Splunk : SAIC Boosts Security Analytics with Splunk Software

SAN FRANCISCO - April 21, 2015 - Splunk Inc. (NASDAQ: SPLK), provider of the leading software platform for real-time Operational Intelligence, today announced that Science Applications International Corp. (NYSE: SAIC), a leader in advanced information technology (IT) services and solutions, has standardized on Splunk® Enterprise and the Splunk App for Enterprise Security as its internal security intelligence platform. SAIC's Security Operations Center (SOC) team and the computer security incident response team (CSIRT) rely on Splunk software as the backbone of its analytics-enabled SOC to continuously monitor for advanced persistent threats (APT), internal threats and malware. Watch the video to see why SAIC chose Splunk software over legacy SIEM technology for its internal usage and read the case study to learn how SAIC lowered its total cost of ownership by also deploying Splunk software for IT operations and application delivery.

'Using Splunk software, SAIC can quickly identify and fend off intrusions to protect our business and employees,' said Jonathan Jowers, chief information security officer, SAIC. 'We built our SOC from the ground up to defend SAIC's business with the speed and accuracy required in today's security landscape. Splunk helps us to constantly tune, improve and mature our SOC and CSIRT processes to advance our security posture.'

Jowers will be co-presenting with Monzy Merza, chief security evangelist, Splunk, at RSA Conference 2015 about adopting a continuous breach response posture. The session is on Wednesday, April 22, 2:50 p.m. in the North Hall Briefing Center.

Using Splunk Enterprise and the Splunk App for Enterprise Security, SAIC has been able to track and address incidents, build predictive dashboards that analyze the scope of an attack and, through an established response matrix, determine what action needs to be taken. When a breach is detected, analysts use Splunk dashboards to drill down into correlations that reveal the source of the intrusion and add invaluable real-time context to CSIRT's investigation. Analysts also developed custom Splunk dashboards that can take the user directly from raw data to third party tools to help with the investigation into active threats.

'Today's advanced threats are increasingly coordinated and require adaptive analytics capabilities to stop an attack in progress. Analytics-enabled SOCs leverage all security-relevant data in the enterprise to not only identify attacks but also recognize the patterns behind a breach,' said Haiyan Song, senior vice president of security markets, Splunk. 'Regardless of whether it is a nation-state, criminal enterprise, or insider threat, organizations should strive to be able to detect and remediate these threats within minutes and this capability depends upon an analytics-enabled SOC.'

Learn more about the Splunk App for Enterprise Security on the Splunk website. Version 3.3 of the Splunk App for Enterprise Security and will be generally available (GA) on April 30.