With the game changing capabilities of Splunk Cloud and Splunk Enterprise Security on AWS, we can proactively assess risks, prioritize and take action against threats, and correct vulnerabilities before they can be exploited.
Tim Lee Chief Information Security Officer, City of Los Angeles

The core Splunk offering—Splunk Enterprise—was initially designed to help IT departments monitor workloads and performance, but Splunk knew that machine-generated data contained information that could also be valuable outside of IT and security departments.

“Our customers often have massive amounts of data siloed in different systems,” says Nick Murray, director of cloud sales for the public sector at Splunk.“ There is rich operational intelligence available from machine data, but without strong tools for analyzing that data in real time, it’s just noise and missed opportunities.”

One of Splunk's customers that needed these capabilities is the City of Los Angeles. The city's IT department faced a mayoral directive to strengthen citywide cybersecurity, which is no small task given that the Los Angeles government consists of more than 40 agencies, each of which was using different security tools in managing its own IT infrastructure. The only way to view the citywide security environment was by manually correlating logs from each agency, leaving the city in a reactive rather than proactive security posture against the more than 100 million unauthorized entry attempts on its network each month.

The City of Los Angeles required a flexible, scalable security information and event management (SIEM) solution to help secure the city’s digital assets and infrastructure with real-time intelligence regarding cyber threats, but without the high operational costs of on-premises deployments.

To meet the needs of customers like the City of Los Angeles, Splunk had released Splunk Cloud, a software-as-a-service (SaaS) solution that offers the machine-data consumption and analytic capabilities of Splunk Enterprise and is available on and powered by AWS. With Splunk Cloud, enterprises can search, analyze, and visualize their machine data in real time, gaining previously unavailable insights and actionable information, all while taking advantage of the flexibility and cost savings of the AWS Cloud.

Building Splunk Cloud on AWS was a natural step because AWS and Splunk have been strategic partners ever since Splunk first joined the AWS Partner Network (APN) in 2012. Since then, Splunk has become an APN Advanced Technology Partner, an AWS GovCloud Skills Partner, an AWS Marketplace Seller, and a member of the AWS Public Sector Partner Program with AWS Competency certifications in Big Data, DevOps, Security, IoT, and Education Technology.

“AWS and Splunk have a powerful relationship, based on shared customer focus and strategic alignment across executive leadership, engineering, and marketing teams,” says Tony Bolander, director of AWS global strategy and business development for Splunk. “We’ve seen significant growth in our AWS practice as a result of our APN certifications. More important to us, our customers really benefit from the strong collaboration and coordination between AWS and Splunk.”

By deploying an SIEM solution based on Splunk Cloud, Splunk Enterprise Security, and AWS, the City of Los Angeles gained holistic, real-time views of all aspects of its security environment, whether in the cloud or on-premises. Each day, the Splunk solution encrypts, compresses, and then pulls 240 million structured and unstructured records from sources such as firewall logs, intrusion detection systems, switches and routers, external threat intelligence feeds, and the city’s threat analytics platform. Splunk Cloud normalizes the data and then returns it to the city’s security operations center, where it can be analyzed and visualized in prebuilt, easily customizable Splunk Enterprise Security dashboards.

The solution also supports alerting, forensic investigations, and information sharing with outside agencies such as the FBI and the U.S. Department of Homeland Security. Splunk Cloud is highly scalable and includes a 100 percent uptime service level agreement.

With the real-time, citywide network surveillance capabilities of a Splunk Cloud SIEM solution running on AWS, Los Angeles can detect and counter intrusion attempts before they threaten vital public services or assets. “Before, we only knew what was happening after the fact,” says Tim Lee, chief information security officer for Los Angeles. “Now, with the game-changing capabilities of Splunk Cloud and Splunk Enterprise Security on AWS, we can proactively assess risks, prioritize and take action against threats, and correct vulnerabilities before they can be exploited.”

By using Splunk Cloud, Lee was able to demonstrate the city’s compliance with many of the cybersecurity standards published by the National Institute of Standards and Technology (NIST) in NIST Special Publication 800-53 (Revision 4). “By helping us to identify vulnerabilities and remediate to mitigate risk, Splunk Cloud directly supports compliance with a third of the controls in the NIST framework,” says Lee, who points out that these controls are not required of non-federal entities. “Not many cities can meet such high security standards, and we’re proud that we’re able to do so.”

Los Angeles achieved all this at a much lower cost than would have been necessary for an on-premises SIEM deployment. “By using Splunk Cloud on AWS, we avoided the hardware investment to host and maintain large security logs and gain anytime-anywhere access to the security dashboard for situational awareness and actionable threat information,” says Ted Ross, chief information officer for the City of Los Angeles.

The Splunk Cloud solution on AWS has transformed the city’s security capabilities, according to Lee. “With a Splunk SIEM solution running on AWS, we have achieved a full-featured, integrated threat intelligence program that is key to helping us fulfill our mission of protecting the city’s digital assets, infrastructure, and the residents and businesses that depend on them.”


Splunk helps public and private sector enterprises gain valuable insights from machine data generated by their websites, networks, IT infrastructures, and communication and other devices. Splunk, an AWS Partner Network (APN) Advanced Technology Partner, AWS GovCloud Skills Partner, AWS Marketplace Seller, and AWS Public Sector Partner Program member, has more than 13,000 customers in 110 countries that use Splunk software to mitigate security vulnerabilities, improve service levels, support compliance, reduce operations costs, strengthen DevOps collaboration, and create new products and services. Splunk has about 2,700 employees and is based in San Francisco.  

For more information, contact Splunk through its listing on the APN Partner Solution Finder or visit its website.

Learn more about Big Data, Analytics, and Business Intelligence (BI) on AWS.