Customer Story

Financial Publisher Standardizes Security Log Management

At a Glance
  • The ability to use their existing Splunk Heavy Forwarder deployment with Devo Cloud
  •  Ability to combine three separate SOCs around the globe (North America, EMEA, and APJ)
  • Demonstrated ability to bring more than a dozen businesses

Industry: Media

Location: North America

About The Financial Publisher

The CISO of a media giant has a vision: to dramatically increase information sharing among the business units the conglomerate manages, while reducing costs by having all the businesses run the same platform for security log management.

Until now, the business units have been free to select their own vendors/tools with no economies of scale or sharing of security information. This has hindered the ability of the parent company and its business units to accurately and efficiently analyze log traffic for security events, and jeopardized PCI compliance.

Customer Quick Facts

Challenge

The assorted business units of the parent company currently use various security log management solutions, which prevents information sharing or cost savings. This makes threat detection and remediation challenging, while also threatenings PCI compliance.

Solution

Implement the Devo Data Analytics Platform at the financial information business unit first and then deploy to the other units.

Requirements

  • Must support existing Splunk Heavy Forwarder deployment
  • Include logs from applications such as OAuth, Slack, Gmail
  • Multitenant capability so each business has its own ‘space’
  • Ability to combine three separate SOCs around the globe (North America,EMEA,and APJ)
  • Demonstrate the ability to bring more than a dozen businesses onto the Devo Platform

Wanted: A single solution for security log management across all business units

In the past, each business unit of the parent company selected its security log management software without considering what the other units were using, and without working collectively to obtain pricing leverage with vendors.

Each business unit has varying levels of satisfaction (mostly negative) with its respective software. And the group does not share security threat information among its members. The parent company’s CISO wants to change all that. He sees considerable value in having every business unit use the same software for security log management to facilitate information sharing. Being able to establish standard response playbooks and build an extensive knowledge base that is shared among all the businesses will better equip them to quickly detect, analyze, and address security threats. But cost savings are just one goal. The majority of the business units are required to be PCI compliant, which has been problematic in the past due to issues with their security log management solutions. The CISO selected this financial information publishing business to be the first to implement this single-vendor strategy, which will then expand to the other business units.

Why Devo

Several critical capabilities made Devo attractive to the organization, including:

  • The ability to use their existing Splunk Heavy Forwarder deployment with Devo Cloud
  • Multitenant capability
  • Ability to include logs from applications such as OAuth, Slack, and Gmail
  • Ability to combine three separate SOCs around the globe (North America, EMEA, and APJ)
  • Demonstrated ability to bring more than a dozen businesses onto the Devo Platform

Next Steps

Implemention at the financial information publishing unit is the first step toward migrating all of its business units onto the Devo Platform. By doing so, the parent company will ensure that its businesses have the most capable security log management solution and be able to begin sharing data, knowledge, and playbooks with each other and corporate headquarters. This will put all units in a stronger position to combat cyberthreats and achieve PCI compliance.