Sign up to save your podcasts
Or
Share Klapp-Back at Attackers: Capturing Data in the Wild to Build Tailored Defenses with Splunk Security Analytics [Splunk Enterprise, Splunk Enterprise Security, Phantom]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Phantom] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/927195/logo_300x300.png){kind=logo}
Klapp-Back at Attackers: Capturing Data in the Wild to Build Tailored Defenses with Splunk Security Analytics [Splunk Enterprise, Splunk Enterprise Security, Phantom]
Splunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data.
Speaker(s)
Bhavin Patel, Security Software Engineer, Splunk
Jose Hernandez, Security Researcher, Splunk
Bhavin Patel, Security Software Engineer, Splunk
Jose Hernandez, Security Researcher, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1576909571
View all episodes
By SplunkSplunk's Security Research Team collects attack data in the wild from across the globe and analyzes new and unusual techniques, tactics, and procedures employed by threat actors. We use this data to help customers build tailored defenses—defenses that automatically detect, investigate, and respond to suspicious activities in real time. In this session we will discuss how Splunk security researchers created our own honeypot and data collection framework in response to research demonstrating that honeypots were twice as effective as open-source intelligence feeds at detecting new threats (http://tinyurl.com/y335po8d). We will provide an introduction to honeypots and explain how we architected and built KLAPP-Back, a high-interaction SSH honeypot. We will also discuss how KLAPP-Back helped us build better detection analytics and seed Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics use cases with attacker data.
Speaker(s)
Bhavin Patel, Security Software Engineer, Splunk
Jose Hernandez, Security Researcher, Splunk
Bhavin Patel, Security Software Engineer, Splunk
Jose Hernandez, Security Researcher, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1357.pdf?podcast=1576909571