Fiduciary Firm Consolidates IT Infrastructure Monitoring in One Application, Transitioning from a Reactive to a Proactive Incident Response Model
The fiduciary firm is focused on supporting the business sector’s growth and contributing to the country’s development. Security incidents were not being monitored in real-time, resulting in suboptimal response times. Splunk was implemented to proactively manage and monitor their IT infrastructure, with a focus on enhancing and organizing security monitoring, data integrity, and access control for one or multiple areas within the company.
Allow end-users to search and investigate their data freely from a single location.
Monitor data and provide real-time alerts when specific conditions are met.
Deliver highly effective information and analysis.
Enable the creation of customized views and dashboards for different roles.
Convince the client that Splunk is compatible with multi-company schemes and can be implemented flexibly.
Symantec Appliance Monitoring
Malware Event Tracking
Active Directory User Activity
Linux Operating System Event Monitoring
- Microsoft Exchange Logs
- Windows Operating System Logs
- DNS Server Logs
- Syslog (Fortinet, Switches)
- Symantec Logs
Best practices from the monitoring, security, network, and other critical environments were used in the implementation:
- Application management: Troubleshoots application environment issues, monitors performance degradation.
- Security and compliance: Provides rapid response to incidents, correlation, and in-depth monitoring of all data sources.
- Infrastructure and operations management: Proactively monitors to ensure uptime, quickly identifies and resolves issues.
- Web and business analysis: Gains visibility and intelligence on clients, services, and transactions, detects real-time trends and behavior patterns.
- Monitoring infrastructure for Splunk environments and external servers.
- Incident management through alerts and visualizations.
- Firewall network traffic monitoring.
- User activity management.
- VPN monitoring (user and access management).
- Monitoring of Symantec anomalous events.
- DNS monitoring.