Instant Threat Detections in Splunk & Hybrid Mesh Firewall

Alerts might be everywhere, but context for those alerts is critical for stopping attacks. Security teams often do the manual work of correlating context to alerts to try to respond effectively.

Join us to hear directly from threat researchers on how they are supporting customers with advanced threat research by correlating IPS rules to network telemetry and creating out-of-the-box detections delivered directly to Cisco firewalls.

See how a Cisco Hybrid Mesh Firewall architecture integrates with Splunk analytics to provide:

• Advanced threat insights and detections: Security teams can get insights from global threat intelligence and expert human threat research at a scale only Cisco and Splunk can deliver.  
• Fasterresponses to emerging threats: Out-of-the-box detections automatically convert Snort findings into actionable Splunk alerts withno advanced Splunk expertise required.
• Confidence in your security posture Learn how the combined intelligence from Cisco Talos and Splunk Threat Research helped teams overcome threats, from Salt Typhoon attempts to vulnerabilities like React2Shell.

Speakers:

John Levy is a Security Research Engineering Technical Leader on the Cisco Talos Network Threat Detection and Response Team. Since joining Cisco in 2017, John has researched and developed Snort coverage for thousands of threats to help keep Cisco customers safe from a wide range of attacks. Passionate about staying ahead of adversaries, John specializes in developing and employing novel detection techniques and strategies to protect organizations from the constantly evolving threat landscape.

Nasreddine Bencherchali is a Staff Research Engineering Technical Leader at Cisco. Nasreddine is one of the core maintainers of the Sigma project an avid learner, passionate about Windows Internals, detection engineering and open source. His background includes detection engineering, penetration testing, digital forensic and incident response.