Delivering an award-winning SIEM solution

When it set out to implement an effective Security Investigation and Event Management (SIEM) solution, this UK financial services organisation turned to ECS to provide the expertise needed to ensure a successful project. The ECS security team transformed this client’s security posture resulting in industry recognition.

This financial services organisation chose ECS as the partner for its Security Information and Event Management (SIEM) programme. ECS was appointed to initiate the SIEM platform using Splunk and run the on-boarding of services as well as the continued evolution of the SIEM platform. With consistent high performance across every SLA and KPI, the contract has now been renewed multiple times.

The strong working relationship between ECS and the client has been recognised at the highest levels, usually highlighting ECS’s flexibility and its role in the successful delivery.  The continuing success of the work resulted in winning the UK IT Industry ‘Cyber Project of the year’ award. The customer comments included, “ECS security has played a critical role in the progress we’ve made to date”.

The use of Splunk has been instrumental in this journey. It was initially used as a conventional SIEM technology producing events of interest to the SOC and other areas of the bank. However, as more services have been brought into the platform, the customer has advanced its ability to analyse the data, resulting in enhancements to its IT capabilities.

Challenges
There were technical and cultural hurdles to overcome during the service development lifecycle. Owing to the pace of change required to create and enhance the SIEM platform, ECS had to work closely with the customer to demonstrate the value of continuous development and onboarding of services whilst being mindful of implementing a structured change management process to mitigate the risk to current services and ultimately the platform itself.

Value Realisation
ECS has enabled the client to evolve its use of SIEM whilst continually developing additional capabilities. ECS used its renowned industry knowledge to provide advice and guidance on best practices while taking advantage of its close relationship with Splunk to maximise the benefits to the customer.

Over the course of two years, ECS has provided advice and best practice on SIEM taking the customer on a journey to what is now a fully operational platform that continues to develop key services.