Electricity Transmission Company gains operational visibility in the business area and develops its security program with Splunk Enterprise Security
Executive Summary
The electricity transmission company, also present in the international market, has been using Splunk for over five years. There are two main areas of focus: business, which utilizes data from internal and external applications to generate custom dashboards, reports, and alerts; security, which has implemented the Splunk Enterprise Security solution as a SIEM (Security Information and Event Management) within its security strategy.
-
Integration with custom or in-house developed devices.
-
Executing the security program from its base, using different market reference frameworks.
-
Customizing the solution for over 40 daily users with different profiles and roles within the company.
-
Distributed platforms and servers in multiple countries and different technologies.
Integration of Custom Sources:
- Integration with proprietary applications and third-party platforms.
Business:
-
Integration of third-party platforms and applications that provide a view of the current business.
-
Generation of BI-type statistics on historical performance and operation data of applications.
Information Security:
-
SIEM integration, Splunk Enterprise Security.
-
Migration from a previous SIEM platform to the Splunk solution, including migration of old data and custom use cases.
-
Development of the security program, following the client’s area guidelines.
-
Business
-
Security
-
Production – process monitoring
Perimeter Security:
- Web Proxy.
- Authentication, Authorization, and Accounting (AAA) Devices.
- Firewall – more than 3 technologies.
- Anti-Malware.
- Vulnerability Detection.
- Web Server.
- VPN.
Operating System:
- Linux.
- Windows.
Networking:
- Layer 2 and Layer 3 switches.
-
Monitoring of internal company processes, generating real-time alerts.
-
Implementation of a data correlation system that allows advanced statistics to be applied to specific processes or transactions.
-
Reduction in investigation times by 25%.
-
Implementation of an investigation platform that can be used at multiple organizational levels.
-
Business visibility and elimination of information silos.
-
Development and implementation of the information security system, following industry standards and government regulations.
- Enterprise Security – SIEM.