SuriCon 2018 - Beyond Operational Intelligence: Splunk Advanced Analytics
•Anthony G. Tellez•2 min read
Machine LearningSecurityData ScienceSplunkSuricataConference
Prescriptive analytics is often referred to as the "final frontier of analytic capabilities" - many organizations strive to get there and fail. Evolving from reactive to prescriptive is key for organizations to maintain their competitive advantage.
The Analytics Journey
What does the journey to prescriptive analytics look like when organizations embrace an analytics nerve center for security operations?
Advanced Analytics Maturity Model
This session reviews the stages organizations go through on their journey to analytics-driven decision making:
- Descriptive Analytics - What happened?
- Diagnostic Analytics - Why did it happen?
- Predictive Analytics - What will happen?
- Prescriptive Analytics - What should we do about it?
Security-Focused Analytics Evolution
The presentation tailors this journey specifically for security operations, focusing on:
- Utilizing machine learning to respond to security incidents
- Automating remediation workflows
- Building an analytics-driven SOC
- Operationalizing ML models at scale
Key Concepts
From Reactive to Proactive
Moving beyond traditional signature-based detection to:
- Behavioral analytics
- Anomaly detection
- Predictive threat intelligence
- Automated response orchestration
Machine Learning in Security Operations
Practical applications of ML for:
- Threat detection
- Incident prioritization
- Automated triage
- Response automation
- Continuous improvement through feedback loops
Analytics Nerve Center
Building a centralized analytics platform that:
- Ingests data from multiple sources
- Applies ML models continuously
- Generates actionable insights
- Triggers automated responses
- Provides feedback for model improvement
Presentation Materials
Presented at SuriCon 2018