Documente Academic
Documente Profesional
Documente Cultură
Forward- During the course of this presentation, we may make forward‐looking statements regarding
future events or plans of the company. We caution you that such statements reflect our
Looking current expectations and estimates based on factors currently known to us and that actual
events or results may differ materially. The forward-looking statements made in the this
Statements presentation are being made as of the time and date of its live presentation. If reviewed after
its live presentation, it may not contain current or accurate information. We do not assume
any obligation to update any forward‐looking statements made herein.
In addition, any information about our roadmap outlines our general product direction and is
subject to change at any time without notice. It is for informational purposes only, and shall
not be incorporated into any contract or other commitment. Splunk undertakes no obligation
either to develop the features or functionalities described or to include any such feature or
functionality in a future release.
Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk
Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States
and other countries. All other brand names, product names, or trademarks belong to their
respective owners. © 2019 Splunk Inc. All rights reserved.
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
Agenda
▶ Foundational Elements
▶ The Problem
▶ Recipe For Success
▶ Where We Started
▶ Risk Score Framework
▶ Our Path Forward
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
Foundational Elements
Population 105k
Countries > 70
SIEM Splunk>
Data 12TB
Ingest Per Day
© 2019 SPLUNK INC.
The Problem
Suspicious
Behavior
Witting Data
Targets Exfiltration
Challenge:
Finding Known Bad Problem
Workplace
Coercion Violence /
Suicide
Data
Destruction
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
Probability Escalation
Baselining
Density Review
Trending
Clustering
Analysis
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
▶ Preprocess,
Condense, and Score
• Higher fidelity results
• Minimal resource
utilization
• Greater search
complexity
▶ Anomaly Detection
• Detecting outliers with
‘anomalydetection’
• Continuous updating of
baselines
• Usage of simple
statistics
• Standard Deviation
• Zscore
MLTK Models
Probability Density
(Peer Grouping)
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
▶ Category Identification
▶ Category & Indicator Weighting
▶ Aggregation of Data
▶ Escalation Process & Review
▶ Trending Analysis
Risk Score 74
Output
Multiplier
Categories
Negative Suspicious Foreign Behavior
Data Exfil High Risk
Behavior Comms Travel Anomalies
2 9 3 0 10 6
Detections
Anomaly
Analytics
Atomic Indicators Correlation Detection Baselines
Collection
Summary
Raw Index Datamodel
Index
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
A A A A Risk R
Score R
A A
Index R
A
A
A
L
D
L A
M A A A D
A D
S A
S A
Risk Score
Framework
Detection: Sensitive
email volume sent
externally
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
Risk Score
Framework
Aggregation
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
Top 10 Risk
Scores
Update / Initial
Calibrate Vetting
Security Forward
Partner Security
Review Partner
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
QUESTIONS?
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
EXAMPLE SEARCHES
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
1
2
4
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
5
© 2019 Lockheed Martin Corporation. All rights reserved. © 2019 SPLUNK INC.
Thank
You!