Delivering Analytics-Driven Security

Palo Alto Networks and Splunk have partnered to deliver an advanced security analysis solution. The collaboration delivers operational reporting, configurable dashboard views, and adaptive response actions across Palo Alto Networks family of next-generation firewalls, advanced endpoint security, and threat intelligence cloud. 

Splunk ingests, visualizes and analyzes data and events from Palo Alto Networks platform: PAN NGFW OS, Aperture, Global Protect and Threat Prevention, Traps, Wildfire, as well as from other data sources such as IPS, endpoints, and firewalls, identity sources, business applications, threat intelligence feeds, asset management databases and other structured or non-structured data to provide a holistic view of your infrastructure and security posture. Join our security experts in Splunk booth #306 to learn how Splunk:

  • Improves your security posture by providing a range of analytics-driven solutions to help defend against modern attacks
  • Enables faster investigation, breach analysis, incident response and threat hunting
  • Improves detection accuracy and investigation effectiveness by operationalizing a wide array of threat intelligence feeds
  • Provides a rich set of security solutions for integrated CLM, SIEM and UEBA
  • Uses packaged and pre-built machine learning capabilities as well as hundreds of third-party and community provided applications
  • Automate Actions to mitigate risk to business continuity and reputation with faster security insight, decisions and automated actions
  • Visibility and Context Across Your Infrastructure
Get Started
Free Online Sandbox Try Now

Session Information

Strengthening Your Security Posture and Stopping Malware with Palo Alto Networks and Splunk

Abstract: Illumina is the global leader in DNA sequencing and array-based technologies, serving customers in the research, clinical and applied markets. This session discusses the use of Palo Alto Networks and Splunk to improve Illumina’s security posture. It will cover best practices for logging, several case studies, and operational tactics we’ve employed to integrate Palo Alto Networks and Splunk into our environment. This session will highlight how we’ve reduced malware infection rates, correlated vulnerability data with attacks, used Wildfire to detect new malware in our environment, and use MineMeld to help with both whitelisting valid traffic and blacklisting malicious traffic. The session also touches on automation methodologies that are driven through the Splunk integration (using GRR Google Rapid Response and emails) and future plans for orchestration.We will also cover some best practices for tuning Splunk Enterprise Security in your environment.

Time & Location:
Wednesday, June 14th
1:30pm – 2:20pm
Ballroom C, East Convention Level
Ryan Niemes, Manager, Networking and Information Security, Illumina

Session Information

Applied Security Orchestration: Learn How Lennar implements Splunk and Palo Alto Networks integration

Abstract: Learn how Lennar Corporation, a Fortune 200 home builder, has leveraged the Splunk and Palo Alto Networks integration. Session will cover utilizing Splunk data to populate your User-ID agent using custom inputs, utilizing Splunk Enterprise Security’s Threat Intelligence to publish feeds into the firewalls for greater efficiency, and other use cases. Learn specifics from a customer to apply this integration in your organization to strengthen your security posture.

Time & Location:
Thursday, June 15th
Ballroom C, East Convention Level
James Brodsky, SE Manager, Splunk
Kevin Gonzalez, Security Operations Center Manager, Lennar Corporation

Splunk Enterprise Security

Splunk Enterprise Security runs on top of Splunk® Enterprise or Splunk Cloud. Splunk ES can be deployed as software, as a cloud service, in a public or private cloud, or in a hybrid software-cloud deployment.

faster data onboarding icon

Improve Security Operations

Decrease incident response times and demonstrate compliance by leveraging a rich set of pre-built dashboards, reports, incident response workflows, analytics, correlations and security indicators.
easier analytics icon

Improve Security Posture

Optimize security monitoring, prioritization, response, containment and remediation processes by analyzing all machine data to understand the impact of alerts or incidents.
proved scalability icon

Prioritize Security Events and Investigations

Enhance decision making and align risk posture with the business by applying risk scores to any event, asset, behavior, or user based on their relative importance or value to the business.
centralized management icon

Detect Internal and Advanced Threats

Verify privileged access and detect unusual activity by applying user- and asset-based context to all machine data to monitor user and asset activities.
fraud icon

Make More Informed Decisions

Enhance incident investigation, breach investigation, and scoping by leveraging threat feeds from a broad set of sources, including free threat intelligence feeds, third party subscriptions, law enforcement, FS-ISAC Soltra (via STIX/TAXII), internal and shared data.
faster data onboarding icon

Operationalize Threat Intelligence

Multiple threat intelligence sources can be aggregated, de-duplicated and assigned weights so a wide range of Indicators of Compromise (IOCs) can be used for all aspects of monitoring, alerting, reporting, investigation and forensic analysis.
easier analytics icon

Monitor in Real Time

Detect unusual activities associated with advanced threats by leveraging statistical analysis, correlation searches, dynamic thresholds, and anomaly detection.
easy deploy use icon

Optimize Incident Response

Streamline investigations of dynamic, multi-step attacks with the ability to visualize, and therefore more clearly understand, the attack details, as well as the sequential relationship between various events to quickly determine the appropriate next steps.