
Splunk at Palo Alto Networks Ignite 2017
June 12 – 15, 2017 – Vancouver Convention Center – Vancouver BC Booth #306
Delivering Analytics-Driven Security
Palo Alto Networks and Splunk have partnered to deliver an advanced security analysis solution. The collaboration delivers operational reporting, configurable dashboard views, and adaptive response actions across Palo Alto Networks family of next-generation firewalls, advanced endpoint security, and threat intelligence cloud.
Splunk ingests, visualizes and analyzes data and events from Palo Alto Networks platform: PAN NGFW OS, Aperture, Global Protect and Threat Prevention, Traps, Wildfire, as well as from other data sources such as IPS, endpoints, and firewalls, identity sources, business applications, threat intelligence feeds, asset management databases and other structured or non-structured data to provide a holistic view of your infrastructure and security posture. Join our security experts in Splunk booth #306 to learn how Splunk:
- Improves your security posture by providing a range of analytics-driven solutions to help defend against modern attacks
- Enables faster investigation, breach analysis, incident response and threat hunting
- Improves detection accuracy and investigation effectiveness by operationalizing a wide array of threat intelligence feeds
- Provides a rich set of security solutions for integrated CLM, SIEM and UEBA
- Uses packaged and pre-built machine learning capabilities as well as hundreds of third-party and community provided applications
- Automate Actions to mitigate risk to business continuity and reputation with faster security insight, decisions and automated actions
- Visibility and Context Across Your Infrastructure
Session Information
Strengthening Your Security Posture and Stopping Malware with Palo Alto Networks and Splunk
Abstract: Illumina is the global leader in DNA sequencing and array-based technologies, serving customers in the research, clinical and applied markets. This session discusses the use of Palo Alto Networks and Splunk to improve Illumina’s security posture. It will cover best practices for logging, several case studies, and operational tactics we’ve employed to integrate Palo Alto Networks and Splunk into our environment. This session will highlight how we’ve reduced malware infection rates, correlated vulnerability data with attacks, used Wildfire to detect new malware in our environment, and use MineMeld to help with both whitelisting valid traffic and blacklisting malicious traffic. The session also touches on automation methodologies that are driven through the Splunk integration (using GRR Google Rapid Response and emails) and future plans for orchestration.We will also cover some best practices for tuning Splunk Enterprise Security in your environment.
Wednesday, June 14th
Ballroom C, East Convention Level
Ryan Niemes, Manager, Networking and Information Security, Illumina
Session Information
Applied Security Orchestration: Learn How Lennar implements Splunk and Palo Alto Networks integration
Abstract: Learn how Lennar Corporation, a Fortune 200 home builder, has leveraged the Splunk and Palo Alto Networks integration. Session will cover utilizing Splunk data to populate your User-ID agent using custom inputs, utilizing Splunk Enterprise Security’s Threat Intelligence to publish feeds into the firewalls for greater efficiency, and other use cases. Learn specifics from a customer to apply this integration in your organization to strengthen your security posture.
Thursday, June 15th
8:00am-8:50am
Ballroom C, East Convention Level
James Brodsky, SE Manager, Splunk
Kevin Gonzalez, Security Operations Center Manager, Lennar Corporation
Splunk Enterprise Security
Splunk Enterprise Security runs on top of Splunk® Enterprise or Splunk Cloud. Splunk ES can be deployed as software, as a cloud service, in a public or private cloud, or in a hybrid software-cloud deployment.


Improve Security Posture
Optimize security monitoring, prioritization, response, containment and remediation processes by analyzing all machine data to understand the impact of alerts or incidents.
Prioritize Security Events and Investigations
Enhance decision making and align risk posture with the business by applying risk scores to any event, asset, behavior, or user based on their relative importance or value to the business.
Detect Internal and Advanced Threats
Verify privileged access and detect unusual activity by applying user- and asset-based context to all machine data to monitor user and asset activities.
Make More Informed Decisions
Enhance incident investigation, breach investigation, and scoping by leveraging threat feeds from a broad set of sources, including free threat intelligence feeds, third party subscriptions, law enforcement, FS-ISAC Soltra (via STIX/TAXII), internal and shared data.
Operationalize Threat Intelligence
Multiple threat intelligence sources can be aggregated, de-duplicated and assigned weights so a wide range of Indicators of Compromise (IOCs) can be used for all aspects of monitoring, alerting, reporting, investigation and forensic analysis.
Monitor in Real Time
Detect unusual activities associated with advanced threats by leveraging statistical analysis, correlation searches, dynamic thresholds, and anomaly detection.