Analytics-Driven Security SIEM + Machine Learning + UBA and More

Join Splunk at Black Hat--one of the world’s leading information security events, providing 15,000+ attendees with the very latest in research, development and trends.

Splunk shortens the security analytics cycle by providing a single “source of truth” for security insights. Analysts and SOC teams can make informed decisions, faster, to mitigate threats and protect the data most important to your organization.

Join our security experts in Splunk booth #1254 to learn how Splunk analytics driven security:

  • Provides data driven security solutions that deliver security insights for faster and better decisions
  • Improves security detection, response, coordination and collaboration
  • Provides a range of analytics driven solutions to help defend against modern attacks
  • Offers a platform approach that provides integrated analytics for central log management, SIEM, UEBA as well as value-added applications from partners
  • Helps security teams perform faster investigations, develop a “hunt” mentality, and operationalize a wide array of threat intelligence sources to improve detection accuracy and effectiveness of response
  • Enables an ecosystem of partners via Splunk's Adaptive Response framework to speed remediation with orchestration and automation actions
  • Gives organizations the visualizations they need to understand their security posture today with Splunk Quick Start Bundles
  • Enables a broader analytics-driven approach to security with Splunk Insights for Ransomware to help combat ransomware

Session Information

Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization

Abstract: A rise in data analytics and machine learning has left the typical pentesters behind in the dust. This talk covers the required tools for consolidating, analyzing and visualizing the dark tools that are used by every red team. This can all be done at scale keeping up with even the most bleeding edge environments. We'll release the required framework for getting the data where it needs to be, the technical add-ons to ensure this data is ingested in usable formats, and dashboards for Spunk to leverage this data for mass pawnage of your target!

Time & Location:
Wednesday, July 26
Mandalay Bay EF

Bryce Kunz, Senior Lead Threat Specialist, Adobe Systems, Inc.

Nathan Bates, Lead Security Engineer, Adobe Systems, Inc

Theater Schedule

Wednesday 7/26 Session Title Presenter, Company
10:30 AM - 10:50 AM Threat Hunting with Splunk Ken Westin, Splunk
11:00 AM - 11:20 AM Splunk for Security Jade Catalano, Splunk
11:30 AM - 11:50 AM Steer Clear and Get Ahead of Ransomware Jae Lee, Splunk
1:30 PM - 1:50 PM SIEM City: Replace your Legacy SIEM with Splunk Advanced Security Analytics Girish Bhat, Splunk
2:30 PM - 3:00 PM Q&A with Haiyan Song, SVP, Security Markets, Splunk Haiyan Song, Splunk
3:30 PM - 3:50 PM Use Adaptive Response for Orchestration and Automation Wissam Ali-Ahmad + Meera Shankar, Splunk
4:00 PM - 4:15 PM Splunk for Security: Tips and Tricks Robert Wagner, Splunk
4:30 PM - 4:50 PM Palo Alto Networks and Splunk Team Together to Prevent Attacks and Protect Your Data Paul Nguyen, Palo Alto Networks
5:00 PM - 5:20 PM Put Deception to Work - Combat Ransomware with Acalvio and Splunk Acalvio
5:30 PM - 5:50 PM Federal Agency Leverages Red Seal and Splunk for Adaptive Response Kurt Van Etten, Red Seal
Thursday 7/27 Session Title Presenter, Company
10:30 AM - 10:50 AM Use Adaptive Response for Orchestration and Automation Wissam Ali-Ahmad + Meera Shankar, Splunk
11:30 AM - 11:50 PM Crawl, Walk and Run Approach to User Behavior Analytics Anurag Gurtu, Splunk
1:30 PM - 1:50 PM 20/20 Visibility into your Cloud and On-premises services Girish Bhat, Splunk
2:30 PM - 2:50 PM Detecting Unknown Malware in Splunk (Endpoint and Network): Hands-on Erin Sweeney + Young Cho, Splunk
3:30 PM - 3:50 PM SIEM City: Replace your Legacy SIEM with Splunk Advanced Security Analytics Girish Bhat, Splunk
4:30 PM - 4:50 PM Countering Rapidly Evolving Threats with Advanced Tradecraft and Techcraft Kristen Sargent+ Matthew Joseff, Booz Allen Hamilton + Splunk

Additional Events

Partner Event: Bromium & Splunk

We are excited to be co-sponsoring an exclusive party to kick-off Black Hat. Splunk and Bromium cordially invite you to a dazzling evening at Libertine Social at Mandalay Bay. We are kicking off Black Hat in style on Tuesday night starting at 7pm. Capacity is limited, so please RSVP as soon as possible. If you are bringing a guest, please be sure to register them as well. We look forward to seeing you.

Time & Location:
Tuesday, July 25

Libertine Social, Mandalay Bay
Register here

Threat Hunting with Splunk Workshop

Join us for a hands-on exercise with a real world attack scenario. The demo will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks in progress. Who should attend? Anyone that works in security and wants to leverage their machine data to detect internal and advanced threats, monitor activities in real time, and improve their organization's security posture. All workshops are "bring your own device."

Time & Location:
Thursday, July 27

The Aria

DEF CON & Splunk: "Hunting with Splunk"

Attending DEF CON? Get thee to the Wall of Sheep to see how Splunk is monitoring and visualizing network activities. Interested in trying your (lamb) chops at hunting? Join us for Hunting with Splunk, a hands-on workshop. “Hunting with Splunk" is training from the experts. You will learn how to deal with end-point data, sort through wire data, and maybe even find some advanced threats. Then try your hand at searching for bad actors using a realistic dataset in Splunk. The workshop is first come, first served.

Time & Location:
Friday, July 28

Saturday, July 29

Sunday, July 30

Caesars Palace, DEF CON – Packet Hacking Village, PHV Workshops for “Hunting with Splunk”