SAIC & Splunk as a Security Intelligence Platform

splunk_LogoSplunk is one of the fastest growing companies in the hi-tech industry for a reason. We constantly push the boundaries on how we, and others, think about complex problems. One area that we’ve been successfully driving for a few years now is Security Intelligence. We learned early on, through the eyes of our customers, that the traditional approach to security had severe limitations. It was pure disruption and innovation to invert the thinking in this area and use the native Splunk platform to identify and ingest massive quantities and sources of unstructured and semi-structured data. This has enabled Splunk customers to index machine-generated data and query it with schema-on-the-fly, powering visualizations, dashboards, alerts and proactive remediation. This is what has led to our customer endorsements and euphoria in this area.

SAIC is the latest great example of how Splunk is helping our valued customers change the game in their relentless battle to keep their companies safe. SAIC has standardized on Splunk as its Security Intelligence platform. Why Splunk? SAIC is fully committed to the mantra that “all data is security relevant.” As the company started to build its SOC, the SAIC team needed to analyze huge volumes of data while still being able to easily add and correlate new types of data—including non-security data sources. This is what the core Splunk platform was built to do. The flexibility and visibility provided by Splunk was a key reason it was selected over a traditional SIEM.

The results have been staggering. SAIC is using Splunk to power executive-level dashboards, giving the CISO visibility into key security metrics around threat activity, aggregated source location and indicators of compromise. The company has reduced the time required to open, conduct and close investigations from days to hours. It was also able to build a fully operational SOC from the ground up in less than six months.

What’s equally powerful and fascinating is that they are able to use this same deployment to address other major use cases, including IT operations and application delivery. After all, much of the data needed to power these use cases is also needed for Security Intelligence. When we refer to Splunk as a platform, this is one of the key characteristics —the ability to aggregate multiple unique data sources and gigabytes to terabytes of high velocity data to address everything from powering a SOC to network monitoring or application analytics.

If you’re interested in learning more about how SAIC is using Splunk Enterprise and the Splunk App for Enterprise Security, be sure to check out the Splunk and SAIC case study or the video below:

Doug Merritt

Posted by