Case Study: Transforming SIEM Effectiveness for a Growing Financial Business

Customer Background

Our client, a mid-market financial business based in the UK, was experiencing growth across a global customer base.

Due to this, the client faced significant challenges with maturing their Security Information and Event Management (SIEM) system to keep up with the business. Their small, dedicated security team managed the SIEM while relying on an outsourced 24/7 Security Operations Centre (SOC) services. A key individual was responsible for overseeing the SIEM and possessed substantial knowledge of its functions, presenting a single point of failure risk to the business. However, the workload becoming was too vast for a single person to manage effectively on a day-to-day basis. 

As the organisation expanded, competing priorities led to the SIEM system becoming neglected. This impact became excessive numbers of alerts and delays in responding to critical notifications. Quickly, the performance of the SIEM deteriorated, putting the organisation’s security posture at significant risk.

The Need for an Independent Expert and Framework Alignment

The client recognised the need to remediate their SIEM platform but also align it to a more robust security posture. However, they were uncertain about how to achieve this and sought independent expert guidance on SIEM design. The goal was to develop a robust, well managed SIEM which aligned to the business risk and compliance requirements.

Apto’s Tailored Solution

After consulting with the client to understand their particular circumstances, growth plans and security requirements we proposed a solution that included consultancy services, engineering work and long-term support all tailored to their needs.

Guided by the priorities of the customer we began by remediating the core platform to ensure that the customer could evidence specific compliance requirements quickly. With the platform stabilised we then carried out a gap analysis to illustrate the the customer how their use cases, data sources, threat model and risk register linked together, highlighting any gaps in the chain. This analysis resulted in a clear roadmap of what needed to be implemented in the SIEM to meet the customer’s security requirements. We then assisted the customer with the relevant engineering to implement the detective use cases to achieve this security posture.

Finally, it became clear that without the bandwidth to support the SIEM solution, the customer risked rapidly falling back into the same situation with insufficient engineering capacity in the team to effectively manage the SIEM solution. We therefore introduced our operate service, a managed SIEM service to give the customer the assurance that the SIEM is operating as it should and providing the right information at the right time to the SOC team.

Positive Outcomes and Improved Confidence

Our collaboration with the client led to significant improvements. The security team gained confidence in the SIEM’s capabilities with a clearer vision of its role in the business. By adopting a strategic approach the customer was able to clearly track the data and use cases in the platform to their business risk and compliance requirements. This gave the benefit of easily evidencing the overall system cost against the value it delivered, as well as identifying potential gaps in the security posture that could be addressed. By implementing a robust operating model the customer was assured that their SIEM was being proactively managed, giving confidence to the SOC.

The SIEM became a more reliable and valuable tool, empowering the organisation to proactively manage security threats and adapt to the evolving threat landscape.