Transforming SIEM Effectiveness for a Growing Financial Business

Customer Background

Our client, a mid-market financial business based in the UK, has been experiencing steady growth and serves a global customer base. With over 2,500 employees and customers in 29 countries, the company processes over €34 billion in transactions annually. Established in 1981, the organisation has built a strong reputation in the financial industry, prioritising security and high-quality customer service.

 

SIEM Challenges and Neglect

Despite their growth and success, the client faced significant challenges with their Security Information and Event Management (SIEM) system. Their small, dedicated security team managed the SIEM while relying on outsourced 24/7 Security Operations Centre (SOC) services. One key individual was responsible for overseeing the SIEM and possessed substantial knowledge of its functions. However, the workload was too vast for a single person to manage effectively on a day-to-day basis.

As the organisation expanded, competing priorities led to the SIEM system being neglected. No updates or improvements were made for an extended period, resulting in an excessive number of alerts and delays in responding to critical notifications. Over time, the performance of the SIEM deteriorated, putting the organisation’s security posture at significant risk.

 

The Need for an Independent Expert and NIST Framework Alignment

Recognising the critical need for continuous attention and updates to ensure the SIEM was effective, the client aimed to align their security practices with the National Institute of Standards and Technology (NIST) framework. However, they were uncertain about how to achieve this and sought independent expert guidance on SIEM design. The goal was to develop a personalised understanding of what an ideal SIEM implementation would look like for their specific business needs.

 

Apto’s Tailored Solution

Apto, a leader in SIEM solutions, provided the client with a complimentary consultation to understand their unique circumstances, growth plans, and security requirements. Drawing from our expertise, we proposed a comprehensive solution that included consultancy services, engineering work, and long-term support, all tailored to their needs.

We began by helping the client conceptualise the SIEM’s key components and ensuring a deeper understanding of these areas for seamless integration. Through strategic analysis, we aligned the client’s processes with the NIST framework. Our engineering team promptly customised the SIEM to be fit for purpose, incorporating relevant threat intelligence and ensuring it was updated for current risks.

To maintain SIEM effectiveness, we introduced an operate  service. This included a fully managed SIEM backed by a third-party SOC team, providing comprehensive monitoring, analysis, and incident response.

 

Positive Outcomes and Improved Confidence

Our collaboration with the client led to significant improvements. Their security team gained confidence in the SIEM’s capabilities and a clearer vision of its role in the business. By adopting a strategic approach and focusing on optimising data ingest, the number of false positives was reduced, enabling the team to focus on critical tasks.

The SIEM became a more reliable and valuable tool, empowering the organisation to proactively manage security threats and adapt to the evolving threat landscape.