Customer

  • Electric Utility Crown Corporation 
  • Over $6 billion in revenue and 6,000 employees

Problem

  • Current SIEM in poor health leading to a lack of security visibility
  • No current expertise in the existing solution or on Splunk
  • Network is tightly locked down leading to challenges for data collection and indexing

Solution

  • Conducted a Security Workshop to identify requirements and security use cases
  • Performed a health assessment on the Splunk environment
  • Implemented performance tuning and remediated items from assessment
  • Worked with customer to index data required to fulfil identified security use cases
  • Migrated and optimized alerts from legacy SIEM to Splunk Enterprise Security

Result

  • Workshop identified security gaps and led to greater internal team collaboration
  • More use cases deployed in the environment for greater security coverage
  • Increased visibility from additional data sources and Splunk Enterprise Security
  • Customer greatly increased their knowledge of Splunk
  • Improved Splunk search performance and increased user adoption