SIEM: a Keystone to Detection & Response

14th of March 2019 - 09.00

Harnessing the full security potential of Splunk

Join us for an educational day at Tivoli Hotel on the 14th of March if you intend to, or already have implemented Splunk. 

At NCC Group, we always encourage our clients to build an understanding of what is actually required to extract true value from a SIEM solution. Simply buying a SIEM is not enough – organisations need help to be able to define their requirements and understand how a SIEM can truly enhance their detection and response capabilities. 
This complimentary event will show you how you can get the full security potential out of Splunk.

Register by writing your name, job title and company name to events@fortconsult.net.

Harnessing the full potential of Splunk


8:30-9:00 - Breakfast 

9:00-9:10 - Introduction & Welcome

9:10-9:30 - Evolving your approach to security
Graham McElroy, CTO - Security Network Operations Centres, NCC Group

As the cyber threat landscape rapidly evolves and new vulnerabilities are discovered at an increasing rate, securing your network perimeter becomes a challenge for organisations. To address these challenges, organisations need to evolve their security monitoring processes and improve not only prevention but also detection and response. This talk will explain how Splunk is utilised to dramatically improve your Detection and Response capabilities, thus improving your cyber resilience.

9:35-10:05 - Machine Learning (ML) and the future of security detection
Shashank Raina, Senior Splunk Consultant, NCC Group

An introduction to the professional service offerings provided by NCC Group in relation to SIEM technologies. This talk will give you a forward look and high-level overview on Machine Learning and how analysing ’normal’ user behaviour can provide vital insights and capabilities for information security staff to become alerted to abnormal behaviour, when a potential threat or vulnerability is detected.

  • Service Offerings: Break-fix / Consultancy Services / Technology Enhancement and Tuning / SIEM Replacement
  • Introduction to Machine Learning: Analysing user behviour and detecting insider threats / Practical approaches to Machine Learning ourside of typical Cyber Security

10:10-10:40 - NCC Group Managed SIEM
Graham McElroy, CTO - Security Network Operations Centres, NCC Group

NCC Group’s Managed SIEM service uses the power of the Splunk platform to deliver an advanced SIEM service using our proprietary Managed Detection Engine (MDE). The MDE is a combination of advanced detection logic, dynamic use-cases and NCC Group curated Threat Intelligence, which is applied to the Splunk platform to provide real security insights and value. Managed SIEM services are managed by our security analysts in the NCC Group Security Operations Centre (SOC) on a 24-hours-a-day, 365-days-a-year basis, giving our clients round-the-clock assurance and expertise.

10:40-10:55 - Break

10:55-11:35 - Preparing your SOC for Security Orchestration, Automation, and Re- sponse
Morten Bonde, Senior Sales Engineer, Splunk

For as long as enterprise and government SOCs have existed, they have been trying to solve the following pains:

  • Security staff productivity / Security staff shortage
  • Reducing mean time to respond, contain and remediate
  • Reducing unnecessary, routine and burdensome work for the analysts
  • Improving alert triage quality / Improving detection capabilities
  • Improving control assurance, security operations process documentation and evidence management

In the last 3-4 years, a number of technologies have matured enough to finally make it possible to address these pains:

  • Increased availability of APIs for integration of security tools
  • Security-focused scripting languages and the new role in security: the security developer
  • Data enrichment services for automating alert and incident triage and investigation
  • The rise of DevSecOps - Security’s response to IT automation

This talk will be an introduction to the Security Orchestration, Automation, and Response (SOAR) technology.

11:40-12:15 - Managed Detection & Response (MDR) by NCC Group
Graham McElroy, CTO - Security Network Operations Centres, NCC Group

In the continual struggle to conduct digital business in a safe and secure manner, time is a crucial element in mitigating monetary and reputational consenquences of a security breach. The longer cyber criminals can go undetected, the greater the cost of containment and remediation. Managed Detection and Response bolsters your cyber security maturity and posture by minimising the time to detect cyber threats in your IT environment. MDR helps you take immediate action to contain and remediate threats, thus reducing the impact of a security breach.

12:15-13:15 Lunch

Our Splunk consultants will be available for 1-on-1 sparring sessions after lunch. Please get in touch with your contact at FortConsult to book a time slot.