.CONF & .CONF GO

.conf2015 Highlight Series: City of LA and Splunk Cloud as a SIEM for Award-Winning Cybersecurity Collaboration

Updated June 23, 2016:

Screen Shot 2016-06-23 at 1.29.51 PMWe are pleased to announce the City of Los Angeles was recently presented with the City on a Cloud award at the AWS Public Sector Summit in Washington, DC. The City on a Cloud Innovation Challenge recognizes and celebrates local and regional governments in three categories: Best Practices, Partners in Innovation and Dream Big. The City of Los Angeles was selected as the Best Practices winner for its use of innovative, world-class cybersecurity to protect digital assets and deployment of a unique, cloud-based security information and event management (SIEM) solution for the Integrated Security Operations Center (ISOC), to help consolidate, maintain, and analyze security data across the city’s departments.

All of the below was first published on April 21, 2016:

Registration and call for papers is now open for Splunk .conf2016. We can’t wait to host you all at the Walt Disney World Swan and Dolphin Resorts in Orlando, Florida; September 26-29, 2016.
 
 
LACitySealColorDuring last year’s Splunk .conf2015 we were lucky to have Timothy Lee, the CISO of the City of Los Angeles, share his case study for why his department chose Splunk Cloud as a SIEM for one of their cybersecurity initiatives and how it is used. Though we’re summarizing his key points in this post, you can get the complete picture by checking out a recording of Tim’s presentation, and access to his slides, at the bottom of this post.

Screen Shot 2015-11-20 at 10.04.33 AM

 

 

 

The Scenario

Tim began by laying out the situation, but prefaced the presentation by saying “If your security team is still debating if you need SIEM, you’ve got a bigger problem.” Los Angeles is a city with 4 million people. The 2nd largest city in the US, employing 35,000 full time employees using 100,000 connected devices — or event generators. When the mayor issued a directive to address a number of cyber threats — which included the need to identify and investigate threats and intrusions, disseminate alerts, and coordinate incident responses across the city — Tim’s team had to get their act together. Unfortunately, his team faced quite a few challenges before rolling out Splunk — here’s just a few:

  • They were understaffed
  • Dealt with dispersed log capturing capabilities
  • Made little use of collaboration tools
  • Lacked an incident management platform
  • Had no threat intelligence program
  • Had limited situational awareness and operational metrics for the entire city

The Solution

To tackle these challenges, Tim and his team opted to create an integrated security and operations center using Splunk Cloud and Splunk Enterprise Security. Splunk Cloud, for example, provided the ability to manage and process logs from the city’s firewall, proxy, active directory, routers and switches, and much more. These tools enabled his team to collect and report information, collaborate with other departments and organizations internal and external, and promote threats to a higher visibility.

Screen Shot 2015-11-20 at 10.22.36 AM

Check out the recording and slides to learn how Tim sold the program internally (such as using executive dashboards), what key lessons he learned, and what resources (including specific analyst reports) he used to make his decision:

slide Splunk Cloud SIEM Cybersecurity Collaboration

For the full recording, check out:
Splunk Cloud as a SIEM for Cybersecurity Collaboration

GSN Homeland Security Award

2015_Star-01_rgb-1If the solution needed anymore validation, it certainly received it toward the end of last year when it was announced that the City of Los Angeles was selected as a GSN Magazine Homeland Security Award winner, receiving the “Most Notable Cybersecurity Program, Project or Initiative” Award.

All presentations from Splunk.conf2015.


 
 
Registration and call for papers is now open for Splunk .conf2016. We can’t wait to host you all at the Walt Disney World Swan and Dolphin Resorts in Orlando, Florida: September 26-29, 2016.

Splunk
Posted by

Splunk

TAGS
Show All Tags
Show Less Tags