Challenge
The customer, a global manufacturing conglomerate with five distinct business units, had been working with a Managed Security Service Provider (MSSP) that didn’t meet the level of service and accuracy in delivery that they required to defend their network from cyberthreats. Each business unit had its own Splunk Enterprise Security environment that had been set up and managed independently. The customer needed to normalize data ingestion across all five business units and combine five Splunk instances into one that could effectively monitor, manage and detect security events, validate them, and promptly respond to them.
“The CISO, an experienced cybersecurity veteran, understood the need to stay ahead of the threats impacting their business.”
Solution
The customer selected deepwatch to normalize and standardize log and data ingestion across all five business units and combine it all in one overarching Splunk environment. We began the engagement by evaluating each business unit’s security posture utilizing the deepwatch Maturity Model. Once a base maturity score was set for each business, and the conglomerate as a whole, the team went to work.
Results
Within 45 days the customer was fully onboarded and their named squad of deepwatch Managed Detection & Response (MDR) Service security analysts were protecting their network on a 24x7x365 basis. The CISO and his security directors meet with their deepwatch threat hunting team on a monthly basis to review the MITRE ATT&CK framework and assign particular Tactics, Techniques, and Procedures for the deepwatch team to focus on. As a result of our engagement, we helped the customer’s IR team resolve incidents before the business incurred any damage to its network, customers, or reputation.
