Find it with Splunk, Fix it with Resolve: Your Solution for - PowerPoint PPT Presentation

Find it with Splunk, Fix it with Resolve: Your Solution for Enterprise-Wide Incident Response and Resolution

Splunk Users – Across the Enterprise Are you using Splunk Enterprise? Are you using Splunk Enterprise Security? Are you using Splunk ITSI? Resolve Systems integrates and helps no matter which Splunk product(s) you use today.

Incidents Impacting Businesses The ability to respond to incidents and outages is critical to your business This image cannot currently be displayed. This image cannot currently be displayed. AWS: 5hr outage due Salesforce.com: Site JP Morgan: 76 Anthem: 87.6 million Equifax: PII was to human error takes down for 12hrs due million households individual records stolen for 143MM down Netflix, Reddit, to database incident and 7 million SMB’s compromised by people, which took 2 Airbnb and 1000’s of with severe business impacted by breach data theft months to detect more businesses impact Many more high impact outages and breaches across verticals…

End-to-End Incident Management DETECT DIAGNOSE/INVESTIGATE RESOLVE VOLUME OF EVENTS “Balance” Between Detection and Response Network Mostly automated Manual, time consuming, and expensive Systems Analytics/ Event Detection RESOLVED Correlation Validation Diagnose Remediate Machine & Consolidation INCIDENT Security Learning Applications Sensors KEY BUSINESS Increasing resolution time Scarce skilled Supporting growing Risk to reputation and CHALLENGES and cost hurting revenue, DATA & resources number of legal implications customer satisfaction and EVENTS systems/users with more declining budgets

Resolve Systems: Incident Response and Automation DETECT DIAGNOSE/INVESTIGATE RESOLVE VOLUME OF EVENTS Splunk “Finds It” Resolve “Fixes It” Incident Response and Resolution Network Systems Analytics/ Event Detection RESOLVED Correlation Validation Diagnose Remediate Machine & Consolidation INCIDENT Security Learning ORCHESTRATION Applications AUTOMATION KNOWLEDGE Sensors Enterprise Enterprise Security DATA & ITSI EVENTS And other SIEMs, Event Management, Ticketing,, Analytics, etc. Across ALL IT, Network and Security Infrastructure and Systems

Resolve Systems reduces the amount of time that it takes organizations to respond to, diagnose and remediate incidents across IT, Network & Security • Unified process orchestration and automation platform • Fully-automated and unique human-guided automation • Prebuilt integrations, content and playbooks • “No-code,” “drag ‘n drop” automation development tools • Not rip-and-replace; extract significant value from existing investments • Proven success delivering, enabling and supporting the largest and most complex enterprises 17% 30% 90% 5% 70% Improvement in OPEX Reduction in headcount Improvement in MTTR YoY Reduction on Global IT Support Reduction of Incidents Related to Mission on P1 issues Spend Critical Enterprise Application

What problem does Incident Response solve? Unified Incident Response Automation IT and NOC Security Incidents • High Volume of Incidents First Responder Word | Sharepoint | Excel High Volume Ticketing Case Management • Alert Fatigue of False Alarms Tracking • Manual and Adhoc IR Processes • Inadequate Tools Events/Incidents • Poor Security Controls Processes • Manual Triage Analytics Capabilities • Limited Access Tickets/Chats/Calls/Emails Focus on Detection Increases Event Volume • Multiple IT Specialists • Lengthy Time to Resolution IT TEAMS • Minimal Tracking DETECT DETECT DETECT Server Email Firewall Actions/Queries/ Scripts Logs Servers Apps Network DBs Intrusion Endpoint Email Firewall Web Content IT AND SECURITY SYSTEMS AND DEVICES

What problem does Incident Response solve? Unified Incident Response Automation IT and NOC Security Incidents • High Volume of Incidents First Responder Word | Sharepoint | Excel High Volume Ticketing Case Management • Alert Fatigue of False Alarms Tracking • Manual and Adhoc IR Processes • Inadequate Tools Events/Incidents • Poor Security Controls Processes • Manual Triage Analytics Capabilities • Limited Access Tickets/Chats/Calls/Emails Focus on Detection Increases Event Volume • Multiple IT Specialists • Lengthy Time to Resolution IT TEAMS • Minimal Tracking DETECT DETECT DETECT Actions/Queries/ Scripts Logs • Standardized Response Procedures Servers Apps Network DBs Intrusion Endpoint Email Firewall Web Content • Accelerated Incident Response • “Automat-ability” IT AND SECURITY SYSTEMS AND DEVICES • Maximize Effect of Scarce Security Resources

Can all incident types be treated the same? IT Incident Security Incident Types Types Complex Co Increasing Time to Resolve / Resources Ex Extreme Risk Bu Business Credit Card Services, IPTV Service, Data Se Service Exfiltration, Unauthorized Data Access In Inciden ents High Business Impact Service Se Multi-Ve Mu Vector Web-based application services In Inciden ents Attacks At DSL, DDOS, Ransomware Re Resource Intensive Resource Re Tr Triage CPU Load Issues, Link Down Inciden In ents Malware, Phishing Simpl Si ple, Simpl Si ple, Re Repetitive Repetitive Re Password Resets In Inciden ents Inciden In ents Service Restarts

Can all incident types be treated the same? IT Incident Security Incident Types Types • How do you address the other 90-95% of Complex Co Extreme Risk Ex incident types? Business Bu Credit Card Services, IPTV Service, Data Service Se Exfiltration, Unauthorized Data Access Inciden In ents • How can you reduce your Incident 90-95% of Response Time? Service Se Mu Multi-Ve Vector incident Web-based application services Inciden In ents Attacks At types DSL, DDOS, Ransomware • Requires more than just end-to-end Re Resource Intensive automation Re Resource Tr Triage CPU Load Issues, Link Down Inciden In ents Malware, Phishing • Requires process guidance, knowledge Si Simpl ple, Si Simpl ple, 5-10% of Repetitive Re management Re Repetitive Password Resets incident Inciden In ents Inciden In ents Service Restarts types End-to-End Automation End-to-End Automation

Resolve: Key Capabilities Unified Incident Playbooks and Enterprise-Class Process Automat-ability Response Experience Automations Capabilities Orchestration Single pane of glass for Prebuilt processes and Scalable, redundant and Consistent and standards-based Powerful human-guided all Incident Response automations with most available with proven success process guidance, case automation and end-to-end tasks, investigations, processes, common security and IT in the most complex and management, decision trees and automation to automate automation and notes systems and “no code” largest organizations instructions based on NIST SP incrementally and automation design tools 800-61 rev2 pragmatically

Enterprise-Wide Incident Response & Automation Platform IT, Network, Security Infrastructure This image cannot currently be This image cannot currently be This image cannot displayed. This image cannot currently be displayed. currently be displayed.

Get Started With Resolve Fast CONNECTORS AUTOMATION TEMPLATES PLAYBOOKS This image cannot currently be displayed. This image cannot currently be displayed.

Resolve’s Easy to Use Tools for Automation & Orchestration Build within Hours, Deploy within Days Decision Tree Builder Action Task Builder Easily and quickly design and build • Quickly drag and drop • This image cannot currently be displayed. This image cannot currently be displayed. new automated tasks using a questions, answers and content and let Resolve configuration wizard including action and assessment creation quickly generate your Game changing intelligent parsing guided procedures • Use the same wizards to modify • and reuse existing tasks Page Builder Automation Designer Quickly build and test new • This image cannot currently be displayed. This image cannot currently be displayed. • Build powerful resolution processes using drag and drop dashboards using a fully- and input/output configuration featured page builder interface • Combine the higher level process and lower level task views in one pane Drag and drop new integrated • sessions into your process