Skip to main content

Splunk Global Security (SGS)

Led by the Splunk CISO, Splunk Global Security (SGS) is a team of professionals dedicated to securing Splunk. Splunk’s SGS professionals have obtained the CISSP, CISA, CTPRP, CDPSE, GIAC, CEH, CISM, CRISC, CCSK, GSLC, CHP, CHSS and other leading security certifications.

Information Security Policies

Splunk has implemented policies and procedures designed to guide Splunk personnel in the design, implementation and execution of Splunk’s information security program. Splunk policies are updated regularly to keep pace with changes in regulations, technologies and industry best practices. Splunk information security policies are made available to all Splunk personnel.

Information Security Awareness

Information security awareness training is required for all employees annually, and is complemented by ongoing campaigns on key topics such as phishing and social engineering.

Personnel Security

Splunk personnel are background checked prior to employment, are subject to written confidentiality obligations, and are required to acknowledge Splunk’s Acceptable Use Policy.

Physical Security

Splunk controls and monitors access to Splunk-managed facilities using a layered approach. Physical access is granted based on role and removed when no longer required (including upon termination). Physical access is logged, monitored and audited.

Security Architecture and Engineering

Splunk is committed to protecting customers by architecting, engineering, and delivering reliable enterprise security services across key business areas to protect the confidentiality, integrity and availability of Splunk systems and assets by doing the following:

  • Security tools: build and operate (R&D)
  • Automation: scripting and playbook development
  • IT support: provide security engineering support for IT projects (e.g., endpoints, email and networking)
  • Content development: Splunk SPL and alerting support
  • Solution security consultation and reviews: threat modeling and architecture review board
  • Technical risk assessments: formal risk assessments and ad-hoc advisory work
  • Technical security standards and design: technical security standards and reference architectures
  • Business application security: securing SDLC, secure coding and web application security
  • Integration security support: API security review and M&A integration

Cyber Risk Management

Splunk maintains a robust Cyber Risk Management Program to identify, prioritize and manage risks to its IT assets, including system infrastructure, networks, laptops, data and intellectual property. Through its Cyber Risk Management Program, Splunk identifies internal and external cyber risks, the likelihood and velocity of them occurring and their potential impact. Splunk collaborates with risk owners to mitigate and eradicate risks, as appropriate.

Vendor Risk Management

Splunk conducts security due diligence and risk assessments of its third-party vendors ("Vendors") prior to onboarding, thereafter, Splunk manages and monitors Vendor security risks through its risk management program in alignment with Splunk’s risk profile, customer commitments and applicable regulatory requirements.

Threat Intelligence and Vulnerability Management

Splunk’s Threat and Vulnerability Management team identifies and remediates proactively vulnerabilities to help reduce threats to Splunk’s infrastructure. They provide penetration testing services for Splunk assets and offer insights and recommendations on optimizing the security of Splunk's infrastructure, product and services.

Detection and Monitoring Operations

The Detection and Monitoring Operations team helps to ensure the confidentiality, integrity and availability of Splunk services. Elements of their program include:

  • 24x7 security event triage and analysis
  • Threat hunt, threat intelligence and incident support
  • Enterprise security content development
  • Security tool content development
  • Data operations (hygiene, standard adherence, etc.)
  • Security automation

Splunk Incident Response Framework (SIRF)

The Splunk Incident Response Framework (SIRF) establishes the actions and procedures that help Splunk prepare for and respond to security incidents, including how to initiate responsive action, remediate adverse consequences; document “lessons learned”, and continuously improve Splunk’s incident response process. Splunk tests its SIRF using a combination of planned reviews, live simulations and periodic training.

Customer Trust

Splunk’s Customer Trust team helps Splunk customers assess Splunk’s security posture by responding to RFPs, and otherwise demonstrating how Splunk’s cyber security measures align with customer expectations, applicable standards and regulations.

Additional Resources

The Splunk Customer Trust Portal provides you with easy, on-demand access to documentation about Splunk’s global privacy, security, and compliance programs, including certifications, compliance reports, standard security questionnaires and white papers.