Pharmaceutical Case Study
How a global Pharmaceutical Company expanded their use of Splunk and reduced expenditure.
- Full SIEM Migration
- SIEM Into Single SaaS Solution
- Event Correlation
Case Study Introduction
Customer Profile
A global pharmaceutical company were looking to migrate their Security Operations centre running Splunk Enterprise Security whilst expanding their use of the Splunk platform and sustaining their future data analytic requirements. All at the same time as consolidating their technologies and reducing their overall expenditure.
Challenges
Performance issues, software out of date, system stability, complex migration from 2 Search Heads to dual search head clusters. New use cases requested across the business, meeting the demands of varied data owners and requirements.
Solutions
New rollout of a global Splunk environment consisting of 2 multi-site indexer clusters, 2 search head clusters, global deployment server architecture, load balancing for Splunk Stream and collected data source collection, heavy forwarders and cloud data sources.
Outcome
- Cloud based data sources
- On prem infrastructure
- Security Tools
- Database data
- Network Data
- Physical Hardware
A parallel implementation, building two new multi-site indexer clusters across the globe, with two search head clusters, one for ES and one for Service and Infrastructure monitoring. Then onboarding over 50 different data sources, whilst also maintaining the live environment prior to migrating to the new environment within extreme time pressures.
Why Somerford?
Somerford was able to orchestrate and deploy multiple consultants to run different pipelines of work in parallel to meet the time pressures, whilst our in-house project management team were able to maintain strong forward momentum and a high level of communication within the team to accurately track all tasks and outstanding actions.
The complexity of the tasks and the requirement for no downtime to critical security operations meant the migration and handling of the migration process was not trivial. Running items in parallel, meant the split firing of data was required to maintain security data into the old system whilst onboarding new data sources into the new environment before the full migration was completed. Additionally, the migration was designed in a way that completed an upgrade of the platform, merging and consolidation of configuration, removing any erroneous and damaging config, upgrading the environment and planning for a new index design.
The complexity of the tasks and the requirement for no downtime to critical security operations meant the migration and handling of the migration process was not trivial. Running items in parallel, meant the split firing of data was required to maintain security data into the old system whilst onboarding new data sources into the new environment before the full migration was completed. Additionally, the migration was designed in a way that completed an upgrade of the platform, merging and consolidation of configuration, removing any erroneous and damaging config, upgrading the environment and planning for a new index design.
Additional Resources
Splunk Professional Services
Splunk SIEM Replacement Assessment
The Splunk Guide to SIEM Replacement
Facing a similar challenge and in need of our services?
Reach out to us, and our certified team will be able to assist you.