One Deepwatch customer, a global manufacturing conglomerate with five distinct business units, had been working with a managed security service provider (MSSP) that did not meet the level of service and accuracy in delivery required to defend their network from growing threats.
The customer needed to normalize data ingestion across all five business units, and combine five Splunk instances into one that could effectively monitor, manage and detect security events, validate them, and promptly respond to them. In order to enhance their security posture the customer needed a partner with whom they could meet critical business challenges.
Challenges
• Combine five Splunk Security Incident and Event Management (SIEM) instances into one for holistic security monitoring and response
• Normalize all log and data sources for consistent ingestion and SIEM actioning
• Fully outsource a Security Operations Center (SOC) to establish 24x7x365 security monitoring capabilities consistently across all business units
• Ensure the SOC monitors, validates, and triages alerts properly to notify and enable the internal security team of incidents to remediate
• Collaborate with the MSSP to build a security maturity roadmap and enhance security capabilities over time
• Utilize Cyber Threat Intelligence (CTI) to enrich threat landscape understanding and quality of context delivered for incident response (IR)
Criteria
The CISO and his team initiated a bid process and met with over a dozen MSSP’s to evaluate their capabilities and find the provider that would best meet their criteria. Following are their key requirements in a new partner:
• Deep Splunk Enterprise Security engineering and monitoring expertise
• Trusted partner to work with to enhance security maturity over time
• Cloud-first Security Operations model
• Application and sharing of cyber threat intelligence for enhanced incident context delivery to the Incident Response team
• Fully managed 24x7x365 SOC
• Dedicated, proactive threat hunting
Outcomes
The CISO, an experienced cybersecurity veteran, understood the need to stay ahead of threats impacting their business. One of the core criteria in selecting Deepwatch was the threat hunting activities embedded in our MDR service. Today the CISO and his security directors meet with their Deepwatch threat hunting team on a monthly basis to review the MITRE ATT&CK framework and assign particular Tactics, Techniques, and Procedures (TTPs) for the Deepwatch team to focus on.
Fueled by Digital Shadows and open-source CTI, a threat hunter and his squad uncovered dormant threats on the customer network, provided rich context around active threats, and helped the customer’s IR team resolve incidents before the business incurred any damage to its network, customers, or reputation.
The customer selected Deepwatch to normalize and standardize log and data ingestion across all five business units and combine it all in one overarching Splunk environment. Our team began the engagement by evaluating each business unit’s security journey utilizing the patented Deepwatch Security Index score. Once a base security posture score was set for each business and the organization as a whole, the team went to work. Within 45 days the customer was fully onboarded and their named squad of Deepwatch MDR security analysts began work protecting their network 24x7x365.
Read the complete case study to learn how Deepwatch is committed to cyber resilience unique to the manufacturing industry.