at Financial Technnology Year
This content is provided by FinTechBenchmarker.com who are responsible for the content. Please contact them if you have any questions.
Splunk Enterprise Security from Splunk
A SIEM solution that provides security analytics, advanced threat detection, and incident management capabilities. Features include user behavior analytics, threat intelligence integration, and compliance reporting specifically designed for banking regulatory frameworks.
Product analysis by function
Cybersecurity Solutions for IT and Infrastructure
Systems that protect the bank's information assets from cyber threats and ensure secure banking operations.
More Cybersecurity Solutions
More IT and Infrastructure ...
Access Control
(8 Yes /8 Known /11 Possible features)
|
Multi-factor Authentication Requires multiple forms of verification before granting access. |
Splunk ES supports multi-factor authentication via integrations with common IdPs and SSO providers as part of its enterprise security posture. | |
|
Role-Based Access Control Grants permissions based on user roles and responsibilities. |
Role-based access control is a core capability in Splunk Enterprise Security, enforcing granular permission controls. | |
|
Single Sign-On (SSO) Allows users to authenticate once for multiple applications. |
Single Sign-On (SSO) is supported through SAML-based integrations and third-party identity providers. | |
|
Access Logging Records all access attempts for audit trails. |
Splunk keeps detailed access logs for audit and compliance, with logs searchable and reportable within the platform. | |
|
Privileged Account Management Controls and monitors elevated permissions. |
Privileged Account Management is provided via granular admin roles and support for least-privilege policies. | |
|
User Session Timeout Automatically terminates inactive sessions. |
Session timeouts and automatic logoff policies can be configured in Splunk ES. | |
|
Device Whitelisting Restricts access to approved devices only. |
No information available | |
|
Granular Permission Levels Supports fine-grained permissions per function. |
Permission levels in Splunk can be customized to a fine granularity for different dashboard and search capabilities. | |
|
API Key Management Secures and controls access to APIs. |
API keys and tokens can be managed for external integrations following best security practices. | |
|
Geolocation-based Access Restrictions Limits access based on user's physical or network location. |
No information available | |
|
Number of Supported Authentication Methods The total number of different authentication methods available (e.g., biometric, SMS OTP, hardware key, etc.). |
No information available |
Data Protection
(4 Yes /4 Known /10 Possible features)
|
End-to-End Encryption Encrypts data during all states and transfers. |
Data is encrypted in transit (TLS) and encryption at rest is supported via Splunk best practices documentation. | |
|
Database Encryption Encrypts stored data in databases. |
Splunk supports data-at-rest encryption for indexed data with appropriate configuration. | |
|
File Integrity Monitoring Detects unauthorized changes to critical files. |
No information available | |
|
Data Masking Obfuscates sensitive data in non-production environments. |
No information available | |
|
Tokenization Replaces sensitive information with random tokens. |
No information available | |
|
Data Loss Prevention (DLP) Prevents unauthorized data transfer or loss. |
No information available | |
|
Data Backup Frequency Frequency at which backups of critical data are performed. |
No information available | |
|
Audit Logging Maintains comprehensive logs of data access and changes. |
Splunk maintains detailed audit logs for both access and data changes; these are a core component of its compliance modules. | |
|
Automated Key Rotation Automatically rotates cryptographic keys at defined intervals. |
No information available | |
|
Retention Policy Management Controls how long data is kept and when it is deleted. |
Data retention policies are configurable in Splunk; admins can set rules for data expiry. |
Network Security
(1 Yes /4 Known /10 Possible features)
|
Firewall Provides perimeter security by filtering incoming and outgoing network traffic. |
Not as far as we are aware.* Splunk itself is an analytics and SIEM solution and is not directly a firewall but can monitor and ingest logs from firewalls. | |
|
Intrusion Detection System (IDS) Monitors and detects malicious network activity. |
Not as far as we are aware.* Splunk can aggregate IDS logs centrally, but is not a standalone IDS. | |
|
Intrusion Prevention System (IPS) Blocks and prevents detected threats. |
Not as far as we are aware.* Splunk does not act as an IPS but can ingest data from IPS devices. | |
|
Virtual Private Network (VPN) Secures remote access to banking resources. |
No information available | |
|
Network Segmentation Divides the network into separate zones for better security. |
No information available | |
|
Distributed Denial of Service (DDoS) Protection Detects and mitigates DDoS attacks. |
No information available | |
|
Deep Packet Inspection Examines traffic for threats beyond simple packet headers. |
No information available | |
|
Encrypted Network Traffic Ensures all internal and external communication is encrypted. |
All communications to and from Splunk (web, API) use HTTPS/TLS encryption. | |
|
Bandwidth Monitoring Monitors bandwidth utilization for anomalies. |
No information available | |
|
Network Traffic Analysis Capability The number of simultaneous connections that can be analyzed. |
No information available |
Threat Detection and Response
(6 Yes /6 Known /10 Possible features)
|
Security Information and Event Management (SIEM) Aggregates, analyzes, and alerts on security events. |
Splunk ES is categorized as a SIEM and has comprehensive security event collection, aggregation and analysis. | |
|
Automatic Threat Remediation Responds to detected threats without manual intervention. |
No information available | |
|
Real-time Alerting Notifies security personnel immediately upon threat detection. |
Splunk ES provides real-time alerting with customizable rules as a core SIEM function. | |
|
Threat Intelligence Integration Ingests external threat intelligence feeds. |
Threat intelligence feed integration (e.g., MISP, STIX/TAXII) is a highlighted feature. | |
|
Incident Response Playbooks Provides pre-defined procedures for common security incidents. |
Incident Response Playbooks are supported via Splunk Phantom/SOAR integration. | |
|
Threat Simulation and Red Team Testing Supports simulated attacks for evaluation. |
Red-teaming and threat simulation integrations exist via Phantom/SOAR and third-party tools. | |
|
False Positive Rate The percentage of security alerts that are determined to be benign. |
No information available | |
|
Time to Detect Average time between threat occurrence and detection. |
No information available | |
|
Time to Respond Average time between detection and mitigation. |
No information available | |
|
Automated Compliance Reporting Generates regulatory and incident response reports automatically. |
Splunk ES automates compliance reporting as part of its regulatory compliance features. |
Endpoint Security
(0 Yes /0 Known /10 Possible features)
|
Endpoint Detection and Response (EDR) Monitors endpoints for threats and suspicious activity. |
No information available | |
|
Anti-malware Protection Prevents malicious software from infecting endpoints. |
No information available | |
|
Device Control Restricts usage of external devices like USB drives. |
No information available | |
|
Patch Management Automates the distribution of security updates. |
No information available | |
|
Mobile Device Management (MDM) Secures and manages mobile endpoints. |
No information available | |
|
Remote Wipe Capability Erases data from lost or stolen devices remotely. |
No information available | |
|
Application Whitelisting/Blacklisting Controls which applications can be installed or run. |
No information available | |
|
Endpoint Isolation Allows quick quarantine of compromised devices. |
No information available | |
|
Number of Devices Supported Maximum number of endpoints protected by the solution. |
No information available | |
|
Endpoint Policy Enforcement Automatically enforces security policies on all endpoints. |
No information available |
Fraud Detection and Prevention
(6 Yes /8 Known /10 Possible features)
|
Behavioral Analytics Analyzes user behavior for anomalies indicative of fraud. |
Splunk User Behavior Analytics (UBA) leverages machine learning for behavioral analytics to spot anomalous activity. | |
|
Transaction Monitoring Monitors transactions in real time for suspicious patterns. |
Real-time transaction monitoring is a core function for fraud, anomaly, and threat detection. | |
|
Machine Learning Models Uses AI models to identify emerging fraud techniques. |
UBA in Splunk ES uses machine learning to detect emerging patterns and anomalies. | |
|
Geolocation Verification Checks if transactions originate from expected regions. |
Not as far as we are aware.* Geolocation can be parsed from data logs but not enforced natively. | |
|
Device Fingerprinting Identifies repeat or suspicious devices. |
Not as far as we are aware.* Device fingerprinting is not a native function but could be implemented with custom pipelines. | |
|
Case Management Tracks fraud investigation from detection to closure. |
Case management is present for tracking and managing notable events and incidents. | |
|
Rule-based Alerts Generates alerts based on pre-set fraud rules. |
Splunk ES supports customizable rule-based alerts for various scenarios. | |
|
False Positive Rate Percentage of transactions erroneously flagged as fraud. |
No information available | |
|
Detection Speed Average time taken to detect suspicious activities. |
No information available | |
|
Integration with Core Banking Systems Supports real-time integration with existing banking infrastructure. |
Splunk ES is highly integrable with core banking and other real-time systems for security and compliance monitoring. |
Application Security
(6 Yes /6 Known /10 Possible features)
|
Web Application Firewall (WAF) Protects web applications from common exploits. |
No information available | |
|
Vulnerability Scanning Regularly scans for known security weaknesses. |
Splunk provides vulnerability scan data ingestion and alerting when paired with vulnerability management tools. | |
|
Secure Coding Standards Enforcement Ensures adherence to secure development practices. |
No information available | |
|
Regular Penetration Testing Conducts simulated attacks to find weaknesses. |
Regular penetration testing data can be ingested and tracked within Splunk, though Splunk does not conduct pen testing itself. | |
|
Automated Patch Deployment Deploys application security patches automatically. |
Splunk supports automated deployment of updates and patches via scripted deployment automation. | |
|
Code Obfuscation Makes application source code harder to reverse-engineer. |
No information available | |
|
Session Management Security Protects active user sessions against hijacking. |
Session management and expiry controls can be configured and monitored via logs and user sessions. | |
|
API Security Controls Protects and monitors API endpoints. |
API endpoints are protected and monitored within the platform with dedicated security modules. | |
|
Number of Supported Programming Languages The range of programming frameworks or languages natively supported for secure app development. |
No information available | |
|
Dynamic Application Security Testing (DAST) Integration Integrates tools for runtime security testing of applications. |
Security testing tool integration is supported for DAST via app store and APIs. |
Regulatory Compliance
(9 Yes /9 Known /10 Possible features)
|
Prebuilt Compliance Reporting Offers reports tailored for key banking regulations. |
Prebuilt compliance reporting includes templates for PCI DSS, SOX, GDPR etc, tuned for the banking sector. | |
|
Automated Policy Management Automates the application and monitoring of compliance policies. |
Policy management automation is built-in for regulatory workflows and alert rules. | |
|
Audit Trail Management Maintains immutable logs for audit purposes. |
Splunk keeps immutable audit trails through indexed log storage. | |
|
Regulatory Change Monitoring Tracks changes in relevant regulations and standards. |
Splunk provides apps and integrations for monitoring regulatory changes (e.g., with GRC platforms). | |
|
Self-assessment Tools Allows internal audits for compliance readiness. |
Splunk provides support for internal audits and self-assessments through custom queries and reporting. | |
|
Compliance Workflow Automation Automates workflows to meet compliance requirements. |
Splunk orchestration and workflow automation features extend to compliance task workflows. | |
|
Data Residency Controls Specifies where data can be stored based on regulations. |
Splunk Cloud and Enterprise support data residency control based on region and regulatory needs. | |
|
Regulatory Coverage Number of major regulations covered out-of-the-box. |
No information available | |
|
Retention Policy Automation Automatically applies data retention and deletion policies. |
Automated retention policy enforcement is included in index management capabilities. | |
|
Secure Document Management Secure storage and retrieval of compliance documentation. |
Secure, encrypted storage and controlled access to compliance and supporting documentation is available. |
Identity and Access Management (IAM)
(9 Yes /9 Known /10 Possible features)
|
Centralized User Directory Maintains a single source of truth for user authentication. |
Centralized user directory integration is standard, supporting LDAP/Active Directory. | |
|
Self-service Password Reset Allows users to reset passwords without admin assistance. |
Self-service password reset is available through authentication provider integrations. | |
|
User Provisioning and Deprovisioning Automates onboarding and offboarding staff access. |
Automated provisioning/deprovisioning is possible when connected to Identity Providers (IdP). | |
|
Federated Identity Support Allows use of external identity providers (SAML, OAuth, etc.). |
Federated identity (SAML, OAuth, etc.) is natively supported for enterprise deployments. | |
|
Access Certification Regularly reviews and certifies user privileges. |
Access certification and review is available via reports and automated workflows. | |
|
Credential Encryption Ensures user credentials are encrypted at rest and in transit. |
Credential encryption is enforced in-transit and at-rest conforming to industry standards. | |
|
Group Management Supports management of user groups and access policies. |
Group-based user management is available when integrating with AD/LDAP. | |
|
Identity Federation Integrations Number of external identity federations supported. |
No information available | |
|
Password Policy Enforcement Automatically applies strong password requirements. |
Password complexity and rotation requirements can be enforced via authentication backend. | |
|
User Access Review Automation Automates periodic reviews of user access rights. |
Automated access reviews can be generated using dashboard metrics, reports, and scheduled tasks. |
Monitoring and Reporting
(8 Yes /8 Known /10 Possible features)
|
Real-time Dashboards Visualizes live security and system data. |
Splunk ES provides real-time dashboards for security, system, and compliance KPIs. | |
|
Customizable Reports Allows users to define and schedule security and compliance reports. |
Users can build custom reports, schedule them, and export results as required. | |
|
Alert Threshold Customization Enables setting of specific alert thresholds. |
Alert thresholds are highly configurable per use-case. | |
|
Historical Data Retention Keeps historical security data for analysis. |
Historical data can be retained as per regulatory and business needs, configurable in storage policies. | |
|
Audit Log Integration Centralizes logs from various sources. |
Logs from various sources are collected and normalized for cross-system analytics. | |
|
Automated Reporting Frequency How often reports are automatically generated. |
No information available | |
|
User Activity Monitoring Tracks user activities for policy violations. |
User activities are monitored for policy and compliance violations. | |
|
Custom Alert Channels Supports multiple channels for alerting (email, SMS, app). |
Splunk ES supports alerting through a variety of connectors and channels: email, webhooks, messaging apps. | |
|
Third-party Log Integration Integrates with external log and monitoring providers. |
Splunk integrates with numerous third-party log sources and monitoring tools for a unified SIEM view. | |
|
Report Retention Period Length of time reports are stored and accessible. |
No information available |
Resilience and Recovery
(4 Yes /4 Known /10 Possible features)
|
Disaster Recovery Planning Provides tools for planning and testing disaster recovery. |
Disaster recovery planning modules and documentation are provided as part of Splunk deployment best practices. | |
|
Business Continuity Management Ensures continued operations during disruptions. |
No information available | |
|
Automated System Failover Automatically switches to backup systems on failure. |
No information available | |
|
Backup and Restore Automation Automates data and system backup/restore processes. |
Backup and restore can be automated via Splunk deployment automation and scripted IT workflows. | |
|
Ransomware Recovery Supports fast recovery from ransomware attacks. |
No information available | |
|
Recovery Time Objective (RTO) Target time to restore function after disruption. |
No information available | |
|
Recovery Point Objective (RPO) Maximum acceptable amount of data loss after an incident. |
No information available | |
|
Resilience Testing Support Enables regular testing of resilience and recovery plans. |
Splunk provides support for scheduled and ad-hoc resilience testing. | |
|
Automated System Health Checks Monitors backup and resilience readiness automatically. |
Automated health checks are a core part of Splunk's deployment and monitoring stack. | |
|
Service Level Agreement (SLA) Monitoring Tracks compliance with recovery SLAs. |
No information available |
This data was generated by an AI system. Please check
with the supplier. While you are talking to them, remind them that they need
to update their entry.