A major North American manufacturer with global operations was undergoing rapid expansion through acquisition. While these acquisitions were critical to the growth of the organization, they introduced new security risks and added complexity as IT leaders were faced with integrating new people, practices, and policies.
The traditional anti-virus prevention approach to security was no longer adequate and the client was frustrated with their lack of a cohesive approach to security. They understood steps needed to be taken to implement a response based security operation with increased focus on monitoring and additional response preparedness.
While most companies focus on preventing attacks at the edge of the network, this manufacturer was interested in working with us to develop an approach that put more emphasis on security monitoring and response.
We brought in a team of security experts to work with the customer to develop an effective security strategy. “We believe that the traditional approach to security needs to change. Even some of the largest organizations with extensive security budgets have been compromised,” said Ryan Wilson, Chief Security Advisor at Scalar.
We believe that the traditional approach to security needs to change. Even some of the largest organizations with extensive security budgets have been compromised.
The client opted for a managed security information and event management solution (Managed SIEM) which provides real time analysis of log file data from any number of endpoints. The Splunk App for Enterprise Security was deployed, providing constant monitoring at the many edges of the network, as well as the internal activity behind the firewalls and front lines. When threats are detected, a team of trained professionals are available to recognize an attack, quarantine infected machines, and close the threat permanently. This team monitors the environment on a 24 x 7 x 365 basis, responding and reacting rapidly, cutting off attacks before they can do real damage. At the client’s request, they were able to leverage their traditional infrastructure stack, whereby they own the hardware, while we monitor the SIEM system via a VPN tunnel.
SIEM is an ever evolving tool based on the amount of data it collects over time – it is like a net that just keeps getting tighter and tighter around the environment. There are always holes that need to be plugged. Once a pattern of activity is recognized, we use that information to create new rules to block that issue from happening again
With a successful pilot project implemented and running for all North American locations, the service is now being deployed across the global operation in two additional continents. Reporting continues to evolve with the development of comprehensive custom dashboards that provide live interactive views that can be accessed on demand.