Which of Gartner’s 2019 Top 7 Security and Risk Management Trends Are Impacting Your Business? - Part II

At SplunkLive! Germany 2019, Dachser Logistics shared why it selected Splunk to implement threat detection and response. The company talked about how it exchanges threat intelligence with the German government and how it tied the investment into its ISO27001 efforts.

Fresenius utilizes Splunk Phantom for TIER 1 & Tier 2 analyst work automation as it wasn’t able to find enough talent (even though Fresenius created a company cyber risk index, whose own management and CFO loved - ref. Trend No. 1).

The University of Exeter uses the MITRE ATT&CK Framework and Splunk Enterprise Security in its SOC to strengthen its detection capabilities.

At .conf 2019, you’ll hear Datev talk about how it supercharges its security operations center with Splunk and MITRE ATT&CK among others, such as Charles Schwab, Kaiser Permanente, Texas Instruments, Publix Supermarkets or Deloitte’s own Olaf Hartong on his Threat Hunting App mapped to MITRE ATT&CK.

We've introduced the

Splunk Security Operations Suite

which includes threat detection with Splunk UBA and Splunk Enterprise Security (ES) content subscription. The investigation workflows in ES and the automation capabilities in Splunk Phantom cover the response aspects to modernize and mature security operations centers.

This trend drives the adoption, from vendors as well as organizations’ security teams, of the MITRE ATT&CK Framework. We have also prepared a webinar together with ISC2 to explain what it is, why and how you should use it. Our analytical stories in Splunk Enterprise Security are all mapped to MITRE ATT&CK.

With an open eco system for security operations we have joined with industry peers such as Crowdstrike, PaloAlto, Cisco or Symantec.

There are many partners who provide either fully managed or very successful hybrid managed security operations. For example Accenture and Airbus. You can find them and many more in our partner locator.

At last year’s .conf, Deloitte’s Risk and Financial Advisory Group shared how Splunk & Machine Data is used in Deloitte Consulting Engagements for privacy and data governance. Everything from data in-transition monitoring to consent revocation monitoring and data erasure verification.

Knowing where sensitive data is stored and who has access to it is mandatory as stipulated by data protection laws. Ensuring a proper audit trail to address any kind of breach has to be the highest priority for security managers. We walked through a whole data security scenario in a day in a life of a breach.

To track and measure the effectiveness of data security governance, firewall data isn’t what you need. - You would most likely need to get to the application level which showcases Splunk’s strength for collecting and processing data from any kind of technology. For monitoring and tracking access, it is essential to collect data from business applications such as CRM or HR apps.

Addons, like Workday, SAP, SalesForce or more generic ones to connect to rest API’s or invoke Webhooks are in very high demand.

Our Partner Digital Guardian, who is providing a DLP and EDR solution, has created an awesome app integration.