下载PDF
实例探究 > Rule every threat with CASE STUDY | Roku Cloud SIEM

Rule every threat with CASE STUDY | Roku Cloud SIEM

技术
  • 网络安全和隐私 - 安全合规
  • 分析与建模 - 预测分析
适用功能
  • 商业运营
用例
  • 网络安全
  • 远程控制
服务
  • 系统集成
  • 培训
挑战
When adopting a SIEM solution, Roku needed to avoid alert fatigue and stay agile to quickly address true issues. Maintaining a strong security posture is essential for Roku. “Our security team works day and night to protect the infrastructure and provide a reliable service for our customers. Our customers and their trust are important for us,” shared Huseyin Karaarslan, Sr. Security Engineer at Roku. As an important part of this strategy, Roku wanted to adopt a SIEM solution to gain cyber situational awareness and an ongoing picture of the company’s environment.
关于客户
At its start in 2000, Roku pioneered streaming to the TV with its platform that connects viewers, publishers, and advertisers to the vast ecosystem of media content. With its product portfolio of streaming players, TV models, and a channel store, Roku serves millions of customers across North America, Latin America, and Europe. Roku has established itself as a significant player in the broadcast media and consumer electronics industries, providing a reliable and innovative service to its extensive customer base. The company is committed to maintaining a strong security posture to protect its infrastructure and ensure the trust of its customers.
解决方案
For its cyber situational awareness, Roku wanted rapid and accurate insights into their domain to understand what’s happening and to ensure active responders could make quick, accurate decisions. This requires an investment in data collection and analysis to maintain a continuous picture of Roku’s infrastructure, and for that, Roku chose Sumo Logic Cloud SIEM. Built natively in the cloud, Cloud SIEM makes it fast and easy to gain deep security insights with pre-built applications including out-of-the-box dashboards, queries, and rules. With 700+ rules that each map to a tactic and technique related to the MITRE ATT&CK framework, Roku’s security team had a strong starting point for obtaining security insights. As a first step, the team embarked on tuning Cloud SIEM rules. “Cloud SIEM’s rules are powerful, and we wanted to tailor them specifically to our organization and infrastructure. Tuning was important for us to familiarize ourselves with the tool, prove value in our investment, and optimize the platform so we could focus on true alarms that require our attention,” commented Karaarslan.
运营影响
  • Optimized situational awareness with rule tuning.
  • Built natively in the cloud, Cloud SIEM makes it fast and easy to gain deep security insights with pre-built applications including out-of-the-box dashboards, queries, and rules.
  • The security team’s tuning process was highly efficient, beginning with using the Sumo Logic platform to write queries to identify the rules that created the highest volume of alerts.
数量效益
  • 700+ rules that each map to a tactic and technique related to the MITRE ATT&CK framework.

相关案例.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.