:20 Demo: Splunk Enterprise Security and App for AWS
7:50 Q&A
Andrew MorrisDirector of Cloud, EMEA
#Splunk
SECURITY INTELLIGENCE IN THE CLOUD
CLOUD AND HYBRID IT
SOFTWARE-DEFINED DATACENTERS
CONTINUOUS APP DELIVERY
ANALYTICS-DRIVEN SECURITY
INTERNET OF THINGS
Make machine data accessible,usable and valuable to everyone.
Why Splunk?
FAST TIME-TO-VALUE
CLOUD, ON-PREMISE & HYBRID DEPLOYMENT
VISIBILITY ACROSS STACK, NOT JUST SILOS
ONE PLATFORM, MULTIPLE USE CASES
ANY DATA, ANY SOURCE, ASK ANY QUESTION
Disruptive Approach to Unstructured Data
StructuredRDBMS
SQL Search
Schema at Write Schema at Read
Traditional Splunk
ETL Universal Indexing
8
Volume Velocity Variety
Unstructured
Turning Machine Data Into Business ValueIndex Untapped Data: Any Source, Type, Volume
Online Services Web
Services
ServersSecurity GPS
Location
StorageDesktops
Networks
Packaged Applications
CustomApplicationsMessaging
TelecomsOnline
Shopping Cart
Web Clickstreams
Databases
Energy Meters
Call Detail Records
Smartphones and Devices
RFID
On-Premises
Private Cloud
Public Cloud
Ask Any Question
Application Delivery
Security, Compliance and Fraud
IT Operations
Business Analytics
Industrial Data andthe Internet of Things
Proven Customer Value Across Use Cases & Industries
Increased revenues from higher uptime
Savings from fraud prevention
Revenues from faster
product launch
Optimizing fuel use with sensor data
Reduction in SLA payouts
Value from preventing
APTs
$11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0 + B$11.0 M $25.0 M $10.0 M $200+ M $1.8 M $1.0+ B
Oil & GasServices
TelecomProvider
TransportationFinancialServices
High TechManufacturing
OnlineServices
10
Platform for Machine Data
ApplicationDelivery
Security,Complianceand Fraud
BusinessAnalytics Internet
of Things andIndustrial
Data
ITOperations
Platform for Operational Intelligence
The Splunk Portfolio
1000+ Apps and Add-Ons
Splunk PremiumSolutions
MainframeData
RelationalDatabasesMobileForwarders Syslog/TCP IoT
DevicesNetworkWire Data
Hadoop
13
Fully Integrated Enterprise Platform
HA / DR Admin Data Security Apps SDKs/APIScale
CollectData
IndexData
Enrich Data
Search & Explore
Analyze& Predict
Report &Visualize
Alert & Action
Cloud Is a Journey and Splunk Is Your Partner
Instant Secure Reliable
100% Uptime SLA
Hybrid
15
How Gatwick Airport Ensures Better Passenger Experience With Splunk Cloud
On-time efficiency & dramatic queue reduction with 925 flights per day
Real-time, predictive airfield analyticsdeliver on mobile app & Apple watch
Data from airport gates, board pass scans, x-ray, travel, passenger flow
Modern Threat Landscape Realities
CompromisesVulnerabilitiesYou Can Disrupt Breaches
Splunk Security Intelligence
Security and Compliance Reporting
Monitor and Detect Known/Unknown Threats
Fraud Detection
Insider Threat
Incident Investigations and Forensics
Security Analytics
20
Single Platform for Security Intelligence
SECURITY & COMPLIANCE REPORTING
REAL-TIME MONITORING OF KNOWN THREATS
DETECT UNKNOWN
THREATS
INCIDENT INVESTIGATIONS
& FORENSICS
FRAUD DETECTION
INSIDER THREAT
Splunk Complements, Replaces and Goes Beyond Existing SIEMs
21
Rapid Ascent in the Gartner SIEM Magic Quadrant*
*Gartner, Inc., SIEM Magic Quadrant 2011-2015. Gartner does not endorse any vendor, product or service depicted in its research publication and not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
2015 Leader and the only vendor to improve its visionary position
2014 Leader
2013 Leader
2012 Challenger
2011 Niche Player
2015
How Telenor protects their networkusing Splunk Enterprise Security
1TB of Daily Data with “Splunk Everything” Strategy for Network, Security and IT Data
Detect and Prevent Security IssuesEnabling “Central Emergency Response Team”
Baseline “Normal” Monitoring of Security and Operations – Real-time Analysis of Deviation
Security Operations
IT Operations
Business Operations
With Splunk, Your Enterprise Data Platform
SAME DATAOf the
Asking Different QUESTIONS
Different PEOPLE
23
Dev.splunk.com65,000+ questionsand answers
Over 1000 Apps Local User Groups and
SplunkLive! events
Thriving Community
FreeCloud Trial
Free SoftwareDownload
FreeEnterprise Security
Sandbox
Easy to Try and Get Started
1 32
Copyright © 2015 Splunk Inc.
Join us to hear more:Wednesday 11th May 2016Westminster Park Plaza, LondonRegister at: http://live.splunk.com/london
Finding the signal in the noise: Effective SecOps with Sophos & Splunk Cloud
Ross McKerchar, Sophos
About Sophos
• Founded 1985 in Abingdon, UK• 2,200 employees• Over 200,000 customers• 100+ million users
Our challengeKeeping up with this…
Our strategy
Make change easy
‘Brutal’ prioritisation
Focus on the achievable
Operational Intelligence Maturity
IT Operations
Security
Customer experience
Log gathering
Security Operations Maturity
Automation
Protection
Governance
1. Log gathering
2. Threat detection
3. Governance
4. Security automation
Reactive
Proactive
Optimising
33
Our Splunk Deployment
SophosPureMessage
Windows Logs
Amazon Web Services Logs
SophosMobile Control
Sophos Endpoint Security
SophosUTM
SophosFirewall
SophosCloud
SophosWireless
SophosSafeguard
Demo
Q&A
Thank You