Information Security Policies
Splunk has implemented policies and procedures designed to guide Splunk personnel in the design, implementation and execution of Splunk’s information security program. Splunk policies are updated regularly to keep pace with changes in regulations, technologies and industry best practices. Splunk information security policies are made available to all Splunk personnel.
Security Architecture and Engineering
Splunk is committed to protecting customers by architecting, engineering, and delivering reliable enterprise security services across key business areas to protect the confidentiality, integrity and availability of Splunk systems and assets by doing the following:
- Security tools: build and operate (R&D)
- Automation: scripting and playbook development
- IT support: provide security engineering support for IT projects (e.g., endpoints, email and networking)
- Content development: Splunk SPL and alerting support
- Solution security consultation and reviews: threat modeling and architecture review board
- Technical risk assessments: formal risk assessments and ad-hoc advisory work
- Technical security standards and design: technical security standards and reference architectures
- Business application security: securing SDLC, secure coding and web application security
- Integration security support: API security review and M&A integration
Cyber Risk Management
Splunk maintains a robust Cyber Risk Management Program to identify, prioritize and manage risks to its IT assets, including system infrastructure, networks, laptops, data and intellectual property. Through its Cyber Risk Management Program, Splunk identifies internal and external cyber risks, the likelihood and velocity of them occurring and their potential impact. Splunk collaborates with risk owners to mitigate and eradicate risks, as appropriate.
Vendor Risk Management
Splunk conducts security due diligence and risk assessments of its third-party vendors ("Vendors") prior to onboarding, thereafter, Splunk manages and monitors Vendor security risks through its risk management program in alignment with Splunk’s risk profile, customer commitments and applicable regulatory requirements.
Threat Intelligence and Vulnerability Management
Splunk’s Threat and Vulnerability Management team identifies and remediates proactively vulnerabilities to help reduce threats to Splunk’s infrastructure. They provide penetration testing services for Splunk assets and offer insights and recommendations on optimizing the security of Splunk's infrastructure, product and services.
Detection and Monitoring Operations
The Detection and Monitoring Operations team helps to ensure the confidentiality, integrity and availability of Splunk services. Elements of their program include:
Splunk Incident Response Framework (SIRF)
The Splunk Incident Response Framework (SIRF) establishes the actions and procedures that help Splunk prepare for and respond to security incidents, including how to initiate responsive action, remediate adverse consequences; document “lessons learned”, and continuously improve Splunk’s incident response process. Splunk tests its SIRF using a combination of planned reviews, live simulations and periodic training.