Name: TechTalk_Operationalise Mitre Attack with Risk Based Alerting_Part 1
Start: 2020-09-02T01:00:00Z
End: 2020-09-02T01:00:22.000Z
Location: BrightTALK
Rating: 0

Description: Splunk Inc. (NASDAQ: SPLK) is the market leader in analyzing machine data to deliver Operational Intelligence for security, IT and the business. Splunk® software provides the enterprise machine data fabric that drives digital transformation. More

Are you looking to apply machine learning to your data to uncover new insights and make more informed decisions? Join us as we discuss how machine learning solutions can help your organization. Whether you are an analyst looking to enhance your reporting or a trained data scientist, we’ll cover ways to model your data, experiment with machine learning tools, and operationalize different algorithms using our guided workflows.

This webinar will touch on machine learning concepts such as:
- Anomaly and outlier detection
- Clustering
- Forecasting
- Prediction
- And much more!
You’ll walk away with an understanding of how ML can help improve your ability to sift through alerts, identify threats, and ultimately improve your data analyses and decision making. We will also give you a look into what is possible with the latest release of Splunk’s Machine Learning Toolkit (MLTK).

Getting More from your Data with Machine Learning

While Kubernetes abstracts away many infrastructure complexities enabling DevOps teams to move faster and scale efficiently, it also introduces new operational and monitoring challenges. DevOps and SRE teams grapple with challenges in monitoring dynamic and ephemeral containerized environments. According to the latest CNCF survey, monitoring and complexity are the top inhibitors in Kubernetes adoption. Applying traditional approaches to monitoring in cloud-native environments doesn’t work.

A new, multidimensional approach is needed to gain observability and real-time monitoring. Learn how Splunk is helping DevOps teams successfully navigate through the complexity that Kubernetes bring.

What you'll learn from this webinar:

Challenges in monitoring Kubernetes orchestrated workloads
How to achieve real-time observability into Kubernetes deployments
Demo of Kubernetes Navigator, a turnkey solution for DevOps teams to understand and manage performance in Kubernetes environments

A New Approach for Observability in Kubernetes Environments

Financial firms remain a key target for threat actors who, in turn, are leveraging machine learning and other advanced technologies to innovate and execute attack types on a continual basis. Indeed, these cyber attackers are after the money, but they also know that data is the means to that end.

In this session, we will explore how financial firms leverage Splunk to correlate data sources and types that reveal insights into cyber attack behavior. We will also demonstrate the importance of harmonizing gaps in processes and monitoring tools that improve detection and resolution.

Fighting Financial Crime is a Data Challenge

The age of modernize the Security Operations Center (SOC) has arrived. We’ve seen the same challenges for years: too many security alerts, a massive shortage in the number of security professionals, insufficient skill sets and experience, and teams using a myriad of complex, siloed point solutions instead of holistic threat-mitigation capabilities. It’s an unsustainable model that’s long overdue for change. 

Join Splunk and Accenture Security and learn more about how you can:
- Use risk-based alerting to accelerate alert triage and threat response
- Automate response to mitigate threats in seconds instead of hours
- Integrate your existing security solutions for streamlined workflow
- Mature processes and skill sets to build cyber resilience
- Align and integrate security with your business objectives

Join our webinar to learn how you can transform Splunk's security operations and overcome the burdens of today's obsolete SOC.

How to Modernize the SOC: Get in the Driver's Seat

Join us for part two of our *nix TA Tech Talk, where we’re focusing on our technical add-on (TA) for Unix and Linux. This TA for *nix makes management of many data sources—like essential linux log sources–easier. It offers CIM compliant knowledge objects, normalizing your data and providing a unified view across the entire data domain.

Tune in to dive a bit deeper into TA for:
- Tuning your inputs
- Searching on the fly
- Building custom visualizations and alerts

Tech Talks IT Edition: Get Monitoring Tricks for All Your *nix Part 2

Join us for the very first Tech Talks: IT Edition, where we’ll focus on our technical add-on (TA) for Unix and Linux. We’ll introduce the *nix TA, showing you how you can gain rapid insights and operational visibility into Unix and Linux environments. The TA for *nix makes management of many data sources—like essential linux log sources–easier. It offers CIM compliant knowledge objects, normalizing your data and providing a unified view across the entire data domain. This arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environments.

Tune in for:
- An introduction to the TA
- A walk through demo showing set-up and available out-of-the-box content

Tech Talks IT Edition: Get Monitoring Tricks for All Your *nix Part 1

Are you looking to detect outliers in your Splunk data? The Splunk Machine Learning Toolkit can help! We’ll show you how to leverage the Smart Outlier Detection Assistant to experiment and build a model to detect any deviations from past behaviors or unusual changes. Whether you’re responsible for managing IT or security data, we’ll show you how easy it is to utilize machine learning to spot anomalies, gain new insights, and make more informed decisions.

Tune in to:
- Learn how to a build model with your Splunk data using machine learning
Understand how Splunk can help detect anomalies in your IT and security data
- See a demo of the Smart Outlier Assistant in the Splunk Machine Learning Toolkit
- Get access to the latest resources on Machine Learning in Splunk

Tech Talk: Anomaly Detection with Splunk Machine Learning

Do you want an easier way to personalize and share playbooks in Splunk Phantom? Our latest revision to custom functions allows shareable custom code across playbooks and the introduction of complex data objects into the playbook execution path. These aren’t just out-of the-box playbooks, but out-of-the-box custom blocks that save you time and effort. This allows for centralized code management and version control of custom functions. These capabilities provide the building blocks for scaling your automation, even to those without coding capabilities. You can create your own custom functions, or use our pre-packaged custom code blocks.

Tune in to learn:
- How Splunk delivers custom code blocks to you with Phantom.
- How to centrally manage and reuse your code so you never have to reinvent the wheel again.
- How you can use custom functions as building blocks to scale out automation within your organization.
- How to action custom functions with a live demo.

Tech Talk: Security, Splunk Phantom: Put the Fun in Custom Functions - Part 2

Outdated solutions produce volumes of security alerts, yet security teams struggle to accurately detect high-priority threats because of the amount of noise generated. Compound this reality with compliance mandates, budget uncertainties, as well as staff shortages and skills gaps, and it becomes readily apparent why security professionals are looking for new solutions. This is why modernizing Security Operations Centers (SOCs) to maximize productivity and effectiveness has become a top priority for organizations around the globe.

Splunk customers are making inroads to solving the problem. Using real customer stories of SOC modernization, this webinar will share key insights Splunk customers learned during their transformation, including:

- Why Intel required a common digital work surface for their SOC team in their next-generation Security Operations Platform
- How technology helps Starbucks with the cyber skills shortage, ticket fatigue, and analyst burnout
- Best practices from Sony for building an advanced threat detection program
- How Booz Allen Hamilton addresses the challenges of data retention and collection

Five SOC Modernization Stories: Insights in Transformation From Splunk Customers

The coronavirus hit Asia Pacific first, driving overnight changes. Now the region is leading the recovery and return to the office.

Splunk Vice President, APAC, Simon Davies saw it all unfold. In this interview with Podcaster Chris Lochhead,  he describes his experience seeing the disruption that prompted businesses and government to adopt cloud solutions and leverage data to stay productive.

This discussion is part of the Splunk Global Restart program, designed to inform decision-makers about how data can help build a more resilient organization.

Global Restart: Splunk Talks About COVID-19 Lessons Learned in the APAC Region

Do you really need to evolve from monitoring to observability? It is not the strongest of the IT species that survives, nor the most intelligent that survives. It is the one most adaptable to change. 

Monitoring is evolving into Observability. Observability enables DevOps and SRE teams to explain the unpredictable behavior of modern systems and resolve issues faster for better customer experience. This new approach is about finding the “unknown unknowns” that impact your business, your SLAs and your critical applications.

Join us at this webinar to learn how you can how you can detect, investigate and diagnose problems easily with end to end observability. During this webinar we will explore:

- What Observability is and how it differs from monitoring
- What Observability can do for you: Better customer experience, more predictable operations, greater resource efficiency and higher developer productivity
- The data sources required to evolve from monitoring to observability
- Best in class observability solutions across cloud monitoring, application performance monitoring and incident response

Evolving from Monitoring to Observability

In financial services, data is everything. From real-time risk monitoring and fraud detection to omnichannel customer visibility, data drives success. In fact, our cross-industry research with ESG into data maturity finds that financial services firms rank second only to tech companies (among eight verticals) for data investment and “data-obsessed” culture.

But being data-obsessed requires more than adding big data tools to the stack. To focus on data quality and making intelligent use of your data, you have to revisit your cross-functional data strategy.

What does this mean for your organization? Our upcoming webinar digs into the global research, highlighting how 1,350 business and IT experts lay out the benefits top-tier organizations are experiencing from a mature data strategy, including:

- Fully 67% of financial services organizations say better use of data has increased revenue.
- 87% of financial firms agree (and 47% strongly agree) that the intelligent use of data and analytics is becoming the only source of differentiation in the financial industry.
- Across industries, top-performing organizations draw 12.5% of their gross profit just from smarter use of data.

Join us to learn how financial firms are leveraging data to drive innovation in customer experience, fraud, and business operations. Finance leaders know that data is our most valuable asset. But you might be surprised to learn how valuable it can be.

What’s Financial Services Data Really Worth?

Would you like to predict service outages up to 30 minutes before they even occur?

Join us for this webinar on gaining End-to-End Visibility of Critical Services and find out how Splunk empowers organisations to make smart data-driven decisions. Unifying business, application and infrastructure health for full-stack visibility of critical apps and services.

You’ll find out where you are on the IT Maturity Framework and get practical tips on how to move up the curve. Plus, you’ll learn how to:

- Visualise the health of your critical services at a glance, across technologies and silos
- Become proactive through rapid root-cause analysis of incidents
- Avoid future incidents before they happen using machine learning

Gain End to End Visibility of Critical Services with Splunk

Join this webinar to learn more about Remote Work Insights – a free Splunk solution composed of technical add-ons, dashboards and connectors designed to support businesses during COVID-19 to help ensure critical systems are not only up and running but secure. 

Remote Work Insights delivers real-time visibility across multiple disparate systems, such as VPN, Microsoft 365, Zoom and Okta with executive level views and collaboration that boost employee productivity and ensure high performance for your critical business activities. 

During this webinar you will learn how the Remote Work Insights Solution:

- Empowers IT and Security teams to manage applications, monitor business performance and secure networks from remote locations
- Enables IT teams to address performance and uptime of mission-critical business applications
- Enables Security teams get real-time insight into the security posture of the business, prioritise and act fast on vulnerabilities
- Provides real time visibility across all remote work environments including executive level views
- Delivers meaningful insight in a rapid and scalable way with up to 90 days free Splunk cloud

Don’t miss out on this webinar on how Splunk can support your business through this challenging time.

Remote Work Insights: Helping You Support Your Remote Workforce

Rethinking how to prevent and detect security vulnerabilities across your cloud environments? 

In this webinar, we will address the challenges of how to normalize and manage critical data across various cloud services (AWS, Azure, GCP), platforms and product implementations to better prevent and detect against threats. Having a unified security posture across your cloud environments enables better cloud monitoring, threat prevention, compliance management and accelerate detection to contain attacks across multiple cloud environments. 

Join our webinar to learn how to: 

- Normalize and manage critical data, prevent misconfigurations and proactively alert
- Provide analysts with a comprehensive vision of AWS, GCP, Azure security posture
- Monitor, investigate and detect vulnerabilities in cloud environments
- Visualize and analyze multi-cloud threat surfaces and vulnerabilities
- Establish security checks and compliance
- Enhance tools for cloud auditing across multiple cloud providers

Approaches for a More Secure Cloud Environment

Lessons for a Fast Start in Orchestration & Automation

Join us at this Splunk webinar to learn how you can scale your incident investigation and response efforts by automating repeatable tasks.

During this session Christian Frain, Splunk Senior Sales Engineering Manager will:
- Cover the steps for automating your security operations across various scenarios with real world examples
- Take a deeper dive into case management
- Explore advanced Phantom playbook development, including approval flows and remediation orchestration throughout the incident lifecycle
- Showcase how to work with Splunk Phantom from your mobile devices

If you want to get a fast start with orchestration & automation to reduce response time and automate your workflows, this webinar is for you.

Security Automation & Orchestration. On Your Marks, Get Set, Go!

AIOps platforms utilize big data, modern machine learning, and advanced analytics technologies to directly and indirectly enhance IT Operations functions. This session shows how to leverage Splunk IT Service Intelligence (ITSI) and the Machine Learning Toolkit (MLTK) to build a basic, self-learning recommendation engine. Your Operations Center will reap the benefits from having assisted recovery input, but this session does not stop there. It also will show you how to fully automate the recovery. If you have AIOps initiatives on your radar come on and participate in this session

AIOps - How to build a Self Learning Event Analytics Platform

Why is alert fatigue accepted as “normal” in Security Operations Centers (SOC)? There has to be a shift in perspective. Splunk has worked with customers to build a reference architecture called Risk Based Alerting within Splunk Enterprise Security. It introduces a layer of abstraction between the detection analytics and the alerting process while aligning with the MITRE ATT&CK™ framework to account for user/system/service specific context when scoring anomalous behavior.

Tune in to learn about how Splunk Risk Based Alerting allows you:

- To scale existing analysts to include more data/analytics
- Increase your true positive rates
- Improve the effectiveness of your SOC

TechTalk_Operationalise Mitre Attack  with Risk Based Alerting_Part 1

MITRE ATT&CK

risk based alerting

Risk Based Security

Security Operations

security operations centre

anomalous behaviour

Data Analytics

Security

Security Analytics

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

TechTalk_Operationalise Mitre Attack with Risk Based Alerting_Part 1

Presented by

About this talk

More from this channel