Welcome to Tomorrow ... Today

Download Welcome to Tomorrow ... Today

Post on 14-Feb-2017

213 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • Copyright2016Splunk Inc.

    TimLeeCISO,CityofLA

    ErnieWelchSalesEngineer,Splunk

    WelcometoTomorrow...TodayTheneedandbenefitofmergingofITandSecurityintoday'severconnectedworldofsecurityandIT

  • Disclaimer

    2

    Duringthecourseofthispresentation,wemaymakeforwardlookingstatementsregardingfutureeventsortheexpectedperformanceofthecompany.Wecautionyouthatsuchstatementsreflectourcurrentexpectationsandestimatesbasedonfactorscurrentlyknowntousandthatactualeventsorresultscoulddiffermaterially.Forimportantfactorsthatmaycauseactualresultstodifferfromthose

    containedinourforward-lookingstatements,pleasereviewourfilingswiththeSEC.Theforward-lookingstatementsmadeinthethispresentationarebeingmadeasofthetimeanddateofitslivepresentation.Ifreviewedafteritslivepresentation,thispresentationmaynotcontaincurrentoraccurateinformation.Wedonotassumeanyobligationtoupdateanyforwardlookingstatementswemaymake.Inaddition,anyinformationaboutourroadmapoutlinesourgeneralproductdirectionandissubjecttochangeatanytimewithoutnotice.Itisforinformationalpurposesonlyandshallnot,beincorporatedintoanycontractorothercommitment.Splunkundertakesnoobligationeithertodevelopthefeaturesor

    functionalitydescribedortoincludeanysuchfeatureorfunctionalityinafuturerelease.

  • CityofLosAngeles

    2nd largestcityinU.SPopulation:4MillionAnnualvisitors:43Million43departments,35,000FTECriticalInfrastructureSectors

    3

  • MayorsExecutiveDirectiveonCybersecurity

    ImcreatingthisCyberIntrusionCommandCenter(CICC)sothatwehavea single,focusedteamresponsibleforimplementingenhancedsecurity standardsacrosscitydepartmentsandservingasarapidreaction forcetocyber-attacks,MayorEricGarcetti

    4

  • Challenges

    SiloedSOCs/NOCsDispersedandmassivelogcapturingLackofcentralizedIncidentManagementcapabilitiesNothreatintelligenceanalysisandsharingplatformLimitedSituationAwareness(SA)andsecuritymetricscity-wide

    5

  • Solution

    6

    IntegratedSOCCriticalAssetProtection(CAP)

  • 7

  • CriticalAsset

    8

    ACriticalAssetisdefinedasanysystem,whetherphysicalorvirtual,sovitaltotheCityofLosAngelesanditscitizens,thattheincapacityordestructionofsuchsystems,ortheunauthorizedaccessand/ordisseminationoftheinformationcontainedtherein,wouldhaveadebilitatingimpactontheCity'ssecurity,economicsecurity,publichealthorsafety,oranycombinationofthosematters.

  • 9

    IDENTIFY

    Critical Asset Inventory Data sources & security controls Security goals & use cases

    DETECT

    Data collection / Logging SIEM/ISOC integration Alert correlation, notification and dashboards

    PROTECT

    KPI monitoring . Policy, Standard and Guidelines Threat Intelligence service . Awareness and Training Vulnerability assessment . Penetration testing and Tabletop exercise Data Security / Compliance

    RESPOND Incident Response Plan and Notification Procedure (Department, City-wide)

    RECOVER Critical System Recovery Plan (Service Continuity Plan)Cr

    iticalA

    ssetProtection

  • EnterpriseSecurity

    10

    ESandabifurcatedISOCdashboard

  • ITServiceIntelligence

    11

    Wevedeployed5ofthe43departmentswithinCityofLAWeremodeled38ServicesWevecreated30individualglasstablesWeremonitoring160KPIsWeveenabledMLforanomalydetection/adaptivethresholdsWereusingMulti-KPIAlertingforadvancednotifications

    CurrentDeployment

  • ITServiceIntelligence

    12

    RoleBasedAccessControl

  • ITServiceIntelligence

    13

    Usingmultiglasstables

  • ITServiceIntelligence

    14

    LeveragingcoredashboardsfromITSI

  • ITServiceIntelligence

    15

    DeepDivesandOSHostDetails

  • TomorrowToday

    16

    ITSImulti-KPIAlertsandNotableEvents

  • ITSI&Security

    17

    Startingtotieitalltogether

  • LessonsLearned

    StartgettingeventsintoSplunkASAPEngageBusinessServiceSMEsearly DBServers WebServers AppServers

    LeverageKPIBaseSearches muchmoreefficientLeverageThresholdtemplates Savestime,buildsstandards

    18

  • WhatNow?

    19

    Relatedbreakoutsessionsandactivities

  • THANKYOU