CISCO User Group Soc Of The Future User Guide
- June 27, 2024
- Cisco
Table of Contents
- User Group Soc Of The Future
- Specifications:
- Product Usage Instructions:
- Key Technology Shifts in the SOC:
- Splunk Security Features:
- Splunk AI Assistant Integration:
- Evolution of SOC:
- Q: What are the key features of the Cisco User Group Soc of the
- Q: How does Splunk Security contribute to enhancing security
- Q: What is the role of Splunk AI Assistant in security
- Q: How has the SOC evolved over the years with the
User Group Soc Of The Future
“`html
Specifications:
-
Product Name: Cisco User Group Soc of the Future
-
Head of Security: Nathan Smith (APAC)
-
Industry Focus: Security, Regulatory Compliance, Cyber
Crime -
AI Integration: Generative AI, AI/ML capabilities
-
Automation: Pervasive automation for threat analysis,
containment, response, and recovery actions
Product Usage Instructions:
Key Technology Shifts in the SOC:
-
Comprehensive Visibility: Ensures all data sources are
connected with full attack-surface coverage. -
Proactive Threat Detection: Utilizes AI/ML, risk-based
approach, and comprehensive threat intelligence to stop advanced
attacks. -
Pervasive Automation: Implements automation across threat
analysis, containment, response, and recovery actions to increase
productivity. -
Unified TDIR: Integrates threat detection, investigation, and
response for improved efficiency.
Splunk Security Features:
-
Comprehensive Visibility: Provides visibility across all data
sources. -
Proactive Threat Detection: Uses AI/ML for early threat
detection. -
Pervasive Automation: Implements automation in SOC
workflows. -
Unified TDIR: Integrates threat detection, investigation, and
response.
Splunk AI Assistant Integration:
-
Search Data Using Natural Language: Utilize Splunk AI Assistant
for data search. -
Embedding in Workflows: Integrate Splunk AI Assistant into
security workflows. -
Modern Worksurface: Provides a unified interface for TDIR
tasks. -
Response Templates: Codify processes into templates for
simplified workflows. -
Case Management: Easily manage cases within response
templates.
Evolution of SOC:
The product has evolved over the years to incorporate various
features like Asset Risk Intelligence, Cloud-Based Behavioral
Analytics, Threat Intelligence Management, SOAR, UBA, and more to
enhance security operations.
FAQ:
Q: What are the key features of the Cisco User Group Soc of the
Future?
A: The key features include comprehensive visibility, proactive
threat detection, pervasive automation, AI-guided workflows, and
unified threat detection, investigation, and response
capabilities.
Q: How does Splunk Security contribute to enhancing security
operations?
A: Splunk Security provides comprehensive visibility across data
sources, proactive threat detection using AI/ML, pervasive
automation in SOC workflows, and integrates unified threat
detection, investigation, and response functionalities.
Q: What is the role of Splunk AI Assistant in security
workflows?
A: Splunk AI Assistant helps in natural language data search,
integration into workflows, providing a modern worksurface for TDIR
tasks, creating response templates for simplified workflows, and
enabling easy case management within templates.
Q: How has the SOC evolved over the years with the
product?
A: The SOC has evolved with features like Asset Risk
Intelligence, Cloud-Based Behavioral Analytics, Threat Intelligence
Management, SOAR, UBA, and more to drive innovation in security
operations.
“`
© 2024 SPLUNK INC.
Cisco User Group Soc of the Future
Nathan Smith Head of Security APAC
Nathan Smith Head of Security, APAC
© 2024 SPLUNK INC.
Industry Trends
Major Breaches
Regulatory Compliance
Cyber Crime as a service grows
AI Being Weaponized
As data breaches scale up, organizations and
governments will be forced to spend more money to recover from them
© 2024 SPLUNK INC.
Critical infrastructure regulations , industry specific regulations demand detection & response capabilities.
Cyber Crime is big Business and the entry level is continually being lowered
via as a service
models.
Generative AI capability adopted by cybercrime and Deep Fakes becoming
mainstream.
Expanding Attack Surface
Persistent Security Operations Challenges
Source: ESG SOC Trends Report 2023
Siloed Tools, Teams, Data & Workflows
Growing Attack Volumes
Compliance Mandates and Requirements
Talent and Skills Shortage
Key technology shifts in the SOC
Past
Future
Limited visibility across disconnected data sources and relying on ingest only
approach hampers ability to identify high-risk threats amidst the digital
noise.
Reactive threat detection based on signatures or predefined rules with limited
threat intelligence enrichment leading longer attacker dwell times.
Reliance on manual efforts with limited automation for select routine tasks
keeping your security team stuck in a reactive mode moving from tool to too.
Lack of AI to help guide SOC workflows providing no relief for an already
overworked and overwhelmed security team.
Disjointed threat detection, investigation, and response limiting MTTD and
MTTR.
Comprehensive visibility across all data, no matter where located with context
for full attack-surface coverage with no “weak” signals missed.
Proactive threat detection using AI/ML, risk based approach, and comprehensive
threat intelligence stopping advanced attacks and slashing dwell times.
Pervasive automation across threat analysis, containment, response and
recovery actions increasing security team’s productivity and efficiency.
AI guided SOC workflows to help increase efficiency and effectiveness of the
security team
Unified threat detection, investigation, and response dramatically improving
MTTD and MTTR.
© 2024 SPLUNK INC.
of the Future
Unified Threat Detection, Investigation and Response at the Core.
© 2024 SPLUNK INC. | Splunk Confidential and Internal – Do Not Distribute
Delivering the essential capabilities
SOC of the Future
Splunk Security Delivers
Comprehensive Visibility Proactive Threat Detection
Pervasive Automation AI guided SOC workflows
Unified TDIR
Ingest and normalize any data at scale Federated search and analytics to
access data from anywhere Open Cybersecurity Schema Framework open standard
1,500+ curated detections crafted by Splunk Threat Research Behavioral
Analytics to detect unknown threats and anomalies MLTK to build custom ML
solutions for any use case Risk based alerting to tackle alert fatigue
Integrated Threat Intelligence Enrichment Automated Threat Analysis for
decisive action and rapid response Powerful SOAR to increase speed of
investigation and response Automate efficiently using pre-built playbooks and
integrations
Splunk AI Assistant to search for data using natural language Embed Splunk AI
Assistant for security into workflows
Single, modern worksurface to unify TDIR Codify processes into response
templates to simplify workflows Easy case management within your response
templates
© 2024 SPLUNK INC.
Building on SIEM to drive continued innovation to evolve the SOC
2009 2015 2016 2017 2018 2019 2020 2021
Asset Risk Intelligence Mission Control
Cloud-Based Behavioral Analytics Attack Analyzer
Open Cybersecurity Schema Framework Threat Intelligence Management SURGe
Risk Based Alerting in Enterprise Security SOAR
Security Content & Threat Research Team UBA
Enterprise Security
2022 2023 2024 Today
© 2024 SPLUNK INC.
with the leading TDIR solution
*Splunk Asset & Risk Intelligence is
Currently in Preview
© 2024 SPLUNK INC. | Splunk Confidential and Internal – Do Not Distribute
Foundational use cases
Providing the critical capabilities on your resilience journey
Foundational Visibility
See across environments
Data Optimization
Security Monitoring
Incident Management
Asset Discovery & Management
Compliance
Visualization & Reporting
Guided Insights
Detect threats and issues with context
Threat Intelligence Enrichment
Leverage Cybersecurity Frameworks
Risk Based Alerting
AI Assisted Guidance
Anomaly Detection
Threat Hunting
Proactive Response
Get ahead of issues
Automate Threat Analysis
Automate Containment & Response Actions
Orchestrate Response Workflows
Unified Workflows
Collaborate Seamlessly
Automate Complete TDIR Life Cycle
Standardize SOC Processes using Response Templates
Automate Recovery Playbooks
Federate Access & Analytics
Accelerated by Splunk AI
© 2024 SPLUNK INC.
What about AI?
© 2024 SPLUNK INC.
What is AI and Machine Learning?
Artificial Intelligence (AI) – capability of a computer system to mimic human
cognitive functions such as learning and problem-solving Machine Learning (ML)
– subset of AI that uses mathematical models of data to help a computer learn
without direct instruction Deep Learning – subset of AI that uses
computationally intense ML models inspired by the “deep” layers of the
biological neural network of the human brain to accomplish complex goals like
image recognition Example: Self driving car recognizes stop sign Generative AI
– subset of AI that involves the use of algorithms and techniques to generate
new data, things that have not existed in the world before being created by
the models
Example: OpenAI Chat GPT
Artificial
Intelligence (AI)
Machine Learning
(ML) Deep
Learning
(DL) Generative
AI (GenAI)
© 2024 SPLUNK INC.
Recent AI Breakthroughs and Trends
1
Traditional Cognitive
Tasks
2
New and Emerging Capabilities
3
Domain Specific Innovations
Human parity in
image classification (2015, Microsoft) speech recognition (2017, Microsoft)
text summarization (2019, Google) translation (2022, OpenAI) reading
comprehension (2023, OpenAI)
© 2024 SPLUNK INC.
Generative AI Capabilities
Chat Q&A Summarization Suggestion Code generation Image generation ……
New product categories
ChatBot Security Copilot’s Google Duet AI AI Assistant ……
What’s the benefit to the SOC?
Guidance
Provide guidance to analyst on next steps, lowing the entry level of
knowledge needed to investigate and respond.
© 2024 SPLUNK INC.
Faster Response
Reducing the time need to investigate and increasing the response time in
taking actions.
Proactive
AI will help SOC teams prioritise activities and to move from reactive
to proactive activities.
New
Preview in Q1 & GA at .conf Upskill new and advanced Splunk users quickly.
Translate bi-directionally between NL and SPL. Receive personalized
recommendations.
© 22002244SSPPLLUUNNKKINICN.C. | Splunk Confidential and Internal – Do Not
New
Investigate faster. Answer analyst questions to speed up daily workflows. Save
time while addressing threats more rapidly. Access natively within Splunk ES.
© 22002244SSPPLLUUNNKKINICN.C. | Splunk Confidential and Internal – Do Not
Splunk AI Assistant for Security
Accelerate the SOC with GenAI
Incident Summarization
Assisted Troubleshooting
Recommended Response
Detection Engineering
© 2024 SPLUNK INC.
A
world leader in cybersecurity
The only vendor named a leader in SIEM and security analytics by Forrester, Gartner and IDC
© 2024 SPLUNK INC.
5 awards for SIEM and SOAR
Leader Award SIEM and SOAR
A leader in SOAR
Results Driven Activities
Security PVP
Data Source Analysis
Security
Maturity Assessment
Visibility Assessment
Enterprise Security Workshop
Alerts, reports, dashboards
RBA Workshop
© 2024 SPLUNK INC.
UEBA, Threat Intelligence
SOAR, ARI, Attack Analyzer
Mitre Att&ck Zero Trust
Compliance controls
Thresholds, Indicators, Trends, Risks
Anomaly detection, ML, Advanced Threats
Execute Actions across infrastructure
Business Outcomes Improved Security Maturity Reduced Gaps
Avoid Regulators pressure
Reduced Cyber Risk
How to get started
Thank you
© 2024 SPLUNK INC.
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>