The future of security lies in using data for behavioral analysis of both people and systems. How else do we determine what's normal from what's not? To do so, security teams must apply big data solutions and thinking to level the playing field between attacker and defender.
This approach gives the security analyst the flexibility to monitor known threats detected by traditional security data sources and make any other sources of data relevant in finding unknown threats using normative statistical analysis.
The common purpose of advanced threat malware is to communicate to external locations its health, facilitate command and control, and collect and send valuable data to the attacker. Often the attacker will use web-based protocols in the hopes of hiding their traffic in terabytes of web proxy data.
This is where it is important to know what is normal behavior and what is not. Separating ordinary user traffic from malicious communications requires applying statistical analysis models to HTTP communications. The security analyst needs to be able to set an appropriate profile for abnormal types and levels of HTTP activity that could be evidence of malicious software inside the perimeter.
During the presentation, attendees will get an exclusive look at Splunk's built-in statistical modeling capabilities and how they can be used to detect and visualize advanced threats. In this session, thought-leaders will discuss "big data thinking," which can help security leaders show business leaders the value of new security strategies and solutions.
Senior Director of Security and Compliance Solutions, Splunk
Seward is currently the Senior Director of Security and Compliance Solutions Marketing at Splunk. He has over 10 years of experience in the IT security management profession as a security practitioner and product manager with experience in log management and vulnerability management. Seward has a Master of Sciences in IT and a Federal CIO certification from the University of Maryland.