Visit Splunk at RSA Conference 2017
February 13 – 17 | Moscone Center, San Francisco, CA
The Splunk platform uses analytics-driven security to address a wide range of use cases including advanced threat detection, insider threat detection, incident/breach investigation and response, ransomware prevention, fraud detection, SOC operations, compliance reporting, security orchestration and automation, and more.
Join our security experts in Splunk booth #N3421 to learn how Splunk:
- Improves your security posture by providing a range of analytics-driven solutions to help defend against modern attacks
- Enables faster investigation, breach analysis, incident response and threat hunting
- Improves detection accuracy and investigation effectiveness by operationalizing a wide array of threat intelligence feeds
- Provides a rich set of security solutions for integrated CLM, SIEM and UEBA
- Uses packaged and pre-built machine learning capabilities as well as hundreds of third-party and community provided applications
Automated Prevention of Ransomware with Machine Learning and GPOs
Abstract: This talk highlights a signature-less method to detect malicious behavior before the delivery of the ransomware payload can infect the machine. The machine learning driven detection method is coupled with the automated generation of a Group Policy Object and in this way we demonstrate an automated way to take action and create a policy based on observed IOC’s detected in a 0 day exploit pattern.
Tuesday, February 14th
Moscone North 131
Rod Soto, Principal Security Researcher, Splunk
Joseph Zadeh, Sr. Data Scientist, Splunk
Splunk UBA is unique in its data-science driven approach to automatically finding hidden threats rather than the traditional rules-based approaches that doesn’t scale. We are pleased with the efficacy and efficiency of this solution as it makes the life of our SOC analysts’ way better.
With Splunk Enterprise Security, we now have a secure, cost-effective SIEM with the functionality and scalability to underpin our planned SOC. Having it in the cloud means we have also eliminated the numerous hassles involved with deploying and then maintaining an onsite SIEM implementation.
Splunk ES is the modern day security command center and hands down the only security solution we trust to help us protect the intellectual property of our customers.