Intelligent CIO APAC Issue 18 - Page 63

CASE STUDY superior automation and orchestration capabilities ,” said McGill . “ We were also attracted by the ease of use of the analyst console and the platform ’ s very competitive pricing .”
McGill said the Salvation Army IT team was also impressed with the knowledge and experience exhibited by managed services provider Seamless Intelligence which had proposed the LogRhythm solution .
“ Seamless was able to demonstrate a deep understanding of the technology and how it would meet our specific requirements . They began the deployment for us in February 2021 and it was completed by April .”
Once the new SIEM was fully operational , the Salvation Army IT team was quickly noticing some significant benefits . It was now possible to gain insights into issues and incidents that would previously not have been possible without trawling through endless logs or paying third parties to conduct audits .
“ Overall , we have been able to significantly reduce the level of risk that cybersecurity presents to our organization ,” said McGill . “ There is no doubt our maturity level has greatly improved , and we look forward to further leveraging the capabilities of LogRhythm to provide further benefits .”
McGill points to threat detection efficiency and effectiveness as areas that have experienced significant improvement , due in no small part to the processes introduced by Seamless Intelligence and their ability to extract the most value from the LogRhythm SIEM .
“ We have logs coming in from several different systems and services which means that the insights we ’ re now getting have greater coverage ,” he said . “ This allows us to see where an attack has originated from and where it has potentially made its way to in other parts of the network infrastructure .”
For example , using the threat intelligence in LogRhythm , the IT team can see if a potentially malicious email has made it through the infrastructure ’ s filters or whether a staff member has clicked on a link and caused their workstation to become infected with malware . LogRhythm SmartResponse is then used to block the sender or malicious URL and do a forensic examination of the workstation .
Looking ahead , McGill said the next step was to take advantage of LogRhythm ’ s automation capabilities to reduce the workload on the IT team and further improve the levels of protection being achieved .




“ We now have in place a security infrastructure that meets our needs now while also having the ability to scale with us in the future ,” he said . “ It ’ s been a gamechanger .”
How do SIEM solutions work ?
The core set of capabilities for a SIEM solution includes data collection , parsing ( or normalizing ) data , and correlating that data to identify suspicious or problematic activity . This processing and enrichment of data enables all forms of data analysis and can have a direct impact on how effectively an organization can search and access its data .
Once the data has been ingested and normalized , the SIEM software correlates events across all of the data in aggregate to identify patterns of compromise and alert the end-user to suspicious activity .
SIEM technology can reside either on-premise or in the cloud and collect data from a massive variety of data sources .
The SIEM essentials
• Log management : Collect , normalize and aggregate log data to deliver efficient data access and management
• Real-time monitoring : Observe activity at the exact moment it occurs within your network environment
• Incident investigation : Search and drill down on logs to further investigate a potential incident
Benefits of leveraging SIEM as a security / IT foundation
SIEM solutions map to modern operational needs , delivering real-time visibility , efficient and secure data access , streamlined workflows , a unified user experience and the ability to customize how you manage your environment based on the demands of the organization . p
www . intelligentcio . com INTELLIGENTCIO APAC 63