Detecting abnormal behavior is an important objective in security monitoring, but is extremely challenging as we mostly are expected to detect "unknown unknowns." We can, however, use an entity's past behavior to measure how much of what we observe today deviates from normal behavior. In this way we can detect unknown, hidden and insider threats early on to stay ahead of advanced threats. This talk presents a unified, scalable framework for anomaly detection that is built on the frequent itemset mining technique. The premise is that if we can align an event with more frequent patterns observed in history, then the event is unlikely to be an anomaly. By mining through an extensive set of features and feature co-occurrences, the model can accurately capture the normal behaviors. Any new behaviors can then be scored. At which point, any new rare co-occurrences of events can be detected and sent to analysts and SOC teams for rapid investigation.

Speaker(s)
Nancy Jin, Data Scientist, Splunk
Ping Jiang, Sr. Software Engineer in Test, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1230.pdf?podcast=1577146258

“Our IT-powered business processes are too slow.” Does this sound familiar? If so, that is usually the perfect starting point to dig in and start improving them. Unfortunately, specific data that could help with that effort are not available – normally. In this session we will show you how we at Arvato Supply Chain Solutions got the data we needed and used it to improve the collaboration between IT and business. You will learn how we connected different IT systems such as SAP and conveyor line to Splunk Cloud, and how this helped us to analyze business processes with IT Service Intelligence (ITSI). And, as the icing on the cake, we give you a sneak peak of the machine learning algorithm we implemented to continuously improve our business processes.

Speaker(s)
Ralf Walkenhorst, ITOA Specialist, Splunk
Holger Diekhoff, Manager Operational Intelligence, Arvato Supply Chain Solutions

Slides PDF link - https://conf.splunk.com/files/2019/slides/BA1512.pdf?podcast=1577146258

Threat hunting is hard, and threat hunting in an enterprise network with thousands of endpoints is even harder. We will demonstrate how we leveraged Splunk Enterprise to build an Advanced Threat Hunting platform designed for large scale threat hunting of 100,000 or more endpoints. Using Splunk Enterprise allows us to combine analytics, data enrichment, and custom workflows to display in one platform the most important data to analysts. Our threat hunting platform addresses the challenges of data retention and collection, high false positive rates, and analyst fatigue, all while lowering the time to detection of malicious incidents and improving the efficiency of enterprise SOC operations.

Speaker(s)
Dan Rossell, Analyst, Booz Allen Hamilton
Ashleigh Moriarty, Lead Technologist, Booz Allen Hamilton

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1071.pdf?podcast=1577146258

We will share experiences and best practices for implementing notable events, the various Splunk Enterprise Security frameworks, and adaptive response actions, and we'll share our approach for building a program to consistently develop, measure, and iterate on correlation searches. We will discuss how to integrate lessons learned from incidents, red team engagements, threat intelligence, threat hunting, and requirements from business units into the program. Example tactics we'll cover include leveraging low-fidelity detections to develop higher-fidelity and higher-value ones, managing detection content simply and easily through macros, and building a formula to assess the efficacy of your detection content.

Speaker(s)
Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America
Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1674.pdf?podcast=1577146258

Splunk User Behavioral Analytics (UBA) is a machine learning driven solution that helps organizations find hidden threats and anomalous behavior across users, devices, and applications. In this session we'll answer questions that came up during our large-scale deployment such as, once you've got UBA installed, how do you know if it is working well in your environment? And how long after installation does it take for the system to be operational and produce results? We'll also share best practices for validating outputs and tuning the system. This session will help you jumpstart your understanding of UBA and help you get your UBA deployment into production and detecting threats faster.

Speaker(s)
Teresa Chila, Data Scientist, Chevron
Maria Sanchez, Technical Support Engineer, User Behavioral Analytics (UBA), Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1490.pdf?podcast=1577146258

Los Angeles World Airport has chosen Splunk's ITSI as their centralized event/alert management platform. We’ve consolidated alerts/events from multiple management platforms across the enterprise, reducing help desk churn by grouping similar events, and evaluating the results against smart Key Performance Indicator (KPI) thresholds so that only actionable alerts or events are processed. In addition, we’ve broken down the legacy data siloes through the use of service definitions, glass tables, and deep-dives, providing better insight for all team members. Lastly, we’ve automated ITSI service and dependency creation via the Splunk ServiceNow bi-direction integration App. Plan top attend this session and you will learn how we’ve increased visibility (making data available for everyone); increased efficiency by reducing alert/event noise; improved resolution using ITSI Smart KPIs; and implemented auto service creation via ServiceNow

Speaker(s)
Kelcy Taylor, SLED Account Manager, Splunk
Shahla Dallalzadeh, IT Manager, Los Angeles World Airports
Michael Friedhoff, Director & Lead Architect, Wipro Ltd.

Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1564.pdf?podcast=1577146258

Anomaly Detection, Predictive Analytics, and Clustering — oh my! Splunk customers want answers from their data, and machine learning is here to help. This session will help demystify the machine learning process, show how common machine learning themes are used for different outcomes at customers around the world, and give you next steps for achieving success at home by implementing machine learning! We aren’t talking about just science projects. We'll be giving examples and public details about Splunk’s Machine Learning Advisory successes over the years. Expect to leave with tangible examples you can implement back in the real world - if you can Escape from Vegas!

Speaker(s)
Iman Makaremi, Principal Product Manager – Machine Learning and AI, Splunk
Harsh Keswani, Product Manager: Machine Learning, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1470.pdf?podcast=1577146258

Take a deep dive in this enablement focused presentation where we cover the background, data and how to implement 3 Splunk solutions entirely captured in this sessions' companion app that shows how to use Splunk for maintaining a state of good repair, make data-driven decisions to garner rate payer confidence and proactively realize conservation goals.  The use cases covered in this session are: *** Corrosion Analytics - See how to use machine learning combined with ArcGIS, Maximo and Corrosion data to create an interactive map to predict pipe failures and replacement priorities based on proximity to sensitive infrastructure. *** Mobile Work Fleet - see how to use scripted inputs to develop asset management dashboards, make data driven purchasing decisions and optimize routes. *** Water Leak detection - see how Splunk's Machine Learning Toolkit can be used to easily detect anomalous consumption based on user behavior and automate alerting utilities and customers to prevent water waste.

Speaker(s)
Tony Nesavich, Staff Sales Engineer, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1318.pdf?podcast=1577146258

Marcus by Goldman Sachs is an online, consumer lending and savings platform, often referred to as a startup within the 150-year-old company. The Marcus platform was designed and built from the ground up using the latest technologies and following agile software practices. Splunk software is used to monitor application and infrastructure logs and supports not only DevOps but also Development, QA, Production Support, and Security teams. This session will cover the challenges and successes we have experienced during our first years of rapid growth, the products and capabilities that we added to our platform this year, and provide a glimpse at the potential role of Splunk Next products in online retail banking use cases in the future.

Speaker(s)
Yisroel Bongart, Senior Sales Engineer, Splunk
Maria Loginova, Vice President, Goldman Sachs

Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1931.pdf?podcast=1577146258

Blockchain scalability is one of the main barriers to adoption of this revolutionary new technology. Finance, supply chain, and e-commerce blockchain deployments often have peak throughputs that far exceed their baseline. For example, when tickets for a popular concert go on sale, the peak transaction throughput will result in unacceptable latency for the users. Samsung SDS Accelerator is a layer 2 scaling solution for Hyperledger Fabric that enables up to 10x transaction throughput during this burst of activity. Using Splunk MLTK, we’re able to detect and react to these bursts of activity without compromising the security guarantees of the underlying blockchain.

Speaker(s)
Jeff Wu, Senior Product Manager, Blockchain, Splunk
Ted Kim, Samsung SDS

Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2069.pdf?podcast=1577146258