Background:
A leading banking and financial services company want to detect early on whether employees are transferring sensitive data. By using Splunk and analyzing data in real-time, the company catches threats sooner and takes the steps necessary to mitigate them before they can cause damage.
Challenges:
- Thousand files/protocol types to report/act on
- File transmission status, Suspicious File Uploads, User anomalous activities, Compromised accounts
- Troubleshooting required manual login to multiple systems to identify the root cause for transmission failures/abnormal behavior
- Monitor and Manage SLAs for several thousand File transmissions
Solutions:
- Centralized File Transmission tracker dashboard for global file transmissions with user interactive drill-downs that tracks transmission time, status, file format, file size, etc.
- Alerts on Suspicious File Uploads – Splunk matches logs with allowed file formats for malicious activity.
- Infosecurity dashboard to track User Anomalous Activity across the globe using Machine Learning techniques and interactive visualizations such as Choropleth/Clustermaps
- Automated alerting setup for File Transmission SLA management: Proactive and Reactive alerts if an SLA is missed or about to be missed
Benefits:
- Improved Security Posture – Early Threat detection and response and cost savings
- Reduced Cycle time (improved MTTR)
- Improved File Transmission SLAs
- Single UI with End-to-End view of a system depicting File transmission status in real-time
Monitored Systems/Data Sources: Centralized File transmission servers (10,000+ files), No. of Transmission Protocols – 14
Users: Operations Team, Information Security Team
Product: Splunk Enterprise