EARLY THREAT DETECTION & INTELLIGENT ALERTS – File Transmissions

Monitor File transmission for Anomalous activities

A leading banking and financial services company uses Splunk to monitor its File transmission (both inbound & outbound) logs to identify potential threats and Vulnerable systems

CHALLENGES

• Thousand files/protocol types to report/act on
• File transmission status, Suspicious File Uploads, User anomalous activities, Compromised accounts
• Troubleshooting required manual login to multiple systems to identify root cause for transmission failures/abnormal behaviour
• Monitor and Manage SLAs for several thousand File transmissions

SOLUTIONS

• Centralized File Transmission tracker dashboard for global file transmissions with user interactive drill downs that tracks transmission time, status, file format, file size, etc.
• Alerts on Suspicious File Uploads – Splunk matches logs with allowed file formats for malicious activity.
• Infosecurity dashboard to track User Anomalous Activity across the globe using Machine Learning techniques and interactive visualizations such as: Choropleth/Clustermaps
• Automated alerting setup for File Transmission SLA management: Proactive and Reactive alerts if a SLA is missed or about to be missed

BENEFITS

• Improved Security Posture – Early Threat detection and response and cost savings
• Reduced Cycle time (improved MTTR)
• Improved File Transmission SLAs
• Single UI with End-to-End view of system depicting File transmission status in real-time

Monitored Systems/Data Sources: Centralized File transmission servers (10,000+ files), No. of Transmission Protocols – 14

Users: Operations Team, Information Security Team

Product: Splunk Enterprise