FEATURE: FINANCE
//////////////////////////////////////////////////////////////////////////
KFH’S MAIN OBJECTIVES WERE TO
BE FULLY COMPLIANT AND HAVE
COMPLETE VISIBILITY OF THEIR
INFRASTRUCTURE.
Security Operation Centre (SOC), Behzadi
said: “The ESM correlation engine is one of
the best in the industry.
“For our threat investigations it’s really
helpful to collect data and correlate events
in real-time to prioritise and escalate
threats that violate the internal platform
rules. We were able to optimise the events
26
INTELLIGENTCIO
received from the different sources using
ADP filtering and aggregation capabilities,
resulting in us only managing around 3,000
events per second. Thus, directing our
resources in the right way is a key benefit
for us.”
Behzadi also found the community-driven
ArcSight content to be of help: “Through
the ArcSight Marketplace and Activate
framework, we benefit from security rule-
sets, dashboards, and reports developed by
Micro Focus SOC experts and the ArcSight
Community. ArcSight Activate includes
hundreds of use case solutions and ESM
packages that we can simply download and
integrate into our own ESM environment.
It has hugely enriched and enhanced our
security operations and response times.”
The reporting modules within ArcSight ESM
and Logger have also been very useful.
The KFH security team have been able
to introduce comprehensive dashboard
reporting which is used in many parts of the
organisation, as well as in audits.
Standard and custom, as well as automated
and ad-hoc reporting are all part of the
security service.
www.intelligentcio.com