SIEM platform construction and automated orchestration for foreign banks

Security Project

Customer Profile
As a foreign-funded corporate bank, the Shanghai Branch is located in Lujiazui, mainly providing traditional banking services and comprehensive financial solutions to enterprises.
Customer Requirement
Foreign banks, as key targets of cyber attacks, are constantly exposed to risks such as malware, hacker attacks, and data leaks. Customers urgently need to utilize advanced and mature security solutions, to enhance their ability to analyze security incidents, and further improve their capabilities in detecting and responding to external attacks and internal violations.
Solution
  • Select Splunk security solution as the platform for centralized processing, analysis and response of security logs.
  • Design an index cluster to centrally collect network data from all sites' IDC across the country, achieving data high availability and security integrity.
  • Based on the regulatory requirements of the client's industry and the best practices of project experience, we designs and implements 60 security Use cases for the client in the project first phase, and provides use case fine-tuning services to the client on a regular basis.
  • Connect with the business department, analyze key business system data, and define key indicators for business detection.
  • In the third phase of the project, assist the client in introducing SOAR (security orchestration and automated response) tools to achieve automatic operation of security incidents.
Customer Benefits

The efficient processing of security incident analysis and response has been achieved, thereby enhancing the overall level of security management.

Through effective monitoring of business data, we help customers accurately control the status of their business operations and ensure stable and secure business operations.

The introduction of SOAR technology has significantly reduced manpower input, improved operational efficiency, and enhanced the economic benefits of security operations.