Case Study: Transforming SIEM Effectiveness for a Growing Financial Business

Customer Background

Our client is a mid-market financial business based in the UK, experiencing steady growth with a global customer base. With over 2500 employees and customers in 29 countries, the company processed over 34 billion euros in transactions annually. Established in 1981, the organisation had a strong foothold in the financial industry and aimed to provide top-notch security and customer service.

SIEM Challenges and Neglect

The client had a small, dedicated security team managing their Security Information and Event Management (SIEM) system. Due to the organisation’s size and scope, they outsourced their 24/7 Security Operations Center (SOC) services to an external provider. The team relied heavily on a key person who oversaw the SIEM, who possessed significant knowledge but was unable to cover all the responsibilities required to effectively manage the SIEM on a day-to-day basis.

Unfortunately, amidst competing priorities, the administration of the SIEM became challenging. Over time, the system was neglected, and no improvements or development took place for an extended period. Consequently, the organisation faced an excessive number of alerts and experienced delays in responding to critical notifications. The lack of attention and updates caused the SIEM’s performance to deteriorate, posing a significant risk to the company’s security posture.

The Need for an Independent Expert and NIST Framework Alignment

Recognising the pressing need for continuous attention and updates to maintain a viable and effective SIEM, the client desired to align their security practices with the National Institute of Standards and Technology (NIST) framework. However, they were unsure of where to start and sought an independent expert’s guidance on SIEM design. The client aimed to achieve a personalised and specialised understanding of what an ideal SIEM implementation would entail for their specific business.

Apto’s Tailored Solution

Apto, a trusted expert in SIEM solutions, offered the client an initial free consultation to grasp their unique situation, organisational needs, and future growth plans. Leveraging our extensive toolbox of service and product knowledge, we proposed a comprehensive solution encompassing initial consultancy services, engineering work, and long-term support tailored precisely to the client’s requirements.

We began by helping the client conceptualise the components of the SIEM and gain a deeper understanding of these areas to ensure seamless integration and effectiveness. Through a period of consultancy and strategic analysis, we assisted the client in aligning their processes with the NIST framework. With our prompt and high-level engineering work, we customised the SIEM product to be fit for purpose and up to date with relevant threat intelligence.

To ensure ongoing effectiveness and responsiveness to the business’s evolving needs, we introduced a tiered support model. This model featured a fully managed SIEM, supported by a dedicated third-party SOC team, offering comprehensive monitoring, analysis, and incident response capabilities.

Positive Outcomes and Improved Confidence

The results of our collaboration with the client were evident quickly. The client’s security team experienced a significant boost in confidence, as they gained a better understanding of the SIEM’s capabilities in protecting and supporting the organisation’s overall security stance. The entire organisation recognised the value the SIEM provided to the business and developed a clearer vision of the system’s role in the face of expanding operations and industry threats.

By adopting a strategic approach and prioritising data ingest and flow, the client was able to reduce the amount of data ingested into the SIEM. This led to more meaningful notifications and a reduction in false positives and erroneous alerts. Consequently, valuable time was saved across the organisation, allowing employees to focus on critical tasks rather than dealing with unnecessary noise.

Overall, the SIEM became more useful, reliable, and valuable to the organisation, empowering them to proactively address security threats and stay ahead in an increasingly complex threat landscape.