Security and Compliance
"The United States confronts a dangerous combination of known and unknown vulnerabilities in the cyber domain, strong and rapidly expanding adversary capabilities, and limited threat and vulnerability awareness." Department of Homeland Security Secretary Janet Napolitano, in testimony to the Senate Committee on Homeland Security and Governmental Affairs on February 16, 2012.
In Secretary Napolitano's testimony in support of the Cyber Security Act of 2012, she went on went on to remind the committee that the 9/11 commission determined that it was "...a failure of imagination," that prevented us from being able to connect-the-dots and discover the plot that cost thousands of Americans their lives.
Keeping data safe and critical infrastructure secure is no longer about turning over critical thinking to your security vendor and hoping your traditional security architecture is going to catch attackers. Increased sophistication of malware and increased creativity in defeating signature or rules based systems must be matched with the creativity of the security professional to 'think like a criminal' in partnership with business or governmental agency leadership.
The Splunk big data analytics engine for machine generated data provides a better approach. It scalabley collects and indexes all of your machine generated IT data and gives you an analytics command set that enables end-to-end situational awareness, real-time monitoring of incidents and attacks, and allows you to think like a criminal asking questions of your data. Splunk gives you new levels of visibility and intelligence in combating cyber threats.
Get Splunk working for you. Download it now for free.
End-to-End Situational Awareness and Monitoring
Security and compliance teams typically go through four phases of Splunk use - each building upon the next - to provide Operational Intelligence.
- Forensics and root cause analysis - Splunk scales across massive amounts of unstructured and structured application and security data. Time based correlation allows the security team to drill into system data, perform forensics and find the needle-in-a-haystack.
- Operationalizing search - Searches used for forensics investigations can be saved and run automatically in real-time or continuously against historic data and alerts sent to teams or team members.
- Real-time trending visualizations - Splunk's rich analytical capabilities make it easy to provide security dashboards that show trends in application performance alongside access and security data representations for better decision-making. Conditional correlations across data sets reveal potential business fraud and compliance issues.
- Operational intelligence - Splunk is able to look-up and include information from other parts of the business in dashboards and reports, the inclusion of finance data can help the business understand the income lost when systems are unavailable. Splunk can accelerate incident response by looking up and adding host owner and location data to malware dashboards. The security team can create threat-based proactive searches for patterns of system activity that can represent potential risks to the business.
Gaining Operational Intelligence means being able to show how security and compliance issues affect top line revenue, create efficiencies that lower cost, and show reputation and compliance risks to the business. Security is moved from a cost center to being seen as adding value to the business.
For more information on how to use Splunk for Security and Compliance, click on the area below that interests you.