Are dwell times, alert volume noise, and evolving threats keeping you up at night? Worried about missing the next major incident? Join us and learn how you can separate the signal from the noise and reduce your organization's risk exposure with an analytics-fueled security solution from Splunk. Hear from special guest and Forrester Analyst, Allie Mellen, on the role Security Analytics plays today and in the future. Learn valuable strategies for gaining end-to-end visibility across cloud, hybrid, and multi-cloud environments that in turn helps you drive faster MTTD and MTTR for your organization.
Join us on demand, with Splunk security experts and technology partners, Zscaler and Mandiant, to see how Splunk Security Analytics can help:
The SIEM has been the centerpiece of the SOC for over twenty years, yet its role – and capabilities – have changed dramatically, leading to the rise of Security Analytics Platforms. In this keynote, we will dive into how the SIEM market has changed, what up-and-comers (such as XDR) are trying to replace it, and what the never-ending security market shifts mean for practitioners. We will dig into Forrester data on the biggest challenges and priorities of enterprise SOCs today to understand how that will shape the future of security operations and where Security Analytics Platforms fit into that puzzle.
Insider threats are some of the most insidious, yet every organization is vulnerable. It's time to take charge! Most organizations deal with these threats by dropping in a DLP-type solution and calling it a day, but these tools are extremely limited in their capabilities and often provide more noise than true positives. So how do we solve one of the most prevalent but often overlooked threats? The answer is Risk-Based Alerting! In this session, participants will learn how to identify which threats matter to their organization (threat matrix on GitHub), build quality detections using the RBA framework, and automate responses to Insider Threats. But wait, there's more; you will also learn how RBA saved Christmas!
Zero trust is a framework to defend against sophisticated attacks that target a growing population of distributed users, applications and data. To deploy zero trust effectively, three critical capabilities are needed. First, a robust data platform that supports real-time analytics with dynamic risk-based alerting. Second, the ability to respond to alerts in real time with rapid, automated orchestration. Third, contextual awareness of users and devices and their behavior patterns.
In this session, join Zscaler's Ward Holloway, and Splunk’s James Young, to learn:
• The foundations of zero trust
• How to implement a zero-trust architecture that actually works
• How to create effective and streamlined security operations using telemetry, risk-based alerting, user behavioral analytics and orchestration
Splunk and Mandiant have partnered to deliver a formidable defense allowing customers to tap into Mandiant’s threat intelligence and expertise and Splunk’s powerful analytics to stay ahead of attackers and threats. The partnership combines Splunk Enterprise Security’s (ES) powerful analytics with Mandiant’s threat intelligence, security validation, and incident response.
In this session, see Mandiant’s mission to make every organization secure from cyber threats and confident in their readiness by delivering dynamic cyber defense solutions. Together, Splunk and Mandiant enable Splunk security professionals to validate their security stack and analyze security events through the eyes of Mandiant cyber security experts.
Manual vetting and data from multiple sources cause analysts to waste much of their time data wrangling, taking time away from alerts that matter the most. Analysts need high fidelity intelligence for detection and enrich those detections with normalized intelligence from multiple data sources. In this session, participants will learn how Splunk Intelligence Management (formerly TruSTAR) operationalizes internal and external threat intelligence with no-code intelligence flows to be leveraged directly within Splunk Enterprise Security to accelerate investigations.
Christmas came early last year for security teams around the world thanks to the Log4j vulnerabilities – also known as Log4Shell. The Log4j library is used extensively in Java applications and many frameworks, widening the potential attack vectors and enabling bad actors to more easily perform remote code executions. This left security and IT teams feeling ambushed because, in most instances, log4j was so ubiquitous that they may not be aware they use it in their environments. Now, a month later, join Splunk security researchers and experts Jose Hernandez, Mick Baccio, and Ryan Kovar as they discuss the ramifications of the vulnerability, signs of remote code execution, and how businesses can prioritize critical security fixes.
Analyst, Forrester Research
Chief Technology Officer, Mandiant Advantage
Program Lead - Advanced Security Analytics, VMware
Director of Technology Alliances, Zscaler
Global Security Advisor and SURGeon, Splunk
Product Manager - Splunk Intel Integrations, Splunk
Partner Product Manager, Splunk
Sr. Manager, Security Research, Splunk
Distinguished Strategist, Splunk
Director of Product Marketing, Splunk
Security Strategist, Splunk