Cyber Defense Center for Managed Threat Detection and Response
Overview
The customer is a $2bn telecommunication service provider based out of India. With evolvingcyber threats, they wanted to set up a Cyber defense center to define security incidentmanagement process.
Download Case Study
Challenges
Security incidents are not getting investigated properly due to lack of security professionals
Tools and processes were not scalable, and several data and tasks were scattered amongst various team members
Less visibility into threats & attack methodologies impacting the business
Solution
Deployed SIEM and SOAR tools
- Configured event correlation and management using Splunk
- Splunk Phantom was introduced to consolidate all data sources and to automate routine tasks through multi-stage security orchestration
- Data ingestion through Threat intelligence tool for external threat visibility and IOC’s
- Use cases are configured using Phantom playbook
Outcomes
- 100% Critical incidents resolved
- 3x Number of incidents resolved per shift