Security information and event management
Identify, prioritize, and mitigate threats, gain visibility into suspicious activities, and assess risks.
Public sector organizations are mandated to protect their digital infrastructure from a wide range of threats. Organizations need to take proactive actions to ensure timely threat intelligence. Organizations can gain end-to-end visibility across Amazon Web Services (AWS) and hybrid environments with Security Information and Event Management (SIEM) solutions that provide the operational intelligence for real-time understanding of their IT operations.
Solutions
Splunk
Splunk delivers analytics-driven security solutions that enable public sector organizations to detect and respond to external attacks, malicious insiders, and fraud by providing valuable context and visual insights to help make optimal security decisions.
Perform flexible, scalable security investigations, real-time security forensics, correlation and alerting, automatic knowledge extractions, interactive compliance, and audit reporting to gain real-time operational visibility and business intelligence.
Users may choose to provision Splunk Enterprise into a new environment including Virtual Private Cloud (VPC), subnets, security groups, and other infrastructure components – or provision into an existing AWS environment. The diagram below depicts sample architecture for Splunk Enterprise in a new VPC with three Availability Zones.
The City of Los Angeles consists of over 40 agencies. These agencies have disparate security measures, complicating the consolidation and analysis of data, impeding situational awareness of security events, and slowing responses to security incidents.
In its search for a scalable SIEM solution to drive stronger cybersecurity, Los Angeles chose Splunk for its fast time-to-deployment, ease of customization, strong data security, and low-bandwidth consumption.
Since deploying Splunk Enterprise Security and Splunk Cloud, the city has seen benefits including a real-time, citywide, 24/7 security operations center (SOC), real-time threat intelligence, reduced headcount, and lower operational costs. The city shares its findings across agencies and with external stakeholders such as federal law enforcement.
With Splunk and AWS, the City of Los Angeles transformed its patchwork of security measures into a cohesive, all-encompassing cybersecurity strategy, helping it preserve public trust.
By deploying the Splunk SIEM solution, we enhance our detection and response capabilities to protect the city’s critical assets from all manner of cyber threats and intrusions. By utilizing a cloud solution, our security team can focus on security events rather than deploying and maintaining infrastructure.
- Timothy Lee, Chief Information Security Officer, City of Los Angeles
AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.
We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.
We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.