实例探究 > From legacy onprem to a modern cloud SIEM

From legacy onprem to a modern cloud SIEM

公司规模
Large Corporate
地区
  • Europe
国家
  • Germany
产品
  • Sumo Logic Cloud SIEM
  • McAfee Enterprise Security Manager (ESM)
技术栈
  • Cloud-native architecture
  • Advanced analytics
实施规模
  • Enterprise-wide Deployment
影响指标
  • Customer Satisfaction
  • Productivity Improvements
  • Digital Expertise
技术
  • 网络安全和隐私 - 安全合规
  • 分析与建模 - 预测分析
适用行业
  • 建筑与基础设施
适用功能
  • 商业运营
用例
  • 欺诈识别
服务
  • 云规划/设计/实施服务
  • 网络安全服务
  • 系统集成
关于客户
Knauf is a well-established company that has been in operation since 1932. Over the years, its IT infrastructure has grown significantly, resulting in a large, legacy on-premises environment. This environment includes decentralized SCADA systems, production tools, and numerous regional locations. The company had been using McAfee Enterprise Security Manager (ESM) on-premises for their SIEM solution to gain real-time security monitoring of their extended environment. However, the McAfee solution proved to be unreliable and inefficient, causing significant delays and operational challenges for the SOC team. As Knauf continued to grow rapidly, it became clear that a more efficient and scalable solution was needed to keep pace with the company's expansion and evolving security needs.
挑战
Running an inefficient SIEM solution left Knauf’s SOC team unable to scale at the same pace as company growth. As a business in operation since 1932, Knauf’s IT infrastructure had expanded through the years, becoming a large, legacy on-premises environment with decentralized SCADA systems, production tools, and many regional locations. Knauf was running McAfee Enterprise Security Manager (ESM) on-premises for their SIEM solution to gain real-time security monitoring of the extended environment. But the McAfee solution was unreliable. Dawid Krochmal, SOC Manager at Knauf, explained that “McAfee ESM was highly inefficient. An analyst wouldn’t just go for a coffee; he could go to lunch during the time it took for a query to run. Just to learn that after an hour, the query had an error, and he had to start again and wait another hour.”
解决方案
McAfee ESM wasn’t serving the company’s needs, and in parallel, Knauf was growing rapidly and wanted to pursue a significant transformation of its IT environment. The goal was to move away from legacy, on-premises systems to a cloud-native architecture that enabled Knauf’s IT security and operations to run more efficiently, effectively and smoothly. Pursuing a cloud-native strategy for the company’s new SIEM solution, Knauf conducted an in-depth evaluation of ten vendor solutions and selected Sumo Logic Cloud SIEM as its winning security platform. The SOC team’s first big win with Cloud SIEM was the ability to centrally see everything across the organization’s environment and user-friendly features, including more than 600 out-of-the-box rules. That made it easy for the security team to ramp up and get started within two hours. Cloud SIEM delivers significant improvement for the SOC team in handling threat investigations. With the solution’s cloud-native architecture, the team no longer has to worry about disc space for log ingestion or latency in obtaining search results. With Cloud SIEM’s advanced analytics, Knauf gets millions of threat signals distilled down to insights for the SOC team to focus on.
运营影响
  • A modern cloud SIEM that’s easy to deploy and use. The SOC team’s first big win with Cloud SIEM was the ability to centrally see everything across the organization’s environment and user-friendly features, including more than 600 out-of-the-box rules. That made it easy for the security team to ramp up and get started within two hours.
  • Invaluable insights to manage threat investigations. Cloud SIEM delivers significant improvement for the SOC team in handling threat investigations. With the solution’s cloud-native architecture, the team no longer has to worry about disc space for log ingestion or latency in obtaining search results. With Cloud SIEM’s advanced analytics, Knauf gets millions of threat signals distilled down to insights for the SOC team to focus on.
  • Flexibility to support new use cases. Now that Knauf has a strong SIEM foundation, the SOC is ready to pursue new use cases with the Sumo Logic platform. Next, the team plans to automate incident response actions for the more common and easy response workflows, expediting the team’s remediation efforts and advancing the company’s security posture. In addition, the team will leverage Cloud SIEM to adopt proactive threat hunting and threat intelligence to introduce cyber fusion by converging all security practices. Adding cyber fusion functions, including fraud detection and vulnerability management, will empower Knauf with a unified approach to dealing with potential threats by bridging team functions and fostering inter-team collaboration.
数量效益
  • Easy onboarding in only two hours.
  • 600+ out-of-the-box rules to swiftly respond to security incidents.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

相关案例.

联系我们

欢迎与我们交流!
* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

感谢您的信息!
我们会很快与你取得联系。