SAN FRANCISCO July 19, 2011 / / — Splunk
Splunk software enables users to leverage their existing security technology investments, such as SIEMs (Security Information and Event Management systems). Splunk provides the ability to handle large volumes of diverse, real time machine data. The challenges of continuous monitoring in environments involving "big data" can be effectively addressed with Splunk.
U.S. federal agencies currently using Splunk for cyber security, compliance, infrastructure, cloud or application management include the Department of Homeland Security (DHS), Department of Energy (DOE), NASA, Department of Justice (DOJ), Federal Reserve Board and many Department of Defense (DoD) Agencies.
Because of customer interest, Splunk created a new app to support FISMA Continuous Monitoring. This app builds upon the core capabilities of Splunk Enterprise software to index and provide visibility into the machine data generated by agency IT systems and infrastructure – whether physical, virtual or in the cloud – to align agency security operations to FISMA controls, including real-time views of NIST 800-53 controls.
The Splunk App for FISMA Continuous Monitoring, now in limited preview release, follows the definition of Continuous Monitoring outlined in NIST 800-137 (draft) and the NIST 800-53 control set to establish compliance in real-time security operations. Information in the app is organized by control and includes graphics that update in real-time. The FISMA app currently supports multiple NIST 800-53 control families and continuously monitors three risk-based components: Account Management, Privileged Access, and Login Access.
The Splunk App for FISMA Continuous Monitoring also takes advantage of Splunk Enterprise’s flexibility. Together they provide both high-level control views and data drill down, giving agency IT teams unprecedented visibility to manage and respond to control violations and security issues as they happen while scaling to meet the challenge of collecting machine data from large-scale federal agency architectures.
July 19-21, 2011
Splunk at FOSE
JULY 19-21, 2011
SPLUNK> is a registered trademark of Splunk Inc.
Splunk is the leading provider of operational intelligence software used to monitor, report and analyze real-time machine data as well as terabytes of historical data – located on-premise or in the cloud. Almost half of the Fortune 100 and more than 2,600 enterprises, service providers and government organizations in 78 countries use Splunk to improve service levels, reduce IT operations costs, mitigate security risks, and drive new insights for IT and the business.