SlideShare a Scribd company logo

Broadcom Customer Presentation

Splunk
Splunk

Broadcom Customer Presentation

Technology
1 of 9
Copyright © 2014 Splunk Inc. Getting back to basics The story of one company’s cyber security maturity and how Splunk plays a huge role
2 Why we purchased Splunk. Easier to Implement – Lower cost of ownership – 3rd party tools adopting and designing apps to integrate. – Provided expansive value compared to other SIEMS. – Dashboards- 10 tools, 1 dashboard – Visuals vs. Logs  Entry level employees can quickly understand and navigate.  Online Training.  User Groups and support Create a Dashboard- http://www.splunk.com/view/SP-CAAAGXD Create an Alert- http://www.splunk.com/view/SP-CAAANZJ Put SOP’s into alerts- so entry level SOC knows what to do! Drive down your “TTC” Time to Contain.
3 One of the many uses…. Vulnerability and Patch Management – Systems in DMZ’s unpatched. – Orphaned Systems in DMZ ( tomcattomcat- telnet) – Systems with IP reuse – Systems never hardened or patched – Systems with no Asset ID (Incident Response fail) – Systems in production that belong in Test networks – Firewall rules never reviewed. – Systems just added to the network with default Admin Credentials. – The deeper in the hole we dug, the more we found This wasn’t just bad practices, this was cultural and a HUGE risk to the organization. -- The value of our clean up and assessment was quickly realized when…
4 Dashboards of RISK
5 Drill down capability and trending IPS- Identify what our PANS are calling the CVE and drill down for intel on blocking of activity. - Has anyone tried to exploit the vulnerability? Are our mitigating preventative controls actually working? - Pivot off intel from attackers and dig deeper. Single tool for all devices in layered defense. - YOU CAN have at your fingertips all the answers in minutes where before Splunk it could take hours to aggregate.
6 Phishing… How we use Splunk Stats of Phishing… Verizon’s 2015 Data Breach Investigations Report (DBIR) • Over 60% of all espionage cases involved phishing attacks • 82 Seconds-average for success in a phishing attack • 23% of recipients open phishing messages • 11% click on attachments “ I swear I didn’t click anything” - Splunk allows you to quickly piece together bits of activities to identify the sequence of events that lead to the incident. * Root Cause* • Confirm open attachments or link C2’s • Use Splunk for DNS Queries
WHAT DOES A MALICIOUS EMAIL COST THE COMPANY…..? Use Case Examples Spear Phishing Taxonomy 1 User infected 300 Users infected Introduction into the Environment 1. Spear Phish email sent 0 0 2. User receives email (Clicks link/Send Email to HD/ Notifies SOC/Calls HD) 10 3000 3. Service Desk Reviews Email and sends it to SOC 1 300 4. Service Desk Receives Phone Call from User to determine actions 8.5 2550 5. SOC Analyst Analyses Email (if links/attachment => Further Action Required 1 100 Spear Phishing Analysis 6. Soc Opens a Case 10 15 7. SOC Reviews link/attachments on malware station for validity 20 20 8. SOC Conducts DNS Search 10 30 9. SOC Conducts Ironport Search 10 30 10. SOC Creates Splunk Rules from Malware Properties 10 10 11. IRT Leverages FireEye to prevent future attacks 10 10 12. SOC Creates Remedy Ticket for FW/DNS/ Websense Blocks 20 20 13. Unix Support Staff vets Request and completes block action 30 30 14. SOC Creates blocking Rules in Ironport 10 10 15. SOC runs Script to Identify Unique Email Recipients 10 10 16. Exchange Team Removes Spear Phish email from All User's Inboxes identified by SOC 30 60 17. IRT Conducts FPC/ other tools Traffic Analysis 40 40 Identification of Malware 18. Splunk Beacon from rule identifies user clicked link of attachment 5 1500 19. IRT conducts Further Analysis 120 120 20. IRT user traced back to IP/machine 25 7500 21. SOC creates Remedy ticket to reimage users' machines 5 1200 22. SOC creates Remedy ticket to block by MAC address (30% of the time) 0.9 2.1 23. SOC pust user or machine in appropriate NP ACCESS OU (10% of the time) 0.5 150 24. Local Desktop Team tracks down machine 20 6000 25. Network Team Blocks machine by MAC(30% of the time) 0.6 180 26. Customer Down time (2 days avg.) 2880 864000 27. Desktop Team reimages machine (copy files, decrypt, reimage, encrypt)( 5 hr avg) 300 90000 28. Desktop Team returns machine to user (ship,send/walkover, etc.) 20 6000 29. Network Team Releases MAC Block (30% of the time) 0.6 180 30. SOC Releases Machine/user from OU (10% of the time) 1 300 31. SOC Closes Case (All data is entered and verified) 20 90 32. continuous monitoring 0 0 Total in Minutes 3629 983457 Total Cost $3,942.65 $1,068,427.79 Summary of Costs 1 User 300 Users Threat Mitigation Soc $155.35 $3,777.69 IRT $211.25 $8,309.17 Support Staff Service Desk $10.29 $3,087.50 Exchange Team $32.50 $65.00 Desktop Support $368.33 $110,500.00 Unix Support $32.50 $32.50 Network $1.30 $390.00 IT Costs $811.53 $126,161.86 End User Customer $3,130.83 $939,250.00 Total Cost $4,753.88 $1,191,573.72 Fixed/Sunk Costs Incremental Costs x = 1 x = 300 Threat Mitigation SOC $109.42 $45.93 12.23 IRT $184.17 $27.08 27.08 Support Staff Service Desk $32.50 $0.00 0 Exchange Team $32.50 $0.00 0.11 Desktop Support $1.08 $9.21 10.29 Unix Support $0.00 $368.33 368.33 Network $0.00 $1.30 3.3 IT Costs $359.67 $451.86 419.34 End User Customer $2.17 $3,128.67 3130.33 Total Cost $361.84 $3,580.53 $3,549.67 Summary (x = users infected) Formula When x = 0 361.83 When x = 1 358035x+361.83 When x = 300 3550.17x+361.83 Increasing the # of infected users dilutes costs by $30.35/Inf
8 Threat INTEL And Incident Response APT and other Threat Feeds are Fed into Splunk- Conditional Trigger alerts DHSDSIE- Alerting for hits when: • DNS- C2’s • Websense • MailGateway, ( phishing IOC’s) • BIT9 – Hash • FireEye YARA signature • IPS - 0 days (adobe) • WAF’s aggregate Recon by origin and persistence. Create an Alert- http://www.splunk.com/view/SP-CAAANZJ
Thank You

Recommended

Effective
EffectiveEffective
Effectivechocolate501
 
Venka sure Antivirus+Internet Security
Venka sure Antivirus+Internet SecurityVenka sure Antivirus+Internet Security
Venka sure Antivirus+Internet SecurityVenkasys Technologies Pvt. Ltd.
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 
Atc ny friday-talk_20080808
Atc ny friday-talk_20080808Atc ny friday-talk_20080808
Atc ny friday-talk_20080808Todd Deshane
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot SecurityIRJET Journal
 
How Hard Is It To Hack A Pc
How Hard Is It To Hack A PcHow Hard Is It To Hack A Pc
How Hard Is It To Hack A Pchaimkarel
 
Trojan
TrojanTrojan
Trojanbelcy d mathews
 
IE Exploit Protection
IE Exploit ProtectionIE Exploit Protection
IE Exploit ProtectionKim Jensen
 

Recommended

Effective
EffectiveEffective
Effectivechocolate501
 
Venka sure Antivirus+Internet Security
Venka sure Antivirus+Internet SecurityVenka sure Antivirus+Internet Security
Venka sure Antivirus+Internet SecurityVenkasys Technologies Pvt. Ltd.
 
Venkasure Antivirus + Internet Security
Venkasure Antivirus + Internet SecurityVenkasure Antivirus + Internet Security
Venkasure Antivirus + Internet Securityvenkasureantivirus
 
Atc ny friday-talk_20080808
Atc ny friday-talk_20080808Atc ny friday-talk_20080808
Atc ny friday-talk_20080808Todd Deshane
 
Review on Honeypot Security
Review on Honeypot SecurityReview on Honeypot Security
Review on Honeypot SecurityIRJET Journal
 
How Hard Is It To Hack A Pc
How Hard Is It To Hack A PcHow Hard Is It To Hack A Pc
How Hard Is It To Hack A Pchaimkarel
 
Trojan
TrojanTrojan
Trojanbelcy d mathews
 
IE Exploit Protection
IE Exploit ProtectionIE Exploit Protection
IE Exploit ProtectionKim Jensen
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Venkasure Total Security + Presentation
Venkasure Total Security + PresentationVenkasure Total Security + Presentation
Venkasure Total Security + Presentationvenkasureantivirus
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
Computer Virus
Computer VirusComputer Virus
Computer VirusDebraj Chatterjee
 
200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds? 200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds? Blueboxer2014
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009Deborah Obasogie
 
Mobile security-user-guide-en
Mobile security-user-guide-enMobile security-user-guide-en
Mobile security-user-guide-en#CreativeResourcesBD
 
Slammer
SlammerSlammer
Slammerraam1987
 
IT viruses
IT viruses IT viruses
IT virusesHekmat Asefi
 
Spectre and Meltdown
Spectre and MeltdownSpectre and Meltdown
Spectre and MeltdownS.Mostafa Sayyedi
 
Malwares and ways to detect and prevent them
Malwares and ways to detect and prevent themMalwares and ways to detect and prevent them
Malwares and ways to detect and prevent themkrunal gandhi
 
Applying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessApplying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessYan Cui
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterDsunte Wilson
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 
TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehicles
TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehiclesTechShanghai2016 - Reliable automotive-grade Isolators for new energy vehicles
TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehiclesHardway Hou
 
Linear Isolators with Analog Devices iCoupler Technology
Linear Isolators with Analog Devices iCoupler TechnologyLinear Isolators with Analog Devices iCoupler Technology
Linear Isolators with Analog Devices iCoupler TechnologyAnalog Devices, Inc.
 
Use the Gate Driver Optocouplers for Variable Speed Motor Drives
Use the Gate Driver Optocouplers for Variable Speed Motor DrivesUse the Gate Driver Optocouplers for Variable Speed Motor Drives
Use the Gate Driver Optocouplers for Variable Speed Motor DrivesPremier Farnell
 
City of San Diego Customer Presentation
City of San Diego Customer PresentationCity of San Diego Customer Presentation
City of San Diego Customer PresentationShannon Cuthbertson
 
Data center interconnect seamlessly through SDN
Data center interconnect seamlessly through SDNData center interconnect seamlessly through SDN
Data center interconnect seamlessly through SDNFelecia Fierro
 
2sa10ee013
2sa10ee0132sa10ee013
2sa10ee013Salman Lulat
 
Location Matters! Galileo enhances LBS Applications
Location Matters! Galileo enhances LBS ApplicationsLocation Matters! Galileo enhances LBS Applications
Location Matters! Galileo enhances LBS ApplicationsThe European GNSS Agency (GSA)
 

More Related Content

What's hot

Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Venkasure Total Security + Presentation
Venkasure Total Security + PresentationVenkasure Total Security + Presentation
Venkasure Total Security + Presentationvenkasureantivirus
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INVijay Sarathy Rangayyan
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpointgalaxy201
 
200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds? 200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds? Blueboxer2014
 
Malwares and ways to detect and prevent them
Malwares and ways to detect and prevent themMalwares and ways to detect and prevent them
Malwares and ways to detect and prevent themkrunal gandhi
 
Applying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessApplying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessYan Cui
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterDsunte Wilson
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesSejahtera Affif
 

What's hot (15)

Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
 
Venkasure Total Security + Presentation
Venkasure Total Security + PresentationVenkasure Total Security + Presentation
Venkasure Total Security + Presentation
 
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-INWannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
WannaCry (WannaCrypt) Ransomware - Advisory from CERT-IN
 
Spyware powerpoint
Spyware powerpointSpyware powerpoint
Spyware powerpoint
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds? 200:1 - Do You Trust Your Mobile Security Odds?
200:1 - Do You Trust Your Mobile Security Odds?
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009
 
Mobile security-user-guide-en
Mobile security-user-guide-enMobile security-user-guide-en
Mobile security-user-guide-en
 
Slammer
SlammerSlammer
Slammer
 
IT viruses
IT viruses IT viruses
IT viruses
 
Spectre and Meltdown
Spectre and MeltdownSpectre and Meltdown
Spectre and Meltdown
 
Malwares and ways to detect and prevent them
Malwares and ways to detect and prevent themMalwares and ways to detect and prevent them
Malwares and ways to detect and prevent them
 
Applying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessApplying principles of chaos engineering to Serverless
Applying principles of chaos engineering to Serverless
 
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection CenterSYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
SYMANTEC ENDPOINT PROTECTION Interfacing the SEPM with Protection Center
 
Cscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antivirusesCscu module 03 protecting systems using antiviruses
Cscu module 03 protecting systems using antiviruses
 

Viewers also liked

TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehicles
TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehiclesTechShanghai2016 - Reliable automotive-grade Isolators for new energy vehicles
TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehiclesHardway Hou
 
Linear Isolators with Analog Devices iCoupler Technology
Linear Isolators with Analog Devices iCoupler TechnologyLinear Isolators with Analog Devices iCoupler Technology
Linear Isolators with Analog Devices iCoupler TechnologyAnalog Devices, Inc.
 
Use the Gate Driver Optocouplers for Variable Speed Motor Drives
Use the Gate Driver Optocouplers for Variable Speed Motor DrivesUse the Gate Driver Optocouplers for Variable Speed Motor Drives
Use the Gate Driver Optocouplers for Variable Speed Motor DrivesPremier Farnell
 
City of San Diego Customer Presentation
City of San Diego Customer PresentationCity of San Diego Customer Presentation
City of San Diego Customer PresentationShannon Cuthbertson
 
Data center interconnect seamlessly through SDN
Data center interconnect seamlessly through SDNData center interconnect seamlessly through SDN
Data center interconnect seamlessly through SDNFelecia Fierro
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunk
 
City of San Diego Customer Presentation
City of San Diego Customer PresentationCity of San Diego Customer Presentation
City of San Diego Customer PresentationSplunk
 
Yole igbt market_and_technology_trends_july_2015_sample
Yole igbt market_and_technology_trends_july_2015_sampleYole igbt market_and_technology_trends_july_2015_sample
Yole igbt market_and_technology_trends_july_2015_sampleYole Developpement
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
 
Opto Couplers Types And Its Applications
Opto Couplers Types And Its ApplicationsOpto Couplers Types And Its Applications
Opto Couplers Types And Its Applicationselprocus
 
Opto Couplers – Types & Applications
Opto Couplers – Types & ApplicationsOpto Couplers – Types & Applications
Opto Couplers – Types & Applicationselprocus
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 

Viewers also liked (14)

TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehicles
TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehiclesTechShanghai2016 - Reliable automotive-grade Isolators for new energy vehicles
TechShanghai2016 - Reliable automotive-grade Isolators for new energy vehicles
 
Linear Isolators with Analog Devices iCoupler Technology
Linear Isolators with Analog Devices iCoupler TechnologyLinear Isolators with Analog Devices iCoupler Technology
Linear Isolators with Analog Devices iCoupler Technology
 
Use the Gate Driver Optocouplers for Variable Speed Motor Drives
Use the Gate Driver Optocouplers for Variable Speed Motor DrivesUse the Gate Driver Optocouplers for Variable Speed Motor Drives
Use the Gate Driver Optocouplers for Variable Speed Motor Drives
 
City of San Diego Customer Presentation
City of San Diego Customer PresentationCity of San Diego Customer Presentation
City of San Diego Customer Presentation
 
Data center interconnect seamlessly through SDN
Data center interconnect seamlessly through SDNData center interconnect seamlessly through SDN
Data center interconnect seamlessly through SDN
 
2sa10ee013
2sa10ee0132sa10ee013
2sa10ee013
 
Location Matters! Galileo enhances LBS Applications
Location Matters! Galileo enhances LBS ApplicationsLocation Matters! Galileo enhances LBS Applications
Location Matters! Galileo enhances LBS Applications
 
SplunkLive! - Splunk for Security
SplunkLive! - Splunk for SecuritySplunkLive! - Splunk for Security
SplunkLive! - Splunk for Security
 
City of San Diego Customer Presentation
City of San Diego Customer PresentationCity of San Diego Customer Presentation
City of San Diego Customer Presentation
 
Yole igbt market_and_technology_trends_july_2015_sample
Yole igbt market_and_technology_trends_july_2015_sampleYole igbt market_and_technology_trends_july_2015_sample
Yole igbt market_and_technology_trends_july_2015_sample
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
 
Opto Couplers Types And Its Applications
Opto Couplers Types And Its ApplicationsOpto Couplers Types And Its Applications
Opto Couplers Types And Its Applications
 
Opto Couplers – Types & Applications
Opto Couplers – Types & ApplicationsOpto Couplers – Types & Applications
Opto Couplers – Types & Applications
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 

Similar to Broadcom Customer Presentation

DEVNET-1180 Security from the Cloud
DEVNET-1180 Security from the CloudDEVNET-1180 Security from the Cloud
DEVNET-1180 Security from the CloudCisco DevNet
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repotKunal Thakur
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repotKunal Thakur
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats FasterForce 3
 
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)sequi_inc
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Eng. Mohammed Ahmed Siddiqui
 
Отчет Audit report RAPID7
Отчет Audit report RAPID7 Отчет Audit report RAPID7
Отчет Audit report RAPID7Sergey Yrievich
 
endpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdfendpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdfOlufemi37
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Tiffany Sandoval
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapalibuildersreviews
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 

Similar to Broadcom Customer Presentation (20)

DEVNET-1180 Security from the Cloud
DEVNET-1180 Security from the CloudDEVNET-1180 Security from the Cloud
DEVNET-1180 Security from the Cloud
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repot
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repot
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
IEEE Standard for Securing Legacy Scada Protocols (Sequi, Inc)
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
 
Отчет Audit report RAPID7
Отчет Audit report RAPID7 Отчет Audit report RAPID7
Отчет Audit report RAPID7
 
Report PAPID 7
Report PAPID 7Report PAPID 7
Report PAPID 7
 
endpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdfendpoint-detection-and-response-datasheet.pdf
endpoint-detection-and-response-datasheet.pdf
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdf
 
ioT_SDN
ioT_SDN ioT_SDN
ioT_SDN
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 

Broadcom Customer Presentation

  • 1. Copyright © 2014 Splunk Inc. Getting back to basics The story of one company’s cyber security maturity and how Splunk plays a huge role
  • 2. 2 Why we purchased Splunk. Easier to Implement – Lower cost of ownership – 3rd party tools adopting and designing apps to integrate. – Provided expansive value compared to other SIEMS. – Dashboards- 10 tools, 1 dashboard – Visuals vs. Logs  Entry level employees can quickly understand and navigate.  Online Training.  User Groups and support Create a Dashboard- http://www.splunk.com/view/SP-CAAAGXD Create an Alert- http://www.splunk.com/view/SP-CAAANZJ Put SOP’s into alerts- so entry level SOC knows what to do! Drive down your “TTC” Time to Contain.
  • 3. 3 One of the many uses…. Vulnerability and Patch Management – Systems in DMZ’s unpatched. – Orphaned Systems in DMZ ( tomcattomcat- telnet) – Systems with IP reuse – Systems never hardened or patched – Systems with no Asset ID (Incident Response fail) – Systems in production that belong in Test networks – Firewall rules never reviewed. – Systems just added to the network with default Admin Credentials. – The deeper in the hole we dug, the more we found This wasn’t just bad practices, this was cultural and a HUGE risk to the organization. -- The value of our clean up and assessment was quickly realized when…
  • 5. 5 Drill down capability and trending IPS- Identify what our PANS are calling the CVE and drill down for intel on blocking of activity. - Has anyone tried to exploit the vulnerability? Are our mitigating preventative controls actually working? - Pivot off intel from attackers and dig deeper. Single tool for all devices in layered defense. - YOU CAN have at your fingertips all the answers in minutes where before Splunk it could take hours to aggregate.
  • 6. 6 Phishing… How we use Splunk Stats of Phishing… Verizon’s 2015 Data Breach Investigations Report (DBIR) • Over 60% of all espionage cases involved phishing attacks • 82 Seconds-average for success in a phishing attack • 23% of recipients open phishing messages • 11% click on attachments “ I swear I didn’t click anything” - Splunk allows you to quickly piece together bits of activities to identify the sequence of events that lead to the incident. * Root Cause* • Confirm open attachments or link C2’s • Use Splunk for DNS Queries
  • 7. WHAT DOES A MALICIOUS EMAIL COST THE COMPANY…..? Use Case Examples Spear Phishing Taxonomy 1 User infected 300 Users infected Introduction into the Environment 1. Spear Phish email sent 0 0 2. User receives email (Clicks link/Send Email to HD/ Notifies SOC/Calls HD) 10 3000 3. Service Desk Reviews Email and sends it to SOC 1 300 4. Service Desk Receives Phone Call from User to determine actions 8.5 2550 5. SOC Analyst Analyses Email (if links/attachment => Further Action Required 1 100 Spear Phishing Analysis 6. Soc Opens a Case 10 15 7. SOC Reviews link/attachments on malware station for validity 20 20 8. SOC Conducts DNS Search 10 30 9. SOC Conducts Ironport Search 10 30 10. SOC Creates Splunk Rules from Malware Properties 10 10 11. IRT Leverages FireEye to prevent future attacks 10 10 12. SOC Creates Remedy Ticket for FW/DNS/ Websense Blocks 20 20 13. Unix Support Staff vets Request and completes block action 30 30 14. SOC Creates blocking Rules in Ironport 10 10 15. SOC runs Script to Identify Unique Email Recipients 10 10 16. Exchange Team Removes Spear Phish email from All User's Inboxes identified by SOC 30 60 17. IRT Conducts FPC/ other tools Traffic Analysis 40 40 Identification of Malware 18. Splunk Beacon from rule identifies user clicked link of attachment 5 1500 19. IRT conducts Further Analysis 120 120 20. IRT user traced back to IP/machine 25 7500 21. SOC creates Remedy ticket to reimage users' machines 5 1200 22. SOC creates Remedy ticket to block by MAC address (30% of the time) 0.9 2.1 23. SOC pust user or machine in appropriate NP ACCESS OU (10% of the time) 0.5 150 24. Local Desktop Team tracks down machine 20 6000 25. Network Team Blocks machine by MAC(30% of the time) 0.6 180 26. Customer Down time (2 days avg.) 2880 864000 27. Desktop Team reimages machine (copy files, decrypt, reimage, encrypt)( 5 hr avg) 300 90000 28. Desktop Team returns machine to user (ship,send/walkover, etc.) 20 6000 29. Network Team Releases MAC Block (30% of the time) 0.6 180 30. SOC Releases Machine/user from OU (10% of the time) 1 300 31. SOC Closes Case (All data is entered and verified) 20 90 32. continuous monitoring 0 0 Total in Minutes 3629 983457 Total Cost $3,942.65 $1,068,427.79 Summary of Costs 1 User 300 Users Threat Mitigation Soc $155.35 $3,777.69 IRT $211.25 $8,309.17 Support Staff Service Desk $10.29 $3,087.50 Exchange Team $32.50 $65.00 Desktop Support $368.33 $110,500.00 Unix Support $32.50 $32.50 Network $1.30 $390.00 IT Costs $811.53 $126,161.86 End User Customer $3,130.83 $939,250.00 Total Cost $4,753.88 $1,191,573.72 Fixed/Sunk Costs Incremental Costs x = 1 x = 300 Threat Mitigation SOC $109.42 $45.93 12.23 IRT $184.17 $27.08 27.08 Support Staff Service Desk $32.50 $0.00 0 Exchange Team $32.50 $0.00 0.11 Desktop Support $1.08 $9.21 10.29 Unix Support $0.00 $368.33 368.33 Network $0.00 $1.30 3.3 IT Costs $359.67 $451.86 419.34 End User Customer $2.17 $3,128.67 3130.33 Total Cost $361.84 $3,580.53 $3,549.67 Summary (x = users infected) Formula When x = 0 361.83 When x = 1 358035x+361.83 When x = 300 3550.17x+361.83 Increasing the # of infected users dilutes costs by $30.35/Inf
  • 8. 8 Threat INTEL And Incident Response APT and other Threat Feeds are Fed into Splunk- Conditional Trigger alerts DHSDSIE- Alerting for hits when: • DNS- C2’s • Websense • MailGateway, ( phishing IOC’s) • BIT9 – Hash • FireEye YARA signature • IPS - 0 days (adobe) • WAF’s aggregate Recon by origin and persistence. Create an Alert- http://www.splunk.com/view/SP-CAAANZJ