About The Financial Publisher
The CISO of a media giant has a vision: to dramatically increase information sharing among the business units the conglomerate manages, while reducing costs by having all the businesses run the same platform for security log management.
Until now, the business units have been free to select their own vendors/tools with no economies of scale or sharing of security information. This has hindered the ability of the parent company and its business units to accurately and efficiently analyze log traffic for security events, and jeopardized PCI compliance.
Wanted: A single solution for security log management across all business units
In the past, each business unit of the parent company selected its security log management software without considering what the other units were using, and without working collectively to obtain pricing leverage with vendors.
Each business unit has varying levels of satisfaction (mostly negative) with its respective software. And the group does not share security threat information among its members. The parent company’s CISO wants to change all that.
He sees considerable value in having every business unit use the same software for security log management to facilitate information sharing. Being able to establish standard response playbooks and build an extensive knowledge base that is shared among all the businesses will better equip them to quickly detect, analyze, and address security threats.
But cost savings are just one goal. The majority of the business units are required to be PCI compliant, which has been problematic in the past due to issues with their security log management solutions.
The CISO selected this financial information publishing business to be the first to implement this single-vendor strategy, which will then expand to the other business units.
Several critical capabilities made Devo attractive to the organization, including:
- The ability to use their existing Splunk Heavy Forwarder deployment with Devo Cloud
- Multitenant capability
- Ability to include logs from applications such as OAuth, Slack, and Gmail
- Ability to combine three separate SOCs around the globe (North America, EMEA, and APJ)
- Demonstrated ability to bring more than a dozen businesses onto the Devo Platform
Implemention at the financial information publishing unit is the first step toward migrating all of its business units onto the Devo Platform.
By doing so, the parent company will ensure that its businesses have the most capable security log management solution and be able to begin sharing data, knowledge, and playbooks with each other and corporate headquarters. This will put all units in a stronger position to combat cyberthreats and achieve PCI compliance.