When It Comes to Security of the Platform, We Mean Business. Here's How.

At Splunk, we understand that a secure platform is a trustworthy one. We strive to implement a protected foundation for our customers to turn data into action, and part of that effort is giving you more frequent insight into the security enhancements that we’ve made to the platform. In this blog series, we’ll share the latest enhancements to Splunk Enterprise, review our security features in depth, and explain why these updates are important for you and your organization. WIthout further ado, let’s start things off with a recap of some of the key features you might already know about, and a few that you probably haven’t, since we released Splunk Enterprise version 7.3.

What's Been Happening? 

While we have to hold our cards about the exact changes we’ve made in this space (we are, after all, security-minded), we can say that the platform is even more secure than before. Additionally, we can run off some of the improvements we’ve made to Splunk Web and the administration experience:

• We’ve changed how you access security-related settings. Instead of being buried in the Access Controls menu, you can now access security settings in the Settings menu. Those changes debuted in version 7.3.
• Also beginning in version 7.3, we completely revamped the role management page, to make it easier for you to create, manage, and configure roles. 
• We’ve reconfigured the page for ease of management. You can now manage inheritance, index and capability assignment, resource limits, and search restrictions all in one modal dialog box.
• Speaking of search restrictions: You used to have to edit configuration files for that. Not anymore — the new Restrictions tab now lets you configure those restrictions right in the Splunk Web interface.
• The Search filter generator in this tab lets you create search filters using the fields that the Splunk platform has already indexed. You can even preview the results the search filter returns before you save it!
• You can quickly view the capabilities that a role includes and whether or not those capabilities come from other roles.
• You can also see which indexes a role has access to, and whether or not that access comes natively or from an inherited role.
• To learn more about our updated role management page, see the Splunk Docs topic on adding and managing roles in Splunk Web.
• We’ve revamped the user management page for easier administration:
• You can now directly clone a user from another user.
• We’ve updated the page so that it is more like the updated Roles page, with reduced clutter.
• To learn about our updated user management page, see the Splunk Docs page on adding and editing users.
• I am updating the Securing the Splunk Platform Manual to address some of the pain points that you have communicated to us in various feedback channels with regard to securing Splunk Enterprise. Expect to see quite a number of updates for clarity and consistency there.
  
  

These are only a few of the many security enhancements we have made to the platform. In upcoming posts in this series, we will  continue to spotlight the enhancements we have made, our work to ensure product security, and what we have in mind for the future. Get ready to learn about: 

• Roles UI changes, Search Indexes, and Indexed fields
• Authentication Tokens, the Mobile App, REST API, & SAML
• Meet the Splunk Platform Security Services Team - Who we are & What we do
• Common Criteria Certification
• User Management - Search As
• And more...
  
  

Until then, stay secure, everyone!