The U.S. federal government's continuous diagnostics and mitigation (CDM) program enables government agencies to manage and strengthen the posture of their cyber networks.

By 2017, the CDM program will be transformed to enable departments and agencies to maintain a near-real-time security risk awareness and assessment capability to rapidly respond to critical risk management issues and threats.

Insider Threat

While the signs that you may have a malicious insider are varied, the analysis and data types needed for discovery are almost always the same. Splunk correlates system and security logs with organizational and external context to detect malicious insider activity. Using statistical analysis, personal-activity comparative analysis, and user-activity context analysis, Splunk technology can correlate these key data types with user activities to provide a more complete story around suspected malicious behavior.

• IT system and security logs: Any data generated by the user as a result of credentialed human-to-machine activities
• Organizational context: Information about the employee - usually contained in a business system such as an HR database or time management system
• External context: Data that an employer can access as a result of an employment agreement, especially for those handling sensitive information or intellectual property

Cybersecurity

Traditional perimeter-based defense approaches are ill-equipped to handle today's sophisticated security threats. Splunk's platform for big data is ideal for detecting patterns and discovering malicious behavior and attacks not seen by signature and rule-based systems.

Splunk customers gain the most value and the fastest incident response times when capturing data from traditional security point solutions and from credentialed user-to-machine interactions and then combining this data with IT operations data for additional context. Recognized by Gartner as a leader in the SIEM magic quadrant, Splunk can complement existing SIEM deployments or replace them.