The old way: Situational awareness is impossible at scale.

The Federal Information Security Management Act of 2002 (FISMA) and the associated NIST standards, are driving all federal agencies to adopt a security risk management approach. This approach requires accurate reporting of inventory and security controls as well as the ability to effectively respond to incidents by analyzing data. Yet agencies have been unable to achieve the necessary situational awareness. Security information management systems (SIMs) have failed due to the massive data volumes generated by firewalls, IDS’, vulnerability scanners and other components of security-in-depth approaches.

The new way: IT Search provides complete, real-time visibility.

Splunk universally indexes all of the data generated by every security technology, regardless of format, in real-time. Instantaneous and interactive search makes light work of incident response and ad hoc reporting. Powerful charting and dashboards, combined with flexible ways to organize and tag systems with inventory information, enable the creation of views of the status of any security control for any system, subnet or location. Splunk scales linearly by distributing indexing and search across multiple servers and can address the largest agency environments.

Benefits

• Meet NIST requirements to securely collect, retain and review audit trail data
• Effortlessly generate reports on system inventory and security controls
• Improve the effectiveness and speed of incident response
• Achieve rapid deployment and results
• Eliminate significant security information management integration and maintenance cost

Use Splunk for:

Incident response
Splunk transforms your incident response program with freeform search and instantaneous results across all of your security data.

System inventory
Splunk enables a comprensive inventory of systems on your network and lets you easily reconcile your inventory against deployed security controls.

Security reporting
Splunk not only gives you compliance with explicit requirements to monitor, review and retain audit trails, but it lets you demonstrate compliance quickly and easily across all other information protection controls.

Security monitoring
Comply with requirements to automate monitoring of security events. Index audit trails across firewalls, applications, access control, IDS and any other component, then simply save, schedule and set alerting rules for any search.

Secure data retention
Splunk provides the most efficient and secure solution for capturing and retaining all of your IT data for the extended periods demanded by NIST standards.

Audit trail review
The chore of NIST-mandated routine audit trail review is now easy and straightforward with fast search, visualization, filters and tagging.