The Business Challenge
Following the separation of our customer from the former Thomas Cook Group in early 2020, IT Naturally were asked to investigate, recommend and implement a new SIEM solution to provide centralised reporting on infrastructure security.
Requirements gathering and analysis of solutions
Working with the key customer infrastructure and security contacts, IT Naturally confirmed that the implementation of a SIEM solution was a priority and so immediately started a requirements gathering exercise. This established that the customer required a centralised security view of critical infrastructure asset logs to determine vulnerabilities across the environment and to ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS). A Business Requirements document was then created detailing the specific infrastructure device logs to be collated by the SEIM solution. This included Cisco firewalls, Cisco Identity Services Engine, VitalQIP, RSA SecurID, FortiManager and FortiAnalyzer devices located in various locations along with Cisco Umbrella, CrowdStrike and O365 cloud services as data sources.
The detailed Business Requirements were agreed with the customer and IT Naturally then commenced a review of suitable solutions to meet the requirements. Utilising our experience of several SIEM products along with Gartner assessments of the leading SEIM providers, we narrowed the options down to AlienVault USM Anywhere, Securonix, SolarWinds Security Event Manager and Splunk Enterprise Security.
The options were presented to the customer, showing how each of the solutions aligned to the business requirements, a product feature set comparison and IT Naturally’s assessment of each with regards specifically implementing the solution in the customers specific environment. This resulted in an agreement to proceed with Proof of Concept (PoC) testing for both the AlienVault USM Anywhere and Splunk Enterprise Security solutions. which ran in parallel for a period of 2 months.
Following the PoC testing and analysis of the findings for both solutions, the customer and IT Naturally agreed to fully implement the Splunk Enterprise Security SIEM solution.
Customer Outcome – implementation of new SIEM solution providing centralised reporting on infrastructure security
After decomissioning the AlienVault PoC solution, IT Naturally applied the full license to the Splunk Enterprise Security solution and rolled out collection sensors to the various asset locations to ensure all logs identified in the original Business Requirements were being collated. Configuration of new Splunk Dashboards then commenced to analyse and report on notable security events, with these now being reported on in the IT Security Report generated each month covering Splunk and a number of other IT Security solutions we manage for the customer.
Find out more about how we can support you with your IT Strategy, business cases and transforming your infrastructure to give you more for less.