Background:
As one of the world’s leading investment firms with more than 21 offices spanning the globe, it’s not uncommon for the security team at Blackstone to see as many as 30 to 40 malware alerts in a single day. Blackstone’s Incident Response team investigates each malware alert as if a compromise has already occurred, a process that requires 30 to 45 minutes to address each alert fully if done manually.
Challenges:
- Difficulty maintaining automation scripts across a large number of security vendors.
- Needed to tie together existing security products to reduce the response and remediation gap.
Benefits:
- Processing malware email alerts in about 40 seconds versus 30 minutes or more.
- Ensuring a repeatable and auditable process for investigating malware alerts.
Business Impact:
- Dramatically reduce time to investigate malware alerts.
- Drive accuracy and consistency in the incident response process.
- Incident response automation enables the team to investigate issues faster.
Splunk Product:
Splunk SOAR (Previously Splunk Phantom) Enterprise Edition