EARLY THREAT DETECTION & INTELLIGENT ALERTS – File Transmissions
Monitor File transmission for Anomalous activities
A leading banking and financial services company uses Splunk to monitor its File transmission (both inbound & outbound) logs to identify potential threats and Vulnerable systems
CHALLENGES
- Thousand files/protocol types to report/act on
- File transmission status, Suspicious File Uploads, User anomalous activities, Compromised accounts
- Troubleshooting required manual login to multiple systems to identify root cause for transmission failures/abnormal behaviour
- Monitor and Manage SLAs for several thousand File transmissions
SOLUTIONS
- Centralized File Transmission tracker dashboard for global file transmissions with user interactive drill downs that tracks transmission time, status, file format, file size, etc.
- Alerts on Suspicious File Uploads – Splunk matches logs with allowed file formats for malicious activity.
- Infosecurity dashboard to track User Anomalous Activity across the globe using Machine Learning techniques and interactive visualizations such as: Choropleth/Clustermaps
- Automated alerting setup for File Transmission SLA management: Proactive and Reactive alerts if a SLA is missed or about to be missed
BENEFITS
- Improved Security Posture – Early Threat detection and response and cost savings
- Reduced Cycle time (improved MTTR)
- Improved File Transmission SLAs
- Single UI with End-to-End view of system depicting File transmission status in real-time
Monitored Systems/Data Sources: Centralized File transmission servers (10,000+ files), No. of Transmission Protocols – 14
Users: Operations Team, Information Security Team
Product: Splunk Enterprise