Financial sector company achieves visibility of intrusion events, enabling timely detection of security incidents.
A company in the financial sector did not have proactive visibility of its information security, its ability to react was limited because it had no centralized detection control for its different security platforms. Panorama Technologies supported the implementation of a solution that would allow the administrator and security managers to:
- Have visibility against authentication events and changes in the active directory, intrusion events and events associated with malware.
- Initiate the incident response process within the organization.
- Alerting in a timely manner on events associated with information security.
- Comply with the regulations imposed on the organization regarding information security event detection controls.
- Facilitate the generation of reports and reports on the different integrated controls.
Implement two Splunk applications: Infosec and Security Essentials with customized use cases. Have visibility into events logged on their security platforms and fine-tune current controls for improvement of their information security posture.
- Intrusion event monitoring
- Antivirus monitoringtema).
- Authentication and changes within the active directory
- Monitoring of AntiSpam platform events.
- Construction of alerts
- Reports associated with security platforms
Information security directly and all areas of the organization indirectly.
Integrated data sources:
- • UTM Firewall (Fortinet).
- • Web Application Firewall (Fortinet).).
- • Active Directory.
- • Anti-Spam (Symantec).
- • Anti-virus (Symantec).
- • Vulnerability reports provided by third parties.
- • SOC service reports provided by third parties.
Splunk enterprise: add infosec and add Security Essentials.
With the implementation performed by Panorama Technologies, the company achieved timely detection of security incidents. In addition to being the initial phase for their incident response process, it also provides them compliance with the requirements they have as a financial organization regarding information security.