Accelerate Detection and Investigation with Security Analytics

Are dwell times, alert volume noise, and evolving threats keeping you up at night? Worried about missing the next major incident? Join us and learn how you can separate the signal from the noise and reduce your organization's risk exposure with an analytics-fueled security solution from Splunk. Hear from special guest and Forrester Analyst, Allie Mellen, on the role Security Analytics plays today and in the future. Learn valuable strategies for gaining end-to-end visibility across cloud, hybrid, and multi-cloud environments that in turn helps you drive faster MTTD and MTTR for your organization.

Join us on demand, with Splunk security experts and technology partners, Zscaler and Mandiant, to see how Splunk Security Analytics can help:

  • Identify the highest business risks from volumes of low fidelity alerts.
  • Contextualize incidents with integrated threat intelligence.
  • Gain full visibility across cloud and on-premises sources to derive insights from user, endpoint, and network activity.

The Agenda

28 minutes

Rising from the Ashes of SIEM: How Security Analytics Platforms Came to Rule Detection and Response
Allie Mellen, Analyst, Forrester Research

The SIEM has been the centerpiece of the SOC for over twenty years, yet its role – and capabilities – have changed dramatically, leading to the rise of Security Analytics Platforms. In this keynote, we will dive into how the SIEM market has changed, what up-and-comers (such as XDR) are trying to replace it, and what the never-ending security market shifts mean for practitioners. We will dig into Forrester data on the biggest challenges and priorities of enterprise SOCs today to understand how that will shape the future of security operations and where Security Analytics Platforms fit into that puzzle.

25 minutes

Proactive Risk Based Alerting for Insider Threats
Matt Snyder, Program Lead - Advanced Security Analytics, VMware

Insider threats are some of the most insidious, yet every organization is vulnerable. It's time to take charge! Most organizations deal with these threats by dropping in a DLP-type solution and calling it a day, but these tools are extremely limited in their capabilities and often provide more noise than true positives. So how do we solve one of the most prevalent but often overlooked threats? The answer is Risk-Based Alerting! In this session, participants will learn how to identify which threats matter to their organization (threat matrix on GitHub), build quality detections using the RBA framework, and automate responses to Insider Threats. But wait, there's more; you will also learn how RBA saved Christmas!

19 minutes

Splunk and Zscaler: Identifying and Stopping Threats in a Zero Trust Architecture
Ward Holloway, Director of Technology Alliances, Zscaler
James Young, Security Strategist, Splunk

Zero trust is a framework to defend against sophisticated attacks that target a growing population of distributed users, applications and data. To deploy zero trust effectively, three critical capabilities are needed. First, a robust data platform that supports real-time analytics with dynamic risk-based alerting. Second, the ability to respond to alerts in real time with rapid, automated orchestration. Third, contextual awareness of users and devices and their behavior patterns.

In this session, join Zscaler's Ward Holloway, and Splunk’s James Young, to learn:

• The foundations of zero trust
• How to implement a zero-trust architecture that actually works
• How to create effective and streamlined security operations using telemetry, risk-based alerting, user behavioral analytics and orchestration

17 minutes

Splunk and Mandiant: Formidable Defense Against Attackers
Colby DeRodeff, Chief Technology Officer, Mandiant Advantage
Colin Gibbens, Partner Product Manager, Splunk

Splunk and Mandiant have partnered to deliver a formidable defense allowing customers to tap into Mandiant’s threat intelligence and expertise and Splunk’s powerful analytics to stay ahead of attackers and threats. The partnership combines Splunk Enterprise Security’s (ES) powerful analytics with Mandiant’s threat intelligence, security validation, and incident response.

In this session, see Mandiant’s mission to make every organization secure from cyber threats and confident in their readiness by delivering dynamic cyber defense solutions. Together, Splunk and Mandiant enable Splunk security professionals to validate their security stack and analyze security events through the eyes of Mandiant cyber security experts.

15 minutes

Intelligence Management for Accelerated Investigations
Steve Chamales, Product Manager - Splunk Intel Integrations, Splunk

Manual vetting and data from multiple sources cause analysts to waste much of their time data wrangling, taking time away from alerts that matter the most. Analysts need high fidelity intelligence for detection and enrich those detections with normalized intelligence from multiple data sources. In this session, participants will learn how Splunk Intelligence Management (formerly TruSTAR) operationalizes internal and external threat intelligence with no-code intelligence flows to be leveraged directly within Splunk Enterprise Security to accelerate investigations.

20 minutes

Log4Shell: One Month Later, Now What?
Ryan Kovar, Distinguished Strategist, Splunk
Jose Hernandez , Sr. Manager, Security Research, Splunk
Mick Baccio, Global Security Advisor and SURGeon, Splunk

Christmas came early last year for security teams around the world thanks to the Log4j vulnerabilities – also known as Log4Shell. The Log4j library is used extensively in Java applications and many frameworks, widening the potential attack vectors and enabling bad actors to more easily perform remote code executions. This left security and IT teams feeling ambushed because, in most instances, log4j was so ubiquitous that they may not be aware they use it in their environments. Now, a month later, join Splunk security researchers and experts Jose Hernandez, Mick Baccio, and Ryan Kovar as they discuss the ramifications of the vulnerability, signs of remote code execution, and how businesses can prioritize critical security fixes.

Our Speakers


Allie Mellen

Analyst, Forrester Research


Colby DeRodeff

Chief Technology Officer, Mandiant Advantage


Matt Snyder

Program Lead - Advanced Security Analytics, VMware


Ward Holloway

Director of Technology Alliances, Zscaler


Mick Baccio

Global Security Advisor and SURGeon, Splunk


Steve Chamales

Product Manager - Splunk Intel Integrations, Splunk


Colin Gibbens

Partner Product Manager, Splunk


Jose Hernandez

Sr. Manager, Security Research, Splunk


Ryan Kovar

Distinguished Strategist, Splunk


Patriz Regalado

Director of Product Marketing, Splunk


James Young

Security Strategist, Splunk