Pharmaceutical Case Study

How a global Pharmaceutical Company expanded their use of Splunk and reduced expenditure.

splunk logo

Case Study Introduction

Customer Profile

A global pharmaceutical company were looking to migrate their Security Operations centre running Splunk Enterprise Security whilst expanding their use of the Splunk platform and sustaining their future data analytic requirements. All at the same time as consolidating their technologies and reducing their overall expenditure.

Challenges

Performance issues, software out of date, system stability, complex migration from 2 Search Heads to dual search head clusters. New use cases requested across the business, meeting the demands of varied data owners and requirements.

Solutions

New rollout of a global Splunk environment consisting of 2 multi-site indexer clusters, 2 search head clusters, global deployment server architecture, load balancing for Splunk Stream and collected data source collection, heavy forwarders and cloud data sources.

Outcome

Man looking at laptop whilst working
A parallel implementation, building two new multi-site indexer clusters across the globe, with two search head clusters, one for ES and one for Service and Infrastructure monitoring. Then onboarding over 50 different data sources, whilst also maintaining the live environment prior to migrating to the new environment within extreme time pressures.

Why Somerford?

Somerford was able to orchestrate and deploy multiple consultants to run different pipelines of work in parallel to meet the time pressures, whilst our in-house project management team were able to maintain strong forward momentum and a high level of communication within the team to accurately track all tasks and outstanding actions.

The complexity of the tasks and the requirement for no downtime to critical security operations meant the migration and handling of the migration process was not trivial. Running items in parallel, meant the split firing of data was required to maintain security data into the old system whilst onboarding new data sources into the new environment before the full migration was completed. Additionally, the migration was designed in a way that completed an upgrade of the platform, merging and consolidation of configuration, removing any erroneous and damaging config, upgrading the environment and planning for a new index design.

Additional Resources

Splunk Professional Services

Splunk SIEM Replacement Assessment

The Splunk Guide to SIEM Replacement

Facing a similar challenge and in need of our services?

Reach out to us, and our certified team will be able to assist you.
Scroll to Top