Customers are at the center of everything we do at Splunk and security is our top priority. On top of a series of new and improved capabilities, Splunk platform now ships with an improved security posture. Splunk is committed to helping customers identify and remediate security issues, including providing advisories and patches for any vulnerability considered “Critical” or “High”. Splunk remains hyper-vigilant and focused on outstanding customer experiences and outcomes.
So what are the updates and how can you learn more? Splunk Enterprise 9.0 specifically includes three new security features, a series of automatically implemented security settings, and addresses eight security vulnerabilities with fixes that go deeper than just "patching" Splunk, focused on intra-Splunk transport layer security (TLS), securing deployment server & forwarders, securing app development, and added search processing language (SPL) safeguards.
New or Enhanced Security Features:
- *New* Splunk Assist - a single place to monitor your Splunk Enterprise deployment and see recommendations to improve your security posture.
- *Enhanced* Upgrade Readiness App - Easily identify apps impacted by Python 3.0 certificate validation and access step by step upgrade guidance.
- *New* Smart Card Authentication - Splunk will now support multi-factor authentication (MFA) Common Access Card cryptographic certificates issued by the US DoD as a form of authentication natively.
Automatically Implemented Security Updates Settings
- Improved dashboard security with sanitization on input fields
- Increased control for admins with greater Splunkd Roles and Capabilities restriction options
- Enhancements to third-party packages including Node.js, OpenSSL, and many more
- Easier risk management with user-friendly SPL safeguards
- Role-based filtering
Security Advisories to Take Action On (for June 2022)
- Intra-Splunk Transport Layer Security (TLS) is a best practice to implement for any application that communicates over the public network. The three available updates in Splunk Enterprise 9.0 enable you to configure TLS at the right time for your business (ISVC-2022-0602, SVD-2022-0603, SVD-2022-0606).
- Securing forwarders and deployment servers is important to the security of your overall Splunk deployment. These three updates enable you to apply stronger security at the forwarder (SVD-2022-0605, SVD-2022-0607) as well as between the deployment server and forwarder (SVD-2022-0608).
- Securing the app model is important to the security of your overall Splunk deployment as apps are considered part of your trust boundary. This update enables you to apply stronger security between the application and your Splunk system (SVD-2022-0601).
- Splunk search processing language (SPL) is powerful, with great power comes great responsibility. This update makes it possible to more fully safeguard against edge case scenarios for data exfiltration and arbitrary code execution using SPL (SVD-2022-0604).
We encourage you to prioritize security by addressing these advisories and upgrade to Splunk Enterprise 9.0 today! For more details and guidance on next steps, please watch our Tech Talk - Improve Your Security Posture, explore Splunk Lantern for upgrade assistance, view our FAQ, and subscribe to our Product Security Page to get timely updates on all of our advisories.
Still have questions? Please ask any technical clarifications on our Answers forum.
Judith - Platform Product Marketing Manager