Customer

  • Publicly traded commercial bank 
  • $9 billion in revenue and 27,000 employees

Problem

  • Security gaps, as existing SIEM unable to provide visibility into cloud services
  • Hundreds of use cases needed to be migrated to Splunk
  • Minimal Splunk experience on the existing team

Solution

  • Conducted a Security Workshop to determine requirements for new use cases
  • Architected the new Splunk SIEM environment and performed the migration
  • Consolidated alerts and improved query efficiency
  • Sent IOCs (indicators of compromise) to Splunk SOAR

Result

  • Zero downtime during migration
  • Optimized security alerts, freeing up resource and increasing use case coverage
  • Transitioned from manual to automated incident handling using Splunk SOAR
  • Improved customer maturity, allowing for Machine Learning and Risk Based Alerting