malware-investigation

Background:

As one of the world’s leading investment firms with more than 21 offices spanning the globe, it’s not uncommon for the security team at Blackstone to see as many as 30 to 40 malware alerts in a single day. Blackstone’s Incident Response team investigates each malware alert as if a compromise has already occurred, a process that requires 30 to 45 minutes to address each alert fully if done manually.

Challenges:

  • Difficulty maintaining automation scripts across a large number of security vendors.
  • Needed to tie together existing security products to reduce the response and remediation gap.

Benefits:

  • Processing malware email alerts in about 40 seconds versus 30 minutes or more.
  • Ensuring a repeatable and auditable process for investigating malware alerts.

Business Impact:

  • Dramatically reduce time to investigate malware alerts.
  • Drive accuracy and consistency in the incident response process.
  • Incident response automation enables the team to investigate issues faster.

Splunk Product:

Splunk SOAR (Previously Splunk Phantom) Enterprise Edition

# Splunk SOAR

Recent Use Cases

ATM Analytics: Boosting Availability & Customer Satisfaction
Splunk use case to track and spot suspicious user entries
Intelligent Compliance dashboard and reporting for financial major

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

logo-img

Positka specializes in high-end technology solutions to help businesses improve their IT infrastructure with advanced Security Protocols, excellence in Analytics, Streamlined IT Operations, & around-the-clock Managed services.

Quick Links

Services

Copyright Positka © . All Rights Reserved.