Why is fall the best season of them all?
Some might say it’s because of the colorful fall foliage, others could point to the spooky fun of Halloween, but for the team here at Splunk, we’re quick to answer: .conf (final answer). Last October, Splunkers from all corners of the earth descended on an unsuspecting Las Vegas and painted the town pink with their enthusiasm for bringing data to every question, decision and action. This year might be a little different. Instead of having to run across the airport to reach your gate before departure, you can now enjoy the best Splunk has to offer from the comfort of your home; while sipping from your favorite coffee mug and donning your finest shirt from the Splunk T-Shirt Company.
Splunk Security Track Spotlight
The Splunk Security team has assembled an awesome collection of sessions that feature customers, partners and Splunkers sharing their experiences on how Splunk has enabled them to protect hybrid, on-premises and multicloud environments. We’ve been working around the clock to make this .conf one of the most memorable to date for the Splunk community. Below are a few of our favorites you do not want to miss.
SEC1395C: Developing Cloud Detections Using Cloud Attack Range - Presented by Bhavin Patel (Senior Security Software Engineer) and Patrick Bareiss (Senior Threat Researcher)
Eighty-three percent of enterprise workloads are expected to move to the cloud by 2020. This means cloud infrastructure will increasingly be in the cross hairs of adversaries. Splunk’s security research team has been working hard to develop more sophisticated detection rules for cloud attacks. They created the cloud attack range to continuously test and improve cloud detections. It’s an open-source project that allows you to build an AWS cloud detection lab in under 30 minutes complete with virtual machines, a Kubernetes cluster and serverless cloud infrastructure. Learn about different tools at your disposal to attack the cloud detection lab and how to repurpose the generated data to build new detections.
SEC1169A: Detecting Business Email Compromise (BEC) using Splunk - Presented by Teresa Chila (Chevron)
This session explores the ways Splunk Enterprise can protect organizations from Business Email Compromise (BEC). A tried-and-true tactic fraudsters use is impersonating others to lure you into believing their request for a wire transfer is legitimate. Learn which features are most effective in identifying BEC attacks, and SPLs that make detection of lookalike domains easier to spot without overwhelming your computational power.
SEC1391C: Full Speed Ahead With Risk-Based Alerting (RBA) - Presented by Jim Apger (Staff Security Strategist) and Kyle Champlin (Global Principal Product Manager)
A few years ago, Jim developed a novel approach called Risk-Based Alerting (RBA) to help SOCs everywhere address alert fatigue and enhance threat hunting. Many organizations, passionate practitioners, have contributed to improving important aspects of RBA like shortening time to deploy and streamlining the “Business of SOC.” Tune in to see how the concept of a threat object has been integrated alongside Risk Objects, in an elegant and compelling manner. Splunk product management will showcase recent additions to Enterprise Security, and how it can help empower the SOC with RBA and the new annotations framework.
SEC1279C: Anomaly Detection and Insider Threat Hunting With Splunk UBA - Presented by Tom Smit (Principal Sales Engineer)
Splunk User Behavior Analytics (UBA) contains the largest library of unsupervised machine learning in the market. In this session, we'll show how to analyze data from both cloud and on-premises data sources in both types of deployment (cloud/on-premises) to convey the unique benefits of Splunk UBA. In conjunction with the Splunk Security Operations Suite, we’ll also see how Splunk UBA turns off the noise and lets you focus on the most important threats and anomalies in your environment.
SEC1924C: How to ‘Marie Kondo’ Your Incident Response With Foundational Security Procedures and Case Management - Presented by Tim Frazier (Security Strategist), Sam Hays (Sr. Technical Community Manager), and George Panousopoulous (Strategy Director)
This session will cover best practices on establishing foundation security procedures, including use case management and automation, to drive efficient cross-functional response from detection to resolution in Splunk Phantom. Learn how to optimize your security standard operating procedures (SOPs), establish mature repeatable processes for handling all kinds of incidents, and help yourself ensure a few alerts here and there don’t balloon into a backlog of alerts.
This is a small snapshot of the incredible sessions we’ve compiled for the Splunk Security Track. Be ready to learn new skills, engage with passionate members of the Splunk community, and add another .conf hoodie to your (already sizable) collection.
We can’t wait to see you all at .conf20!
Follow all the conversations coming out of #splunkconf20!