Modernize an existing Security Operations Center to provide a better user experience for analysts and improve the capability to detect and respond to security events throughout the enterprise.
The Challenge:
- Limited capability of existing and outdated SIEM solution
- Lack of flexibility to answer questions about the current state of the enterprise environment
- Little automation in place with current set up— routine patching and configuration management is extremely time-consuming
Solution:
- Nutanix virtualized the entire infrastructure
- RedHat’s Identity Management product allowed for better integration with the Windows infrastructure while keeping admin tasks in the current environment
- Centralized event collection architecture deployed
Victory:
- Splunk platform available to the SOC analysts so they can protect the environment
- Splunk identifies and tracks incidents with the Enterprise Security App
- All operational requirements are met for the client