It’s almost that time of year again... .conf time!
.conf21 Virtual is shaping up to be our best .conf yet, and we’ve assembled an exceptional lineup of security sessions across multiple categories. Join us virtually on October 19-20! Customers are excited to share their experiences using Splunk technology to solve their most pressing security challenges; partners are primed and ready to show you how their technology integrations with Splunk can change the game for your SOC; and members of the Splunk Security Team can’t wait to reveal the latest technology innovations across security foundations, security analytics, threat intelligence and security automation. And, of course, we’ll have a little fun along the way!
Here are some of our favorite security sessions planned for .conf21 Virtual across a few different categories.
Boss of the SOC (BOTS)
You know it, you love it — BOTS is back at .conf21 Virtual and you don’t want to miss it! Learn more and sign up here.
SEC1108C - Enabling DevSecOps and Securing the Software Factory With Splunk Software delivery chain exploits have been headline news this last year, and tech-enabled enterprises realize the impact that their software delivery chain has on their attack surface and overall business viability. In this session, we'll discuss how Splunk can be used for DevSecOps use cases, and then look at attack detection use cases for your software development delivery chain using Splunk. After the session, attendees will have access to the data and analytics from the talk via BOSSng, Splunk's new on-demand security workshop platform.
SEC1745C - Hunting the Known Unknown: Supply Chain Attacks This year's "hunting" session will describe how to deal with supply chain attacks that seem to be plaguing the world. This talk will help you understand the threats to your network (what the heck are they), identify your supply chains, and use Splunk to detect attacks on your network. Using case studies ripped from the headlines, our session will discuss which logs to collect and detection methods. Finally, we will release our tools and hunting techniques for attendees to take home, so they can start implementing these methods on their network immediately!
SEC1271A - What's New in Splunk Enterprise Security? In this session, learn about all of the latest in Security Analytics innovation coming in the newest release of Splunk Enterprise Security. We will do a deep dive and demos on the new capabilities and fresh interfaces that streamline analyst workflows, extend executive visibility, and build on Risk Based Alerting. Join us as we explore what is in the newest release of Enterprise Security, and hear from ES Product Management leadership about what’s next for ES.
SEC1332C - Splunk Enterprise Security Biology V: A Fresh Look at the Threat Intel Framework This session will examine how indicators can be integrated and what occurs below the surface in Splunk Enterprise Security (ES) to prepare them for consumption and correlation. To illustrate how indicators can be consumed by the framework, examples from partners will be used, highlighting differences in approaches and pros and cons. Because the framework is designed to operationalize threat intelligence within ES, the session will wrap up with tips and techniques to quickly ingest indicators that attendees can use in ES immediately.
Security Orchestration, Automation and Response
SEC1528C - Tackling Account Management Within the Cloud (AWS, Azure and GCP) With Splunk SOAR Distinguished Splunk SOAR engineer, Philip Royer, will walk you through three simple automated playbooks that you can use to monitor misuse of account privileges, new account creations, and any other abnormal account behavior. These playbooks will help your business create a line of defense in preventing bad actors from infiltrating into your systems within the cloud. Stop doing this work manually and let automated playbooks simplify your security operations!
SEC1209A - Automated Vulnerability Detection and Verification with Ernst and Young & Splunk The entire vulnerability management cycle can be tedious, and security teams are expected to effectively communicate to prevent any malicious actors from exploiting known vulnerabilities. Every part of the vulnerability management cycle can be automated to help security teams feel less overwhelmed and more in control. Experts from Splunk’s SOC, alongside cybersecurity practitioners from Ernst & Young, will demonstrate how they use Splunk SOAR to assess vulnerabilities and patch them with little to no human intervention needed.
SEC1546A - Reduce Noise From Intel Sources With TruSTAR + ES Industry reports on security operations practices cite high false-positive rates and noise from threat intelligence feeds as a top issue affecting security analyst productivity. We will highlight how you can leverage Splunk TruSTAR and Splunk ES to reduce the noise from your intel sources and ultimately improve alert prioritization processes using internal and external intelligence without working within multiple tools.
SEC1702C - Improve Intelligence Sharing Efficiency and Governance Using TruSTAR Enclaves Imagine having the flexibility to quickly share and consume indicators and threat intelligence from your ISACs or trusted partners without having to comb through emails or write additional scripts to automate this sharing. Learn how Splunk TruSTAR Enclaves enable the easy sharing of threat intelligence data across teams, tools and sharing partners like ISACs, ISAOs and trusted groups. Intelligence can also be anonymized when sharing with third parties to meet data governance standards.
SEC1166C - Modernizing Security Operations With Splunk Security Maturity Methodology Let's cut through the myths on what it takes to build a mature, effective Security Operations Center. Join this session to learn how to move up the Security Maturity curve with Splunk as your Security Operations platform by using a combination of people, process and technology. This session will detail how the Splunk Security Maturity Methodology (S2M2) will help your organization along your security journey, and help you operationalize your investment in Splunk.
SEC1396C - Level Up! How To Go From a Beginner to a Champion in Splunk Security Ever feel like you are a Level 1 character starting your security journey with Splunk? You want to figure out how to defeat a dragon… err adversary... but don't know where to start? Join us to hear how you can go from a Splunk beginner to a mighty threat hunter (or at least a mid-level rogue). We will guide you through the cheat codes of core Splunk and Enterprise Security using a prescriptive training roadmap showing how to gain XP as you go, until eventually, you can be a Security Dovakiin with the skills and armor to match!
SEC1361B - Learn by Doing: Cal Poly Students Enable Security Operations Center Through Splunk California Polytechnic State University uses Splunk Enterprise Security and Splunk SOAR. We employ the Cal Poly "Learn by Doing" learning philosophy, empowering our student employees to build our SIEM and SOAR toolsets. The student's work improves the security posture of our campus and its 24K users. We've developed a training program combining Splunk resources, internally developed materials, and on-the-job training and mentorship. Students create SOC dashboards, queries, alerts and reports. Join this session to learn tools and tricks developed by these students!
SEC1466A - A Deep-Dive Into How Zoom Is Building Its World-Class Detection Pipeline in Response to the Zoom-Boom! Zoom has become a household name with the rise in work from home and learning at home popularity. And with great popularity comes great responsibility! We at Zoom understand this and are on a mission to build a world-class detection pipeline. In this session, we’ll talk about how we are centralizing data collection into a data lake, integrating the data lake with Splunk, and harnessing risk-based alerting, ML and AI to detect anomalies and intruders. We’ll also show how we are automating response orchestration and minimizing human intervention and response time to security alerts, and automating the entire pipeline to keep up with the increasing popularity of Zoom.
SEC1727A - Splunk Security Analytics for AWS: A Force Multiplier for Lean Security Teams Splunk Security Analytics for AWS is a new offering designed to make detection and investigation easier for smaller security teams. It leverages out-of-the-box AWS integrations to empower lean Security and IT teams to quickly detect, triage, and respond to security incidents in their AWS footprint. AWS customers can rapidly bring security-relevant AWS data, such as automated risk indicators from AWS Security Hub, logs from AWS CloudTrail and notifications from Amazon GuardDuty into Splunk for cloud-wide correlation. Join us to learn how Splunk Security Analytics for AWS provides immediate visibility and enhanced protection!
SEC1508A - Calling Security Mavericks: Fulfill Your SOC Need For Speed With Google Cloud & Splunk In this session, we’ll show you how to use high fidelity Google Cloud logs and automated security findings from Google Cloud Security Command Center (SCC), cloud-tailored detections from Splunk Enterprise Security (ES), and automated response from Splunk SOAR to enhance your threat prevention, detection and response. We’ll also dive into how GCP security data map into existing Common Information Model (CIM) models to leverage out-of-the-box content available in ES, ES Content Updates and the Splunk Security Essentials App. Finally, we’ll show how you can map out this threat content while following the open MITRE ATT&CK framework.
We can’t wait to see you at .conf21 Virtual in October.
Follow all the conversations coming out of #splunkconf21!