Federal Civilian Agencies

Monitor IT Ops, Gain Insight and Protect Private Data

Hundreds of federal civilian agencies rely on Splunk to monitor the availability, efficiency and health of their IT operations and applications. These systems often contain private data. Splunk is widely used as a log management solution that empowers federal agencies to:

  • Turn petabytes of machine-generated data into new insights that can be used to provide services to citizens
  • Analyze data, perform statistical analysis and provide alerts on monitored trends
  • Make the right data-driven decisions using Splunk and your machine data
  • Present data with RBAC that supports data redaction

Continuous Diagnostics and Mitigation

The U.S. federal government's continuous diagnostics and mitigation (CDM) program enables government agencies to manage and strengthen the posture of their cyber networks.

By 2017, the CDM program will be transformed to enable departments and agencies to maintain a near-real-time security risk awareness and assessment capability to rapidly respond to critical risk management issues and threats.

Splunk helps accelerate the CDM process by:

  • Scaling to ingest tens of terabytes of data per day monitoring streams of data in real time
  • Automatically performing correlation searches to report on historic trends needed to meet CDM goals
  • Support all the levels of RBAC while redacting specific data by group or individual

Insider Threat

While the signs that you may have a malicious insider are varied, the analysis and data types needed for discovery are almost always the same. Three key data types are required to detect malicious insiders:

  • IT system and security logs: Any data generated by the user as a result of credentialed human-to-machine activities
  • Organizational context: Information about the employee - usually contained in a business system such as an HR database or time management system
  • External context: Data that an employer can access as a result of an employment agreement, especially for those handling sensitive information or intellectual property

Using statistical analysis, personal-activity comparative analysis, and user-activity context analysis, Splunk technology can correlate these key data types with user activities to provide a more complete story around suspected malicious behavior.

Cybersecurity

Traditional perimeter-based defense approaches are ill-equipped to handle today's sophisticated security threats. Splunk's platform for big data is ideal for detecting patterns and discovering malicious behavior and attacks not seen by signature and rule-based systems.

Splunk customers realize the most value and the fastest incident response times when capturing data from traditional security point solutions, credentialed user-to-machine interactions and combining this data with IT operations data for additional context.

“Splunk provides a fully customizable view of key security metrics across security domains.”

Defense and intelligence agencies rely on Splunk technology for their security solution in order to:

  • Replace or augment their current security information and event management (SIEM)
  • Accelerate their response time to cyber events
  • Get to a root cause analysis faster in the face of higher data volumes and more data types
  • Capture security and operations log data from mission-critical custom applications where the data doesn't fit neatly into a predetermined schema

Fraud

Fraud at government agencies is growing at an alarming rate and includes activities like the "social engineering" of call center personnel, "water-holing" schemes, phishing attacks and applications for undeserved benefits. Call data records, XML forms and structured data residing in a database are all sources of information that can be used to analyze and detect fraud.

Splunk provides multiple checks to monitor and proactively prevent fraud by:

  • Using trended statistical analysis
  • Applying logic to data collected in forms and watching for illogical patterns
  • Performing look-ups to external sources of data
  • Automatically interacting with other systems based on the search results

Thousands of private sector companies in the telecommunications, education, and financial services industries rely on the Splunk platform to protect them against financial losses from fraud.