Pull Up Your SOCs with Analytics-Driven Security

Join Splunk at Black Hat--one of the world’s leading information security events, providing 19,000+ attendees with the very latest in research, development and trends.

Splunk has analytics-driven security solutions to empower you to lessen the stress of breaches and pull up your SOCs. Splunk is your single source of truth for security insights--enabling analysts and SOC teams to detect, investigate, and respond at machine speed.

Join our security experts in Splunk booths #1214 & #1436 to learn how Splunk analytics-driven security can help your security operations scale and SOAR to the next level in the following areas:

  • Visibility: Splunk provides data-driven security solutions for true end-to-end visibility and insight. Coupled with a flexible and sophisticated search language as well as machine learning capabilities, Splunk allows you to continuously monitor and assess your security posture and risk for easier and automated detection to make better and faster decisions
  • Analytics: Search across your stack and perform alert triage and threat validation at machine speed. Gain insight and context you need for an investigation by searching over specific timeframes for historical analysis, take advantage of machine learning algorithms to identify the outliers and advanced threats, or execute automated actions to pre-fetch intelligence to support decision making.
  • Operations: Teams of any size or skill sets can utilize Splunk to set up a next-generation SOC by incorporating automation and orchestration to fight back alert fatigue and shorten incident response times. Achieve greater confidence in the changing threat landscape by utilizing recommended defence tactics within our continuous content updates and the knowledge-share within our awesome user community.
Get Started
  • Demo
    Security Investigation
  • White Paper The Six Essential Capabilities of an Analytics-Driven SIEM
  • E-Book The Essential Guide to Security
  • White Paper Splunk Integrated Behavior Analytics
  • See How Splunk Phantom Works
Free Online Sandbox Try Now

Session Information

Automating the Full Cyber Killchain: Offensive Automation and Orchestration

Security Orchestration, Automation, and Response technologies (SOAR) have emerged as new tools for defenders to automate response over the past several years. This talk will turn that on its head, by demonstrating how SOAR can be used to automate offense. Much like we can use SOAR to respond within seconds, we will demonstrate how adversaries can use playbooks to leverage a wide array of third-party integrations, automate their TTPs, and control the flow of an attack throughout the kill chain. This talk will demonstrate the use of Splunk Phantom to implement offensive playbooks for each step of the kill chain.

 

Speakers:

Oliver Friedrichs | VP, Automation and Orchestration, Splunk
Philip Royer | Research Engineer, Splunk
Sebastian Goodwin | Head of Cybersecurity, Nutanix



Time & Location:
Wednesday, August 8
4:10PM

Ocean Side G

Theater Schedule


Wednesday 8/8 Session Title Presenter, Company
10:30 AM - 10:50 AM Pull Up Your SOCs: Splunk for Security Ale Espinosa, Splunk
11:00 AM - 11:20 AM Using Accenture & Splunk to Decipher Cyber Investigation, Forensics, and Response Dave Daily & Justin Harvey, Accenture
11:30 AM - 11:50 AM Show Me the Data! Security & Risk Monitoring with Splunk Jade Catalano, Splunk
12:15 PM - 12:45 PM How to Minimize Damage from a Data Breach Chris Simmons & Elyssa Christensen, Splunk
1:30 PM - 1:50 PM SOARing through the OODA with Splunk Phantom CP Morey, Splunk
2:30 PM - 3:00 PM Q&A with Haiyan Song, SVP + GM, Security Markets, Splunk and Oliver Friedrichs, VP + GM, Automation and Orchestration, Splunk Haiyan Song & Oliver Friedrichs, Splunk
3:30 PM - 3:50 PM Speed Up Incident Investigation & Response Girish Bhat, Splunk
4:00 PM - 4:20 PM Cloudy with a Chance of Breach Jae Lee, Splunk
4:30PM - 4:50PM SOAR to New Heights Wissam Ali-Ahmad & Meera Shankar, Splunk
5:00 PM - 5:20 PM Level-Up with Machine Learning for Insider Threat Detection Patriz Regalado & Tom Smit, Splunk
5:30 PM - 5:50 PM Incident Investigation, Response, and Forensics with Symantec & Splunk Colin Gibbens, Symantec
Thursday 9/9 Session Title Presenter, Company
10:30 AM - 10:50 AM SIEM City: Replace Your Legacy SIEM with an Analytics-Driven SIEM Girish Bhat, Splunk
11:00 AM - 11:20 AM Spot the Fraudsters: Utilize Your Machine Data for Fraud Analytics & Detection Jade Catalano, Splunk
11:30 AM - 11:50 AM Advanced Threat Detection and Response with Crowdstrike & Splunk Evan Burns, Crowdstrike
1:30 PM - 1:50 PM Pull Up Your SOCs: Splunk for Security Ale Espinosa, Splunk
2:30 PM - 3:00 PM Q&A with Monzy Merza, VP of Security Research, Splunk and Sourabh Satish, VP + Distinguished Engineer, Splunk Monzy Merza & Sourabh Satish, Splunk
3:30 PM - 3:50 PM How to Minimize Damage from a Data Breach Chris Simmons & Elyssa Christensen, Splunk
4:00 PM - 4:20 PM Applied Analytics-Driven Security Automation Use Cases at University of San Francisco Tim Ip, USF
4:30 PM - 4:50 PM How to Handle a GDPR Compliance Audit Without Crying Jae Lee, Splunk

Additional Events

BSides & Splunk: “Advanced APT Hunting with Splunk” Workshop

Going to BSides too? Splunk security experts, Ryan Kovar, John Stoner, and Dave Herrald, will be there too! Learn how to hunt APTs with an “Advanced APT Hunting with Splunk” hands-on workshop! This all-day workshop will teach you how to hunt a "fictional" APT group. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.



Time & Location:
Wednesday, August 8: 8:00am - 5:00pm

Tuscany Suites

“Introduction to Hunting Heuristics with Splunk” Workshops

Threat Hunting makes the assumption that at some point an organization’s automated and boundary defenses will fail. With this certainty, how can we find “evil” in our environment? The goal of hunting is to decrease the dwell time of these adversaries who slipped past our defenses to reduce data loss and damage to our networks. In this hands-on workshop, we will be illustrating the value of key data sources to conduct hunting, as well as investigative techniques for identifying anomalies that can be used to develop hypotheses of an attack. We will also discuss methods for using the findings of a hunt to bolster our overall security posture for our organization. Join Splunk Security Specialists Ken Westin, Matthew Joseff, and Dan Christiansen on a hunting expedition, no permit required...but you will need your laptop.



Time & Location:
Wednesday, August 8: 2:00pm - 4:00pm
Thursday, August 9: 10:00am - 12:00pm

The Aria
Register Now

DEF CON & Splunk: Wall of Sheep + "Advanced APT Hunting with Splunk" Workshops

Attending DEF CON? Get thee to the Wall of Sheep to see how Splunk is monitoring and visualizing network activities!

Wanna learn how to hunt the APTs but missed the workshop run at BSides a few days before? Never fear because the workshop is so nice, it’s being run twice! Join us for “Advanced APT Hunting with Splunk”, a hands-on workshop with Splunk security experts, Ryan Kovar, John Stoner, and Dave Herrald. This workshop will teach you how to hunt a "fictional" APT group, TAP’T. We discuss the Diamond model, hypothesis building, LM Kill Chain, and Mitre Att&ck framework and how these concepts can frame your hunting. Then we look deep in the data using Splunk and OSINT to find the APT activity riddling a small startup's network. We walk you through detecting lateral movement, the P of APT, and even PowerShell Empire. Then at the end, we give you a similar dataset and tools to take home and try newly learned techniques yourself.



Time & Location:
Friday, August 10: 1:00pm – 3:00pm
Sunday, August 12: 11:00am – 1:00pm

Caesars Palace, DEF CON – Packet Hacking Village
Register Now

Networking Reception: Mix, Mingle & Discuss Proactive IoT Security

ForeScout Co-Sponsored with CrowdStrike, Herjavec Group & Splunk


Time & Location:
Tuesday, August 7: 6:00pm - 8:00pm
Alibi Cocktail Lounge, at Aria Resort & Casino

Register Now

Security Leaders VIP Party


Time & Location:
Wednesday, August 8: 8:00pm - 10:00pm
EyeCandy Sound Lounge @ Mandalay Bay

Register Now

Accenture Networking Reception

Sponsors: Accenture, PANW, Microsoft, Splunk


Time & Location:
Wednesday, August 8: 7:00pm – 10:00pm
The House of Blues at Mandalay Bay Resort

Register Now

Meet Splunk Security Experts at Black Hat 2018!!

Going to Black Hat? Got questions about Splunk? We’ve got answers! Splunk security specialists will be on hand to meet one-on-one at Black Hat. Let us know which topic you’d like to discuss: Security monitoring, Incident response, Incident investigation and forensics, Advanced threat detection, Insider threat, Compliance, SOC Automation, SOAR or Fraud in the Splunk Suite and we’ll make it happen.

Book Meeting