Nowadays more than 50% of organizations that employ over 2500 people have put in place security operations teams in one form or another, all to ensure resilience against cyber attacks. These teams actively protect company assets, employees, customers and suppliers. Very often they will even secure essential services such as ensuring the energy sector doesn’t blackout an entire country as a result of a cyber attack.
We recently held a webinar on why defining and documenting maturity and capabilities regularly within security operations is key for SOC managers. But what comes after planning? It’s execution. This is one of the reasons I get so excited about .conf this year!
We have a wide range of presenters. Our customers in EMEA are innovating at the same speed as our security Splunkers and share their experiences and best practices so you can quickly adapt and join the journey to make security operations teams happier and move digitization projects to a safer place. Check out their sessions at .conf21 here.
Shell - Daniel Ferreira
SEC1075 - “Effective & Affordable Cyber-Security Vulnerability Management With Splunk Enterprise”
Daniel is a Lead Vulnerability Analyst at Royal Dutch Shell. He will showcase how Shell use Splunk in an effective and affordable way for Cyber-Security Vulnerability Management. The first task of any security team is to know what you have to look out for, which assets, users, systems, cloud accounts and services. His team works in a highly complex environment with hundreds of subsidiaries. He demonstrates how you can use the power of Splunk to quickly answer any security related question across any subsidiary.
CERT Energy Israel - Efi Kaufmann
SEC1395 - “Anomaly Mining in Windows Event Logs”
Efi is the CTO for Israel’s Ministry of Energy Cyber Security Center. He is responsible for the implementation of Splunk-based capabilities to evaluate the security posture and resilience of the Israel energy sector and to assist in their cyber defense effort. But how do you cope if you get log and activity data from hundreds of energy providers log? Efi and his team utilize the power of the Splunk Machine Learning Toolkit (MLTK). He will use Windows event log examples to showcase how any SOC can improve detection capabilities.
HSBC & Adarma - Hannah Cornford and Tom Wise
SEC1440 - “Risk-Based Response: Maturing your Security Operations With Risk Awareness and Splunk SOAR (Phantom)”
Hannah leads a global team responsible for delivering innovative automated solutions in HSBC’s global SOC. Her slogan is: “No API? Not interested”. She collaborated with Tom Wise, works at our Splunk Partner Adarma, has been a Splunk Trust member since 2019 and was the first Certified Splunk Phantom (now Splunk SOAR) Consultant in EMEA. Many Splunk Security Ninjas know the beauty of Risk Based Alerting in Splunk ES which focuses mostly on the detection side - Hannah and Tom have evolved this concept to SOAR with “Risk-Based Response”. Hannah and Tom will show you what exactly it is and how to “make speedier and more accurate decisions using dynamic risk-based decisions”.
Thales - Gabriel Vasseur
SEC1441 - “How We Maintain Our Correlations in Splunk Enterprise Security at Thales UK”
Gabriel is a Senior Cyber Security Analyst with Thales UK. After 9 years in the antispam and antivirus industry, he joined the team at Thales to help develop the CSOC platform. At Thales the team built and implemented over 150+ correlations in Splunk ES - all at various levels of maturity, complexity and consistency depending on how much they knew at the time of creation. So what is needed and how to effectively manage, audit and increase the quality? Gabriel showcases how he pimped Splunk ES through it’s Open Framework with a peer review functionality and more. Everything is prepared and ready to take home for the audience.
Splunk - Dr. Josh Cowling & Stefanos Bogdanis
SEC1495C - “DoH or DoH Not, There Is No Try. Is Machine Learning the Force You Need To Save Your Detections From the Encryption Empire?”
Josh is a Staff Solutions Architect at Splunk in the UK. Prior to Splunk he worked in engineering and data science with dangerous lasers and x-rays for industrial and medical applications. He presents together with Stefan, a consulting solutions engineer supporting the UK Team. Stefan is a PhD candidate and researches the explainability of ML/AI assisted intrusion detection systems. Fun fact: Stefan is also an avid breakdancer. The NSA warns against using DNS over HTTPS (DoH) - they will explain what DoH is, identify what impact it has on visibility for security teams and present their work on how security teams are able to tell if any DoH Traffic is used within their network. Using a data set from the Canadian Institute of Cyber Security, they will show how machine learning can be applied to differentiate between legit and benign DoH traffic.
Splunk - Johan Bjerke and Cynthia Li
SEC1643A - “Splunk Security Essentials: An Approach to Industry Threat Detection Engineering”
Johan is a Principal Security Strategist and Security SME at Splunk working from Sweden. He supports the largest customers in EMEA solving complex security challenges. He is the lead developer of the popular Security Essentials App as well as the Splunk App for Web Analytics. He’ll present together with Cynthia, the Sr. Product Manager for Splunk Security Essentials, InfoSec App as well as Security Content Service. In their session they will share best practices for prioritising security detections and which need to be implemented first, using an Industry sector approach.
Splunk - Erick Contreras and Rod Soto
SEC1153C - “Fighting Ransomware With Splunk Attack Range”
Erick is a Senior Threat Research Engineer at Splunk based in Munich and recently joined us from the Airbus SOC. He has a 12 year background on malware analysis/reverse engineering, digital forensics and detection development in blue teams. Together with Rod, a well known speaker in the infosec community, they will show how to tackle different ransomware campaigns. They will present real life examples run against Splunk Attack Range machines to analyze, discover, detect and they will use playbooks for defense. In addition they will talk about how to share guidance and detections with the community.
Happy Splunking & see you at .conf21!
Follow all the conversations coming out of #splunkconf21!