Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help
Skip to main content

Security information and event management

Identify, prioritize, and mitigate threats, gain visibility into suspicious activities, and assess risks.

Overview

Public sector organizations are mandated to protect their digital infrastructure from a wide range of threats. Organizations need to take proactive actions to ensure timely threat intelligence. Organizations can gain end-to-end visibility across Amazon Web Services (AWS) and hybrid environments with Security Information and Event Management (SIEM) solutions that provide the operational intelligence for real-time understanding of their IT operations.

Solutions

Splunk

Splunk delivers analytics-driven security solutions that enable public sector organizations to detect and respond to external attacks, malicious insiders, and fraud by providing valuable context and visual insights to help make optimal security decisions.

Perform flexible, scalable security investigations, real-time security forensics, correlation and alerting, automatic knowledge extractions, interactive compliance, and audit reporting to gain real-time operational visibility and business intelligence.

Users may choose to provision Splunk Enterprise into a new environment including Virtual Private Cloud (VPC), subnets, security groups, and other infrastructure components – or provision into an existing AWS environment. The diagram below depicts sample architecture for Splunk Enterprise in a new VPC with three Availability Zones.

Try Splunk Enterprise for FREE
Architecture diagram illustrating the integration between Splunk and various AWS services, including AWS CloudTrail, CloudWatch, Lambda, S3, Kinesis, SNS, SQS, Redshift, RDS, and IoT Core, highlighting data flows and service interactions.

Splunk

The City of Los Angeles consists of over 40 agencies. These agencies have disparate security measures, complicating the consolidation and analysis of data, impeding situational awareness of security events, and slowing responses to security incidents.

In its search for a scalable SIEM solution to drive stronger cybersecurity, Los Angeles chose Splunk for its fast time-to-deployment, ease of customization, strong data security, and low-bandwidth consumption.

Since deploying Splunk Enterprise Security and Splunk Cloud, the city has seen benefits including a real-time, citywide, 24/7 security operations center (SOC), real-time threat intelligence, reduced headcount, and lower operational costs. The city shares its findings across agencies and with external stakeholders such as federal law enforcement.

With Splunk and AWS, the City of Los Angeles transformed its patchwork of security measures into a cohesive, all-encompassing cybersecurity strategy, helping it preserve public trust.

By deploying the Splunk SIEM solution, we enhance our detection and response capabilities to protect the city’s critical assets from all manner of cyber threats and intrusions. By utilizing a cloud solution, our security team can focus on security events rather than deploying and maintaining infrastructure.

- Timothy Lee, Chief Information Security Officer, City of Los Angeles

Official seal of the City of Los Angeles, displaying a circular design with four shield segments and various symbols representing the city, along with the text 'City of Los Angeles Founded 1781.'

Have questions? Have tips?

We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.

Contact us Go to the forum