Endlich ist es wieder soweit! Nur noch wenige Tage und die .conf22 startet – dieses Jahr zum ersten Mal überhaupt im Juni! Das alleine ist schon ziemlich aufregend. Aber was tatsächlich noch viel spannender ist, sind die vielen Dinge, die es zu erleben gibt: Da wären spannende Vorträge, extrem hilfreiche Learning Sessions, persönlicher Austausch mit anderen Fach- und Branchenexperten sowie Splunk-Partnern – und natürlich jede Menge Spaß, sowohl auf der virtuellen Veranstaltung als auch live in Las Vegas (ja, wir sehen uns endlich wieder Face-2-Face!!).
Kleine Einstimmung gefällig? Checkt das Video:
Die diesjährige .conf ist allerdings nicht nur so besonderes, da es nach der Pandemie-bedingten Pause endlich wieder live nach Las Vegas geht und wir zusammen vor Ort wieder das echte, ursprüngliche .conf-Feeling erleben dürfen (für die, denen das noch nicht ganz geheuer ist, gibt es natürlich auch eine virtuelle Veranstaltung – im Blog-Post meines Kollegen Daniel findet ihr einen guten Vergleich aller Tickets und Formate und Antworten auf eure am häufigsten gestellten Fragen).
Die diesjährige .conf findet auch zu einer Zeit statt, in der sich die weltweite Cyber-Sicherheitslandschaft nach knapp zwei Jahren Pandemie grundlegend beschleunigt hat und heute komplexer denn je ist. Da können ein paar Splunk-Sessions mit Chuck Norris-Effekt zu aktuellen Cyber-Security-Themen sicher nicht schaden. Mit unseren Sessions werdet ihr nämlich selbst zum unbesiegbaren Chuck Norris der Cybersecurity, der alle Angriffe mit einem gepflegten Roundhouse-Kick abwehrt!
Damit ihr auch etwas von diesem Chuck Norris-Effekt abbekommt, habe ich euch meine Top-Empfehlungen für die diesjährigen .conf22 EMEA Security-Sessions zusammengefasst (die Session-Beschreibungen habe ich euch hier nicht ins Deutsche übersetzt, da die Sessions ohnehin wie immer in englischer Sprache gehalten werden):
- SEC1197C - Build Detection as Code Like the Splunk Threat Research Team
How do you know that your Organization is protected from the threat in the news? How agile can your SecOps Team react to design, test and operationalize a new detection technique? How do you know your detection content has high quality and continues to work in a month from now? Modern SecOps Teams have to apply software engineering principles to write and manage detection. This is called Detection-as-Code. By adopting this new paradigm, detection engineering teams can build scalable processes for creating and hardening analytics to identify sophisticated threats. The Splunk Threat Research Team has implemented Detection-as-Code and operates under this manner. In this talk, we will share best practices for collaborating with version control, test-driven development and automated workflows with continuous integration/continuous deployment (CI/CD). We will show how you can adopt the Detection-as-Code principle and become an extended part of the Splunk Security Research Team by forking security_content.
- SEC1471B - One App To Rule Them All: Applying Machine Learning To Find Them
Have you ever wondered what a non-machine learning Guru can achieve within one year? How to start with security-related data and detect what's lurking in your environment with the power of ML? Well, you've come to the right place, as we showcase how YOU can leverage baselines & likelihoods by utilizing MLTK algorithms and SPL™ to uncover anomalies and dig out the hackers hiding in logs. We’ll cover tips and tricks, the challenges, our outcomes, likelihood approaches, and possible use cases of using MLTK as well as the benefits. We'll go into detail about two specific use cases; how to detect anomalous logins and rough patterns of applications. In summary, we'll make sure you have the tools and know-how to build your own ML threat cases based on good old SPL and our beloved MLTK app.
- SEC1198C - DevSecOps - Detecting Suspicious GitHub Behavior With Risk Based Alerting and Enterprise Security
The list of software compromised through supply chain attacks is long: Solarwinds Orion, Mimecast, Kaseya and many more. These attacks compromised the source code repositories to distribute malware to the users. This talk will focus on detecting suspicious GitHub behavior to discover attacks on GitHub repositories. We are excited to talk about different attack patterns on GitHub, share best practices for onboarding of GitHub data and how to detect them with risk-based alerting (RBA). An end-to-end demo will explain everything you need to know to start detecting attacks on your GitHub projects.
- SEC1836 - Bolstering cybersecurity resilience to protect your organization
Are you stuck in the vortex of defending against an expanding threat landscape within an increasingly complex environment? Join the security super session as we unlock our data-centric approach to achieve cybersecurity resilience, allowing you to withstand unpredictable threats to your business. Learn how Splunk can deliver end-to-end visibility to detect threats accurately to help reduce business risk, empower your team to respond to attacks faster, and maximize the full potential of integration to accelerate time to value. Finally, hear what industry experts and customers say about leveraging security analytics, automation and orchestration, and human-powered expertise to stay ahead of threats.
- SEC1459A – Splunk Security Essentials - Gain Situational Awareness by managing all your Security Content
Organizations today are likely to have multiple disparate security tools, providing detection coverage for different technology stacks and for enabling defense in depth. A drawback of this method is the difficulties in gaining timely and accurate situational awareness in terms of total defensive coverage across these disparate tools. This session is for content creators, SOC managers, and CISOs who want to see how Splunk® Security Essentials can help you gain situational awareness by managing all your security content.
Ich hoffe die Sessions helfen euch, Cyberangreifer in jeder Umgebung schneller zu erkennen und zügig zielgerichtete Maßnahmen zu ergreifen – ganz so, wie es Chuck Norris machen würde, wenn er im SOC aushelfen würde.
Happy .conf’ing!
Matthias