Re-Architected Splunk MDR

TekStream Restores Best-of-Breed Splunk MDR Solution

Main Line Health is a not-for-profit hospital network serving the greater Philadelphia area. With more than 10,000 employees and 2,000 physicians who care for patients across five award-winning hospitals, six health care centers and more than 40 offices, the company needs a 24×7 managed detection and response (MDR) solution they can trust.

Despite the company’s significant investments in technology infrastructure and operations to ensure the safety and security of patients, they were experiencing unactionable alerts, poor visibility into scoring and degraded search performance that eroded confidence in their MDR provider. Seeking the expertise their Splunk environment demands, Main Line Health engaged TekStream to assess, and ultimately completely re-architect, their MDR solution.

Within weeks of its initial assessment, TekStream’s Splunk experts redesigned and customized a more robust MDR solution at a 50% annual cost savings. Risk scoring and alerts were tailored specifically to their needs. Most important, however, is the renewed confidence Main Line Health gained in its ability to protect against increasingly complex cybersecurity threats.

Download the Case Study

Technologies Involved


Splunk Cloud
Splunk Enterprise Security
Splunk SOAR


Solution Objectives

Assess and address root cause of an underperforming MDR system by fully leveraging Splunk functionality.

Act quickly to resolve performance issues and minimize exposure in an environment that demands the highest levels of data integrity.

Eliminate alert fatigue, restore visibility and provide intelligence needed for appropriate threat identification and resolution.

Implement documentation and governance standards that ensure operational resilience and business continuity.

TekStream’s assessment of Main Line Health’s MDR system immediately identified a lack of adherence to Splunk best practices that were negatively affecting performance considerably. Furthermore, little documentation of the bloated application architecture obscured visibility and put
Main Line Health at a disadvantage in demanding accountability from their prior provider.

TekStream’s Splunk experts acted quickly to completely re-architect Main Line Health’s Splunk MDR and successfully remediate the prior misconfiguration in order to mitigate several key issues. Areas of focus included:

Splunk application distribution

  • Leveraged non-proprietary Splunk best practices to improve performance, accountability and ROI

Improved data ingestion

  • Reconfigured network data ingestion to eliminate the risk of data loss
  • Created new indexes, modified inputs and corrected source types
  • Identified and verified all applicable indexes whitelisted

Enhanced search environment

  • Ensured threat intel ingested into Splunk was brought into Enterprise Security
  • Configured assets and identities
  • Incorporated enriched data from security appliances to amplify threat alerts
  • Identified use cases and tuned searches to diminish alert fatigue

“The TekStream team has been incredibly collaborative… Absolutely could not be happier with this purchase.”

– Kevin Werner, System Director, IT Security Operations Main Line Health

Key Successes

  • Restored confidence with completely re-architected MDR solution that fully leverages Splunk functionality and capabilities
  • Delivered customized security solution at 50% savings over prior provider in a matter of weeks.
  • Customized process automation, risk scoring and alerts to align with Main Line Health’s business needs.
  • Developed and implemented collaborative, transparent and structured governance and reporting.

Industry: Healthcare

Employees: 10,000+

Annual Revenue: $1.8B

Location: Philadelphia, PA

Main Line Health is a not-for-profit hospital network in the greater Philadelphia area.