Government Agency Implements Secure Splunk Data Aggregation

Resources Government Agency Implements Secure Splunk Data Aggregation

Government Agency Implements Secure Splunk Data Aggregation

Company Overview

A major government agency with large, sensitive data stores.

Cybersecurity Challenge

A major government agency needed to efficiently analyze their security alerts to fully observe possible threats, their extent, and to rapidly prioritize them. In order to do this, they planned to aggregate their many subnet inputs into one master Splunk data store where they can apply analytics, machine learning, heuristics, and artificial intelligence.

However, the agency also recognized that the more they aggregated, the higher the sensitivity of the data store, thus they needed to upgrade the Splunk data store to a very secure posture. This meant both isolating the data store from possible threats, and implementing a highly-controlled mechanism for data aggregation.

Solution Requirements:

Secure the Splunk data store from external cyber threats
Transfer multiple data types simultaneously
Enable data inspection and filtering from untrusted to trusted environment
Provide failover, high-availability, and load-balancing capabilities
Include scalable architecture for additional volume or data types as needed

Use Case | Before

Solution

Due to their highly reliable and secure hardware-enforced nature, Owl cross domain solutions (OCDS) were identified as an ideal protection and data transfer mechanism for the Splunk data store. Designed to transfer data only one-way and with built-in filtering and data verification, OCDS products integrate seamlessly with the Splunk data store, enabling many-to-one data ingestion capability, with optional high availability configurations.

The OCDS optical separation provides an unhackable means to prevent any network-based probing or unauthorized entry into the data store. With industry-leading bandwidth and the capability to operate with multiple devices in tandem, the agency can support a multitude of data streams into storage.

Use Case | After

Results

Provided effective and network segmentation between subnet inputs and the Splunk data store
Enabled high-availability, one-way, deterministic data flows into the Splunk data store
Mitigated external threats to the data store through the ingestion data paths
Facilitated analytical insights into security events and alerts

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Government Agency Implements Secure Splunk Data Aggregation

Government Agency Implements Secure Splunk Data Aggregation

Company Overview

Cybersecurity Challenge

Solution

Results

DOWNLOAD RESOURCE ↓

Request Information