SIEM Upgrade for Coastal Federal Credit Union
Customer: Coastal Federal Credit Union
Industry: Lending & Brokerage, Banking
Coastal Federal Credit Union was using McAfee as their security information and event management (SIEM) solution. For a variety of reasons, they decided that McAfee was no longer sufficient to meet their cybersecurity needs.
Establishing an effective security solution that focused on current threats and use cases that were of growing concern for Coastal. A static SIEM is a vulnerable SIEM so there was a great deal of pressure to install and configure the Splunk solution as quickly as possible.
Our implementation was also impacted by a workforce shifting to remote work in the context of Covid challenges and we were able to overcome infrastructure challenges to implement.
Key Pain Points:
- Coastal was not happy with their legacy SIEM capability in terms of the breadth and effectiveness of the tool
- Their security solution had become stale, was vulnerable due to the static nature of the technology, and it was lacking industry support as it was no longer considered a best of breed SIEM solution
- It was also lacking in performance and would require additional investment in order to be performant.
How we fixed it:
A new Amazon Web Services (AWS) virtual private cloud was set up and Splunk’s Enterprise Security (ES) and User Entity Behavior Analytics (UEBA) solutions were installed and configured. Splunk forwarders, used for collecting important event data into Splunk, were installed on the hundreds of servers throughout the company. We set up the collection of events from over two dozen data sources including Cisco, F5 and Palo Alto appliances, Windows event logs and Unix server logs, DNS, DHCP and Netflow data for network traffic visibility and many others.
Splunk Enterprise Security was installed and configured for fast, accurate detection of notable events throughout the corporate network infrastructure using accelerated data models and appropriate correlation searches. This included data enrichment through connecting notable events with their HR and computer assets details to provide context to these notable events for even faster detection and prevention of threats.
Finally, we installed Splunk’s User Entity Behavior Analytics solution for the detection and prevention of threats arising from actors within their corporate network. We connected this to Enterprise Security so that machine learning and complex threat detection looking for anomalous activity of users and other network entities could be applied to the variety of event data being collected for overall threat detection.
ROI and Key Success:
We were able to complete the installation of Splunk and ES within weeks, followed by the installation and configuration of Splunk User Behavior Analytics.
Coastal Credit Union and TekStream Solutions worked closely together to successfully implement both Splunk Enterprise Security (ES) and Splunk User Behavior Analytics (UBA) in a clustered environment. We onboarded over twenty different data sources addressing the areas of Authentication, DNS, Endpoint Detection and Response, IDS & IPS, Malware Analysis, Network Communication, Web Proxy and Windows Security.
We led them through an analysis of their security requirements and requirements. We configured their environment to address over thirty specific use cases.
Technology Involved : Splunk Enterprise Security, Splunk UEBA, Amazon VPC