A leading Infotech company was looking to achieve enormous growth with Splunk SIEM solution. The company approached Positka, a Splunk Partner in Singapore, for help. Positka worked with them to implement a Splunk SIEM solution that met its specific needs.
Key challenges:
The customer was facing several problems and had specific business needs that required attention. They needed a solution to effectively handle diverse data types. Additionally, they had encountered issues with previous MSSP partners and lacked reporting transparency and visibility over license usage and consumption. Another pain point was their inability to monitor Cloud Containers and Micro-Services. Defining rules had also become a time-consuming process.
Solutions applied:
To address these challenges, the customer implemented a next-generation SIEM platform. They received assistance in migrating their services and were able to resume monitoring within a short period of fewer than four weeks. Custom rules were created specifically for Kubernetes and microservices applications to enhance security monitoring. In order to ensure full visibility, SOC performance KPIs, operational reports, and dashboards were designed. Furthermore, integration with the customer's ITSM tool facilitated case management and incident handling.
Benefits:
- Were able to have a consolidated view over their environment.
- More transparent and fulfilling results.
- New rules helped in optimising security configuration for Cloud and Micro-Services and improved visibility over the same.
- Enabled CISO with better coverage of IT landscape and enhanced rules.