© 2017 SPLUNK INC. Splunk @ ABN AMRO Floris Ladan | Sr. Security Analyst | ABN AMRO Bank N.V.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
© 2017 SPLUNK INC.
Splunk @ ABN AMRO
Floris Ladan | Sr. Security Analyst | ABN AMRO Bank N.V.
© 2017 SPLUNK INC.
▶ Background to ABN AMRO▶ Our Security Operations Center▶ What we are facing▶ How we work▶ What’s next
Agenda
© 2017 SPLUNK INC.
Background to ABN AMRO• Leading Bank in NL• 5Mln Retail and 300k Business Customers• Operational Income last year 8.5 Bln Euro
© 2017 SPLUNK INC.
Who am I?
© 2017 SPLUNK INC.
The Security Operations Center in ABN AMRO
▶ ECS • Transactions and electronic channels
▶ SOC• IT security and operational security
▶ SIM • Business process fraud and malicious
insiders
Corporate information Security Office (CISO)
© 2017 SPLUNK INC.
But what are we facing?
© 2017 SPLUNK INC.
The Usual Suspects
© 2017 SPLUNK INC.
The Professional
© 2017 SPLUNK INC.
The Nation-State
© 2017 SPLUNK INC.
The Hacktivist
© 2017 SPLUNK INC.
So what did we start with?A SOC grasping for data
© 2017 SPLUNK INC.
Our first Splunk Setup:“200 Gb/day ought to be enough for anybody”
© 2017 SPLUNK INC.
Use-Case 1Drowning in Phishing mails
© 2017 SPLUNK INC.
14
Use-Case 2(D)DoS attack detection
© 2017 SPLUNK INC.
15
Use-Case 3Detecting the unknown Malware dialing home
© 2017 SPLUNK INC.
Bonus Use-caseSo how is my SOC doing?
© 2017 SPLUNK INC.
TheRoadAheadAutomatedTriageNextgenerationSecurityOperationsCenter
© 2017 SPLUNK INC.
1. The threats facing your organisation are susceptible to change, prepare to change with them.
2. People love Splunk, prepare your infrastructure (and datamodels) for growth.
3. Splunk yourself!
Key Takeaways
© 2017 SPLUNK INC.
“Never attribute to malice that which is adequately explained by stupidity”— Robert Hanlon
© 2017 SPLUNK INC.© 2017 SPLUNK INC.
THANK YOU
Related Documents
