Hey mad scientist, why so angry? Learn how Splunk is rethinking experiments in the Machine Learning Toolkit (MLTK) to make your life easier. Find out how we're changing the experiment workflow to reflect real-world usage of the MLTK, and make it easier for people new to the MLTK to get up and running. Strap on your safety goggles and let's get experimenting! Speaker(s) Gyanendra Rana, Senior Product Manager, Splunk Ryan Oriecuia, Principal Software Developer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1553.pdf?podcast=1577146259 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Good for all skill levels
This presentation will discuss how Security Operation Centers (SOCs) will need to change to meet the cybersecurity challenges of the 2020s. The speaker will draw on his experience as a founder of the first SOC-as-a-Service company that delivers managed security services using Splunk. Most industry analysts envision that the next generation of SOCs will leverage AI, Big Data, and the Cloud, but how far can automation take us and is the concept of an autonomous SOC really practical? How will the SOC of the Future address the global shortage of cyber professionals? How will the role of security analysts need to change? Will the SOC of the Future still need to be housed in dedicated physical facilities? The speaker will provide a blueprint of Proficio’s vision of the SOC of the Future using Splunk and provide a playbook for IT leaders and aspiring IT leaders on how to drive continuous improvement in productivity and measurable outcomes. Speaker(s) Brad Taylor, Proficio Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2839.pdf?podcast=1577146259 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Good for all skill levels
Tired of relying on static threshold-based alerts that don’t seem to provide much value? Do you typically end up finding outliers in your data by staring at lines on your dashboards? We are told machine learning is going make alerts and dashboards smarter, but how? We will help demystify machine learning and provide a practical guide to apply machine learning techniques for numeric outlier detection, and forecasting to make alerts and dashboards smarter and easier to use for actionable results. We will show you the basics of how you can understand your data, get them ready for machine learning, and get the machine to start working for you! You will leave the session beginning to think like a data scientist and knowing how to apply purpose-driven machine learning to your searches in Splunk! Speaker(s) Eurus Kim, Staff ML Architect, Splunk Amir Malekpour, Principal Software Engineer, Machine Learning, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1213.pdf?podcast=1577146259 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Intermediate
Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate
Paychex’s goal of providing the best user experience for our clients has led to a significant investment in performance testing and monitoring of our applications. Currently all Paychex applications record the execution time for every task and subtask to logs. These are indexed by Splunk, allowing us to identifying areas where changes to code and database queries will have a positive impact on the overall user experience. This presentation will focus on combining this user experience data with client demographic data (such as the number of active employees) and using the Splunk Machine Learning Toolkit to build predictive models of user experience based on client demographic data. Speaker(s) Ken Tupper, Lead Performance Engineer, Paychex Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1631.pdf?podcast=1577146259 Product: Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Intermediate
Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced
Finding anomalies in network data is no easy task, especially when you have terabytes of logs per day to analyze. But have no fear, we’re going to teach you how. In this session we will perform a technical deep dive into how a global content delivery network provider is using Splunk’s Machine Learning Toolkit to discover anomalies in network traffic. We’ll take you on a data science journey and show you how we tested multiple anomaly detection techniques, overcame challenges, fine-tuned detections, and ultimately arrived at meaningful alerts based on machine learning. Speaker(s) Jim Goodrich, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1390.pdf?podcast=1577146259 Product: Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Good for all skill levels
Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels
Want to use your custom model with the data already in Splunk? Want to contribute to an open library for Machine Learning Toolkit (MLTK) algorithms? Want to use your favorite Machine Learning library? This session will help you to create custom algorithms and leverage the power of any ML algorithm you have ever wanted to use for your application. Traverse the entire process from building a custom algorithm, fitting the model to your data, testing your application, to contributing to the MLTK Algorithms library on Github. Speaker(s) Karthika Krishnan, Senior Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1540.pdf?podcast=1577146259 Product: Splunk Enterprise, Splunk Machine Learning Toolkit Track: Foundations/Platform Level: Intermediate
Why should running a business feel any different than throwing a party? To demonstrate how Splunk can be used to monitor and manage business operations, the DATA Mavericks team at Acceleris has iteratively perfected its Party Dashboard. It started out as a gimmick at the inauguration party of the company's new headquarters, but now the Party Dashboard demonstrates how Splunk’s dashboarding helps any team get real-time visibility into any operation. Join this session to learn why they chose the relevant metrics, how they collected and fed the data to Splunk, and what meaningful insights were generated as a fun introductory example of using Splunk to get visibility into your business operations. Speaker(s) OJ Stapleton, Data / Tech Master, Data Mavericks by Acceleris Martin Gerber, Crunching Master, Acceleris AG Slides PDF link - https://conf.splunk.com/files/2019/slides/BA1623.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit Track: Business Analytics Level: Good for all skill levels
Detecting abnormal behavior is an important objective in security monitoring, but is extremely challenging as we mostly are expected to detect "unknown unknowns." We can, however, use an entity's past behavior to measure how much of what we observe today deviates from normal behavior. In this way we can detect unknown, hidden and insider threats early on to stay ahead of advanced threats. This talk presents a unified, scalable framework for anomaly detection that is built on the frequent itemset mining technique. The premise is that if we can align an event with more frequent patterns observed in history, then the event is unlikely to be an anomaly. By mining through an extensive set of features and feature co-occurrences, the model can accurately capture the normal behaviors. Any new behaviors can then be scored. At which point, any new rare co-occurrences of events can be detected and sent to analysts and SOC teams for rapid investigation. Speaker(s) Nancy Jin, Data Scientist, Splunk Ping Jiang, Sr. Software Engineer in Test, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1230.pdf?podcast=1577146258 Product: Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Intermediate
“Our IT-powered business processes are too slow.” Does this sound familiar? If so, that is usually the perfect starting point to dig in and start improving them. Unfortunately, specific data that could help with that effort are not available – normally. In this session we will show you how we at Arvato Supply Chain Solutions got the data we needed and used it to improve the collaboration between IT and business. You will learn how we connected different IT systems such as SAP and conveyor line to Splunk Cloud, and how this helped us to analyze business processes with IT Service Intelligence (ITSI). And, as the icing on the cake, we give you a sneak peak of the machine learning algorithm we implemented to continuously improve our business processes. Speaker(s) Ralf Walkenhorst, ITOA Specialist, Splunk Holger Diekhoff, Manager Operational Intelligence, Arvato Supply Chain Solutions Slides PDF link - https://conf.splunk.com/files/2019/slides/BA1512.pdf?podcast=1577146258 Product: Splunk Cloud, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit Track: Business Analytics Level: Beginner
Threat hunting is hard, and threat hunting in an enterprise network with thousands of endpoints is even harder. We will demonstrate how we leveraged Splunk Enterprise to build an Advanced Threat Hunting platform designed for large scale threat hunting of 100,000 or more endpoints. Using Splunk Enterprise allows us to combine analytics, data enrichment, and custom workflows to display in one platform the most important data to analysts. Our threat hunting platform addresses the challenges of data retention and collection, high false positive rates, and analyst fatigue, all while lowering the time to detection of malicious incidents and improving the efficiency of enterprise SOC operations. Speaker(s) Dan Rossell, Analyst, Booz Allen Hamilton Ashleigh Moriarty, Lead Technologist, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1071.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit Track: Security, Compliance and Fraud Level: Intermediate
We will share experiences and best practices for implementing notable events, the various Splunk Enterprise Security frameworks, and adaptive response actions, and we'll share our approach for building a program to consistently develop, measure, and iterate on correlation searches. We will discuss how to integrate lessons learned from incidents, red team engagements, threat intelligence, threat hunting, and requirements from business units into the program. Example tactics we'll cover include leveraging low-fidelity detections to develop higher-fidelity and higher-value ones, managing detection content simply and easily through macros, and building a formula to assess the efficacy of your detection content. Speaker(s) Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1674.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Enterprise Security, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels
Splunk User Behavioral Analytics (UBA) is a machine learning driven solution that helps organizations find hidden threats and anomalous behavior across users, devices, and applications. In this session we'll answer questions that came up during our large-scale deployment such as, once you've got UBA installed, how do you know if it is working well in your environment? And how long after installation does it take for the system to be operational and produce results? We'll also share best practices for validating outputs and tuning the system. This session will help you jumpstart your understanding of UBA and help you get your UBA deployment into production and detecting threats faster. Speaker(s) Teresa Chila, Data Scientist, Chevron Maria Sanchez, Technical Support Engineer, User Behavioral Analytics (UBA), Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1490.pdf?podcast=1577146258 Product: Splunk User Behavior Analytics, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels
Los Angeles World Airport has chosen Splunk's ITSI as their centralized event/alert management platform. We’ve consolidated alerts/events from multiple management platforms across the enterprise, reducing help desk churn by grouping similar events, and evaluating the results against smart Key Performance Indicator (KPI) thresholds so that only actionable alerts or events are processed. In addition, we’ve broken down the legacy data siloes through the use of service definitions, glass tables, and deep-dives, providing better insight for all team members. Lastly, we’ve automated ITSI service and dependency creation via the Splunk ServiceNow bi-direction integration App. Plan top attend this session and you will learn how we’ve increased visibility (making data available for everyone); increased efficiency by reducing alert/event noise; improved resolution using ITSI Smart KPIs; and implemented auto service creation via ServiceNow Speaker(s) Kelcy Taylor, SLED Account Manager, Splunk Shahla Dallalzadeh, IT Manager, Los Angeles World Airports Michael Friedhoff, Director & Lead Architect, Wipro Ltd. Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1564.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit Track: IT Operations Level: Good for all skill levels
Anomaly Detection, Predictive Analytics, and Clustering — oh my! Splunk customers want answers from their data, and machine learning is here to help. This session will help demystify the machine learning process, show how common machine learning themes are used for different outcomes at customers around the world, and give you next steps for achieving success at home by implementing machine learning! We aren’t talking about just science projects. We'll be giving examples and public details about Splunk’s Machine Learning Advisory successes over the years. Expect to leave with tangible examples you can implement back in the real world - if you can Escape from Vegas! Speaker(s) Iman Makaremi, Principal Product Manager – Machine Learning and AI, Splunk Harsh Keswani, Product Manager: Machine Learning, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1470.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Intermediate
Take a deep dive in this enablement focused presentation where we cover the background, data and how to implement 3 Splunk solutions entirely captured in this sessions' companion app that shows how to use Splunk for maintaining a state of good repair, make data-driven decisions to garner rate payer confidence and proactively realize conservation goals. The use cases covered in this session are: *** Corrosion Analytics - See how to use machine learning combined with ArcGIS, Maximo and Corrosion data to create an interactive map to predict pipe failures and replacement priorities based on proximity to sensitive infrastructure. *** Mobile Work Fleet - see how to use scripted inputs to develop asset management dashboards, make data driven purchasing decisions and optimize routes. *** Water Leak detection - see how Splunk's Machine Learning Toolkit can be used to easily detect anomalous consumption based on user behavior and automate alerting utilities and customers to prevent water waste. Speaker(s) Tony Nesavich, Staff Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1318.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Internet of Things Level: Good for all skill levels
Marcus by Goldman Sachs is an online, consumer lending and savings platform, often referred to as a startup within the 150-year-old company. The Marcus platform was designed and built from the ground up using the latest technologies and following agile software practices. Splunk software is used to monitor application and infrastructure logs and supports not only DevOps but also Development, QA, Production Support, and Security teams. This session will cover the challenges and successes we have experienced during our first years of rapid growth, the products and capabilities that we added to our platform this year, and provide a glimpse at the potential role of Splunk Next products in online retail banking use cases in the future. Speaker(s) Yisroel Bongart, Senior Sales Engineer, Splunk Maria Loginova, Vice President, Goldman Sachs Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1931.pdf?podcast=1577146258 Product: Splunk Enterprise, AI/ML Track: IT Operations Level: Good for all skill levels
Blockchain scalability is one of the main barriers to adoption of this revolutionary new technology. Finance, supply chain, and e-commerce blockchain deployments often have peak throughputs that far exceed their baseline. For example, when tickets for a popular concert go on sale, the peak transaction throughput will result in unacceptable latency for the users. Samsung SDS Accelerator is a layer 2 scaling solution for Hyperledger Fabric that enables up to 10x transaction throughput during this burst of activity. Using Splunk MLTK, we’re able to detect and react to these bursts of activity without compromising the security guarantees of the underlying blockchain. Speaker(s) Jeff Wu, Senior Product Manager, Blockchain, Splunk Ted Kim, Samsung SDS Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2069.pdf?podcast=1577146258 Product: Splunk Enterprise, AI/ML Track: Foundations/Platform Level: Intermediate