SIEM platform construction and automated orchestration for foreign banks
Safety Project
Client Profile
As a foreign-funded corporate bank, our Shanghai branch is located in Lujiazui and mainly provides traditional banking services and comprehensive financial solutions to corporate customers.
Customer needs
As a key target of cyberattacks, foreign banks face constant risks from malware, hacker attacks, and data leaks. Clients urgently need to leverage advanced and sophisticated security solutions to improve their ability to correlate and analyze security incidents, further enhancing their detection and response capabilities against external attacks and internal misconduct.
Solution
- Select Splunk security solution as the platform for centralized security log processing, analysis, and response;
- Design index clusters to centrally collect IDC network data from sites across the country, ensuring high data availability, security, and integrity.
- Based on the customer's industry regulatory requirements and project experience best practices, we designed and implemented 60 security testing use cases for the customer in the first phase, and provided regular use case tuning services to the customer.
- Connect with business departments, analyze key business system data, and define key indicators for business testing;
- In the third phase of the project, we assisted customers in introducing security orchestration and automated response tools to achieve the automatic operation of standardized security affairs.
Customer Benefits
It achieves efficient processing of security incident analysis and response, and improves the overall security management level.
Through effective monitoring of business data, we help customers accurately control the status of their business operations and ensure stable and secure business operations.
The introduction of SOAR technology has significantly reduced manpower input, improved operational efficiency, and enhanced the economic benefits of security operations.