Most of us have had (or still have) nightmares about an alert that someone's exfltrating data from our organization. We've lived that nightmare at Harris, and we've learned from it. In this session, we'll discuss how we used red and purple teaming to improve our security posture post-breach. Learn from our experience so that you can strengthen your team's alerting, staff comptency, and policies, and reduce the risk of a breach at your company.

Speaker(s)
Nate Piquette, Sr. Detection & Response Engineer, L3Harris Technologies
Adam Parsons, Sr. Detection & Response Engineer, L3Harris Technologies

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1375.pdf?podcast=1577146226

Product: Splunk Enterprise, Splunk Enterprise Security

Track: Security, Compliance and Fraud

Level: Good for all skill levels

Paychex’s goal of providing the best user experience for our clients has led to a significant investment in performance testing and monitoring of our applications. Currently all Paychex applications record the execution time for every task and subtask to logs. These are indexed by Splunk, allowing us to identifying areas where changes to code and database queries will have a positive impact on the overall user experience. This presentation will focus on combining this user experience data with client demographic data (such as the number of active employees) and using the Splunk Machine Learning Toolkit to build predictive models of user experience based on client demographic data.

Speaker(s)
Ken Tupper, Lead Performance Engineer, Paychex

Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1631.pdf?podcast=1577146226

Product: Splunk Machine Learning Toolkit, AI/ML

Track: Foundations/Platform

Level: Intermediate

Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats.

Speaker(s)
Phil Royer, Research Engineer, Splunk
Rod Soto, Principal Security Research Engineer, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146226

Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom

Track: Security, Compliance and Fraud

Level: Advanced

Finding anomalies in network data is no easy task, especially when you have terabytes of logs per day to analyze. But have no fear, we’re going to teach you how. In this session we will perform a technical deep dive into how a global content delivery network provider is using Splunk’s Machine Learning Toolkit to discover anomalies in network traffic. We’ll take you on a data science journey and show you how we tested multiple anomaly detection techniques, overcame challenges, fine-tuned detections, and ultimately arrived at meaningful alerts based on machine learning.

Speaker(s)
Jim Goodrich, Senior Sales Engineer, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1390.pdf?podcast=1577146226

Product: Splunk Machine Learning Toolkit, AI/ML

Track: Foundations/Platform

Level: Good for all skill levels

Vectra customers and security researchers respond to some of the world’s most consequential threats. And they tell us that there’s a consistent set of questions they must answer when investigating any attack scenario.Yet, security data today is broken and unable to effectively answer those questions. It is either incomplete or storage and performance intensive. Most teams don’t have the information necessary to properly answer the questions required to support their use cases; whether it be for threat hunting, investigations or supporting custom tools and models.In this session, hear about real-world use cases where security teams use machine learning engines to derive unique security attributes and how it is embedded into security workflows.

Speaker(s)
Kevin Sheu, Vectra

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2589.pdf?podcast=1577146226

Product: Splunk Enterprise, Splunk Cloud

Track: Security, Compliance and Fraud

Level: Good for all skill levels

TalkTalk is the UK’s leading value telecommunications company with a strategy to become the UK’s most recommended connectivity provider. We need to intelligently use real-time data, analytics and automation in order to create a step-change improvement in customer experience and realize cost savings. This presentation explains how Splunk has helped us to use real-time network telemetry data to detect network problems, significantly improve the customer experience, and save TalkTalk money.

Speaker(s)
Matthew Wood, Head of TalkTalk Labs, TalkTalk
Paul Emmett, Head of Network Operations, Talk Talk

Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1953.pdf?podcast=1577146226

Product: Splunk Enterprise

Track: IT Operations

Level: Good for all skill levels

As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using Splunk and RFC’s like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. A precondition is access to the DNS logging. By means of this technique, insight can be obtained where the phishing e-mails are sent from and to whom the phishing e-mails are sent. In this talk we will start by explaining which standards are available to increase e-mail security and how we have build an app in Splunk, including dashboard and a wizard to create the necessary DNS records to gain insight information about the abuse of our domains.

Speaker(s)
Karl Lovink, Lead Security Operations Center, Dutch Tax and Customs Administration
Arnold Holzel, Senior Security Consultant, SMT

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1106.pdf?podcast=1577146226

Product: Splunk Enterprise, Splunk Enterprise Security

Track: Security, Compliance and Fraud

Level: Advanced

As more technology organizations pursue agility and move towards continuous delivery, a stable and reliable IT infrastructure is the foundation that enables the transformation. However, the increasing complexity of the underlying infrastructure also brings a lot of challenges. Splunk has built a variety of solutions on top of our platform to deal with this complexity and deliver analytics and troubleshooting data to our engineering teams and decision makers. We will share a bit about our continuous integration process for triaging automated tests using Splunk, how we build IT infrastructure monitoring/analytics system based on Splunk ITSI, and how we take corresponding actions via VictorOps.

Speaker(s)
Scott Lu, Senior Engineering Manager, Splunk
Alfie You, Principal Software Engineer, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1962.pdf?podcast=1577146226

Product: Splunk Enterprise, Splunk IT Service Intelligence, VictorOps

Track: IT Operations

Level: Intermediate

Do you wish to modify your incoming data before ingestion? How about using Splunk's real-time search feature more efficiently? Splunk Data Stream Processor (DSP) can help. DSP allows you to analyze, transform and act on your data in real-time before it is indexed by Splunk indexers.Join us in this session to learn more about how you can use DSP as an alerting and action engine and transform your incoming data in real-time!

Speaker(s)
Dirk Nitschke, Staff Sales Engineer, Splunk
Bashar Abdul-Jawad, Principal Software Engineer, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2033.pdf?podcast=1577146226

Product: Splunk Enterprise, Splunk Cloud

Track: Foundations/Platform

Level: Intermediate

Learn how the T-Mobile Splunk Team uses Splunk Data Stream Processor (DSP) to provide advanced stream manipulation options to its user base. See how DSP is positioned in a large-scale Splunk as a service ecosystem.

Speaker(s)
Michael Guenther, Senior Advisory Engineer, Splunk
Dave Cornette, Enterprise Monitoring Architect, T-Mobile

Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1786.pdf?podcast=1577146226

Product: Splunk Data Fabric Search and Data Stream Processor

Track: Foundations/Platform

Level: Good for all skill levels