Welcome to Tomorrow ... Today

Download Welcome to Tomorrow ... Today

Post on 14-Feb-2017

213 views

Category:

Documents

1 download

TRANSCRIPT

Copyright2016Splunk Inc.TimLeeCISO,CityofLAErnieWelchSalesEngineer,SplunkWelcometoTomorrow...TodayTheneedandbenefitofmergingofITandSecurityintoday'severconnectedworldofsecurityandITDisclaimer2Duringthecourseofthispresentation,wemaymakeforwardlookingstatementsregardingfutureeventsortheexpectedperformanceofthecompany.Wecautionyouthatsuchstatementsreflectourcurrentexpectationsandestimatesbasedonfactorscurrentlyknowntousandthatactualeventsorresultscoulddiffermaterially.Forimportantfactorsthatmaycauseactualresultstodifferfromthosecontainedinourforward-lookingstatements,pleasereviewourfilingswiththeSEC.Theforward-lookingstatementsmadeinthethispresentationarebeingmadeasofthetimeanddateofitslivepresentation.Ifreviewedafteritslivepresentation,thispresentationmaynotcontaincurrentoraccurateinformation.Wedonotassumeanyobligationtoupdateanyforwardlookingstatementswemaymake.Inaddition,anyinformationaboutourroadmapoutlinesourgeneralproductdirectionandissubjecttochangeatanytimewithoutnotice.Itisforinformationalpurposesonlyandshallnot,beincorporatedintoanycontractorothercommitment.Splunkundertakesnoobligationeithertodevelopthefeaturesorfunctionalitydescribedortoincludeanysuchfeatureorfunctionalityinafuturerelease.CityofLosAngeles2nd largestcityinU.SPopulation:4MillionAnnualvisitors:43Million43departments,35,000FTECriticalInfrastructureSectors3MayorsExecutiveDirectiveonCybersecurityImcreatingthisCyberIntrusionCommandCenter(CICC)sothatwehavea single,focusedteamresponsibleforimplementingenhancedsecurity standardsacrosscitydepartmentsandservingasarapidreaction forcetocyber-attacks,MayorEricGarcetti4ChallengesSiloedSOCs/NOCsDispersedandmassivelogcapturingLackofcentralizedIncidentManagementcapabilitiesNothreatintelligenceanalysisandsharingplatformLimitedSituationAwareness(SA)andsecuritymetricscity-wide5Solution6IntegratedSOCCriticalAssetProtection(CAP)7CriticalAsset8ACriticalAssetisdefinedasanysystem,whetherphysicalorvirtual,sovitaltotheCityofLosAngelesanditscitizens,thattheincapacityordestructionofsuchsystems,ortheunauthorizedaccessand/ordisseminationoftheinformationcontainedtherein,wouldhaveadebilitatingimpactontheCity'ssecurity,economicsecurity,publichealthorsafety,oranycombinationofthosematters.9IDENTIFY Critical Asset Inventory Data sources & security controls Security goals & use casesDETECT Data collection / Logging SIEM/ISOC integration Alert correlation, notification and dashboards PROTECT KPI monitoring . Policy, Standard and Guidelines Threat Intelligence service . Awareness and Training Vulnerability assessment . Penetration testing and Tabletop exercise Data Security / ComplianceRESPOND Incident Response Plan and Notification Procedure (Department, City-wide)RECOVER Critical System Recovery Plan (Service Continuity Plan)CriticalAssetProtectionEnterpriseSecurity10ESandabifurcatedISOCdashboardITServiceIntelligence11Wevedeployed5ofthe43departmentswithinCityofLAWeremodeled38ServicesWevecreated30individualglasstablesWeremonitoring160KPIsWeveenabledMLforanomalydetection/adaptivethresholdsWereusingMulti-KPIAlertingforadvancednotificationsCurrentDeploymentITServiceIntelligence12RoleBasedAccessControlITServiceIntelligence13UsingmultiglasstablesITServiceIntelligence14LeveragingcoredashboardsfromITSIITServiceIntelligence15DeepDivesandOSHostDetailsTomorrowToday16ITSImulti-KPIAlertsandNotableEventsITSI&Security17StartingtotieitalltogetherLessonsLearnedStartgettingeventsintoSplunkASAPEngageBusinessServiceSMEsearly DBServers WebServers AppServersLeverageKPIBaseSearches muchmoreefficientLeverageThresholdtemplates Savestime,buildsstandards18WhatNow?19RelatedbreakoutsessionsandactivitiesTHANKYOU