Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Improve Your Security Posture

judithsr
Splunk Employee
Splunk Employee

Customers are at the center of everything we do at Splunk and security is our top priority. On top of a series of new and improved capabilities, Splunk platform now ships with an improved security posture. Splunk is committed to helping customers identify and remediate security issues, including providing advisories and patches for any vulnerability considered “Critical” or “High”. Splunk remains hyper-vigilant and focused on outstanding customer experiences and outcomes.

So what are the updates and how can you learn more? Splunk Enterprise 9.0 specifically includes three new security features, a series of automatically implemented security settings, and addresses eight security vulnerabilities with fixes that go deeper than just "patching" Splunk, focused on intra-Splunk transport layer security (TLS), securing deployment server & forwarders, securing app development, and added search processing language (SPL) safeguards.

New or Enhanced Security Features:

  • *New* Splunk Assist - a single place to monitor your Splunk Enterprise deployment and see recommendations to improve your security posture.
  • *Enhanced* Upgrade Readiness App -  Easily identify apps impacted by Python 3.0 certificate validation and access step by step upgrade guidance.
  • *New* Smart Card Authentication - Splunk will now support multi-factor authentication (MFA) Common Access Card cryptographic certificates issued by the US DoD as a form of authentication natively.

Automatically Implemented Security Updates Settings

  • Improved dashboard security with sanitization on input fields 
  • Increased control for admins with greater Splunkd Roles and Capabilities restriction options
  • Enhancements to third-party packages including Node.js, OpenSSL, and many more
  • Easier risk management with user-friendly SPL safeguards
  • Role-based filtering

Security Advisories to Take Action On (for June 2022)

  • Intra-Splunk Transport Layer Security (TLS) is a best practice to implement for any application that communicates over the public network. The three available updates in Splunk Enterprise 9.0 enable you to configure TLS at the right time for your business (ISVC-2022-0602, SVD-2022-0603, SVD-2022-0606).
  • Securing forwarders and deployment servers is important to the security of your overall Splunk deployment. These three updates enable you to apply stronger security at the forwarder (SVD-2022-0605, SVD-2022-0607) as well as between the deployment server and forwarder (SVD-2022-0608).
  • Securing the app model is important to the security of your overall Splunk deployment as apps are considered part of your trust boundary. This update enables you to apply stronger security between the application and your Splunk system (SVD-2022-0601).
  • Splunk search processing language (SPL) is powerful, with great power comes great responsibility. This update makes it possible to more fully safeguard against edge case scenarios for data exfiltration and arbitrary code execution using SPL (SVD-2022-0604).

We encourage you to prioritize security by addressing these advisories and upgrade to Splunk Enterprise 9.0 today! For more details and guidance on next steps, please watch our Tech Talk - Improve Your Security Posture, explore Splunk Lantern for upgrade assistance, view our FAQ, and subscribe to our Product Security Page to get timely updates on all of our advisories.

Still have questions? Please ask any technical clarifications on our Answers forum.

Judith - Platform Product Marketing Manager

vinz2020
Engager

Thank you for the information.

Any plan to have those security patches available on Splunk 8.2 ?

Like everyone, I am not in a hurry mode applying new 9.0.0 major release. Major release upgrade is not something we can perform in a few clicks.

VatsalJagani
Super Champion

@vinz2020 - Currently it's not available in 8.2. Chris created an idea for that - https://ideas.splunk.com/ideas/EID-I-1503 

Get Updates on the Splunk Community!

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...