Customer

  • Multinational Pharmaceutical and Biotechnology Corporation
  • Over $80 billion in revenue and 80,000 employees

Problem

  • Current SIEM has no additional capacity to take on more security events
  • Challenges controlling sudden increases in logging volumes
  • Not all indexed events provide value to the security team

Solution

  • Implemented Cribl Stream to interface with the data before sending to SIEM
  • Removed duplicate and low-value security events from data going to SIEM
  • Re-formatted data into Key-Value pairs for improved search efficiency
  • Added additional security events for increased visibility

Result

  • Customer significantly reduced log volumes
  • Increased security visibility from the addition of other valuable security events
  • Greatly improved search performance
  • Seamless changes to end users of the SIEM
  • Full control over data stream going into SIEM