An update on our integration that keeps SOC teams on track.
Following our recent look at the benefits of our Splunk integration, we wanted to share a more detailed look at our integration.
As we know, segmentation is a foundational part of modern defense-in-depth to protect data center and cloud environments from east-west traversal attacks – and it is often managed by security operations (SecOps). SecOps teams usually partners with IT operations teams and network teams, as well as auditors, who also leverage the same tools for different use-cases.
SecOps teams have several challenges when executing their mission e.g. information overload, alert fatigue, event management, lack of documented process, etc. Use of technologies such as SIEMs (e.g., Splunk) help to alleviate the challenges they face. Additionally, integrations from vendors like Illumio help to reduce these challenges further, as they provide a laser focus on SecOps' needs and actively strive to reduce the noise overload that such teams face.
In other cases, IT operations team are charged with managing Illumio software on workloads, but may not have access to the Illumio PCE console. By using Splunk, IT operations teams can monitor the status of Illumio software and other messages generated from workloads directly from Splunk when using the Illumio integration.
Similarly, Splunk can be a central repository for both Illumio generated traffic flows of all communication between workloads, and long term workload management data. Using Splunk, audit teams can gather necessary evidence for audits, such as PCI or SWIFT.
To provide confidence in this joint solution, Illumio undertook a rigorous certification process to ensure that Illumio Adaptive Security Platform works with Splunk Enterprise Server and Splunk Enterprise Security. Splunk examined the app for adherence to the best practices for Splunk platform development, and the company also reviewed the source code for security vulnerabilities and adherence to a strict set of criteria. As a result, Illumio App for Splunk and Technology Add-on for Illumio have both been certified by Splunk and any further updates to the app are subject to the same rigor.
For a deeper look at how we deliver the key benefits, please download our data sheet.