Federal Civilian Agencies

Massively Scalable Data Analytics Platform

Federal agencies face increasing cost-saving directives, stricter compliance mandates and a growing number of technology silos that limit insights. Only Splunk provides a proven, integrated and massively scalable data analytics platform that cuts across technology silos to provide government organizations the real-time Operational Intelligence needed to take the fast, decisive actions necessary for efficient program delivery and success.

Splunk software empowers federal agencies to:

Ensure compliance and streamline reporting with programs for accountability, transparency, and data protection
Accelerate data center consolidation and cloud migration initiatives
Protect your infrastructure against advanced external and insider threats

Get Started

Solution Guide Splunk for Government
Cybersecurity Gaining the Situational Awareness needed to Mitigate Cyberthreats
Infographic How Splunk Maps to CDM Phases 1-3
Technical Brief Using Splunk for CDM and CMaaS
White Paper All Data, All Uses

Splunk® Enterprise Free Download

Real-Time Insights Into KPIs

Learn how Pacific Northwest National Laboratory (PNNL) uses Splunk IT Service Intelligence to create dashboards that provide real-time insights into key KPIs for faster problem detection and resolution.

PRESS RELEASE

CDM Integration With Splunk

Splunk will be used at 25 civilian agencies covering 97 percent of the federal civilian government workforce.

Read the Press Release

INDUSTRY PANEL

GovSummit 2015

Government panelists discuss the impact analyzing data has on their ability to stay ahead of security breaches.

Watch the Video

.CONF

Los Alamos National Laboratory

Making better decisions with Splunk to ensure an optimal High Performance Computing (HPC) environment.

Watch the Presentation

Continuous Diagnostics and Mitigation

The U.S. federal government's continuous diagnostics and mitigation (CDM) program enables government agencies to manage and strengthen the posture of their cyber networks.

By 2017, the CDM program will be transformed to enable departments and agencies to maintain a near-real-time security risk awareness and assessment capability to rapidly respond to critical risk management issues and threats.

Insider Threat

While the signs that you may have a malicious insider are varied, the analysis and data types needed for discovery are almost always the same. Splunk correlates system and security logs with organizational and external context to detect malicious insider activity. Using statistical analysis, personal-activity comparative analysis, and user-activity context analysis, Splunk technology can correlate these key data types with user activities to provide a more complete story around suspected malicious behavior.

IT system and security logs: Any data generated by the user as a result of credentialed human-to-machine activities
Organizational context: Information about the employee - usually contained in a business system such as an HR database or time management system
External context: Data that an employer can access as a result of an employment agreement, especially for those handling sensitive information or intellectual property

Cybersecurity

Traditional perimeter-based defense approaches are ill-equipped to handle today's sophisticated security threats. Splunk's platform for big data is ideal for detecting patterns and discovering malicious behavior and attacks not seen by signature and rule-based systems.

Splunk customers gain the most value and the fastest incident response times when capturing data from traditional security point solutions and from credentialed user-to-machine interactions and then combining this data with IT operations data for additional context. Recognized by Gartner as a leader in the SIEM magic quadrant, Splunk can complement existing SIEM deployments or replace them.

Fraud

Fraud at government agencies is growing at an alarming rate and includes activities like the "social engineering" of call center personnel, "water-holing" schemes, phishing attacks and applications for undeserved benefits. Call data records, XML forms and structured data residing in a database are all sources of information that can be used to analyze and detect fraud.

Splunk provides multiple checks to monitor and proactively prevent fraud by:

Using trended statistical analysis
Applying logic to data collected in forms and watching for illogical patterns
Performing look-ups to external sources of data
Automatically interacting with other systems based on the search results

Thousands of private sector companies in the telecommunications, education, and financial services industries rely on the Splunk platform to protect them against financial losses from fraud.