EARLY THREAT DETECTION & INTELLIGENT ALERTS – File Transmissions

Monitor File transmission for Anomalous activities

A leading banking and financial services company uses Splunk to monitor its File transmission (both inbound & outbound) logs to identify potential threats and Vulnerable systems

CHALLENGES

  • Thousand files/protocol types to report/act on
  • File transmission status, Suspicious File Uploads, User anomalous activities, Compromised accounts
  • Troubleshooting required manual login to multiple systems to identify root cause for transmission failures/abnormal behaviour
  • Monitor and Manage SLAs for several thousand File transmissions

SOLUTIONS

  • Centralized File Transmission tracker dashboard for global file transmissions with user interactive drill downs that tracks transmission time, status, file format, file size, etc.
  • Alerts on Suspicious File Uploads – Splunk matches logs with allowed file formats for malicious activity.
  • Infosecurity dashboard to track User Anomalous Activity across the globe using Machine Learning techniques and interactive visualizations such as: Choropleth/Clustermaps
  • Automated alerting setup for File Transmission SLA management: Proactive and Reactive alerts if a SLA is missed or about to be missed

BENEFITS

  • Improved Security Posture – Early Threat detection and response
  • Reduced Cycle time (improved MTTR) and cost savings
  • Improved File Transmission SLAs
  • Single UI with End-to-End view of system depicting File transmission status in real-time

Monitored Systems/Data Sources: Centralized File transmission servers (10,000+ files), No. of Transmission Protocols – 14

Users: Operations Team, Information Security Team

Product: Splunk Enterprise