Updated June 23, 2016:
We are pleased to announce the City of Los Angeles was recently presented with the City on a Cloud award at the AWS Public Sector Summit in Washington, DC. The City on a Cloud Innovation Challenge recognizes and celebrates local and regional governments in three categories: Best Practices, Partners in Innovation and Dream Big. The City of Los Angeles was selected as the Best Practices winner for its use of innovative, world-class cybersecurity to protect digital assets and deployment of a unique, cloud-based security information and event management (SIEM) solution for the Integrated Security Operations Center (ISOC), to help consolidate, maintain, and analyze security data across the city’s departments.
All of the below was first published on April 21, 2016:
Registration and call for papers is now open for Splunk .conf2016. We can’t wait to host you all at the Walt Disney World Swan and Dolphin Resorts in Orlando, Florida; September 26-29, 2016.
During last year’s Splunk .conf2015 we were lucky to have Timothy Lee, the CISO of the City of Los Angeles, share his case study for why his department chose Splunk Cloud as a SIEM for one of their cybersecurity initiatives and how it is used. Though we’re summarizing his key points in this post, you can get the complete picture by checking out a recording of Tim’s presentation, and access to his slides, at the bottom of this post.
Tim began by laying out the situation, but prefaced the presentation by saying “If your security team is still debating if you need SIEM, you’ve got a bigger problem.” Los Angeles is a city with 4 million people. The 2nd largest city in the US, employing 35,000 full time employees using 100,000 connected devices — or event generators. When the mayor issued a directive to address a number of cyber threats — which included the need to identify and investigate threats and intrusions, disseminate alerts, and coordinate incident responses across the city — Tim’s team had to get their act together. Unfortunately, his team faced quite a few challenges before rolling out Splunk — here’s just a few:
- They were understaffed
- Dealt with dispersed log capturing capabilities
- Made little use of collaboration tools
- Lacked an incident management platform
- Had no threat intelligence program
- Had limited situational awareness and operational metrics for the entire city
To tackle these challenges, Tim and his team opted to create an integrated security and operations center using Splunk Cloud and Splunk Enterprise Security. Splunk Cloud, for example, provided the ability to manage and process logs from the city’s firewall, proxy, active directory, routers and switches, and much more. These tools enabled his team to collect and report information, collaborate with other departments and organizations internal and external, and promote threats to a higher visibility.
Check out the recording and slides to learn how Tim sold the program internally (such as using executive dashboards), what key lessons he learned, and what resources (including specific analyst reports) he used to make his decision:
For the full recording, check out:
Splunk Cloud as a SIEM for Cybersecurity Collaboration
GSN Homeland Security Award
If the solution needed anymore validation, it certainly received it toward the end of last year when it was announced that the City of Los Angeles was selected as a GSN Magazine Homeland Security Award winner, receiving the “Most Notable Cybersecurity Program, Project or Initiative” Award.
All presentations from Splunk.conf2015.
Registration and call for papers is now open for Splunk .conf2016. We can’t wait to host you all at the Walt Disney World Swan and Dolphin Resorts in Orlando, Florida: September 26-29, 2016.