As one of the largest integrated logistics service providers in China, our customer is committed to becoming a data and technology-driven company providing independent third-party solutions. It empowers customers with leading technology and provides customers with smart and integrated supply chain solutions covering various industries and application scenarios.
In terms of information security, customer act as a leading role in the industry, after making huge investments in solutions and products around border security, intranet security, endpoint security, data security, cloud security, and supply chain security, customer deployed Splunk SIEM as their nerve center to do security event management, analytics, threat hunting, investigation, and response.
For most enterprises, the HVV (Network Protection Action) every year is extremely critical, which reflects their security maturity as well as the effectiveness of security defense controls. UPC has worked with customers for many years, utilizing SIEM platform, to help them quickly do correlation search and analytics on various security appliance logs, and network traffic, to improve the efficiency of forensic and incident response, and finally win this key battle.
During HVV, UPC SIEM engineer helped customer in the following aspects:
1. Map defense controls
With the visualization capability of the SIEM platform, the cybersecurity situation can be monitored in real time on the large screen display system according to the enterprise network security topology and common attack tactics of attackers, so that the attack status during HVV can be viewed and understood by the defense team immediately.
2. Threat hunting
Based on the weaknesses of enterprise defense identified by mapping evaluation, the powerful SPL of SIEM can be used to update and define new use cases at any time to make threat detection more accurate and efficient.
3. Investigate incidents
During the investigation and forensic, other supporting logs (for example, before HVV starts, the attackers send malicious resume files to employees in the name of recruitment via corporate instant messaging system) can be collected and correlated by SIEM to discover relevant threats that bypass security controls, leaving no blind side in security protection.
4. Identify actors/groups
During HVV, the SIEM platform processed massive logs and alarm events. Both SIEM machine learning and baseline detection are used to identify abnormal attack behavior patterns and take countermeasures in advance.
5. Integrate and fine-tune solutions
According to the attack tactics and actual detection responses during HVV, UPC team works with customer together to optimize and customize the detection rules and strategies of various security appliances of the enterprise.
In the 2022 HVV action, UPC Information Security team has been praised and recognized by customer once again, due to their professional services provided. As always, we’re willing to provide constant high-quality service to our customers, adhering to our philosophy of serving customers wholeheartedly.
