© 2023 SPLUNK INC.

Splunk
Compliance
Essentials

Dakshita Oli
Partner Sales Engineer
 03.10.22-15:28

Forward- This presentation may contain forward-looking statements regarding future events, plans or the
expected financial performance of our company, including our expectations regarding our products,

Looking
technology, strategy, customers, markets, acquisitions and investments. These statements reflect
management’s current expectations, estimates and assumptions based on the information currently
available to us. These forward-looking statements are not guarantees of future performance and

Statements involve significant risks, uncertainties and other factors that may cause our actual results, performance
or achievements to be materially different from results, performance or achievements expressed or
implied by the forward-looking statements contained in this presentation.
For additional information about factors that could cause actual results to differ materially from those
described in the forward-looking statements made in this presentation, please refer to our periodic
reports and other filings with the SEC, including the risk factors identified in our most recent quarterly
reports on Form 10-Q and annual reports on Form 10-K, copies of which may be obtained by visiting
the Splunk Investor Relations website at www.investors.splunk.com or the SEC's website at
www.sec.gov. The forward-looking statements made in this presentation are made as of the time and
date of this presentation. If reviewed after the initial presentation, even if made available by us, on our
website or otherwise, it may not contain current or accurate information. We disclaim any obligation to
update or revise any forward-looking statement based on new information, future events or otherwise,
except as required by applicable law.
In addition, any information about our roadmap outlines our general product direction and is subject to
change at any time without notice. It is for informational purposes only and shall not be incorporated
into any contract or other commitment. We undertake no obligation either to develop the features or
functionalities described, in beta or in preview (used interchangeably), or to include any such feature
or functionality in a future release.

Splunk, Splunk> and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries.
All other brand names, product names or trademarks belong to their respective owners. © 2023 Splunk Inc. All rights reserved.
 © 2023 SPLUNK INC.

Agenda • Understanding Compliance.

• Why Compliance/Frameworks?

• Challenges.

• Splunk One-Stop-Shop for all

Compliances.

• Splunk for CMMC.

• Splunk for PCI.

 © 2023 SPLUNK INC.

Compliance 101
• Goal of compliance is typically to protect sensitive information.
• Make sure it is not stolen, misused, or altered, and is always available
• Many regulations to comply with, often overlap & a framework is used

PCI

HIPPA
CMMC
NIST

FISMA GDPR

ISO27001/2
 © 2023 SPLUNK INC.

Compliance 101 cont.

• Technical & non-technical controls are required for each regulation/framework
• Technical controls include multiple products and here is where
Splunk/SIEM/Automation is used
• Non-technical controls deal with people & processes
– E.g: Employees sign policy to protect data, incident response plan,
compliance officer, locks on doors
– Not Splunk/SIEM!
• Each regulation is unique with : controls, what data is “in scope”, how long logs
must be retained, how to demonstrate compliance, fines, and more
• Requirements for compliance vary for each org; they determine this, not you!
Compliance is the low bar for security; often just “check the boxes”
 © 2023 SPLUNK INC.

Compliance Demands in a Digital World

Regulations & Control Frameworks
• Data Privacy: California Consumer Privacy Act, EU-GDPR, Australian
Privacy Principles, Canada PIPEDA
• Essential Services: EU-NIS (Critical National Infrastructure), NERC
CIP, Israel CIP
• Industry Focused: PCI, SOX, HIPAA
• Guidelines and Control Frameworks: CMMC, CISA directives,
ISO27001, CIS20, NIST SP800-53, NIST CSF, ASD Top 35

Customers
• Expect Trust , transparency and security
• Easier to move to competitors than ever before
www.dlapiperdataprotection.com
Businesses
• Mitigate emerging threats
• Align with developing regulations • Address emerging threats
• Evolve with changing business needs • Address developing regulations
• Address changing business needs

* Deloitte
 Compliance Core Components
© 2023 SPLUNK INC.

A guide to security best practices

Protect Detect
▪ Safeguarding systems to limit/contain the impact ▪ Assessing the extent that [agencies] are able to discover
of a cyber security event cyber security events in a timely manner
▪ E.g., Devices on the network assessed for ▪ E.g., Intrusion detection/prevention, host-based anti-
vulnerabilities, OS versions, virus/anti-malware, web content filtering,
privileged/unprivileged users, remote authorized/unauthorized hardware and software, etc.
access/authentication, etc.

Identify
▪ Knowing what is in the environment / on the
network (Hardware and software)
▪ E.g., Endpoints, network devices, software assets, Respond
etc.
▪ Ensuring that [agencies] have policies and procedures
detailing how their enterprise will respond to cyber security
events
Recover ▪ Although these are “policies/processes,” they require
▪ Ensuring organizations develop and implement technical data from the environment to support and assess
appropriate activities for resilience […] restoration of the response process
services impaired due to a cyber security event
▪ E.g., Mean time to detect, mean time to contain, automated
▪ Similar to RESPOND, this requires technical data isolation/disablement of infected asset(s)
from the environment to measure and validate
 The Compliance Rut
© 2023 SPLUNK INC.

New Policy, Procedures, Standards Identify

Objectives Inefficient Data Collection & Prep

Compliance Creep
Implement
Measures Silo’d Teams, Implementations

Define Risk,
Reacting to New Business Missions Metrics, KPIs
Incomplete View of Risk
Handle Monitor
Audit Environment

Painstaking Assessments Document Detect Business Disruptions

and Report Violations

Re-evaluate Analyze and

Reputation Loss Processes Prioritize Staff Pulled from Daily Tasks
Identify
Root Cause

Time-Consuming Audits Fix Non- Ad-Hoc Process

Compliance
Costly Penalties Outdated Policy
Modify
Policy
 © 2 0 1©92023
S P LSPLUNK
U N K I NINC.
C.

Aligning key datasets to automate monitoring

of technical controls

Detect
✓ ✓ Intrusion detection/prevention ✓ ✓

✓ ✓ Host-based anti-malware /AV ✓

✓
✓ ✓ Authorized /unauthorized HW/SW ✓

✓ ✓ Web content filtering

 © 2023 SPLUNK INC.

Splunk Compliance
Essentials
A prescriptive approach for continuous monitoring,
improve cybersecurity posture, and address the
requirements of different National Institute of
Standards and Technology (NIST)-based control
frameworks
 © 2023 SPLUNK INC.

Focused, pre-packaged compliance posture

analytics
• Out-of-box solution mapped to technical controls required for Risk Management Framework
(RMF), Cybersecurity Maturity Model Certification (CMMC), Defense Federal Acquisition
Regulation Supplement (DFARS) and the Office of Management (OMB) M-21-31
MEMORANDUM.
• Splunk has packaged prescriptive analytics that align with baseline technical controls in
NIST SP 800-53 rev5 and NIST SP 800-171 rev2
• Deployment services bundled in the package ensure rapid operationalization and fast time to
insights into activity relevant to the security controls.
• Training packaged with the solution ensures that ISSOs and teams responsible for
monitoring information security posture:
• Have the skills necessary to understand and extend the pre-packaged analytics
• Understand their organizational security posture as it evolves over time and
• Proactively drive risk mitigation as the environment changes — raising the overall security
posture of the organization
 Cybersecurity Maturity
© 2023 SPLUNK INC.

Model Certification
(CMMC)
• Designed to enforce protection of sensitive
unclassified information that is shared by the
Department of Defence (DoD) with its contractors
and subcontractors.
• Cybersecurity Maturity Model Certification
requirements include all of DFARS directed
technical controls (NIST SP 800-171) along with
additional controls.
• CMMC requires recurring audits, at least every 3
years, but as frequent as annually for Prime
contractors.
• By 2026, all contractors that do business with the
DoD must comply with CMMC except those who
only handle commercial off-the-shelf software
(COTS).
 © 2023 SPLUNK INC.

How the Splunk for CMMC Solutions

Accelerates Certification Requirements
Leveraging Splunk to get ahead of the curve

Meet Practice Monitor & Track & Advance

Requirements Measure Report Maturity

Meet practices in the Monitor and measure Track and report on Advance capabilities
requiring of analytics, practice performance internal practice with Enterprise or
audit, accountability, across data-driven reviews, audit Splunk Security Suite
monitoring, and controls artifacts, and status
operations
 © 2023 SPLUNK INC.

DEMO
 © 2023 SPLUNK INC.

Goals PCI DSS Requirements

PCI Compliance Build and Maintain a 1.Install and maintain network security controls
Secure Network and 2.Appy secure configurations to all system
System components

3. Protect stored account data

• The PCI Security Standards Council Protect Account Data 4. Protect cardholder data with strong cryptography
during transmission over open, public networks
provides a baseline of technical and
operational requirements designed to 5. Protect all systems and networks from malicious
protect payment account data Maintain a Vulnerability software
Management Program 6. Develop and maintain secure systems and
throughout payment life cycle. software

• PCI DSS has 12 key requirements, 78 7. Restrict access to system components and
cardholder data
base requirements, and 400 test Implement Strong Access 8. Identify users and authenticate access to system
procedures to ensure that organizations Control Measures
components
are PCI compliant. 9. Restrict physical access to cardholder data

10. Log and monitor all access to system

Regularly Monitor and components and cardholder data.
Test Networks 11. Test security of systems and networks
regularly

Maintain an Information 12. Support information security with organizational

Security Policy policies and programs
 © 2021 SPLUNK INC.

Splunk App for PCI

Compliance Use Cases
Produce reports Monitor access
of PCI DSS attempts to
activity PCI assets

Identify
Investigate vulnerabilities
and resolve found on PCI
compliance assets
issues

Notify Monitor traffic

administrators of between PCI
malware found domains
on PCI assets
 © 2023 SPLUNK INC.

The Splunk App for PCI Compliance

Best In Class Streamlined Reports On Prem + Cloud

The Splunk app for Ultra fast capabilities Measure The Splunk App for
PCI Compliance is a to understand cause effectiveness + PCI is available both
Premium App that of non-compliance status of PCI on prem and in the
solves real customer Compliance technical Cloud
use cases controls
© 2023 SPLUNK INC.
 © 2023 SPLUNK INC.

Thank You