1
2
3
“We can generate ad hoc reports to track any transaction or user activity QSA auditors want to see and easily show we are PCI compliant in minutes. I’ve decreed Splunk will be a part of all data center build-outs going forward.”
Suky Bal
Director of IT
Watch the webinar
“Before Splunk we couldn’t prove compliance, we couldn’t consolidate all the data, and queries took 4-5 days to run. Splunk can index everything and return results and reports in seconds. Now we’re passing every audit.”
Asif Effendi
Manager for Compliance and Governance
“We chose Splunk for PCI compliance for its ability to collate and report on any form of log file or data stream. It gives us highly granular logging information and turns any data into a concise management report.”
Peter D. Bassill, CISSP
Group Information Security Officer

Security and Compliance

Provide Situational Awareness and Continuous Monitoring

Security attacks on public and private networks are growing. Malicious insiders, hackers, and insecure connections to business associates have the attention of C-level executives and the Board of Directors. The reason is unsurprising: cost to the business. The now-infamous TJX data breach cost that company more than $200 million, as outlined in their 2009 SEC filing, equivalent to one full quarter’s profits. Every server, virtual system, custom or off-the-shelf application, every network device, and security system has data relevant to potential security risks associated with it.

All Your IT Data Is Security Relevant

All IT data has security relevance. The number of data sources and the amount of data the security team needs to collect and monitor has grown dramatically placing increasing stresses on the security team. This is in response to new statistics indicating that according to a Ponemon Institute survey, “roughly 70 percent of all reported security breaches were due to insiders.” IT security team priorities are to find a scalable solution that supports compliance, reporting, and incident investigation.

To protect themselves and safeguard their customers, organizations need to continuously monitor their security posture and maintain situational awareness. Organizations have often looked to a combination of log collection and event correlation as the way to monitor and respond to threats.

Traditional Approaches Are Rigid, Costly and Don't Scale

Often, a lack of scalability with current solutions force compromises. Solution architectures, schemas, and a rules-based approach to monitoring, require choices to be made about what data to collect, and how much to send to a SIEM, ultimately forcing the user to decide in advance what data will constitute an event. The security team’s view is restricted to security incidents supported by a predetermined set of underlying forensic data.

Search, Report, Monitor and Analyze All Your IT Data

Splunk delivers situational awareness and continuous monitoring across your entire IT infrastructure from one place in real-time. Splunk makes all of your IT data available and actionable for the security team to use for forensic investigations without compromise.

The same search and statistical analysis language can be used to monitor both real-time and historical data dramatically reducing investigation times for security events, complex fraud, and insider threat issues. Investigations can follow their course through the organization’s IT log data wherever it leads. Splunk reports can be used as proof points to satisfy multiple compliance mandates such as PCI, SOX and FISMA, HIPAA, FTC’s-Red Flags rule, state privacy laws, and many others while also supporting COBIT, ITIL, and NIST IT frameworks.

For more information on how to use Splunk for Security and Compliance, click on the area below that interests you.

Next Steps

Solution Guide
Splunk for Security
Solution Guide
Splunk for Compliance
Whitepaper
Demystifying Compliance
Whitepaper
Security, Compliance & Virtualization
Video
Splunk for Security
Webinar
Forrester Webcast: SIM Overview