Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

“Detecting Cyber Threats Using Splunk Enterprise(SIEM)”

  • Splunk is a big data platform that simplifies the task of collecting and managing massive volumes of machine generated data and searching for information within it.
  • It is used for business and web analytics, application management, compliance, and security.

Security Infomation and Event Management (SIEM)

SIEM is utilised as an effective tool for the prevention, detection, and response to cyber threats and other anomalies.

INTRODUCTION

A SIEM solution enhances cyber defence by providing complete, real-time visibility throughout an organisation's entire dispersed environment, in addition to historical analysis.

SIEM systems possess the capabilities to gather, consolidate, archive, and correlate events emanating from a supervised infrastructure.

What is Splunk?

LITERATURE REVIEW

What is SPLUNK?

SPLUNK

Headquartered in San Francisco, California, Splunk Inc. offers a Security Operations Suite that encompasses its principal offerings, namely Splunk Enterprise and Splunk Cloud.

Splunk was founded in 2003 by Rob Das and Eric Swan, who aimed to provide a solution to the “information caves” that organizations struggled with. The name Splunk came from the term “spelunking,” which is a term describing the hobby of exploring caves. The co-founders developed the technology to create a search engine that could log files stored within a system’s infrastructure. They aimed to market it in bulk, enabling the technology to be deployed in any use case.

Splunk’s first version launched in 2004 and gradually grew in popularity with organizations, which increasingly purchased enterprise licenses.

Stages 1-3

STAGES 1-3:

Cyber Threat Detection Process Using Splunk Enterprise:

1. DATA COLLECTION

2. DATA NORMALISATION

3. DATA INDEXING

The cyber threat detection process using Splunk Enterprise (SIEM)

Stages 4-6

4. THREAT ANALYSIS

5. INTEGRATION OF THREAT INTELLIGENCE

6. RISK ANALYSIS

Cyber Threat Detection Process Using Splunk Enterprise:

Stages 7-9

STAGES 7-9:

7. ALERTS AND DASHBOARDS

8. INCIDENT RESPONSE

9. FORENSICS AND REPORTING

Cyber Threat Detection Process Using Splunk Enterprise

Users/Beneficiaries of Splunk

Target Users/Beneficiaries of Splunk Enterprise:

Cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurences from information breach

Domain

CYBER

SECURITY

i

THANK YOU!!

Information

Applications

Applications

  • Splunk Enterprise Security offers capabilities to help you monitor and detect events from various network and security devices.
  • Notable capabilities include searches, correlations, dashboards, reports, and alerts on network-based events.

Pros:-

The technology creates analytical reports through interactive charts and graphs, which it can then share with users.

A Splunk log is highly scalable and easy for organizations to implement.

It is able to find useful information within organizations’ data without users having to identify it themselves.

It saves searches and tags that it recognizes as important information, which helps organizations make their systems smarter.

Its dashboard offers an enhanced graphical user interface (GUI) and real-time visibility.

cons:-

Deploying Splunk can become expensive when managing large volumes of data.

Optimizing searches to improve speed can be tricky and impractical.

The tool’s dashboards are not as reliable as other tools such as Tableau.

Open-source tools are constantly aiming to replace Splunk

Screenshots

Learn more about creating dynamic, engaging presentations with Prezi