Financial Sector Company Achieves Intrusion Event Visibility, Enabling Timely Detection of Security Incidents
Executive Summary
A financial sector company lacked proactive visibility into its information security, and its capacity to react was limited because there was no centralized detection control for its various security platforms. Panorama Technologies supported the implementation of a solution that would allow security administrators and managers to:
- Have visibility into authentication events, changes in Active Directory, intrusion events, and events associated with malware.
- Initiate the incident response process within the organization.
- Proactively alert to information security events.
- Comply with regulations imposed on the organization regarding information security event detection controls.
- Facilitate the generation of reports and reports on the different integrated controls.
Implement two Splunk applications: Infosec and Security Essentials with customized use cases.
Have visibility into events recorded in their security platforms and fine-tune current controls to improve their information security posture.
-
Intrusion event monitoring
-
Antivirus monitoring
-
Authentication and changes within Active Directory
-
Monitoring of Anti-Spam platform events
-
Alert construction
-
Reports associated with security platforms
- Information security directly and all areas of the organization indirectly.
-
UTM Firewall (Fortinet).
-
Web Application Firewall (Fortinet).
-
Active Directory.
-
Anti-Spam (Symantec).
-
Antivirus (Symantec).
-
Vulnerability reports provided by third parties.
-
SOC service reports provided by third parties.
With the implementation carried out by Panorama Technologies, the company achieved timely detection of security incidents. In addition to being the initial phase of their incident response process, it also ensures compliance with the security information requirements they have as a financial organization.
add Infosec and add Security Essentials.