The client is an insurance and reinsurance providing company based out of US. There was a lack of integration support for new security tools to ActiveGuard legacy SIEM solution.
Infosys SOC governance team integrated critical log sources with security monitoring tool and created customized use cases around the log sources.
Key Challenges
- Spam and phishing emails not monitored
- Limitation in EPS preventing further tools to be integrated with SIEM solution
- Suspicious traffic from non-business locations
- No proper established change management process for security tools
The Solution
Facilitated proactive response to cybersecurity incidents
- Implemented email monitoring solution
- Created routing rules for health metric logs resulting in reduction of EPS consumption
- Created use cases to identify suspicious traffic from non-business locations
- Successfully implemented change management process for all security tools
Benefits
Cost-effective security monitoring mechanism
Optimized cost by increasing log source integration
95% log sources integrated onto the security incident and even management
Increased security monitoring coverage with proactive threat detection by implementing use cases
Created 30+ customized use cases for threat detection
Mapped 160+ use cases with MITRE ATT&CK framework, resulting in better understanding of attack or incident posture
Reduced turnaround time for incident resolution by establishing metrics-driven SOC operations
