CISCO User Group Soc Of The Future User Guide

June 27, 2024
Cisco

User Group Soc Of The Future

“`html

Specifications:

  • Product Name: Cisco User Group Soc of the Future

  • Head of Security: Nathan Smith (APAC)

  • Industry Focus: Security, Regulatory Compliance, Cyber
    Crime

  • AI Integration: Generative AI, AI/ML capabilities

  • Automation: Pervasive automation for threat analysis,
    containment, response, and recovery actions

Product Usage Instructions:

Key Technology Shifts in the SOC:

  • Comprehensive Visibility: Ensures all data sources are
    connected with full attack-surface coverage.

  • Proactive Threat Detection: Utilizes AI/ML, risk-based
    approach, and comprehensive threat intelligence to stop advanced
    attacks.

  • Pervasive Automation: Implements automation across threat
    analysis, containment, response, and recovery actions to increase
    productivity.

  • Unified TDIR: Integrates threat detection, investigation, and
    response for improved efficiency.

Splunk Security Features:

  • Comprehensive Visibility: Provides visibility across all data
    sources.

  • Proactive Threat Detection: Uses AI/ML for early threat
    detection.

  • Pervasive Automation: Implements automation in SOC
    workflows.

  • Unified TDIR: Integrates threat detection, investigation, and
    response.

Splunk AI Assistant Integration:

  • Search Data Using Natural Language: Utilize Splunk AI Assistant
    for data search.

  • Embedding in Workflows: Integrate Splunk AI Assistant into
    security workflows.

  • Modern Worksurface: Provides a unified interface for TDIR
    tasks.

  • Response Templates: Codify processes into templates for
    simplified workflows.

  • Case Management: Easily manage cases within response
    templates.

Evolution of SOC:

The product has evolved over the years to incorporate various
features like Asset Risk Intelligence, Cloud-Based Behavioral
Analytics, Threat Intelligence Management, SOAR, UBA, and more to
enhance security operations.

FAQ:

Q: What are the key features of the Cisco User Group Soc of the

Future?

A: The key features include comprehensive visibility, proactive
threat detection, pervasive automation, AI-guided workflows, and
unified threat detection, investigation, and response
capabilities.

Q: How does Splunk Security contribute to enhancing security

operations?

A: Splunk Security provides comprehensive visibility across data
sources, proactive threat detection using AI/ML, pervasive
automation in SOC workflows, and integrates unified threat
detection, investigation, and response functionalities.

Q: What is the role of Splunk AI Assistant in security

workflows?

A: Splunk AI Assistant helps in natural language data search,
integration into workflows, providing a modern worksurface for TDIR
tasks, creating response templates for simplified workflows, and
enabling easy case management within templates.

Q: How has the SOC evolved over the years with the

product?

A: The SOC has evolved with features like Asset Risk
Intelligence, Cloud-Based Behavioral Analytics, Threat Intelligence
Management, SOAR, UBA, and more to drive innovation in security
operations.

“`

© 2024 SPLUNK INC.
Cisco User Group Soc of the Future
Nathan Smith Head of Security APAC

Nathan Smith Head of Security, APAC
© 2024 SPLUNK INC.

Industry Trends

Major Breaches

Regulatory Compliance

Cyber Crime as a service grows

AI Being Weaponized

As data breaches scale up, organizations and
governments will be forced to spend more money to recover from them
© 2024 SPLUNK INC.

Critical infrastructure regulations , industry specific regulations demand detection & response capabilities.

Cyber Crime is big Business and the entry level is continually being lowered via as a service
models.

Generative AI capability adopted by cybercrime and Deep Fakes becoming
mainstream.

Expanding Attack Surface

Persistent Security Operations Challenges
Source: ESG SOC Trends Report 2023

Siloed Tools, Teams, Data & Workflows

Growing Attack Volumes

Compliance Mandates and Requirements

Talent and Skills Shortage

Key technology shifts in the SOC
Past

Future

Limited visibility across disconnected data sources and relying on ingest only approach hampers ability to identify high-risk threats amidst the digital noise.
Reactive threat detection based on signatures or predefined rules with limited threat intelligence enrichment leading longer attacker dwell times.
Reliance on manual efforts with limited automation for select routine tasks keeping your security team stuck in a reactive mode moving from tool to too.
Lack of AI to help guide SOC workflows providing no relief for an already overworked and overwhelmed security team.
Disjointed threat detection, investigation, and response limiting MTTD and MTTR.

Comprehensive visibility across all data, no matter where located with context for full attack-surface coverage with no “weak” signals missed.
Proactive threat detection using AI/ML, risk based approach, and comprehensive threat intelligence stopping advanced attacks and slashing dwell times.
Pervasive automation across threat analysis, containment, response and recovery actions increasing security team’s productivity and efficiency.
AI guided SOC workflows to help increase efficiency and effectiveness of the security team
Unified threat detection, investigation, and response dramatically improving MTTD and MTTR.

© 2024 SPLUNK INC.

of the Future
Unified Threat Detection, Investigation and Response at the Core.
© 2024 SPLUNK INC. | Splunk Confidential and Internal – Do Not Distribute

Delivering the essential capabilities

SOC of the Future

Splunk Security Delivers

Comprehensive Visibility Proactive Threat Detection
Pervasive Automation AI guided SOC workflows
Unified TDIR

Ingest and normalize any data at scale Federated search and analytics to access data from anywhere Open Cybersecurity Schema Framework open standard 1,500+ curated detections crafted by Splunk Threat Research Behavioral Analytics to detect unknown threats and anomalies MLTK to build custom ML solutions for any use case Risk based alerting to tackle alert fatigue Integrated Threat Intelligence Enrichment Automated Threat Analysis for decisive action and rapid response Powerful SOAR to increase speed of investigation and response Automate efficiently using pre-built playbooks and integrations
Splunk AI Assistant to search for data using natural language Embed Splunk AI Assistant for security into workflows
Single, modern worksurface to unify TDIR Codify processes into response templates to simplify workflows Easy case management within your response templates

© 2024 SPLUNK INC.

Building on SIEM to drive continued innovation to evolve the SOC
2009 2015 2016 2017 2018 2019 2020 2021

Asset Risk Intelligence Mission Control
Cloud-Based Behavioral Analytics Attack Analyzer
Open Cybersecurity Schema Framework Threat Intelligence Management SURGe
Risk Based Alerting in Enterprise Security SOAR
Security Content & Threat Research Team UBA
Enterprise Security
2022 2023 2024 Today

© 2024 SPLUNK INC.

with the leading TDIR solution
*Splunk Asset & Risk Intelligence is
Currently in Preview
© 2024 SPLUNK INC. | Splunk Confidential and Internal – Do Not Distribute

Foundational use cases
Providing the critical capabilities on your resilience journey

Foundational Visibility
See across environments
Data Optimization
Security Monitoring
Incident Management
Asset Discovery & Management
Compliance
Visualization & Reporting

Guided Insights
Detect threats and issues with context
Threat Intelligence Enrichment
Leverage Cybersecurity Frameworks
Risk Based Alerting
AI Assisted Guidance
Anomaly Detection
Threat Hunting

Proactive Response
Get ahead of issues
Automate Threat Analysis
Automate Containment & Response Actions
Orchestrate Response Workflows

Unified Workflows
Collaborate Seamlessly
Automate Complete TDIR Life Cycle
Standardize SOC Processes using Response Templates
Automate Recovery Playbooks
Federate Access & Analytics

Accelerated by Splunk AI
© 2024 SPLUNK INC.

What about AI?

© 2024 SPLUNK INC.

What is AI and Machine Learning?
Artificial Intelligence (AI) – capability of a computer system to mimic human cognitive functions such as learning and problem-solving Machine Learning (ML) – subset of AI that uses mathematical models of data to help a computer learn without direct instruction Deep Learning – subset of AI that uses computationally intense ML models inspired by the “deep” layers of the biological neural network of the human brain to accomplish complex goals like image recognition Example: Self driving car recognizes stop sign Generative AI – subset of AI that involves the use of algorithms and techniques to generate new data, things that have not existed in the world before being created by the models
Example: OpenAI Chat GPT

Artificial

Intelligence (AI)

Machine Learning

(ML) Deep

Learning

(DL) Generative

AI (GenAI)

© 2024 SPLUNK INC.

Recent AI Breakthroughs and Trends

1
Traditional Cognitive
Tasks

2
New and Emerging Capabilities

3
Domain Specific Innovations

Human parity in
image classification (2015, Microsoft) speech recognition (2017, Microsoft) text summarization (2019, Google) translation (2022, OpenAI) reading comprehension (2023, OpenAI)
© 2024 SPLUNK INC.

Generative AI Capabilities
Chat Q&A Summarization Suggestion Code generation Image generation ……

New product categories
ChatBot Security Copilot’s Google Duet AI AI Assistant ……

What’s the benefit to the SOC?

Guidance
Provide guidance to analyst on next steps, lowing the entry level of
knowledge needed to investigate and respond.
© 2024 SPLUNK INC.

Faster Response
Reducing the time need to investigate and increasing the response time in taking actions.

Proactive
AI will help SOC teams prioritise activities and to move from reactive
to proactive activities.

New
Preview in Q1 & GA at .conf Upskill new and advanced Splunk users quickly. Translate bi-directionally between NL and SPL. Receive personalized recommendations.
© 22002244SSPPLLUUNNKKINICN.C. | Splunk Confidential and Internal – Do Not

New
Investigate faster. Answer analyst questions to speed up daily workflows. Save time while addressing threats more rapidly. Access natively within Splunk ES.
© 22002244SSPPLLUUNNKKINICN.C. | Splunk Confidential and Internal – Do Not

Splunk AI Assistant for Security
Accelerate the SOC with GenAI

Incident Summarization

Assisted Troubleshooting

Recommended Response

Detection Engineering

© 2024 SPLUNK INC.

A

world leader in cybersecurity

The only vendor named a leader in SIEM and security analytics by Forrester, Gartner and IDC

© 2024 SPLUNK INC.

5 awards for SIEM and SOAR

Leader Award SIEM and SOAR

A leader in SOAR

Results Driven Activities
Security PVP
Data Source Analysis

Security
Maturity Assessment
Visibility Assessment

Enterprise Security Workshop

Alerts, reports, dashboards

RBA Workshop

© 2024 SPLUNK INC.

UEBA, Threat Intelligence
SOAR, ARI, Attack Analyzer

Mitre Att&ck Zero Trust
Compliance controls
Thresholds, Indicators, Trends, Risks
Anomaly detection, ML, Advanced Threats
Execute Actions across infrastructure

Business Outcomes Improved Security Maturity Reduced Gaps
Avoid Regulators pressure
Reduced Cyber Risk

How to get started

Thank you
© 2024 SPLUNK INC.

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals