Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Copyright © 2015 Splunk Inc.
Timothy Lee CISO, City of Los Angeles
Splunk Cloud as a SIEM for Cybersecurity CollaboraFon
Disclaimer
2
During the course of this presentaFon, we may make forward looking statements regarding future events or the expected performance of the company. We cauFon you that such statements reflect our current expectaFons and esFmates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-‐looking statements, please review our filings with the SEC. The forward-‐looking statements made in the this presentaFon are being made as of the Fme and date of its live presentaFon. If reviewed aQer its live presentaFon, this presentaFon may not contain current or accurate informaFon. We do not assume any obligaFon to update any forward looking statements we may make. In addiFon, any informaFon about our roadmap outlines our general product direcFon and is subject to change at any Fme without noFce. It is for informaFonal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligaFon either to develop the features or funcFonality described or to include any such feature or funcFonality in a future release.
City of Los Angeles
! 4 million people, 465 sq mi, 15-‐Council District ! 2nd largest city in the US ! 1.8 million employed ! 42.2 million annual visitors ! 42 departments with 35,000 FTE ! Port of LA, Airport, Water and Power – 3 proprietary departments all managing their own networks
! InformaFon Technology Agency (ITA) manages the rest
Our Challenge ! IT Security Team is understaffed ! Dispersed log capturing capabiliFes
! Minimal use of collaboraFon tools
! Lack of Incident Management pla]orm
! No integrated threat intelligence program
! Limited situaFonal awareness and operaFonal metrics for City as a whole
! Imbalance in response capability
! Growing cyber threats including DDoS & Malware
Mayor’s ExecuFve DirecFve on Cybersecurity
5
! Facilitate the idenFficaFon and invesFgaFon of cyber threats and intrusions against City assets
! Ensure incidents are quickly, properly, and thoroughly invesFgated by the appropriate law enforcement agency
! Facilitate disseminaFon of cybersecurity alerts and informaFon
! Provide uniform governance structure accountable to City leadership
! Coordinate incident response and remediaFon across the City
! Serve as an advisory body to City departments
! Sponsor independent security assessments to reduce security risks
! Ensure awareness of best pracFces
Our SoluFon
6
Integrated Security OperaFons Center Leveraging Splunk Cloud and Splunk Enterprise Security
7
Information Security Physical Security
LAWAPOLADWP
ITA LAPD LAXPD
LAPP DWP
FBI FBI DHS/USSS
MS-ISACThreat Info Services
Internal External
City of LAIntegrated SOC
Situational Awareness Threat Intelligence
City of Los AngelesIntegrated Security Operations Center
COLLECT
COLLABORATE
REPORT
PROMOTE
Integrated Security OperaFons Center
8
Integrated Security OperaFons Center
How Did We Sell It Internally? ! Prepare to answer why you need SIEM and why cloud-‐based
ê Security Audit Report (RecommendaFon and AcFon Plan) ê Compliance Gap Assessment Report ê Security metrics (numbers of intrusion afempts, incidents, outages caused by incidents, top afackers, threat acFvity and trends etc.)
ê Present it from the business risk perspecFve
! Engage others outside of IT to also help sell it ! Provide potenFal risks of not implemenFng SIEM ! Share real-‐world examples of cyber incidents and costs that your audience can
relate to ! Provide source of funding for implementaFon and operaFons ! Align results to organizaFonal goals
9
Example: ExecuFve Dashboards
10
Use Case Example: Top Afackers
11
Use Case Example: Top DesFnaFon By Specific Afacker
12
Use Case Example: Malware Monitoring
13
Lessons Learned ! Conduct SOC readiness assessment before anything else ! Prepare to answer why you need CSOC ! Look for grant opportuniFes ! Pick the right tools and technology ! Be mindful of operaFng costs ! Pick the right contractor ! Pick the right team. Invest in people. ! Cybersecurity collaboraFon and informaFon sharing are essenFal
14
Resources
! Security OperaFon Center Concepts & ImplementaFon – Renaud Bidou
! How to Deploy SIEM Technology – Gartner March 02, 2015
! Using SIEM for Targeted Afack DetecFon – Gartner March 12, 2014
! Top 6 SIEM Use Cases – InfosecinsFtute.com May 15, 2014
15
Q&A
THANK YOU