Download PDF
Case Studies > From legacy onprem to a modern cloud SIEM

From legacy onprem to a modern cloud SIEM

Technology Category
  • Cybersecurity & Privacy - Security Compliance
  • Analytics & Modeling - Predictive Analytics
Applicable Industries
  • Construction & Infrastructure
Applicable Functions
  • Business Operation
Use Cases
  • Fraud Detection
Services
  • Cloud Planning, Design & Implementation Services
  • Cybersecurity Services
  • System Integration
The Challenge
Running an inefficient SIEM solution left Knauf’s SOC team unable to scale at the same pace as company growth. As a business in operation since 1932, Knauf’s IT infrastructure had expanded through the years, becoming a large, legacy on-premises environment with decentralized SCADA systems, production tools, and many regional locations. Knauf was running McAfee Enterprise Security Manager (ESM) on-premises for their SIEM solution to gain real-time security monitoring of the extended environment. But the McAfee solution was unreliable. Dawid Krochmal, SOC Manager at Knauf, explained that “McAfee ESM was highly inefficient. An analyst wouldn’t just go for a coffee; he could go to lunch during the time it took for a query to run. Just to learn that after an hour, the query had an error, and he had to start again and wait another hour.”
About The Customer
Knauf is a well-established company that has been in operation since 1932. Over the years, its IT infrastructure has grown significantly, resulting in a large, legacy on-premises environment. This environment includes decentralized SCADA systems, production tools, and numerous regional locations. The company had been using McAfee Enterprise Security Manager (ESM) on-premises for their SIEM solution to gain real-time security monitoring of their extended environment. However, the McAfee solution proved to be unreliable and inefficient, causing significant delays and operational challenges for the SOC team. As Knauf continued to grow rapidly, it became clear that a more efficient and scalable solution was needed to keep pace with the company's expansion and evolving security needs.
The Solution
McAfee ESM wasn’t serving the company’s needs, and in parallel, Knauf was growing rapidly and wanted to pursue a significant transformation of its IT environment. The goal was to move away from legacy, on-premises systems to a cloud-native architecture that enabled Knauf’s IT security and operations to run more efficiently, effectively and smoothly. Pursuing a cloud-native strategy for the company’s new SIEM solution, Knauf conducted an in-depth evaluation of ten vendor solutions and selected Sumo Logic Cloud SIEM as its winning security platform. The SOC team’s first big win with Cloud SIEM was the ability to centrally see everything across the organization’s environment and user-friendly features, including more than 600 out-of-the-box rules. That made it easy for the security team to ramp up and get started within two hours. Cloud SIEM delivers significant improvement for the SOC team in handling threat investigations. With the solution’s cloud-native architecture, the team no longer has to worry about disc space for log ingestion or latency in obtaining search results. With Cloud SIEM’s advanced analytics, Knauf gets millions of threat signals distilled down to insights for the SOC team to focus on.
Operational Impact
  • A modern cloud SIEM that’s easy to deploy and use. The SOC team’s first big win with Cloud SIEM was the ability to centrally see everything across the organization’s environment and user-friendly features, including more than 600 out-of-the-box rules. That made it easy for the security team to ramp up and get started within two hours.
  • Invaluable insights to manage threat investigations. Cloud SIEM delivers significant improvement for the SOC team in handling threat investigations. With the solution’s cloud-native architecture, the team no longer has to worry about disc space for log ingestion or latency in obtaining search results. With Cloud SIEM’s advanced analytics, Knauf gets millions of threat signals distilled down to insights for the SOC team to focus on.
  • Flexibility to support new use cases. Now that Knauf has a strong SIEM foundation, the SOC is ready to pursue new use cases with the Sumo Logic platform. Next, the team plans to automate incident response actions for the more common and easy response workflows, expediting the team’s remediation efforts and advancing the company’s security posture. In addition, the team will leverage Cloud SIEM to adopt proactive threat hunting and threat intelligence to introduce cyber fusion by converging all security practices. Adding cyber fusion functions, including fraud detection and vulnerability management, will empower Knauf with a unified approach to dealing with potential threats by bridging team functions and fostering inter-team collaboration.
Quantitative Benefit
  • Easy onboarding in only two hours.
  • 600+ out-of-the-box rules to swiftly respond to security incidents.

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.