Customer solution requirements
- Ingestion of up to 2TB of data each day from across the corporation
- Full visibility into all of its data, while maintaining data separation for each business unit
- Significant security improvements, with investigations now taking hours, not days
- Retention of data, as well as query and investigation results, for at least 400 days
About The Media Giant
One of the world’s leading media conglomerates, based in the U.S. and built through acquisitions of global print and broadcast media companies, needed a centralized way to manage and secure the diverse data generated by its hundreds of business units.
Rapid Growth Brings Data And Security Challenges
The corporation’s business units rely on many different log management solutions for the massive amounts of data they generate. The organization needed a solution to manage and secure all of its disparate systems and data, including multiple SIEMs from vendors such as Splunk and QRadar.
The media heavyweight’s rapid growth made it financially impractical to replace the data management systems of each newly acquired business unit. The lack of standardization this created, coupled with the fact that some units had their own security operations center (SOC) while others did not exponentially increased the corporation’s threat surface. And all of the organization’s data was siloed within each individual business unit, preventing global visibility.
With operations around the world, the media giant also must comply with regional data privacy laws, such as GDPR in Europe. But because its systems had no way to share information, it took a tremendous amount of time-consuming manual work to achieve compliance.
Several key differentiators attracted the corporation to the cloud-based Devo Data Analytics Platform, including its:
- Ability to ingest machine data in raw format from any source
- Multitenant architecture, which provides the corporation with the ability to query and gain visibility into all of its data while ensuring the business units can only see and query their own data
- Retention of 400 (or more) days of data, along with query and investigation history, which would be prohibitively expensive or technically impossible to achieve with other vendors’ solutions
Before selecting Devo, the corporation also considered solutions from Splunk, Sumo Logic, and Elastic.
“Because we had been using so many different SIEMs throughout the organization, we had to replicate alerts so they could be used by each business unit and whichever SIEM they happened to be using.
Now, with all the logs going into a central admin domain that is using Devo, we’re able to build alerts once and apply them to all our business units, so everyone can benefit. It’s really a force multiplier. The smaller business units are able to take advantage of what we’re doing for some of the larger units, because now we have common, shared SaaS logs with Devo.”
—Engineer, Global Media Cybersecurity Team
The robust capabilities of the Devo Data Analytics Platform—as well as its SaaS-based, cloud-deployment model—enabled the company to implement Devo across all of its business units, without the need to replace existing systems. Devo ingests up to 2TB of data each day from across the corporation’s many different systems. Centralizing all of the corporation’s security-relevant data significantly strengthens its security posture. Multitenancy provides considerable financial savings and efficiency improvements, without sacrificing the desire to maintain separation of each business unit’s data.
The media leader relies on Devo for enterprise log management and search, threat hunting and investigation, and other critical functions. Investigations that once took days now take just hours. The organization has a unified view for network, application, and cloud monitoring.
The corporate SOC team now has a holistic view across the entire organization to see which devices require patches or are experiencing an attack. This enables the corporation to make informed investment decisions about which business units are most in need of technology upgrades to further improve performance and security.
As the corporation continues to grow organically and acquire additional businesses, Devo is able to quickly and efficiently ingest the new data and deliver the same management and security capabilities the existing business units already enjoy.
The media conglomerate next plans to deploy Devo Security Operations, so its SOC analysts no longer need to rely on multiple tools to manually assemble the data, context and intelligence required to identify and investigate the threats that matter most to the business.
After implementing Devo Security Operations, the corporation not only will have a unified view of all of its operations and security data, it also will have a streamlined process for SOC analysts to use across headquarters and all business units.