Highlights
Industry: Logistics & Transportation
Solution: Splunk Enterprise
Results:
- Improved log management and decision making
- Faster response to suspicious cyber activities
- Easy visualisation of operational conditions
- More efficient and effective audit process
- Greater focus on revenue-generating activities
Challenge
A key player in Singapore’s highly regulated maritime industry, the client is required to have a robust Event Log Management/Security Information and Event Management (SIEM) system for audit compliance. However, its process of manually consolidating logs from multiple unconnected IT systems for its monthly audit was tedious, unreliable and often slow in mitigating time-critical issues. Lack of an automated system for log consolidation also resulted in a slow response to suspicious activities, presenting a significant information security risk. Consequently, the company turned to Stone Forest IT (SFIT) for a solution.
Solution
After evaluating the client’s needs, SFIT recommended Splunk Enterprise, which includes the following features:
- A centralised platform to import and consolidate logs from multiple IT systems, such as custom applications and database servers
- Customised dashboard to provide a single view of logs for multiple activities such as logins, policy changes and superuser actions, allowing them to be easily tracked
- System anomaly alerts, continuous IT/network maintenance and inactivity alerts on bottlenecks that slow or disrupt information flow
- Automatic generation and delivery of the monthly log report to the external auditor via email, as well as automated audit trail of communications between the auditor and company
Results
After deployment of the solution, the client realised several benefits:
- Improved log management with more informed and timely decision making as trends are easily identified through analysis of data presented graphically on the dashboard
- Faster response to suspicious activities across IT infrastructures and improved risk management due to greater visibility on the dashboard and automatic notification of incidences
- Ability to retrieve real-time and historical data based on customised search criteria allows easy visualisation of various operational conditions — such as service delivery and network latency — and flexible investigations of unauthorised cyber activities
- More efficient and effective audit process due to more transparent communications between company and external auditor
- Greater productivity from automation, allowing the company to focus more on revenue-generating activities
The successful implementation is a result of SFIT’s intimate understanding of each client’s needs and extensive experience in providing solutions that help businesses to enhance their efficiency and productivity.