Copyright 2015 Splunk Inc Finding the signal in

Copyright © 2015 Splunk Inc. Finding the signal in the noise: Effective Sec. Ops with Sophos & Splunk Cloud Ross Mc. Kerchar, Sophos

Introduction and Splunk Overview Andrew Morris, Splunk

Agenda 6: 30 Introduction and Splunk Overview 6: 50 Finding the signal in the noise: Effective Sec. Ops with Sophos & Splunk Cloud 7: 20 Demo: Splunk Enterprise Security and App for AWS 7: 50 Q&A 3

SECURITY INTELLIGENCE IN THE CLOUD Andrew Morris Director of Cloud, EMEA #Splunk

CLOUD AND HYBRID IT SOFTWARE-DEFINED DATACENTERS CONTINUOUS APP DELIVERY ANALYTICS-DRIVEN SECURITY INTERNET OF THINGS

Make machine data accessible, usable and valuable to everyone.

Why Splunk? FAST TIME-TO-VALUE ANY DATA, ANY SOURCE, ASK ANY QUESTION VISIBILITY ACROSS STACK, NOT JUST SILOS ONE PLATFORM, MULTIPLE USE CASES CLOUD, ON-PREMISE & HYBRID DEPLOYMENT

Disruptive Approach to Unstructured Data Traditional Splunk Schema at Write Schema at Read SQL Search ETL Universal Indexing Structured RDBMS Unstructured Volume 8 Velocity Variety

Turning Machine Data Into Business Value Index Untapped Data: Any Source, Type, Volume Online Services On. Premises Servers Application Delivery Web Services Security GPS Location Networks Private Cloud Storage Public Cloud IT Operations Packaged Applications Desktops Messaging Online Shopping Cart Telecoms Web Clickstreams Custom Applications Security, Compliance and Fraud RFID Energy Meters Databases Smartphones and Devices Ask Any Question Call Detail Records Business Analytics Industrial Data and the Internet of Things

Proven Customer Value Across Use Cases & Industries Increased revenues from higher uptime Revenues from faster product launch Savings from fraud prevention Value from preventing APTs Reduction in SLA payouts Optimizing fuel use with sensor data $11. 0 M $25. 0 M $10. 0 M $200+ M $1. 8 M $1. 0 + B $1. 0+ B Online Services High Tech Manufacturing Financial Services Oil & Gas Services Telecom Provider Transportation 10

IT Operations Application Delivery Security, Compliance and Fraud Business Analytics Internet of Things and Industrial Data Platform for Machine Data

The Splunk Portfolio Splunk Premium Solutions 1000+ Apps and Add-Ons Platform for Operational Intelligence Forwarders Syslog/TCP Mobile Io. T Devices Network Wire Data Hadoop Relational Databases Mainframe Data

Fully Integrated Enterprise Platform Index Data Collect Data Scale HA / DR Search & Explore Alert & Action Enrich Data Security Admin 13 Report & Visualize Apps Analyze & Predict SDKs/API

Cloud Is a Journey and Splunk Is Your Partner 100% Uptime SLA Instant Secure Reliable Hybrid

How Gatwick Airport Ensures Better Passenger Experience With Splunk Cloud On-time efficiency & dramatic queue reduction with 925 flights per day Data from airport gates, board pass scans, x-ray, travel, passenger flow Real-time, predictive airfield analytics deliver on mobile app & Apple watch 15

Modern Threat Landscape Realities Vulnerabilities Compromises You Can Disrupt Breaches

Splunk Security Intelligence Insider Threat Incident Investigations and Forensics Security Analytics Security and Compliance Reporting Fraud Detection Monitor and Detect Known/ Unknown Threats

Single Platform for Security Intelligence Splunk Complements, Replaces and Goes Beyond Existing SIEMs INCIDENT INVESTIGATIONS & FORENSICS SECURITY & COMPLIANCE REPORTING REAL-TIME MONITORING OF KNOWN THREATS DETECT UNKNOWN THREATS 20 FRAUD DETECTION INSIDER THREAT

Rapid Ascent in the Gartner SIEM Magic Quadrant* 2015 Leader and the only vendor to improve its visionary position 2014 Leader 2013 Leader 2012 Challenger 2011 Niche Player *Gartner, Inc. , SIEM Magic Quadrant 2011 -2015. Gartner does not endorse any vendor, product or service depicted in its research publication and not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 21

How Telenor protects their network using Splunk Enterprise Security 1 TB of Daily Data with “Splunk Everything” Strategy for Network, Security and IT Data Baseline “Normal” Monitoring of Security and Operations – Real-time Analysis of Deviation Detect and Prevent Security Issues Enabling “Central Emergency Response Team”

With Splunk, Your Enterprise Data Platform Security Operations Different Business. PEOPLE Operations QUESTIONS Asking Different Of the SAME DATA 23 IT Operations

Thriving Community Over 1000 Apps 65, 000+ questions and answers Local User Groups and Splunk. Live! events Dev. splunk. com

Easy to Try and Get Started Free Cloud Trial Free Software Download Free Enterprise Security Sandbox 1 2 3

Copyright © 2015 Splunk Inc. Join us to hear more: Wednesday 11 th May 2016 Westminster Park Plaza, London Register at: http: //live. splunk. com/london

Finding the signal in the noise: Effective Sec. Ops with Sophos & Splunk Cloud Ross Mc. Kerchar, Sophos

About Sophos • • Founded 1985 in Abingdon, UK 2, 200 employees Over 200, 000 customers 100+ million users

Our challenge Keeping up with this…

Our strategy Make change easy ‘Brutal’ prioritisation Focus on the achievable

Operational Intelligence Maturity IT Operations Security Customer experience Log gathering

Security Operations Maturity 4. Security automation Automation 3. Governance Optimising Proactive 2. Threat detection Protection 1. Log gathering Governance Reactive

Our Splunk Deployment Sophos Safeguard Sophos Mobile Control Amazon Web Services Logs Sophos Pure. Message Sophos Wireless Sophos Firewall Sophos Endpoint Security Sophos Cloud Sophos UTM Windows Logs 33

Demo

Q&A

Thank You