SlideShare a Scribd company logo

How security analytics helps UCAS protect 700,000 student applications

Splunk
Splunk

For two weeks a year, UCAS, the UK’s Universities and Colleges Admissions Service, is seen as a critical national service, during which 700,000 students rely on the service to find and secure university placements. If UCAS fails, students won’t get their places confirmed on time and universities won’t fill the spaces they need to. Personal data flows from the point of student application, through UCAS, to the universities. Protecting this data is paramount. Join this webinar to learn how the UCAS uses Splunk Enterprise Security running on Splunk Cloud to gain real-time end-to-end visibility and reporting across various technology stacks, both on premise and across their AWS environment, and why an analytics-driven approach can enable you to identify anomalies that could indicate potential compromise. Find out how Splunk helps UCAS: · Gain centralised visibility into their Security Operations Center (SOC) · Use incident investigation to prove-negative for breach notification obligation under the Data Protection Act 1988 (soon to be GDPR) · Proactively detect security risks beyond malware

Technology
1 of 27
© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC. How security analytics helps UCAS protect 700,000 student applications Neil Bell, Security Assurance Manager, UCAS Tom Gromski, Technology Relationship Manager, UCAS Haiyan Song, SVP and GM, Security Markets, Splunk
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Spelunking: to explore underground caves Splunk’s Mission:
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Analytics-Driven Security RISK-BASED CONTEXT AND INTELLIGENCE CONNECTING DATA AND PEOPLE
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Security Nerve Center WAF & App Security Orchestration Network Threat Intelligence Cloud Security Identity and Access Firewall Web Proxy Endpoints
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Adaptive Response Initiative Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall Mission: Deeper integrations across the best security technologies to help combat advanced attacks together. Approach: Gather / analyze, share, take action based on end-to-end context, across security domains
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Security at the Universities and Colleges Admissions Service (UCAS) Neil Bell, Security Assurance Manager, UCAS Tom Gromski, Technology Relationship Manager, UCAS
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Getting to know us a little The world’s only national centralised organisation processing applications to higher education. An intermediary in an ever changing multi-£billion market.
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Our customer(s) Circa 800,000 applicants Circa 600,000 placed 4 million applications, in over 6,000 registered centres, to 388universities & colleges & 1200 schools. This includes UK & international schools, agents and advisers from over 100 countries.
© 2017 SPLUNK INC.© 2017 SPLUNK INC. “Who has used UCAS/has kids who have used UCAS in the room?”
© 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ Protecting circa 800k Student Records (across multiple schemes) and ensuring availability of our services throughout the year including during our peak periods of activity ▶ Data flows from applications to universities and back ▶ Maintaining service levels throughout the year but with specific focus during August ▶ “UCAS provides important core services throughout the year, but for two weeks during August the reliance on our services is significantly increased - we are a crucial part of the process of ensuring applicants obtain their University offers. If we fail circa 700k+ Undergraduate students don’t get their places confirmed on time (during an already stressful period) and universities don’t fill the spaces they need to.” Our priorities in IT
© 2017 SPLUNK INC.© 2017 SPLUNK INC. National News at UCAS on results day
© 2017 SPLUNK INC.© 2017 SPLUNK INC. BBC Live from UCAS on results day
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Our Challenges
© 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ Exam results: Time sensitive (embargoed) data ▶ Students: UCAS.com and TRACK.UCAS.com over 4000 hits/s ▶ Providers: 388 providers wanting the latest view of their applicants ▶ Detect issues before they become a ‘real’ problem ▶ We can only do this using a single analytics driven view Our Challenges - The ‘live’ view
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Our Challenges - The ‘live’ view
© 2017 SPLUNK INC.© 2017 SPLUNK INC. • AV endpoint reporting – Vulnerability scan data – Web filtering – mail filtering – Domain – DNS • File system auditing, Database auditing, Web access logging • 98 web application services • Sophos Endpoint incl. PUA detection • Cisco ASAs, Firepower, Cisco ISE, Palo Alto • Amazon Web Services monitoring via the app • And much much more… What goes into Splunk? Monitoring Alerts Data
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Centralized Visibility in our SOC Detecting Security Risks beyond Malware Incident Investigation to prove-negative for breach notification obligation What do we do with Splunk’s Security Platform Insights in three use cases
© 2017 SPLUNK INC.© 2017 SPLUNK INC. With Splunk Enterprise Security in the Cloud Centralized Visibility in our SOC
© 2017 SPLUNK INC.© 2017 SPLUNK INC. With Splunk Enterprise Security in the Cloud Centralized Visibility in our SOC
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Automation of reporting Detecting Security Risks beyond Malware Need: • Monitoring of file auditing to detect if unauthorized users are making changes or access data that is treated under NDA and a timed embargo Solution: • Enabled windows auditing and data onboarding within a day • Event enrichment through a list of authorised users • Automated alerting
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Automation Detecting Security Risks beyond Malware Need: • Monitoring newly created domain users Solution: • On boarded data within a day • Created a dashboard • Splunk Cloud sends us every day a report to review
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Protecting Privacy Incident Investigation to prove- negative Compliance Regulation: We are processing personal information from students around the world and need to comply with the Data Protection Act 1988 (shortly EU-GDPR) If personal data is lost or ends up in the wrong hands, we have the obligation to report publicly
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Protecting the Privacy Incident Investigation to prove- negative Situation: Security Incident which looked like a breach of the DPA Solution: Incident Investigation with Splunk • Analysing log data from all our databases • „Connecting the dots“ • Found out it was a false report of loss that we could prove didn‘t happen - no data was disclosed. • We showed that others were wrong. Result: • No statutory reporting needed • Stronger reporting position • Increased trust in the platform and my team
© 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ We have been going about a year, but… ▶ It can be technically done in less than 5 Weeks ▶ We have a ‘Splunk Champion’ in every business area that uses it ▶ Put as much in as you can to get the best out ▶ Operate • IT core technology partner (Including SOC service) • Splunk Cloud and Splunk Enterprise Security are key to the deliverables • Splunk is listed as our strategic logging and SIEM product What does it take to establish and build this?
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Let it Grow ▶ Define a few use cases first to get it off the ground • Security • Operational • ITSM ▶ Expose the application to as many areas within your business as you can ▶ Being able to explore and ask any question of your data – that’s where you can go! ▶ Analytics of machine data allows us to take decisions based on actual facts rather then „feelings“ Lessons Learned Building security analytics capabilities
© 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ We know what we can do with Splunk ▶ We honor the flexibility and speed how we can address issues and solve them through a analytics approach ▶ Next on our list: • Detecting Account Take over on our platform • Logging of more transactions, middleware (Mulesoft ESB integration) • ISO27001 and CIS 20 controls reporting • ServiceNow integration • Deploying Cisco ISE and feeding into Splunk • Potential to use Splunk for IT health monitoring Our future Plans
© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You Q&A

Recommended

A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France Splunk
 
A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany Splunk
 
Splunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk
 
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachA Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachSplunk
 
Partner Day - France - 25 October 2017
Partner Day - France - 25 October 2017Partner Day - France - 25 October 2017
Partner Day - France - 25 October 2017Splunk
 
Machine Learning für Event Management
Machine Learning für Event ManagementMachine Learning für Event Management
Machine Learning für Event ManagementSplunk
 
Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Splunk
 

Recommended

A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France Splunk
 
A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany Splunk
 
Splunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk Discovery Dusseldorf: September 2017 - IT Ops Session
Splunk Discovery Dusseldorf: September 2017 - IT Ops SessionSplunk
 
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachA Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachSplunk
 
Partner Day - France - 25 October 2017
Partner Day - France - 25 October 2017Partner Day - France - 25 October 2017
Partner Day - France - 25 October 2017Splunk
 
Machine Learning für Event Management
Machine Learning für Event ManagementMachine Learning für Event Management
Machine Learning für Event ManagementSplunk
 
Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk Discovery Brussels - September 2017
Splunk Discovery Brussels - September 2017Splunk
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Splunk
 
Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
Rage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementRage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementSplunk
 
Analytics-Driven Security - How to Start and Continue the Journey
Analytics-Driven Security - How to Start and Continue the JourneyAnalytics-Driven Security - How to Start and Continue the Journey
Analytics-Driven Security - How to Start and Continue the JourneySplunk
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Splunk
 
The Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopThe Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopSplunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
Threat Hunting with Deceptive Defense and Splunk Enterprise Security
Threat Hunting with Deceptive Defense and Splunk Enterprise SecurityThreat Hunting with Deceptive Defense and Splunk Enterprise Security
Threat Hunting with Deceptive Defense and Splunk Enterprise SecuritySatnam Singh
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPLSplunk
 
SplunkLive! Paris 2017: Plenary Session - Splunk Overview
SplunkLive! Paris 2017: Plenary Session - Splunk OverviewSplunkLive! Paris 2017: Plenary Session - Splunk Overview
SplunkLive! Paris 2017: Plenary Session - Splunk OverviewSplunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - AI Ops
Splunk Forum Frankfurt - 15th Nov 2017 - AI OpsSplunk Forum Frankfurt - 15th Nov 2017 - AI Ops
Splunk Forum Frankfurt - 15th Nov 2017 - AI OpsSplunk
 
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceSplunk
 
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocRene Aguero
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 

More Related Content

What's hot

Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
Rage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementRage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementSplunk
 
Analytics-Driven Security - How to Start and Continue the Journey
Analytics-Driven Security - How to Start and Continue the JourneyAnalytics-Driven Security - How to Start and Continue the Journey
Analytics-Driven Security - How to Start and Continue the JourneySplunk
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Splunk
 
The Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopThe Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopSplunk
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...Splunk
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
Threat Hunting with Deceptive Defense and Splunk Enterprise Security
Threat Hunting with Deceptive Defense and Splunk Enterprise SecurityThreat Hunting with Deceptive Defense and Splunk Enterprise Security
Threat Hunting with Deceptive Defense and Splunk Enterprise SecuritySatnam Singh
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPLSplunk
 
SplunkLive! Paris 2017: Plenary Session - Splunk Overview
SplunkLive! Paris 2017: Plenary Session - Splunk OverviewSplunkLive! Paris 2017: Plenary Session - Splunk Overview
SplunkLive! Paris 2017: Plenary Session - Splunk OverviewSplunk
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - AI Ops
Splunk Forum Frankfurt - 15th Nov 2017 - AI OpsSplunk Forum Frankfurt - 15th Nov 2017 - AI Ops
Splunk Forum Frankfurt - 15th Nov 2017 - AI OpsSplunk
 
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...Splunk
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunk
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceSplunk
 

What's hot (20)

Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17Splunk Discovery Day Milwaukee 9-14-17
Splunk Discovery Day Milwaukee 9-14-17
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
 
Rage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event ManagementRage WITH the machine, not against it: Machine learning for Event Management
Rage WITH the machine, not against it: Machine learning for Event Management
 
Analytics-Driven Security - How to Start and Continue the Journey
Analytics-Driven Security - How to Start and Continue the JourneyAnalytics-Driven Security - How to Start and Continue the Journey
Analytics-Driven Security - How to Start and Continue the Journey
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017
 
The Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence WorkshopThe Hitchhiker's Guide to Service Intelligence Workshop
The Hitchhiker's Guide to Service Intelligence Workshop
 
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
SplunkLive! London 2017 - An End-To-End Approach: Detect via Behavious and Re...
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
 
Threat Hunting with Deceptive Defense and Splunk Enterprise Security
Threat Hunting with Deceptive Defense and Splunk Enterprise SecurityThreat Hunting with Deceptive Defense and Splunk Enterprise Security
Threat Hunting with Deceptive Defense and Splunk Enterprise Security
 
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkReactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk
 
The Power of SPL
The Power of SPLThe Power of SPL
The Power of SPL
 
SplunkLive! Paris 2017: Plenary Session - Splunk Overview
SplunkLive! Paris 2017: Plenary Session - Splunk OverviewSplunkLive! Paris 2017: Plenary Session - Splunk Overview
SplunkLive! Paris 2017: Plenary Session - Splunk Overview
 
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk EnterpriseSplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
SplunkLive! Zurich 2017 - Getting Started with Splunk Enterprise
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 UpdateSplunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
 
Splunk Forum Frankfurt - 15th Nov 2017 - AI Ops
Splunk Forum Frankfurt - 15th Nov 2017 - AI OpsSplunk Forum Frankfurt - 15th Nov 2017 - AI Ops
Splunk Forum Frankfurt - 15th Nov 2017 - AI Ops
 
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! Zurich 2017 - Build a Security Portfolio That Strengthens Your Se...
 
SplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk OverviewSplunkLive! London 2017 - Splunk Overview
SplunkLive! London 2017 - Splunk Overview
 
The Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service IntelligenceThe Hitchhiker's Guide to Service Intelligence
The Hitchhiker's Guide to Service Intelligence
 

Similar to How security analytics helps UCAS protect 700,000 student applications

Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocRene Aguero
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...Splunk
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarSplunk
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT1
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT1Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT1
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT1Splunk
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunk
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunk
 
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessSplunk
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Adam Tice
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunk
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...Splunk
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsSplunk
 
SplunkLive! London 2017 - Getting Started with Splunk IT Service Intelligence
SplunkLive! London 2017 - Getting Started with Splunk IT Service IntelligenceSplunkLive! London 2017 - Getting Started with Splunk IT Service Intelligence
SplunkLive! London 2017 - Getting Started with Splunk IT Service IntelligenceSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for SplunkMickey Perre
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsSplunk
 
SplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk
 

Similar to How security analytics helps UCAS protect 700,000 student applications (20)

Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensocSplunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
 
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT1
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT1Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT1
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT1
 
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
 
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine LearningSplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
SplunkLive! Zurich 2017 - Advanced Analytics / Machine Learning
 
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AISplunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
Splunk Discovery: Milan 2018 - Get More From Your Machine Data with Splunk AI
 
How a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the BusinessHow a Leading Saudi Bank Matured Security to Better Partner the Business
How a Leading Saudi Bank Matured Security to Better Partner the Business
 
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
 
SplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunkLive! London 2017 - Happy Apps, Happy Users
SplunkLive! London 2017 - Happy Apps, Happy Users
 
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...
 
Learn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security OperationsLearn how to use an Analytics-Driven SIEM for your Security Operations
Learn how to use an Analytics-Driven SIEM for your Security Operations
 
SplunkLive! London 2017 - Getting Started with Splunk IT Service Intelligence
SplunkLive! London 2017 - Getting Started with Splunk IT Service IntelligenceSplunkLive! London 2017 - Getting Started with Splunk IT Service Intelligence
SplunkLive! London 2017 - Getting Started with Splunk IT Service Intelligence
 
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat HuntingSplunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting
 
Essential 8 App for Splunk
Essential 8 App for SplunkEssential 8 App for Splunk
Essential 8 App for Splunk
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
 
SplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by Splunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with SplunkSplunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

How security analytics helps UCAS protect 700,000 student applications

  • 1. © 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC. How security analytics helps UCAS protect 700,000 student applications Neil Bell, Security Assurance Manager, UCAS Tom Gromski, Technology Relationship Manager, UCAS Haiyan Song, SVP and GM, Security Markets, Splunk
  • 2. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Spelunking: to explore underground caves Splunk’s Mission:
  • 3. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Analytics-Driven Security RISK-BASED CONTEXT AND INTELLIGENCE CONNECTING DATA AND PEOPLE
  • 4. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Security Nerve Center WAF & App Security Orchestration Network Threat Intelligence Cloud Security Identity and Access Firewall Web Proxy Endpoints
  • 5. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Adaptive Response Initiative Identity and Access Internal Network Security Endpoints OrchestrationWAF & App Security Threat Intelligence Network Web Proxy Firewall Mission: Deeper integrations across the best security technologies to help combat advanced attacks together. Approach: Gather / analyze, share, take action based on end-to-end context, across security domains
  • 6. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Security at the Universities and Colleges Admissions Service (UCAS) Neil Bell, Security Assurance Manager, UCAS Tom Gromski, Technology Relationship Manager, UCAS
  • 7. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Getting to know us a little The world’s only national centralised organisation processing applications to higher education. An intermediary in an ever changing multi-£billion market.
  • 8. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Our customer(s) Circa 800,000 applicants Circa 600,000 placed 4 million applications, in over 6,000 registered centres, to 388universities & colleges & 1200 schools. This includes UK & international schools, agents and advisers from over 100 countries.
  • 9. © 2017 SPLUNK INC.© 2017 SPLUNK INC. “Who has used UCAS/has kids who have used UCAS in the room?”
  • 10. © 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ Protecting circa 800k Student Records (across multiple schemes) and ensuring availability of our services throughout the year including during our peak periods of activity ▶ Data flows from applications to universities and back ▶ Maintaining service levels throughout the year but with specific focus during August ▶ “UCAS provides important core services throughout the year, but for two weeks during August the reliance on our services is significantly increased - we are a crucial part of the process of ensuring applicants obtain their University offers. If we fail circa 700k+ Undergraduate students don’t get their places confirmed on time (during an already stressful period) and universities don’t fill the spaces they need to.” Our priorities in IT
  • 11. © 2017 SPLUNK INC.© 2017 SPLUNK INC. National News at UCAS on results day
  • 12. © 2017 SPLUNK INC.© 2017 SPLUNK INC. BBC Live from UCAS on results day
  • 13. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Our Challenges
  • 14. © 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ Exam results: Time sensitive (embargoed) data ▶ Students: UCAS.com and TRACK.UCAS.com over 4000 hits/s ▶ Providers: 388 providers wanting the latest view of their applicants ▶ Detect issues before they become a ‘real’ problem ▶ We can only do this using a single analytics driven view Our Challenges - The ‘live’ view
  • 15. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Our Challenges - The ‘live’ view
  • 16. © 2017 SPLUNK INC.© 2017 SPLUNK INC. • AV endpoint reporting – Vulnerability scan data – Web filtering – mail filtering – Domain – DNS • File system auditing, Database auditing, Web access logging • 98 web application services • Sophos Endpoint incl. PUA detection • Cisco ASAs, Firepower, Cisco ISE, Palo Alto • Amazon Web Services monitoring via the app • And much much more… What goes into Splunk? Monitoring Alerts Data
  • 17. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Centralized Visibility in our SOC Detecting Security Risks beyond Malware Incident Investigation to prove-negative for breach notification obligation What do we do with Splunk’s Security Platform Insights in three use cases
  • 18. © 2017 SPLUNK INC.© 2017 SPLUNK INC. With Splunk Enterprise Security in the Cloud Centralized Visibility in our SOC
  • 19. © 2017 SPLUNK INC.© 2017 SPLUNK INC. With Splunk Enterprise Security in the Cloud Centralized Visibility in our SOC
  • 20. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Automation of reporting Detecting Security Risks beyond Malware Need: • Monitoring of file auditing to detect if unauthorized users are making changes or access data that is treated under NDA and a timed embargo Solution: • Enabled windows auditing and data onboarding within a day • Event enrichment through a list of authorised users • Automated alerting
  • 21. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Automation Detecting Security Risks beyond Malware Need: • Monitoring newly created domain users Solution: • On boarded data within a day • Created a dashboard • Splunk Cloud sends us every day a report to review
  • 22. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Protecting Privacy Incident Investigation to prove- negative Compliance Regulation: We are processing personal information from students around the world and need to comply with the Data Protection Act 1988 (shortly EU-GDPR) If personal data is lost or ends up in the wrong hands, we have the obligation to report publicly
  • 23. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Protecting the Privacy Incident Investigation to prove- negative Situation: Security Incident which looked like a breach of the DPA Solution: Incident Investigation with Splunk • Analysing log data from all our databases • „Connecting the dots“ • Found out it was a false report of loss that we could prove didn‘t happen - no data was disclosed. • We showed that others were wrong. Result: • No statutory reporting needed • Stronger reporting position • Increased trust in the platform and my team
  • 24. © 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ We have been going about a year, but… ▶ It can be technically done in less than 5 Weeks ▶ We have a ‘Splunk Champion’ in every business area that uses it ▶ Put as much in as you can to get the best out ▶ Operate • IT core technology partner (Including SOC service) • Splunk Cloud and Splunk Enterprise Security are key to the deliverables • Splunk is listed as our strategic logging and SIEM product What does it take to establish and build this?
  • 25. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Let it Grow ▶ Define a few use cases first to get it off the ground • Security • Operational • ITSM ▶ Expose the application to as many areas within your business as you can ▶ Being able to explore and ask any question of your data – that’s where you can go! ▶ Analytics of machine data allows us to take decisions based on actual facts rather then „feelings“ Lessons Learned Building security analytics capabilities
  • 26. © 2017 SPLUNK INC.© 2017 SPLUNK INC. ▶ We know what we can do with Splunk ▶ We honor the flexibility and speed how we can address issues and solve them through a analytics approach ▶ Next on our list: • Detecting Account Take over on our platform • Logging of more transactions, middleware (Mulesoft ESB integration) • ISO27001 and CIS 20 controls reporting • ServiceNow integration • Deploying Cisco ISE and feeding into Splunk • Potential to use Splunk for IT health monitoring Our future Plans
  • 27. © 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You Q&A

Editor's Notes

  1. ---need to understand holistic; need to coordinate and work well with all elements; coordinate all parts of the body as the example --customer wants security operations to be smart, intelligence, nimble and to detect and remediate fast We are the nerve center for your SOC/command center A nerve center approach saves time and makes the overall solution more effective; this is why channel partners and SI s want to sell the nerve center Most commonly seen technologies security technologies are integrated so range of human and system task can be automated – this provides operational intelligence and maturity; we are the GLUE Our partnerships and levels of integration are constantly growing-–which means the data coming in is increasing This is an example of some of the partners in our ecosystem across key elements of the security stack
  2. Our security solution grows stronger as the ecosystem we build around us grows and flourishes, so we are focused on bringing value to customers and partners through deeper integrations. To do this, and to bring to life the role of the security nerve center, we’ve built out an initiative called Adaptive Response. Adaptive Response helps allows customers and partners to build bi-directional integration across security vendors for greater context to help analysts speed investigations, and make informed decisions on how to remediate, and automate and orchestrate remediation steps, in some cases. You’ll see here several of the partners in our ecosystem across key elements of the security stack who are participating in the adaptive response initiative. Not only are we expanding across security technologies, but we are also focused on diving deeper with key integrations (PAN, Symantec, Proofpoint, Forescout – as we know these are most valuable to our customers When we launched Adaptive Response, we were blown away by engaging 20+ partners in just the first few months Now there are nearly 30 partners representing 60 actions.
  3. A perfect storm Can you imagine trying to filter right from wrong using 100s of disparate log and system sources with the worlds press on site and your CEO being interviewed live on the News