Howdy, folks!
Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. Beginning this month, we're establishing a new series from our Security family; kind of a "Staff Picks" from us to you. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk security world that WE think everyone should read. I hope you enjoy.
(Check out our monthly staff security picks and our all-time best picks for security books and articles!)
“The pretty one” |
“Zero to 100 in 90 Days - Building Up Your Security Operations" by Kelcey Tietje and Lisa Tawfall Let's go back oldschool. I first saw this presentation when I was a customer in 2013 and it really blew my mind how quickly Bechtel spun up a world class SOC in 90 days. I love how they outlined the challenges they overcame and where they finished. Although from 2013, I still think this is an incredibly relevant presentation that addresses issues security analytsts are still facing today. |
“#thanksbrodsky”
|
“Turning IOCs into Tangible Protection” by Katie Winslow and Mike Slavick, Kaiser Permanente How do we link security to the business? How do we organize our SOC to better meet today’s security challenges? And how did we leverage Splunk to do it? This presentation from Kaiser is two, two, TWO presentations in one! First, Kaiser Security pro Katie Winslow discusses how and why threat data is important to the healthcare giant, and then details the key security indicators she presents to the business to prove that the security teams are actually protecting Kaiser AND saving them money. Her colleague Mike Slavick then details the specific threat data sources Kaiser uses, with details on how these technologies impact the business. I don’t know of an easier-to-digest presentation that explains how Splunk can make security data business relevant. |
“King of SPL” |
This is almost a gimme—one of the most popular presentations that will help you see what’s essential in your Windows monitoring and why. Learn more from Malware Archaelogy’s Michael Gough on what’s the best bang for your Splunk license buck, and what is crazy to not monitor. This presentation includes 60+ slides of goodness and, equally important, a set of cheat sheets to help you implement monitoring easily in your environment. |
“Dave or David” |
“Maturing Workday’s SOC With Splunk” by Jordan Perks and Ravi Shah When we talk about the people, processes and technology that make up a security program, I find it’s most difficult to get concrete examples of solid processes. Many organizations don’t have any processes, some processes are too specific to one environment to be generally applicable, and sometimes organizations are simply unwilling to share. What makes this presentation so unique and valuable is that it shines a light on the specific metrics and techniques used by a real-world, high-performing SOC and their security engineering team to manage workflow and continually improve. |
“Does not live in Colorado” |
With every organization I speak with, I find myself wishing endpoint data got more love. The good news is that oftentimes Windows Event Logs are getting picked up, but there is always concern how much data it generates, let alone turning on high fidelity logging like sysmon and powershell due to data volumes. This talk, given at .conf2017, details how TransAlta was able to build and tune their endpoint configuration, collect these valuable sources, filter out noisy, low value events and keep their logging footprint to around 10MB per system per day! |
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.