Name: Detection Technique Deep Dive
Start: 2022-12-12T13:00:00Z
End: 2022-12-12T13:00:22.000Z
Location: BrightTALK

Splunk is helping to build a safer and more resilient digital world by equipping customers with the unified security and observability platform they need to keep their organization securely up and running — no matter what digital disruptions come their way.

SOC teams are overwhelmed—facing nonstop alerts, tool sprawl, and attackers using AI at machine speed. Many SOCs simply can’t keep up, leaving analysts burned out with threats slipping through the cracks.
 
Watch our webinar to learn how Splunk Enterprise Security changes that. Splunk Enterprise Security is offered in two flexible editions designed to support organizations at every stage of their SOC journey.  Both editions deliver a unified, AI-powered SecOps platform that consolidates multiple tools into a single, purpose-built SecOps platform infused with AI and automation. Splunk Enterprise Security Essentials and Enterprise Security Premier editions give organizations the flexibility to choose the solution that best fits their needs. 

In our demo and technical deep dive you’ll see how Splunk Enterprise Security helps you:
 
- Streamline workflows: Consolidate SIEM, SOAR, UEBA, threat intel, and case management into one platform.
- Leverage AI for speed: Use AI Assistants for query generation, triage, and response to supercharge productivity.
- Maximize visibility & accuracy: Gain full-fidelity data visibility and reduce false positives with Risk-Based Alerting and new detection engineering capabilities.
 
Watch now and see how Splunk Enterprise Security empowers your SOC to end analyst fatigue, reduce risk, and respond faster in the AI era.

Demo Day: End SOC analyst fatigue with the reimagined Splunk Enterprise Security

Security teams are facing more challenges than ever: tool sprawl, alert overload, skills gaps, and an ever-expanding threat landscape. The result? A staggering 46% of SOCs admit they spend more time maintaining tools than defending their organizations — and attackers are taking advantage.
 
Splunk’s State of Security 2025 report reveals how leading SOCs are tackling these challenges head-on, transforming from overwhelmed to optimized with AI, automation, and unified platforms. Notably, 59% of organizations have seen a moderate or significant boost in efficiency with AI; and nearly 9 in 10 say AI will fundamentally transform their operations within the next three years. 
 
Watch our session where experts, Kirsty Paine, Field CTO & Strategic Advisor at Splunk, and Alyssa Robinson, Chief Information Security Officer at HubSpot, share the current state of security and what you can do about it. 

You’ll learn:
 
AI in Action: Discover how domain-specific AI is helping analysts boost productivity, reduce false positives, and accelerate investigations.
Skills of the Future: Understand the most critical capabilities SOCs need to close the talent gap and build resilience.
Unified Operations: Find out how a connected platform approach drives faster incident response and better coverage.

Watch now!

The AI-Powered SOC: What’s Working for Leading Security Teams

If you’re using Splunk and AWS in your company’s cloud environment, you know you have a lot of data at your fingertips. But do you know if you’re making the best choices on how to ingest and explore it? Join Splunk and Amazon Web Services for a hands-on Immersion Day workshop to learn best practices for getting data into Splunk. We’ll break down the basics and offer tips and important considerations for data ingestion. Users will also get a firsthand look at solutions such as the Splunk Add-on for AWS, Amazon Data Firehose, and custom Lambda functions, helping them to scale data ingestion, insights, and analysis with confidence. Register now!

GDI (Getting Data In) Immersion Day Workshop

Want to accelerate your ability to predict and prevent incidents before they occur? Learn how Splunk AI can be the catalyst. Join us to learn how to get started using Splunk AI for Predictive Maintenance, Detecting Service Performance Issues, Alert Noise Reduction, and User Experience Monitoring. We'll introduce the AI impact assessment framework to assess objectives, risk, and execution capacity, demonstrate how to use custom Anomaly Detection with the Splunk Platform and discuss the embedded AI capabilities in Splunk Observability Cloud with a special focus on Splunk ITSI.

Splunk AI for Observability: Accelerate Detection, Investigation and Response

AI is the current hot topic, but what is AIOps? In this session, we'll cut through the hype to define AIOps, how it can help you and how to get started. With real-world examples of how businesses succeed using Splunk's AIOps capabilities, we'll discuss applying AI and ML to accelerate incident response, reduce MTTD and MTTR, cut costs and empower teams with the tools they need to make decisions quickly.

AIOps - How Observability Can Help You

To minimize the risk posed by threat actors, security teams need the ability to quickly detect and analyze potential threats, so they can understand the full scope of an incident and determine the best response as quickly as possible.

However, many teams struggle with this. Analysts need to manually synthesize data, files, and URLs to formulate insights, and then take the time to draw conclusions and take corrective actions. This is inefficient, and leads to slower response times.

Join this webinar to see how Splunk Attack Analyzer helps reduce investigation and response times through automated threat analysis.

You’ll get a step-by-step demonstration showing how Splunk Attack Analyzer:

- Saves analysts time and effort by automatically breaking down attack chains.
- Navigates obfuscation techniques throughout the attack chain to extract forensics and deliver comprehensive, consistent analyses.
- Integrates with Splunk SOAR to automate end-to-end analysis and response workflows.

Live Demo: Automating Threat Analysis with Splunk Attack Analyzer

To keep up with today’s complex threat landscape, SIEM solutions are now more than a system that ingests security logs from other security tools in an organization. It has evolved to become a modern threat detection, investigation, and response solution that acts as a centralized hub for the SOC.

Join guest speaker IDC’s Michelle Abraham and Lily Lee from Splunk for an engaging discussion on how SIEMs are evolving to better support security analysts so that they work more efficiently.

In this webinar, you’ll learn about all of this and more including:

- Research and trends in today’s SIEM market from IDC market surveys.
- What makes a modern SIEM - what are the essential features and capabilities?
- Why a modern SIEM is critical to the success of the SOC.
- How Splunk addresses the challenges the SOC faces with the market-leading SIEM solution.

The SIEM of Tomorrow: How SIEMs Are Evolving to Power the Modern SOC

Migrate with Confidence. Transform with Intelligence.

The future of your SAP environment is in the cloud — but migration doesn’t have to be risky, disruptive, or overwhelming.
Join experts from Splunk, AWS, SAP, and Accenture as they unpack how a unified strategy, built on trusted partnerships and proven technology, helps enterprises fast-track SAP migrations to the cloud—while maximizing performance, minimizing disruption, and unlocking long-term value.

Whether you're planning your move to RISE with SAP on AWS, in the midst of a transformation, or optimizing post-migration, this webinar will show you how to gain end-to-end visibility, operational intelligence, and shared security across your entire SAP landscape.
 
What You’ll Learn:
● Why “Better Together” Works: Learn how the combined power of Splunk, AWS, SAP, and Accenture de-risks your SAP migration journey.
● De-Risk Your Cloud Journey: See how Splunk helps monitor and protect your SAP environment — before, during, and after migration.
● The AWS Advantage: Discover why thousands of SAP customers trust AWS for scalable, secure, and cost-efficient SAP workloads.
● RISE with SAP on AWS: Understand how SAP’s cloud strategy accelerates innovation and simplifies deployment.
● Operational Intelligence from Accenture: Hear how observability, powered by Splunk / Cisco and Accenture, drives successful S/4HANA outcomes.
● Real-World Success: See how companies like 3M are already benefiting from this integrated approach.

Drive innovation and digital resilience: How to accelerate and de-risk your SAP migration to the cloud

What if there was an open-source, vendor-neutral framework for collecting telemetry data? One single agent that provides a consistent and standardised way of instrumenting applications and infrastructures? Good news – there is! What we’ve just described is OpenTelemetry – a joint project between Splunk, Google, Microsoft, Amazon and several other organisations that currently has the second-largest number of contributors in the Cloud Native Computing Foundation after Kubernetes. But do you know how to use it? Or if you should use it? The best thing to do is to learn about OpenTelemetry from the major contributor of the code. This session is an introduction to OpenTelemetry and will explain why it doesn't make sense to have an Observability strategy without OpenTelemetry.

Observability with OpenTelemetry: It Just Makes Sense

In today’s complex digital landscape, achieving true digital resilience demands more than buzzwords—it requires clarity, precision, and the right solutions. However, the rise of “observability washing” has made understanding what observability means more challenging than ever. Join us as we unravel the varied definitions of observability and demystify modern platform components. We’ll take you behind the curtain to reveal what’s essential, what’s optional, and how to select the right solution for lasting resilience.

Observability Myths Busted: How to Choose the Right Solution for True Digital Resilience

Discover how Splunk empowers your security strategy by seamlessly integrating with Cisco solutions to deliver actionable insights. This session goes beyond the basics, showing you how to leverage Splunk’s advanced analytics to strengthen your cybersecurity posture. See real-world applications of the platform and learn how it fits into your IT and security operations to enhance visibility, accelerate threat detection, and boost overall resilience. If you're looking to harness data for smarter, faster security decisions, this session is a must-attend.

Power the SOC of the Future

Learn how Splunk revolutionizes asset discovery and compliance monitoring to transform your approach to risk management. This session will show you how to tap into your existing Splunk data to build a comprehensive, real-time asset inventory. Discover how to quickly identify compliance gaps, reduce risk exposure, and enhance your security investigations with accurate, contextual insights. If you're looking to improve visibility and make more informed security decisions, this session will guide you through leveraging Splunk to elevate your risk management strategy.

Reducing Enterprise Risk with Continuous Intelligence and Asset Visibility

With the exponential growth of data creation; data volume and complexity is only increasing, finding that proverbial "needle in the haystack" is becoming more challenging. Join our webinar to explore best practices for service-centric data management and observability strategies. We’ll cover essential topics such as context propagation, service tagging, and how AI can be leveraged to optimise services.

Optimising Data Management for Improved Observability and Digital Resilience

A new wave of observability is coming. The accumulation of monitoring tools combined with multi-cloud operating models promise end-to-end visibility but instead create confusion and despair. Now, instead of focusing on delivering cool software, engineers deal with time-consuming investigations, excessive uncertainty, and underwhelming tech stack performance. Enter AI Assistant in Splunk Observability Cloud, a new GenAI-powered experience that helps engineering teams easily take on observability tasks by asking questions about their environment using natural language. From root cause analysis to troubleshooting and dashboarding, AI Assistant empowers every engineer to accelerate their investigations by unlocking key insights, turning them into digestible concepts, and simplifying workflows

Introducing the AI Assistant in Splunk Observability Cloud

A powerful alliance is formed when CISOs and boards unite, paving the way for enhanced digital resilience. However, differences in how to prioritize and measure the impact of cybersecurity can create misalignment. Join to explore the top 5 gaps between CISOs and the board.

Bridge the Gap – CISO and the Board

Join industry experts from Splunk and AWS for an exclusive analyst interview exploring how organizations can unlock unified, real time insights through Federated Analytics for Amazon Security Lake. Discover how the combined power of Splunk's advanced analysis with AWS native security tooling delivers enhanced threat detection, accelerated incident response, and improved operational efficiency.

Unlocking Security Insights: A Deep Dive into Federated Analytics for Amazon Security Lake with Splunk and AWS

To enhance SOC efficiency, analysts must be equipped with a streamlined workflow experience that boosts productivity. Ensuring security analysts have a SIEM solution that provides the foundation to unify detection, investigation, and response to threats will bolster their confidence and efficacy in managing security risks.

This webinar will dive into market research and trends in the SIEM market, with Splunk and guest speaker Forrester SecOps Analyst Allie Mellen. Learn from Splunk how its latest release of Splunk® Enterprise Security 8.0 is addressing the complex challenges within the SOC and how analysts can elevate security operations with the market-leading SIEM solution.

Join this webinar to learn about all of this and more including:

- An overview of research and trends in today’s SIEM market.
- A discussion about the future of SIEM - Where are we going? What’s critical for the SIEM of the future?

Plus, hear from Splunk how it is bringing a revolutionized, seamless workflow experience with Splunk® Enterprise Security 8.0 through native integration with Splunk SOAR.

The Future of SIEM: A Discussion featuring Allie Mellen Revolutionizing the Analyst Experience

The Splunk SOAR product team is delivering a series of innovations to Splunk SOAR over the next few weeks across two key releases - Splunk SOAR 6.3.0 and 6.3.1. These capabilities constitute a significant evolution in how automation is consumed, shared and built across the SOC.

Join this webinar to learn about exciting new Splunk SOAR capabilities, including:

- Unified security workflows across Splunk SOAR and Splunk Enterprise Security
- Prompt-driven automation to increase SecOps collaboration and streamline response workflows
- Guided automation that overlays real incident data atop logical sequencing for easier playbook building
- Wayfinder - a new discovery and navigation experience for easier Splunk SOAR UI navigation

Splunk SOAR Evolved: A Unified TDIR Approach to Automation

Ciao Rome, Florence, Venice, Milan, Naples and more!

.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.

Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.

So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:

Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Who is this webinar for? This session is designed for security leaders who want to learn best practices in SecOps directly from their peers.

CISO Fireside Chat with .italo: SOC, Amore Mio!

Start thinking like an attacker and learn how to make more effective decisions to prevent costly attacks – before your business is interrupted.

It’s key to know how cyber attacks are executed once inside your virtual boundaries. That’s where a comprehensive framework like MITRE ATT&CK comes into play, showcasing real-world methods used by today’s adversaries to help you gain better visibility and level up your defences.

Join this webinar On Demand to learn why traditional defence techniques – focusing on one specific attack tactic only – are no longer a sufficient approach.

In this session you will learn:

The most common cyber attack & security frameworks used by SecOps teams
The key pillars of cyber security every organization should adhere to
What a threat-centric process for building defense capabilities looks like
How to efficiently operationalize the sheer volume of MITRE detections in SecOps
How to evaluate and track MITRE ATT&CK Coverage

Speakers: 
Davide Veneziano
Senior Sales Engineer
Splunk

Antonio Forzieri
Cybersecurity Specialist
Splunk

Matthias Maier
Director of Product Marketing
Splunk

MITRE ATT&CK Framework: Seeing Through the Eyes of Your Attacker

Having detection techniques at hand – which you can apply in systematic approaches across different environments – is a ninja skill detection engineers and threat hunters need to have.

In this session, Senior Threat Hunter Doug Brown will provide you with just that. Join Doug as he explores a range of concrete search techniques to measure a variety of behavioural changes, and demonstrates how to map those to MITRE ATT&CK techniques.

Attend this session to learn how to:

Map advanced statistics to MITRE ATT&CK techniques
Detect spikes with median absolute deviation and handle data with seasonality
Identify first-time events in new values seen in a field or combination of fields, including cardinality of distinct fields to measure behaviour change
Detect C2 beaconing through domain parking and lateral movement with RDP for first-time users by applying simple sequencing techniques
Plus, you’ll get bonus examples of highly complex sequencing approaches.

Detection Technique Deep Dive

Threat Detection Series

Detection

Security Operations

Security

Security Analytics

Threat Detection

Threat Analysis

Threat Hunting

Cyber Resilience

Cyber Risk Management

Threat Assessment

Get powerful e-commerce insights to grow your online transaction volume. Connect with thought leaders and colleagues to get the most up-to-date knowledge on the e-commerce strategies and techniques that drive growth.

E-commerce

The marketing community on BrightTALK is made up of thousands of engaged marketing professionals. Find relevant webinars and videos on marketing strategy, branding and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Marketing

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights on how to best serve today's customers. If you want to create a successful customer experience today, you will have to appeal to the need for “alone together” time. Millennials, Gen X, Boomers or Silent Generation all look for shared but individual experiences.

Customer Experience

The sales community on BrightTALK brings together thousands of engaged sales professionals. Learn about careers in IT sales and marketing, sales techniques and selling strategies. Join the discussion by participating in on-demand and live sales webinars and summits with leaders in the sales industry.

Sales

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Detection Technique Deep Dive

Presented by

About this talk

Splunk Inc.