Name: Aligning the Modern SIEM with MITRE ATT&CK
Start: 2022-09-27T12:00:00Z
End: 2022-09-27T13:01:39.000Z
Location: BrightTALK
Rating: 0

Splunk is the world’s first Data-to-Everything Platform. Now organizations no longer need to worry about where their data is coming from, and they are free to focus on the business outcomes that data can deliver. Innovators in IT, Security, IoT and business operations can now get a complete view of their business in real time, turn data into business outcomes, and embrace technologies that prepare them for a data-driven future.

McLaren’s Shadow Esports team has worked over the last several years in partnership with Splunk to bring data to F1 esports like never before. Join this live webinar to hear how McLaren leveraged their decades of racing expertise in partnership with technologists at Splunk to develop similar data-driven insights to help improve driver performance, pit strategy and overall race results. You’ll hear how Splunk developed custom data collection capabilities for these digital racing platforms to feed real time racing telemetry data into the Splunk platform to help deliver the competitive advantage McLaren knew lay hidden in data.

In this session, we will discuss:

How McLaren leveraged their racing heritage to lead in a digital native arena
The journey McLaren Shadow embarked on with Splunk to glean insights from dark data
Why McLaren continues to lean on Splunk’s Observability capabilities for competitive advantage in a digital first economy
Splunk is more to McLaren than a sponsor with a sticker on that beautiful F1 car. Splunk is a true technology partner helping McLaren use Observability to develop competitive advantage in F1 Esports and beyond!

How Splunk helps McLaren Shadow Gain Competitive Advantage in F1 Esports

With the constant threat of a war room looming, troubleshooting efforts consume our day with the complexity of finding and fixing issues before users are impacted — and having to manually sift through dozens of tools and their respective dashboards never feels effective, let alone efficient. As public sector organizations look to shift from a reactive ‘availability’ mindset toward an optimal AIOps-driven ‘predictive monitoring’ footprint, there are several key steps they must address to ensure success.

During this webinar, we will demonstrate the first steps of an optimal IT Modernization journey, including:


- Reducing the pain of tool sprawl with Splunk’s intelligent event correlation
- Implementing a ‘services monitoring’ mindset through correlation and contextualization of data sources
- How seamless integrations, such as with ServiceNow, improve collaborative remediation

Join us to learn more about how public sector agencies can use event correlation to unlock tremendous value, both in immediate cost savings and time spent investigating incidents, while shifting from a reactive to predictive mindset.

Modernize Your IT Operations with Splunk

Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for AI / Machine Learning based Analytics to supercharge threat detection and minimize the operational overheads of maintaining conventional static detection rules in large scale SOC. However, use of AI / Machine Learning in Security Operations is challenging due to the complex cyber security big data and numerous attacker techniques.

In this webinar, Muath Saleh and Hafiz Farooq (from Saudi Aramco) shall explain how to use the analytical power of Splunk to hunt for cyber and insider threats, and also utilizes the Splunk Machine Learning Toolkit (MLKT) for novelty and outlier detection from the noisy security datasets. This webinar purviews Saudi Aramco’s experience of using Splunk for handling security big data, and explains amazing key capabilities for effective operational security procedures and threat hunting.


In this session we discuss:

Emerging Security Needs & Emerging Big Data

Understanding the cyber security threat spectrum
Cyber Security is a Big Data
Best Practices for Handling Security Big Data

Machine Learning & Modern SOC

Supercharge Threat Detection with Algorithms
Machine Learning Use Cases
Optimal Machine Learning Workflow

Tech Talk: Security Edition Using Machine Learning for Hunting Security Threats

No matter how talented your team might be, there are only so many hours in the day that security professionals can devote to an ever growing sea of alerts and potential threats to your organization.

Machine-scale problems call for machine-scale solutions. Splunk Security, Orchestration, Automation and Response (SOAR) takes security analysts from overwhelmed to in-control and cuts down on menial and repetitive tasks, freeing up your team to tackle your most critical security tasks.

Join Splunk expert, Coty Sugg, for the Power Up Your Security Game with Splunk SOAR Webinar, and see how you can get started building the following five automation playbooks:


Investigate a URL
Investigate a domain
Enrich phishing alerts
Create a ticket, quarantine a host, and block a domain
Perform an end-to-end investigation from a risk notable received from Splunk Enterprise Security (SIEM)

Power Up Your Security Game with Splunk SOAR

Ciao Rome, Florence, Venice, Milan, Naples and more!

.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.

Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.

So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:

Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Who is this webinar for? This session is designed for security leaders who want to learn best practices in SecOps directly from their peers.

CISO Fireside Chat with .italo: SOC, Amore Mio!

Many organizations already use synthetic performance monitoring to measure service uptime and alert on availability issues. However Synthetic monitoring has so much more to offer, since the performance and user experience of web sites, web apps, or APIs can have a direct impact on your revenue and operational costs.

Join this discussion where we will answer questions like:

How does performance and UX impact the business?
What metrics should you track?
What optimizations can you do to improve those metrics?
How do you build a culture of performance, and how can you put processes in place so those metrics only get better?
Additionally, we will cover the maturity cycle organizations go through as they adopt a Synthetic monitoring practice, and the challenges they face at each stage. Whether you’re a frontend developer defining “what fast means” for your website, a backend developer wanting to understand the customer-impact of backend services, or an SRE wanting to include user experience into SLIs, this session will bring insight on how to build a successful performance monitoring practice inside your organization that goes beyond just reacting to outages.

From Reactive to Proactive: Building a Synthetic Monitoring Practice

Having detection techniques at hand – which you can apply in systematic approaches across different environments – is a ninja skill detection engineers and threat hunters need to have.

In this session, Senior Threat Hunter Doug Brown will provide you with just that. Join Doug as he explores a range of concrete search techniques to measure a variety of behavioural changes, and demonstrates how to map those to MITRE ATT&CK techniques.

Attend this session to learn how to:

Map advanced statistics to MITRE ATT&CK techniques
Detect spikes with median absolute deviation and handle data with seasonality
Identify first-time events in new values seen in a field or combination of fields, including cardinality of distinct fields to measure behaviour change
Detect C2 beaconing through domain parking and lateral movement with RDP for first-time users by applying simple sequencing techniques
Plus, you’ll get bonus examples of highly complex sequencing approaches.

Detection Technique Deep Dive

When your mission-critical applications or services suffer an outage, every minute matters. When your data lives in siloes, finding the needle in your haystack can take hours if not days; and when SAP environments are involved, war rooms can cost millions of dollars per day. End these costly war rooms forever by correlating relevant data sources, including DevOps pipelines and revenue recognition, and contextualizing them by the application or service they support.

With Splunk’s IT Service Intelligence, the Service Intelligence for SAP Content Pack, and the most mature SAP-certified Splunk connector, PowerConnect, Splunk can help you analyze your business-critical SAP data. The power of Splunk’s Time Series Index has always made the correlation of any data source possible, and thanks to PowerConnect, now your SAP data is no different.

In this session, we will cover:

- PowerConnect, the only SAP certified data connector, and a high level architecture including SAP.
- Splunk’s IT Service Intelligence (ITSI), our most powerful correlation and contextualization solution, thanks to Splunk’s Time Series Index.
- Service Insights for SAP (SI for SAP) Content Pack, our out-of-the-box solution designed to accelerate our customer’s time-to-value.

Supercharge Your SAP Service Insights with Splunk ITSI & PowerConnect

Start thinking like an attacker and learn how to make more effective decisions to prevent costly attacks – before your business is interrupted.

It’s key to know how cyber attacks are executed once inside your virtual boundaries. That’s where a comprehensive framework like MITRE ATT&CK comes into play, showcasing real-world methods used by today’s adversaries to help you gain better visibility and level up your defences.

Join this webinar On Demand to learn why traditional defence techniques – focusing on one specific attack tactic only – are no longer a sufficient approach.

In this session you will learn:

The most common cyber attack & security frameworks used by SecOps teams
The key pillars of cyber security every organization should adhere to
What a threat-centric process for building defense capabilities looks like
How to efficiently operationalize the sheer volume of MITRE detections in SecOps
How to evaluate and track MITRE ATT&CK Coverage

Speakers: 
Davide Veneziano
Senior Sales Engineer
Splunk

Antonio Forzieri
Cybersecurity Specialist
Splunk

Matthias Maier
Director of Product Marketing
Splunk

MITRE ATT&CK Framework: Seeing Through the Eyes of Your Attacker

Phishing is one of the world's most effective attack vectors practiced by criminals to help assess a target organisation’s security posture. In this session, see how Splunk SOAR and TruSTAR work together to simplify your phishing response, and protect you from these criminals. TruSTAR works to enrich SOC workflows with normalised threat intelligence from third-party sources. Splunk SOAR provides context, validation, and automated response using integrations like Recorded Future and Zscaler. Turn your data into action.

Automation for the Modern SOC: Automating Phishing Response and Threat Intel

Today, cybercriminals are consistently becoming more dangerous and more agile with their approach by using machine learning to exploit vulnerabilities. Sophistication of threats requires modern security solutions to keep up with malicious actors.

Many security professionals are challenged with managing the complexity of a shift to the cloud, operating with remote work and its accompanying security challenges, and dealing with mundane tasks, all while working through a skills shortage. Yikes.

Organizations today must adapt and evolve to deal with the broadscale ramifications of their security posture. 

Join our webinar to learn more about:
- How to optimize security operations and productivity
- The impact that security threats have on a real-world perspective and learn Splunk/NTT’s approach to solving these threats
- Practicing a secure by design to help minimize security risk while you innovate and grow
- How security teams can better operationalize security across hybrid and multi cloud environments for enhanced visibility

Become Cyber Resilient by Modernizing your SOC

This year’s global ‘State of Observability’ report published by Splunk and ESG Research, reveals that IT leaders’ investments in observability have driven notable improvements in areas such as digital experience, and multicloud adoption. Still a relatively new discipline, observability has continued to gain ground since our first report in 2021; and analysts now advise that it is to be considered a solid aspect of modern IT, rather than just a fleeting fad.

Mature observability practitioners already agree, reporting 69% better MTTR for unplanned downtime/degradation. On top of this, they see the average cost of downtime associated with business-critical internally developed applications being 10X lower than those seen by observability beginners ($2.5 million versus $23.8 million)!

This fireside chat will cover the key findings from this latest report, explore the benefits of observability, and shine a light on the future associated challenges. Join us to learn:

- Observability maturity levels across Europe
- Key findings on observability benefits and negative outcomes
- Why observability is critical for multicloud environments
- How multicloud and observability impacts skill requirements, cost of downtime, and customer satisfaction
- How observability increases innovation
- Top recommendations for a successful observability strategy

State of Observability 2022: Earning Its Seat At The Table

What is the MITRE ATT&CK framework? Where did it come from? Why and how should you use it? Get the answers to all of these questions, as security experts from Splunk take a practical look at how your SOC and SIEM can apply the MITRE ATT&CK Framework. Ensure the coverage of known TTP’s of threats your business is exposed to, to improving threat hunting and detection of Adversary’s. Join this webinar to discover:

- What the MITRE ATT&CK framework is, and why it should be used.
- How to align your use cases to the MITRE ATT&CK framework.
- How to navigate an ATT&CK Threat group TTP's.
- How to track and monitor your detection capabilities to ensure wide coverage.

Taking Security From Mediocre to Mighty with The MITRE ATT&CK Framework

As more agencies and the services they provide digitally transform, fraud and its associated risks are more prevalent than ever — and now on a global scale. Across state governments, agencies are struggling to outpace innovative fraudsters, with new threats seemingly lurking around every corner of digital transformation. What are the top tools and strategies organization and IT leaders should be armed with to future-proof their state workforce agency against the threat of fraud, securing their data to not only protect residents, but also to reduce loss of capital, reputation, and efficiency?
 
In Splunk’s webinar “The Keys to Future-Proofing the Unemployment Insurance Benefits Program Against Fraud,” subject matter experts will discuss the essentials all agencies should implement to continue safely and confidently evolving their modernization initiatives that require next-gen monitoring and analytics. The episode, part of Splunk’s series dedicated to enhancing enterprise data analytics for public sector organizations, will explore Splunk’s capabilities to outpace innovative fraudulent practices and ultimately drive organizational success. Key points to explore include:
 
-The limitations of traditional anti-fraud tools to detect the ever-evolving forms that fraud can take — and the impact of these forms on eligibility program success
-Why massive amounts of unstructured data that agencies generate leave them less efficient and less capable of detecting fraud
-How machine learning and machine data are equipping fraud teams to effectively monitor, identify, and respond to new kinds of fraudulent activity
-Review the latest technology and tools to leverage when it comes to enhancing enterprise fraud detection

Presented by Splunk's Juliana Vida, GVP, Chief Strategy Advisor, Public Sector; NTT DATA Corporation’s Tom Luparello, Senior Director, Public Sector Strategic Advisor for Unemployment Insurance

Keys to Future-Proofing Unemployment Insurance Benefits Programs Against Fraud

One of the essential goals of the DevOps methodology is to establish a more concise approach to software delivery, using a continuous integration/continuous deployment (CI/CD) approach. However, to streamline the cycle you need three additional elements: Security, Observability and AIOps.

Since the start of 2020, many businesses have had no choice but to accelerate their digital transformation. Pre-COVID-19, just 18% of customer interactions were digital, which rapidly increased to 55% once the pandemic took hold. Applications have been modernized, and moved to microservices running on containers generating a lot of "unknown unknowns". This is why Observability is a must. Understanding these (now observable) environments is a data intensive exercise that requires artificial intelligence (AIOps), making sense of that data for DevOps, but also ensuring proper compliance and risk management. Join this session to explore the answers to:

What are the key components of a DevSecOps architecture?
Why is Observability critical for a successful DevSecOps approach?
Is Security the fourth pillar of Observability?
Why, without AI, is Observability just “data”?

Why DevSecOps Can't Exist Without Observability and AIOps

Splunk’s Observability products are relied upon by hundreds of users worldwide get 24/7 visibility into their applications. With the launch of Splunk’s Observability Cloud, you now have a chance to see how Splunk operates and monitors cloud applications by using the Observability Cloud. In this session, you will see how Splunk’s SREs can use the integrated Observability Cloud to perform end-to-end troubleshooting and monitoring, and how the Observability Cloud is integrated with other Splunk products to help get insights faster into how the overall platform is operating.

Join Splunk SRE leaders Ram Jothikumar and Jakub Barc where they will discuss exactly how they keep the Observability Suite running, by using Splunk Observability Cloud to get full insight into every transaction, no matter when or where it happens.

During this session, you will learn:

- How Splunk uses Splunk’s tools to monitor and optimize performance of a 24/7 application relied upon by users around the world
- How to use Splunk Infrastructure Monitoring combined with Splunk APM to determine within seconds when issues exist and where exactly in the stack they are occurring
- How Splunk APM lets Splunk isolate issues to particular customers or regions effortlessly
- Why Splunk’s Observability Suite is the optimal way to get insight into your application

How Splunk uses Splunk Observability to Monitor Cloud Apps

Detection engineers consistently come up with excellent rules and heuristics to detect malicious and anomalous behaviors in their environment; a perfect example of this is password spraying. But since we can’t have nice things, there is always software or behaviors that violate the base assumption for that detection. This doesn’t invalidate the rule, but it does require that the rule have exceptions built into the rules. Doing this manually is tedious and time consuming. When a rule consistently gives false positives, it is natural and understandable to just ignore the rule. But that comes at the expense of when the rule detects something that is malicious.

In this talk we will use password spraying as an example use case to showcase how detections can be matured through the use of Machine Learning.

- Join our webinar, “Enhance your Security Detections with Machine Learning” and learn:
- How to take a data driven approach to detection development
- How to mature a detection to detect increasingly sophisticated attackers
- How to use Splunk’s Machine Learning Toolkit to understand behaviors

Enhance your Security Detections with Machine Learning

Although MITRE ATT&CK is famous for making security analyst's lives easier, there is sometimes a learning curve to a company adopting the MITRE ATT&CK framework and implementing it into their SIEM. Join SIEM experts from the MITRE ATT&CK team, Cisco Talos Group, and Splunk to discuss the challenges (and solutions!) with using MITRE ATT&CK with a modern SIEM. Join us in this webinar to learn:

- How security teams can derive value from using MITRE ATT&CK with a SIEM
- Common issues organizations run into and guidance on how to improve security posture
- How to supercharge your SIEM with MITRE ATT&CK and use it to your advantage
- ATT&CKing your SIEM rules: how to map taxonomies and the difficulties you might face
- Planning your defenses with Matrices

Aligning the Modern SIEM with MITRE ATT&CK

Security

SIEM

Cyber Security

Cyber Attacks

Security Analysis

IT Security

Security Analytics

IT Infrastructure

Security Breach

MITRE

Get powerful e-commerce insights to grow your online transaction volume. Connect with thought leaders and colleagues to get the most up-to-date knowledge on the e-commerce strategies and techniques that drive growth.

E-commerce

The marketing community on BrightTALK is made up of thousands of engaged marketing professionals. Find relevant webinars and videos on marketing strategy, branding and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Marketing

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights on how to best serve today's customers. If you want to create a successful customer experience today, you will have to appeal to the need for “alone together” time. Millennials, Gen X, Boomers or Silent Generation all look for shared but individual experiences.

Customer Experience

The sales community on BrightTALK brings together thousands of engaged sales professionals. Learn about careers in IT sales and marketing, sales techniques and selling strategies. Join the discussion by participating in on-demand and live sales webinars and summits with leaders in the sales industry.

Sales

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Aligning the Modern SIEM with MITRE ATT&CK

Presented by

About this talk

More from this channel