Skip to main content
false

Splunk Intelligence Management Security Policy

Security Policy:

Last Updated:July 15 2020

Effective:  January 11, 2018

 

We're a security company that manages important information from our customers. Security is a fundamental expectation for our product, services and our team members.

 

Personnel Practices

We perform background checks on employees prior to starting with our company. During onboarding, new employees review and sign our company security policy and confidentiality agreements. Employees are responsible for reviewing and agreeing to all future updates to both policies.

 

Employee Access

Access to sensitive data is tightly controlled and provided to employees on need-to-know basis that implements strong least-privilege access. Logins are protected using two-factor authentication and all administrator activity is logged to our centralized logging and monitoring system which is configured to generate alerts of unauthorized behavior.

 

Customer Data

Our customer data is our most critical asset and we enforce strict controls for its access, backup and retention. Customer data is only stored in our production infrastructure, it is never used in testing / staging environments or stored on employee devices. Customers who are past their contractual expiration date or who otherwise exit the service will have their user credentials and their API access keys revoked, and their data removed from the production environment within 60 days of notice or contract expiration. Employee access to customer data is exclusively for maintenance, credentialing, and support, is routinely audited, and based on need to know criteria. 

 

Data Encryption

Customer information is protected using strong encryption during transmission across the Internet and while at rest on our servers. All Internet communications to our service use HTTPS/TLS with strong algorithms and unique certificates. Data at rest is encrypted using AES-256, with decryption keys stored using guidelines consistent with NIST 800-57 and FIPS 140-2 algorithms.

 

Infrastructure Protection

Our infrastructure is hosted on AWS, allowing us to leverage their exceptional security controls for physical access, network protection and configuration control. Our deployment uses isolated virtual private cloud networks that are further segmented by internal security groups. Access for cloud configuration requires two-factor authentication. All changes to the infrastructure are logged and monitored.

 

Host Management

Our computer systems are configured to perform automatic security patching wherever possible to limit their exposure to new security vulnerabilities. Employee computers are secured according to our computer lockdown process, which is regularly updated to make sure new security features are enabled. Our online servers are regularly scanned for security issues and updated to ensure that they comply with our security requirements.

 

Logging

System activity on our cloud infrastructure is logged to a centralized logging and monitoring system. This allows our engineers to keep an eye on the overall health of the system and provides a mechanism to quickly identify and alert on security issues. Security alerts are configured to alert both our security team as well as the engineer responsible for the system reporting the problem, allowing them to work together as part of the incident management process.

 

Incident Management

We maintain, review and periodically update our incident management and response plan. The plan gives us a structured process for efficiently verifying, mitigating, and responding and recovering from security incidents. In addition, technical teams build and maintain specialized security detection and response capabilities that are tailored to the technologies they control.

 

External Security Audits

We put a lot of effort into our security and use third party reviewers to periodically kick the tires. The audit process is useful for testing our detection and response capabilities as well and surfacing security issues. The audit process includes reviews of both our online / internal infrastructure as well as reviews of our internal processes and procedures.

 

Contact Us

To report a vulnerability to Splunk Security, please fill out the submission form below. If you prefer not to use the form, email prodsec@splunk.com.

 

The form routes to Splunk Security through the Bugcrowd managed platform, which requires creating an account on Bugcrowd to claim the submission. Splunk's Responsible Disclosure program does not offer monetary rewards. By submitting your report, you agree to the Splunk Website Terms & Conditions of Use.

 

https://www.splunk.com/en_us/product-security/report.html#professional-security-researchers