Rule every threat with CASE STUDY | Roku Cloud SIEM
Customer Company Size
Large Corporate
Region
- America
- Europe
Country
- United States
Product
- Sumo Logic Cloud SIEM
Tech Stack
- Cloud SIEM
- MITRE ATT&CK framework
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Customer Satisfaction
- Productivity Improvements
- Digital Expertise
Technology Category
- Cybersecurity & Privacy - Security Compliance
- Analytics & Modeling - Predictive Analytics
Applicable Functions
- Business Operation
Use Cases
- Cybersecurity
- Remote Control
Services
- System Integration
- Training
About The Customer
At its start in 2000, Roku pioneered streaming to the TV with its platform that connects viewers, publishers, and advertisers to the vast ecosystem of media content. With its product portfolio of streaming players, TV models, and a channel store, Roku serves millions of customers across North America, Latin America, and Europe. Roku has established itself as a significant player in the broadcast media and consumer electronics industries, providing a reliable and innovative service to its extensive customer base. The company is committed to maintaining a strong security posture to protect its infrastructure and ensure the trust of its customers.
The Challenge
When adopting a SIEM solution, Roku needed to avoid alert fatigue and stay agile to quickly address true issues. Maintaining a strong security posture is essential for Roku. “Our security team works day and night to protect the infrastructure and provide a reliable service for our customers. Our customers and their trust are important for us,” shared Huseyin Karaarslan, Sr. Security Engineer at Roku. As an important part of this strategy, Roku wanted to adopt a SIEM solution to gain cyber situational awareness and an ongoing picture of the company’s environment.
The Solution
For its cyber situational awareness, Roku wanted rapid and accurate insights into their domain to understand what’s happening and to ensure active responders could make quick, accurate decisions. This requires an investment in data collection and analysis to maintain a continuous picture of Roku’s infrastructure, and for that, Roku chose Sumo Logic Cloud SIEM. Built natively in the cloud, Cloud SIEM makes it fast and easy to gain deep security insights with pre-built applications including out-of-the-box dashboards, queries, and rules. With 700+ rules that each map to a tactic and technique related to the MITRE ATT&CK framework, Roku’s security team had a strong starting point for obtaining security insights. As a first step, the team embarked on tuning Cloud SIEM rules. “Cloud SIEM’s rules are powerful, and we wanted to tailor them specifically to our organization and infrastructure. Tuning was important for us to familiarize ourselves with the tool, prove value in our investment, and optimize the platform so we could focus on true alarms that require our attention,” commented Karaarslan.
Operational Impact
Quantitative Benefit
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
Goldcorp: Internet of Things Enables the Mine of the Future
Goldcorp is committed to responsible mining practices and maintaining maximum safety for its workers. At the same time, the firm is constantly exploring ways to improve the efficiency of its operations, extend the life of its assets, and control costs. Goldcorp needed technology that can maximize production efficiency by tracking all mining operations, keep employees safe with remote operations and monitoring of hazardous work areas and control production costs through better asset and site management.
Case Study
Remote Monitoring and Control for a Windmill Generator
As concerns over global warming continue to grow, green technologies are becoming increasingly popular. Wind turbine companies provide an excellent alternative to burning fossil fuels by harnessing kinetic energy from the wind and converting it into electricity. A typical wind farm may include over 80 wind turbines so efficient and reliable networks to manage and control these installations are imperative. Each wind turbine includes a generator and a variety of serial components such as a water cooler, high voltage transformer, ultrasonic wind sensors, yaw gear, blade bearing, pitch cylinder, and hub controller. All of these components are controlled by a PLC and communicate with the ground host. Due to the total integration of these devices into an Ethernet network, one of our customers in the wind turbine industry needed a serial-to-Ethernet solution that can operate reliably for years without interruption.
Case Study
Using SNMP for a Ethernet-Based Home Automation System
A startup company was developing a product which provides service partners with an integrated e-services platform that allows customers to remotely monitor and control devices in their home or business. In order to complete their project, the startup needed a control system that could monitor and control the many different devices used by their potential customers, preferably with an open protocol for greater flexibility. SNMP was their first choice, as it is commonly used and well understood in the IT field. The next step was to choose an I/O server to connect to the sensors in a home automation system. System Requirements - Open Ethernet-based procotol - SNMP protocol for I/O control - Compact size to save space - Long-term support and services
Case Study
Boiler Control System for Plastic Manufacturing Applications
Factory automation applications must be equipped to handle and monitor the myriads of information from attached devices. For plastic manufacturing applications, the boiler control system plays a critical role by gathering and regulating information to ensure production is accurate and smooth. In this particular case, the customer combines eight subsystems that include power meters, water meters, alarm output, displays, and I/O status to be controlled by several intelligent controllers with Modbus RTU interface. The Modbus TCP protocol is used for this application due to the distance. System Requirements: • Modbus serial to Modbus TCP translation • Multiple slaves/masters support • Automatic Modbus TCP response time detection
Case Study
Enel Secures Italian Power Generation Network
Electric energy operators around the world are working to increase the reliability and cyber resiliency of their systems. This includes Enel, a global power company that manages and monitors the Italian power grid. This grid:• Serves 31 million customers• Has a net installed energy capacity exceeding 31 gigawatts• Includes more than 500 power generation plants,including hydroelectric, thermoelectric, and wind• Is managed and monitored by Enel 24/7/365• Is operated by Terna, the Italian Transmission System Operator (TSO)Enel is responsible for the availability of the grid’s underlying ICS and industrial network. It also manages Regional Control Centers and Interconnection Centers which connect with the TSO. The TSO manages the flow of energy to the grid plus controls and remotely regulates the power generation of power plants, increasing and decreasing power production as required. The complex system of interaction and cooperation between Enel and the TSO has strong security implications as well as operational and business challenges.
Case Study
Securing the Connected Car Ecosystem
In-vehicle communications and entertainment system hosts high-value or sensitive applications. API libraries facilitate communication and sharing of vehicle data. These API libraries are vulnerable to reverse engineering and tampering attacks and may even result in loss of passenger safety. Attackers can inject malware that may be able to migrate to other in-car networks such as the controller-area-network (CAN) bus which links to the vehicle’s critical systems. Software provided for dealers to interface with cars through the OBD2 port is vulnerable to reverse engineering and tampering attacks. Hackers may be able to abuse these tools to inject malicious code into the ECUs and CAN bus. Attackers can lift the cryptographic keys used, and use that to build their own rogue apps/software. Their cloned version of the original app/software may have altered functionality, and may intend to gain access to other in-car networks.
