The client is an Australian global resources company. They had a complex environment with multiple tools and security solutions. They wanted to consolidate services with fewer vendors so as to have a smoother cybersecurity setup.
Infosys facilitated a smooth transition by delivering global support and streamlining processes thereby enhancing overall security posture.
Key Challenges
- Huge backlog of alerts which required quick resolution
- No proper process for triaging log stoppage/delay alarms
- Absence of master device list making it difficult to analyze incidents
- High number of false positive incidents in SIEM (Security Information and Event Management
- Unable to automate hash indicator analysis
The Solution
Implemented appropriate processes to fix log delay problems
- Onboarded the client to Threat Intelligence Platform (TIP)
- Created health monitoring dashboard to enhance visibility and detection of log source issues
- Successfully implemented process for triaging log delay issues
- Successfully migrated from Symantec MSS to Dell SecureWorks and fine-tuned multiple use cases resulting in reduction of false positives
Benefits
Increased visibility and detection of security incidents
Provided 24x7 real-time security monitoring in the client environment
Performed triage of security alerts, correlation between multiple platforms/products & threat intelligence
Eliminated false positives, escalated true positives and communicated to stakeholders, peers, and staff as per defined processes
Cleared a backlog of 50,000 data loss prevention (DLP) incidents with dedicated DLP support
Performed security event detection and monitoring across 11,000+ devices and executed asset classification, risk model finalization, scanning, and patching
