Analytics Driven Security - How to Start and Continue the Journey
Regardless of how experienced you are when it comes to SIEM, you should constantly be looking for new security use cases and insights to maintain high levels of protection in your environment. However, the landscape is changing so quickly that this needs to be supported with an analytics-driven approach to ensure you are ahead of adversaries and are prioritizing the right threats. At the moment, you might be following best-practice frameworks, such as CIS20, or implementing the kill-chain model.
This webinar runs through one of the recent Analytic Stories published by the Splunk Security Research team that map to these processes, providing you with insights on how to continue your analytics security journey through the “Brand Monitoring” story and related searches. This will demonstrate how you can customize your environment to detect attempts to fool employees or customers into interacting with malicious infrastructure.
Watch this webinar to learn:
- What Analytic Stories are and what they look like
- How you can begin adopting Analytic Stories in your environment
- What tactics and techniques adversaries use when attempting to abuse your brand
- How you can implement and customize the brand-monitoring analytic story in your environment
- How you can further operationalize the Analytic Stories with Splunk Enterprise Security
Splunk Website Terms & Conditions of Use
"Subsidiaries" means direct or indirect subsidiaries, of Splunk Inc.
Following are Subsidiaries of Splunk Inc. as of January 31, 2017:
Splunk Cayman Holding Ltd.
Splunk Information Technology (Shanghai) Co., Ltd.
Splunk Ireland Limited
Splunk Serviços do Brasil Ltda.
Splunk Services Australia Pty. Ltd.
Splunk Services Belgium BVBA
Splunk Services Canada Inc.
Splunk Services Cayman Ltd.
Splunk Services France SAS
Splunk Services FZ-LLC
Splunk Services Germany GmbH
Splunk Services Hong Kong Ltd
Splunk Services India Private Limited
Splunk Services Japan GK
Splunk Services Korea
Splunk Services LLC
Splunk Services Netherlands B.V.
Splunk Services New Zealand Limited
Splunk Services Singapore Pte Ltd
Splunk Services Sweden AB
Splunk Services UK Limited
Splunk Services Germany GmbH sucursal en España
Splunk Services Germany GmbH, Munich, Zurich Branch
Splunk Services Hong Kong Limited, Australia Branch
Splunk Services Hong Kong Limited, Taiwan Branch
Splunk Services LLC, Mexico Branch
Splunk Services UK Limited, Italy Branch
Splunk Technology Consulting (Beijing) Co., Ltd.
Effective Date: September 29, 2016
- Use Splunk’s websites or software applications (“apps”)
- Provide or update account information
- Register or attend Splunk-hosted or sponsored events (such as promotional events, webcasts, contests or hackathons)
- Order or use Splunk products, services or other offerings
- Communicate or interact with Splunk on-line or off-line, including for service of Splunk products or services installed on your premises or in the cloud
We refer collectively to these interactions as the “Services”. We explain below how we collect and use the Information you provide and the data created when you use the Services.
What We Collect and How You “Opt-Out”
Data From You or Others. While we (or third-parties acting on our behalf) may collect your Information, including Personal Information, when providing the Services, we also collect it in a variety of other ways, such as through public databases, joint marketing partners, social media platforms, conference hosts, event companies, and other third-parties. If you log in to our Services using your social media login credentials (e.g., Google+), we may receive Information, including Personal Information, as determined by the practices of the applicable social media platform.
Data From the Services (Usage and Analytics Data). We also collect and process usage data when you use our Services (e.g., ingest volume, search concurrency, number of unique user logins, apps loaded, operating system, internet protocol address, source type (count), session duration and other use data) (“Usage Data”) in order to provide, maintain, and improve our Services. (In some products, you may have the option of configuring the administrator settings to opt-out of providing this information automatically.)
In addition, we collect and process anonymized, aggregated data about a group or category of Services, features or users in order to improve the Services (“Analytics Data”). For example, Analytics Data may include anonymized Usage Data, information about the server environment (e.g., OS type/version, CPU type/version, database type/version, disk utilization), information about the devices operating the Services (e.g., browser type/version, OS type/version, device type/version), or such other similar information about user configuration or operation of Service features or functionality.
On devices that enable location-based services, we may receive location information (determined by GPS or other signals), if you consent. (We may use this information to provide personalized location-based services and content. You can restrict our access to your device’s location by adjusting the location-based service preferences on your device.)
How We Use Your Information
Splunk may use Information for various purposes, such as to:
- Fulfill your orders or respond to requests you make (e.g., for marketing materials from our website)
- Provide, improve and develop the Services, including account changes, billing and payments, customer or support services, or software updates
- Issue Splunk accounts for access to online communities
- Send administrative information, like product announcements or changes to contract terms or policies
- Send marketing communications, like educational materials or information about special offers or upcoming online or offline events, such as SplunkLive
- Invite you to participate in various promotional activities, contests, webcasts, sweepstakes, hackathons, usability studies, campaigns, surveys and product tests, and to assess their effectiveness
- Personalize your experience by focusing on, and presenting Services and offers tailored to, your interests
- Associate your mobile device with an identifier for your device. (By downloading the mobile device app, you consent to our usage.)
- Diagnose and fix technical issues and monitor the security of our environments
How We Use Analytics Data
We use Analytics Data extensively to help us better understand how our Services are being used, make improvements to them, and develop new features, products and services. For example, we may use this data to:
- Better understand how our users configure and use our Services
- Determine which configurations or practices optimize performance (e.g., best practices)
- Benchmark key performance indictors (“KPIs”)
- Perform data analysis and audits
- Identify, understand and anticipate performance issues and the environmental factors that affect them
- Other such business purposes relating to the operation, improvement, or development of our Services
How Splunk Shares Your Information
Splunk may disclose Information to third parties in the following ways:
- Affiliates. We may disclose Information to our affiliates subject to these obligations. Splunk Inc. is the party responsible for the management of jointly-used Personal Information.
- Service Providers. We may disclose Information to our third-party service providers, vendors, or others who provide services for Splunk’s business operations. This may include such things as infrastructure, data analysis, order fulfillment, IT services, customer service, professional services or audit services, among others.
- Partners and Resellers. We may disclose Information to third-parties, including our strategic partners and resellers to permit them to assess your interest in the Services, conduct user research and surveys, or send you marketing communications, subject to the terms of their privacy policies.
- Compliance and Safety. We may disclose Information as necessary or appropriate under applicable laws (including laws outside your country of residence) to: comply with legal process or requirements, including applicable notification obligations; respond to requests from public and government authorities (including public and government authorities outside your country of residence); enforce our terms and conditions; and protect our operations or those of any of our affiliates and our rights, privacy, safety, or property, and/or that of our affiliates, you or others.
- Merger, Sale, Etc. We may disclose Information in the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Splunk business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- Other Users. We may disclose Information to other users of the Service in aggregated format, provided it does not include Personal Information. This may include “best practices” tips, KPIs, benchmark data or other such aggregated information useful to the user community.
How We Secure Your Information
Splunk takes reasonable administrative, technical and physical measures to safeguard Personal Information against loss, theft, and unauthorized access, disclosure, alteration, misuse, or destruction. Unfortunately, no data transmission, software, or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please notify us immediately in accordance with the “Contact Splunk” section below. If Splunk learns of a breach of its systems, Splunk may notify you or others consistent with applicable law and as agreed. By using the Services or providing Personal Information to Splunk, you agree that Splunk may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services and the Information.
How You Can Access and Correct Your Information
We give you choices regarding your access, and our use and disclosure, of your Personal Information for marketing purposes. If you would like to review, correct, or update your Personal Information contact us at: marketingops@Splunk.com. Be sure to indicate in your request what Information you would like to have changed. We will try to comply with your request(s) as soon as reasonably practicable, consistent with applicable law. Note, in some cases we may charge an administrative fee to process marketing access requests.
If you no longer want to receive marketing-related emails from Splunk on a go-forward basis, you may also contact us at the marketing email address above and request that your Personal Information be removed from marketing-related emails.
Splunk Also Observes the Following Practices
Use of Services by Minors. The Services are not directed to individuals under the age of thirteen (13) or those not of the age of majority in your jurisdiction, and we request that these individuals do not provide Personal Information through the Services.
Cross-Border Transfers. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using any of our Services, you consent to the transfer of Information to countries outside of your country of residence, including to the United States, which may have different data protection rules than in your country. It is your responsibility to ensure that the Information you provide to us can be legally transferred to the United States or another country.
EU-U.S. Privacy Shield. As indicated in Splunk’s Privacy Shield Notice (found here), Splunk has certified to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.
Sensitive Information. You agree to not send us or disclose any sensitive Personal Information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, criminal background, or trade union membership) or any protected health information as defined by the Health Insurance Portability and Accountability Act of 1996 (otherwise known as “HIPAA”) Standards for Privacy of Individually Identifiable Health Information, as amended, unless otherwise provided in your written agreements with Splunk.
Splunk contractually requires third-party app developers to comply with applicable privacy and data protection laws. If third-party app developers collect and transmit information about users of their apps, Splunk contractually requires the developers to provide app users with notice of the collection and use of such data, and to obtain consent from app users before modifying the information, disclosing the information to other entities, or using the information for purposes other than to provide the services offered by the apps. Splunk cannot guarantee that third-party app developers will comply with those requirements. When choosing to use apps, add-ons or other third-party extensions, you are entering into a license agreement with those third-parties. You should familiarize yourself with the privacy policies of the organizations or individuals providing you with software that runs in or with your Splunk product.
Office of the General Counsel
250 Brannan Street
San Francisco, CA 94107
Please note that email communications are not always secure, so please do not include credit card information or other sensitive information in your emails to us.
Links to Other Policies: