OnDemand SME Support = Get Your Questions Answered! Get an iPad mini, Surface Go 2, of $300 Off Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

What Works in Situational Awareness and Visibility: Reducing Time to Detect and Enhancing Business Outcomes with Splunk

  • Thursday, June 08, 2017 at 11:00 AM EDT (2017-06-08 15:00:00 UTC)
  • Ryan Niemes, John Pescatore


  • Splunk

You can now attend the webcast using your mobile device!



Detecting malicious activity more quickly and more accurately is key to reducing business impact of cybersecurity threats. This requires both visibility into alerts and logs from servers, PCs and network devices but also analytic tools to enable cybersecurity analysts to prioritize response and mitigation actions. A common success factor of those organizations who are not in the news for yet another breach is investment in the people, processes and technology to decrease time to detect and time to mitigate without negative impact to business operations.

During this SANS What Works webcast, Ryan Niemes, Lead Security Analyst at rapidly growing biotech firm, Illumina, will provide details of his deployment of Splunk's SIEM to enable continuous monitoring of advanced targeted attacks, supporting faster and more accurate detection, reduced impact and demonstrating benefits to increased integrity and availability of critical business processes.

Join SANS Director of Emerging Security Trends John Pescatore and Ryan to hear details on the selection, deployment and experience using Splunk Enterprise Security and Splunk Cloud. The webcast will contain a discussion of lessons learned and best practices as well as detail the metrics used to demonstrate the value of Splunk.

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Ryan Niemes

Ryan Niemes has been in the IT industry since 1998, where he started as a UNIX administrator for SkyTel managing OSF/1, Tru64, and Solaris. He recevied his CCIE in 2001 during the old two-day lab, and started focusing on security. His first security specific role was at Fifth Third Bank, where he focused on network-based intrusions. He then moved to Germany to support the US Army 5th Signal Commandís European theater. He later worked for Cisco as a Network Consulting Engineer for the US Marine Corps. In 2009, he achieved the CCDE & CISSP certifications. He started with Illumina in 2010 with a focus on networking & information security, eventually dedicating himself to the security team in 2015. He currently manages a team of information security professionals, whose focus is on automation, incident response, and security architecture.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.