Insider threat analytics platform for mobile phone chip manufacturing companies

Security Project

Customer Profile
As one of the world's leading ODM companies for mobile phones, customer provides competitive products to end-clients both at home and abroad, and are committed to becoming a global leader in smart product services.
Customer Requirement
The client’s cyber security maturity is relatively high. Considering the industry characteristics, they are looking for a product with flexible data analysis and customization capabilities, as well as a service provider to build an enterprise compliance audit log platform for users. This platform will address the needs of enterprise personnel analysis, compliance audits, legal affairs, and HR-related requirements, and be delivered and implemented accordingly.
Solution
  • Since 2021, as a long-term strategic security operations partner of our clients, we have been deeply involved in the construction of security operations centers and the design and implementation of internal threat protection systems;
  • Select Splunk Enterprise and Enterprise Security, and design and implement a data analysis platform architecture tailored to the user's actual usage environment, network segmentation, and site distribution;
  • Communicate with the user requirements department to provide guidance on security use cases for subsequent personnel audits;
  • Based on the use case, work backwards to the required data sources, access and analyze the data, and communicate with the user's R&D department on related data quality issues;
  • Conduct one-on-one interviews with departments that address core user demands to understand user compliance audits, regulatory requirements, risk areas of concern, and risk tolerance;
  • Based on user concerns and in combination with relevant NIST best practices, we designed relevant user behavior baseline detection rules. Based on the baseline rules, we leveraged the Splunk SIEM RBA function to implement aggregated risk scoring and analysis based on personnel and assets.
Customer Benefits

Based on data visualization analysis of personnel behaviors, a risk handling closed loop for internal threat monitoring, tracing and blocking has been achieved within the enterprise.

Expanded the exogenous capabilities of security data analysis and enhanced the vertical resilience of the enterprise's defense system.