下载PDF
实例探究 > Scaling a SOC with CASE STUDY | Latitude Cloud SIEM

Scaling a SOC with CASE STUDY | Latitude Cloud SIEM

技术
  • 应用基础设施与中间件 - 数据交换与集成
  • 分析与建模 - 预测分析
  • 网络安全和隐私 - 安全合规
适用行业
  • 金融与保险
适用功能
  • 商业运营
  • 质量保证
服务
  • 培训
  • 系统集成
挑战
With a small security team, the company needed to enhance its security posture for improved real-time visibility. As a financial services firm serving customers in Australia, New Zealand, Canada, and Singapore, Latitude Financial must adhere to a range of regional compliance requirements. This required the company to reexamine its IT security investments and processes. At the time, the security team consisted of three analysts and overall security operations were heavily reliant on a third-party managed security services provider (MSSP). Internally, Latitude Financial had adopted Sumo Logic for log management, but, on the security front, the company didn’t have a security information and event management (SIEM) solution in place, and there was no end-to-end real-time visibility into the security state of the environment.
关于客户
Latitude Financial is a financial services firm that operates in multiple regions including Australia, New Zealand, Canada, and Singapore. The company provides a range of financial products and services to its customers, which include personal loans, credit cards, and insurance. With a workforce of over 3,000 employees, Latitude Financial is committed to maintaining a robust security posture to protect its customers' sensitive financial information. The company faces stringent regional compliance requirements and has a small internal security team that was initially heavily reliant on a third-party managed security services provider (MSSP). Latitude Financial had adopted Sumo Logic for log management but lacked a comprehensive security information and event management (SIEM) solution, which was crucial for achieving real-time visibility into their security environment.
解决方案
On a mission to build out the company’s in-house security operations center (SOC), Latitude Financial evaluated multiple SIEM solutions and landed on Sumo Logic Cloud SIEM as the leading choice. Several factors stood out to the security team in their decision to adopt Sumo Logic, including outstanding vendor engagement and level of support, rapid deployment in only a few days, and a user-friendly interface that makes it simple to investigate and drill into entity information without pivoting to other tools. The cloud-native architecture and storage of Sumo Logic alleviated the need to manage backups, making it an ideal choice for Latitude Financial. The first step for the security team was implementing Sumo Logic Cloud SIEM to get visibility across the company’s infrastructure. Latitude Financial has 3,000 employees working across geographical locations and a range of workstations, servers, and other tools running both on-premises and in AWS cloud environments. Setting up integrations was a simple process for Sumo Logic to ingest telemetry data from the environment, and the company now has 46 security sources that Sumo Logic analyzes to feed into the team’s SOC dashboards.
运营影响
  • Empowered security with visibility and actionable insights: By centralizing data into Sumo Logic for security analysis, Latitude Financial effectively gained real-time security insights across the entire infrastructure and security stack. Sumo Logic’s daily ingestion of 100GB generates 61 million records and more than 100,000 signals. These deliver the security team eight to ten actionable insights daily.
  • Upskilled team through Sumo Logic certifications: Latitude Financial now has ten seasoned security analysts on the SOC team, which has empowered the company to increase its focus on initiatives that advance and deepen the team’s security skills. Part of the team’s development is made possible by making full use of Sumo Logic’s free training and certification program. Interactive training and virtual cert jams have provided such great value that Latitude Financial has made it a prerequisite for its security analysts to complete the training and obtain the required certification.
  • Agile threat hunting to investigate, validate, and remediate IOCs: Leveraging Sumo Logic Cloud SIEM, Latitude Financial is continuously maturing its SOC playbooks and processes. The security team also applies a rigorous threat-hunting practice that, in addition to uncovering indicators of compromise (IOCs), identifies opportunities to tune and enhance Cloud SIEM’s detection capabilities. The platform’s comprehensive data combined with its simple query language make it easy and powerful for threat-hunting experts to search and uncover suspicious activity.
数量效益
  • Broad security visibility leveraging 184 SOC-related dashboards.
  • Ingests and analyzes 100GB daily from 46 security sources.
  • Advanced security posture with ten actionable insights per day.

相关案例.

联系我们

欢迎与我们交流!

* Required
* Required
* Required
* Invalid email address
提交此表单,即表示您同意 IoT ONE 可以与您联系并分享洞察和营销信息。
不,谢谢,我不想收到来自 IoT ONE 的任何营销电子邮件。
提交

Thank you for your message!
We will contact you soon.