![Splunk [Phantom] 2019 .conf Videos w/ Slides](https://raw.githubusercontent.com/tonytamsf/splunk-conf-rss/master/images/conf-logo.png "Splunk [Phantom] 2019 .conf Videos w/ Slides"){kind=logo}
Claim OwnershipSplunk [Phantom] 2019 .conf Videos w/ Slides
Subscribed: 1Played: 4
Subscribe
© Splunk Inc.
Description
Splunk [Phantom] .conf 2019 Videos w/ Slides
68 Episodes
Reverse
![What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]](https://s3.castbox.fm/42/b4/88/6de118a42264bad73e2611343fe123ff59_scaled_v1_400.jpg "What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]")
Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf.
Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146240
Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Does your small team also run a full-featured SOC that supports a global company? In this session we’ll show you how we’ve used Splunk Cloud and Splunk Enterprise Security to bring together all the relevant security intelligence from our technology stack, transforming our security operations from ad hoc and tactical to strategic and compliance-driven. We’ll discuss key takeaways from our journey, such as the benefits of ingesting data properly from the outset so you can reap the rewards as you scale; how we leverage multiple use cases out of single data sources; and how we created easy-to-understand visualizations that convey our firm’s security posture to management.
Speaker(s) Edward Asiedu, Senior Professional Services Consultant, Splunk Craig Gilliver, Head Of SecOps, Johnson Matthey
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1511.pdf?podcast=1577146240
Product: Splunk Cloud, Splunk Enterprise Security, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Security architectures typically involve many layers of tools and products that are not designed to work together, leaving gaps in how security teams bridge multiple domains to coordinate defense. The Splunk Adaptive Operations Framework (AOF) addresses these gaps by connecting security products and technologies from our partners with Splunk security solutions including Splunk Enterprise Security (ES) and Splunk Phantom. Join this session to learn how the Splunk AOF benefits both users and security technology providers by enabling rich context for all security decisions, collaborative decision-making, and orchestrated actions across diverse security technologies.
Speaker(s) Alexa Araneta, Product Marketing Manager, Splunk John Dominguez, Product Marketing Director, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2372.pdf?podcast=1577146239
Product: Splunk Enterprise, Splunk Enterprise Security, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance.
Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146239
Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom
Track: Security, Compliance and Fraud
Level: Beginner
Learn from our experience implementing Splunk Phantom so that you can speed up your automation journey. We'll examine key decisions we made with our implementation and the good and the bad that resulted. We'll also cover our automation efforts in event triage, incident response and everything in between, with walkthroughs of our top playbooks. Additionally, we'll present how we tackled Splunk alert ingestion and what Phantom could look like in a cloud-first deployment.
Speaker(s) John Murphy, Security Analyst, NAB Chris Hanlen, Lead Cyber Security Specialist, NAB
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1506.pdf?podcast=1577146239
Product: Splunk Enterprise, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Last year, after our outrageously successful talk "Pull Up Your SOCs: A Splunk Primer on Building or Rebuilding your Security Operations", we wanted to revisit this topic to cover changes in Security Operations that have taken place over the last 12 months. Whether you’re starting from scratch or rebuilding your security program, the first twelve months of standing up your security operations is absolutely critical to success.
Speaker(s) Dimitri McKay, Staff Security Architect | Jedi Master, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2186.pdf?podcast=1577146239
Product: Splunk Enterprise, Splunk Enterprise Security, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Many government agencies and for-profit companies require that you run Splunk on a network disconnected from the outside Internet. This presents many challenges, including how to cross air gaps and one-way transfers, how to operate indexers in an air-gapped environment, and how to automate backwards. This session will cover lessons learned from a variety of air-gapped deployments.
Speaker(s) Steve Schohn, Staff Sales Engineer, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1190.pdf?podcast=1577146239
Product: Splunk Enterprise, Splunk Enterprise Security, Phantom
Track: Foundations/Platform
Level: Intermediate
Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts.
Speaker(s) Robb Mayeski, Security Automation Magician , EY Will Burger, Security Automation Consultant, EY Haris Shawl, EY
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146239
Product: Splunk Enterprise Security, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Endpoint security is more than detecting malware. Most insider threats, however, don’t involve malware, but other security issues associated with the user and endpoint. Learn how Cisco’s own InfoSec team uses Cisco Endpoint Security Analytics Built on Splunk and Cisco NGFW integration to increase its endpoint security and threat visibility.
Speaker(s) Scott Pope, Cisco
Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2899.pdf?podcast=1577146239
Product: Splunk Cloud, Splunk Enterprise Security, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Site Reliability Engineering: Easy to say, harder to do. It can be especially difficult to make sure that all of tenants of SRE are applied to the services you support in a way that is easy for your engineers to adopt. In this session, we will take a look at how you can use Splunk's ITSI, VictorOps and Phantom platforms to make robust solutions that can help your teams consistently solve complex problems and mature their services.
Speaker(s) Chris Crocco, Senior Sales Engineer, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1046.pdf?podcast=1577146239
Product: Splunk Enterprise, Splunk IT Service Intelligence, Phantom, VictorOps
Track: IT Operations
Level: Advanced
Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility.
Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146239
Product: Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases.
Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146239
Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Winston Churchill once said, “Success is not final, failure is not fatal: it is the courage to continue that counts." Then again, Churchill wasn’t in cybersecurity...While our successes are certainly never final, our failures can absolutely be fatal—to a company and our continued employment. What's a good way to actually measure success and failure, though, outside of not appearing on the front page of the paper? Well, as CrowdStrike notes, you have on average one minute to detect an attack in progress, ten minutes to understand it, and sixty minutes to contain it. We will show how to use this 1-10-60 Rule as a measuring metric and leverage the data and capabilities within Splunk and its ecosystem to ensure that we win the survival of the fastest.
Speaker(s) Wissam Ali-Ahmad, Lead Solutions Architect, Splunk Tim Sullivan, Global Senior Strategic Solutions Architect, CrowdStrike
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1573.pdf?podcast=1577146239
Product: Splunk Enterprise, Splunk Enterprise Security, Phantom
Track: Security, Compliance and Fraud
Level: Intermediate
This session will give you a comprehensive look into automating the investigation and remediation of AWS security events using Splunk Phantom. The session will start with an overview and then progress to a live technical walkthrough of setting up Phantom to remediate an AWS security event.
Speaker(s) Matt Tichenor, Product Manager, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2187.pdf?podcast=1577146239
Product: Phantom
Track: Security, Compliance and Fraud
Level: Intermediate
Nick Hayes, VP of Strategy at IntSights, will take you on a tour of the dark web and explain how CISOs can successfully implement a dark web intelligence strategy to neutralize threats outside the wire and at the earliest stages of the cyber kill chain. Now equipped with IntSights External Threat Intelligence, learn how you can take advantage of it through seamless integrations with your Splunk SIEM and Phantom toolsets. Enrich your threat data with internal network security observables, expedite incident reviews and prioritization, and automate your threat prevention and response with SOAR and integrated playbooks.
Speaker(s) Nick Hayes, IntSights
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2887.pdf?podcast=1577146239
Product: Splunk Enterprise, Splunk Enterprise Security, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected.
Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146239
Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML
Track: Security, Compliance and Fraud
Level: Intermediate
Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats.
Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146239
Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom
Track: Security, Compliance and Fraud
Level: Advanced
Ever wondered how to integrate or scale Splunk Enterprise Security (ES) and Splunk Phantom? Join us as we explore best practices involved in setting up clustered environments for ES and Phantom that yield a highly available and scalable security platform. You will leave this session better able to create scalable ES and Phantom deployments, tools, commands, cheat sheets, and troubleshooting methods at your own organizations.
Speaker(s) Mayur Pipaliya, Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2233.pdf?podcast=1577146238
Product: Splunk Enterprise, Splunk Enterprise Security, Phantom
Track: Security, Compliance and Fraud
Level: Advanced
Have you ever been positive you had found evil, only to realize it was normal after hours of triage and work? We have all heard and love “KNOW NORMAL FIND EVIL,” but how hard is it to actually know normal? The MITRE ATT&CK Framework gives defenders a better map to “find evil,” but how can this framework be used to “know normal”?Rick will discuss how knowing normal in a world of abnormal is harder than one thinks, and how addressing the actual root cause of evil can improve the technology industry as a whole.
Speaker(s) Rick McElroy, Principal Security Strategist , Carbon Black
Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2917.pdf?podcast=1577146238
Product: Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom
Track: Security, Compliance and Fraud
Level: Good for all skill levels
Whether you're a new or experienced Splunk Phantom user, you'll learn from the high-value, often overlooked features we discuss in this session. We'll showcase some of Phantom's most overlooked valuable features, as well as experienced users' top ranked features. Join us to learn more about how you can optimize your use of Splunk’s SOAR (Security Orchestration Automation & Response) platform.
Speaker(s) Phil Royer, Research Engineer, Splunk Kavita Varadarajan, Product Manager - Phantom, Splunk Sam Hays, Sr. Technical Community Manager , Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1705.pdf?podcast=1577146238
Product: Phantom
Track: Security, Compliance and Fraud
Level: Intermediate
Comments
Download from Google Play
Download from App Store
United States