Case Study: City of Los Angeles, CA achieves citywide real-time threat intelligence and an integrated SOC with Splunk

City of Los Angeles Integrates Real-Time Security Intelligence Sharing Across 40+ City Agencies

The City of Los Angeles, with more than 40 agencies, 35,000 employees and over 100,000 endpoints generating millions of security events daily, faced fragmented security tools and slow, manual log correlation that left the city with limited situational awareness and threat intelligence. Following a mayoral directive to improve cybersecurity, the city sought a scalable, cloud-based SIEM to consolidate logs, prioritize threats and enable faster incident response while minimizing administrative overhead.

Los Angeles deployed Splunk Cloud and Splunk Enterprise Security to normalize and analyze raw logs via encrypted, compressed forwarders and customizable dashboards, creating an integrated, citywide SOC. The solution delivered real-time threat intelligence and forensic capabilities, enabled information sharing with federal partners, and produced measurable outcomes: continuous 24/7 surveillance, stronger protection of critical assets, proactive threat mitigation, reduced operational costs and preserved public trust.

City of Los Angeles, CA

Timothy Lee

Chief Information Security Officer