I hope everyone is doing fine and have adjusted to the current situation that many refer to as “The New Normal”.
One task that I really enjoyed and that has boosted my energy levels has been the work with our various .conf presenters (customers, partners and Splunkers) over the past weeks.
Reviewing security sessions always gives me an energy boost
I love following security and technology trends and enjoy seeing how they translate into people’s lives, processes and technology. There’s just so much to learn.
Here are a few recommendations for sessions you should follow at .conf20, watch live, or review afterward.
How About Multi-Cloud Monitoring?
SEC1674A - Improve Your AWS Security Monitoring with Splunk Enterprise Security
Audrius Miknevicius, Information Security Engineer at Western Union shares how to achieve security monitoring, improved incident response times, and threat hunting capabilities on AWS with Splunk Enterprise Security. He covers everything from how logging works in AWS, through getting data into Splunk, to utilizing out of the box and building new content. Additionally he talks about monitoring your coverage through the MITRE ATT&CK framework.
SEC1280C - AWS Security and the Splunk Security Suite
If you want to be guided through a realistic cloud breach scenario and terms like SSRF, AWS AssumeRole, Lambda Execution Exploits, etc, then this session from our own Megan Parsons and Tom Smit is for you.
SEC1348C - How Splunk gives actionable relief to torture testing Kubernetes across multi-cloud
What does it mean for cybersecurity, when your DevOps Team starts to deploy and run its newly developed apps on Kubernetes across multiple cloud providers? What does the architecture look like, which components are involved and how does it all go together? What does the attack surface look like for K8s clusters and which blue and red teaming tools are available? Rod Soto and Jose Hernandez from our awesome security research team at Splunk have the answers.
SEC1395C - Developing cloud detections using Cloud Attack Range
What does it take to build a demo environment to simulate cloud attacks, generate logs and validate your detection logics and results? Bhavin Patel and Patrick Bareiß answer these questions and walk you through Cloud Attack range built and open sources by Splunk’s security research team.
Did Anyone Say Operational Technology Cyber Security / OT Security?
SEC1923A - In a COVID-19 World - Lessons Learned with OT CyberSecurity
Anas Faruqui, IT OT CyberSecurity Expert at Saudi Aramco shares insight into what they are responsible to protect. This ranges from oil pumps to pipelines and refineries. Their responsibilities also included the changes to Aramco brought by COVID-19; in terms of digitalization and cybersecurity and how they addressed those challenges with the use of data.
SEC1929C - How to secure Operational Technology environments with the new Splunk Add-on for OT Security
Learn how to implement the new OT Add On which makes Splunk Enterprise Security a SIEM for OT!
PLA1471C - Leveraging Splunk in a Chaotic Data World
This session is for anyone who has to build a centralized Security Operations Center for operators of essential services and has to tackle the challenge of not having any influence on the kind of data that is being collected and having to accommodate to whatever data is being sent your way at the same time. Efi Kaufman at the Israeli Ministry of Energy CSC has successfully managed to balance this and shares his experience.
Work Smarter - Modernize your SOC Tools and Procedures!
SEC1104A - Top 5 Boring Security Tasks Every Security Team Should Automate - Getting Started Edition
What are the 5 use cases / playbooks every SOC should start with on an automation project? How do the KPIs to measure success look like and what is the ROI that has been seen in real-world implementations? SOAR Ninja’s Tibor Földesi from Norlys and Máté Rácz from GE Digital take you behind the scenes.
SEC1392C - Simulated Adversary Techniques Datasets for Splunk
Your IT Team is not thrilled that you’re planning to deploy Mimikatz on your production servers to validate if your SIEM detection mechanisms work? Data which includes information about an attack is king when it comes to building and testing detection mechanisms. How can these datasets be shared across the community so that everyone can use them? How can anyone generate their own datasets and use those for safe testing? Jose Hernandez and Patrick Bareiß have the answers in this session.
SEC1366B - SIEM the Skyscanner way: integrating Splunk into our Security practice
Marc Santamaria, Security Engineer at Skyscanner is sharing their SIEM best practices - starting from how they treat their searches on Splunk cloud as “infrastructure as code” over embedding Splunk into AWS Lambda up to managing security alerts from SLACK.
EC1686A - DISTILLERY: Operationalizing threat intelligence for attack detection within Splunk at the Bank of England
What does a modern security operating model look like? What is the operation’s process starting from threat intelligence collection for learning about adversaries to developing analytics and ensuring assurance that detection is provided. What are the key pitfalls that need to be addressed and taken into consideration in the initial planning process so that you have a defendable prioritization and know what you should work on. Carly-Anne West, Jonathan (Jono) Pagett and James Morrin at the Bank of England will share their experience and will also give a technical overview of how they implemented it.
Looking forward to meeting you virtually at .conf20 and hopefully in person sometime soon.
Follow all the conversations coming out of #splunkconf20 !