Public Sector

Splunk, Big Data and the Public Sector

Public agencies face many data-related challenges: from defending against data breaches by sophisticated attackers to implementing government transparency and citizen service delivery initiatives. There is more need than ever before to make data-driven decisions or use data in new ways.

Today, everything from stoplights and parking meters to industrial control systems are being connected to increase efficiency and service delivery and gain undiscovered value and new insights. Public agencies are just beginning to realize the benefits of using big data to improve operational efficiency, and that is just one application. Another key driver is using data to protect from fraud and other malicious behavior.

The Power of Splunk

Splunk software provides agencies a big data analytics platform that operates across multiple organizational data silos to support security, IT operations and application management challenges. It lets you shorten response times in addressing cyber security issues, improve service delivery performance for agency services and gain insights into additional cost saving efficiencies. Thousands of agencies are using Splunk to streamline traditionally resource-intensive tasks like troubleshooting, fixing systems issues, compliance and identifying security incidents.

Cybersecurity issues are among the most serious U.S. security, public safety, and economic challenges, with over 210,000 incidents reported to US-CERT in FY 2013 (an increase of nearly 60,000 from FY 2012) Data is now being used in groundbreaking ways to meet these threats across public agencies—from small municipalities to large federal organizations.

The public data breaches that can lead to identity theft are the number one security issue for government agencies. Meanwhile, all public sector agencies continue to face growing cyber security challenges as attack surfaces expand to include supply chain partners, sources of sensor data, outmoded infrastructure and evolving methods of social engineering that can lead to data loss. At the same time, the ability to properly see information from security point solutions in the context of IT operations event data is increasingly difficult. Data types and sources have grown dramatically, typically requiring multiple tools to gather data and interpret threats across an organization.

To meet this challenge, Splunk customers benefit from having a big data analytics platform that can help protect private information by collecting and analyzing data from any source without up front normalization. Real-time streams of data are monitored with dashboards to help users understand what's normal and what's not. It's also simple to set up automated reports and alerts once your data is in Splunk. The Splunk analytics platform can scale to collect tens or hundreds of terabytes of data per day for analysis, all from a single search interface.

Splunk Security Apps and Add-ons

Splunk provides the Splunk App for Enterprise Security, which supports forensics and incident investigation, security operations centers (SOC), security data analysis, incident management, ad-hoc reporting and alerting. The App provides out-of-the box searches, dashboards, and metrics with visualizations that not only help you understand security issues and incidents but also let you quickly examine raw log data and root cause. At an ecosystem of over 130 security apps and add-ons are available for download that allow you to extract additional value from your security point products.

Developing, maintaining and supporting large-scale, highly distributed applications is extremely challenging. Traditional application management approaches are ill equipped to handle the complexity of today's application architectures and distributed IT environments. Splunk Enterprise provides a better approach; enabling you to find and fix application problems faster to reduce downtime and gain end-to-end operational visibility of your key performance indicators. With Splunk you can deliver usage and user insights from your application data to help the business make better decisions.

Supporting data center operations, services and performance monitoring:

IT datacenters worldwide are overwhelmingly complex, with often hundreds of different technologies and devices entwined to deliver business services. Virtualization and cloud computing multiply this complexity, especially when there are outages or performance and capacity issues. IT operations management teams and administrators waste valuable time moving from one console to another, trying to track down the issues they need to resolve to ensure high performance and availability.

Splunk provides a better approach without the need for custom parsers or adapters. It collects and indexes all the data generated by your IT infrastructure--networks, server and guest OS, hypervisors, database audit trails and message queues. It works with any machine-generated data, including logs, file configurations, performance metrics, SNMP traps and custom application logs. With Splunk you can turn silos of data into integrated, actionable information and operational insights.

Splunk Apps for IT Operations and Application Management:

Splunk provides key apps for VMware and NetApp that measure service performance for virtual environments and attached storage. Capacity planning, security and systems troubleshooting are available in this single app. It offers key performance metrics and allows you to quickly get to the root cause of a problem. The Splunk App for Windows Infrastructure ties together your Microsoft data and provides a comprehensive view of your infrastructure to help you maintain availability and security.  Over 250 apps and add-ons are available to customize the view of your data to fit your specific use case.