Denmark’s Largest Utility Company Accelerates Incident Response

As Denmark’s largest power, utility and telecommunications company servicing 1.5 million customers, Norlys understands the need for fast response to security alerts. When the company first started, the Norlys security team built their own log analytics and incident response capabilities from the ground up. This homegrown approach presented challenges, including manual workflows, too many repetitive tasks and difficult-to-maintain processes. 

Automate with Security Orchestration, Automation and Response

We spoke with Tibor Földesi, security automation analyst at Norlys, to hear why Norlys chose Splunk Enterprise Security (ES) as its SIEM tool, and Phantom as its security orchestration, automation and response (SOAR) platform. 

Földesi told us that Splunk Enterprise Security has helped Norlys to combat threats with actionable intelligence.

“If we have suspicious activity on an endpoint, we go to that specific dashboard in ES and can see all of the movements,” says Földesi. “ES lets you see everything going on in your environment to find the bad guys.” 

After seeing the benefit of ES — and receiving support from the experts at Splunk Professional Services — Norlys learned they could get even more immediate value out of ES by automating opening tickets between systems with Splunk Phantom. With Phantom, Földesi first created a specific playbook for responding to an antivirus alert. Upon receipt of the alert, the Phantom playbook automatically triggers an endpoint detection and response (EDR) tool to analyze the endpoint for suspicious activity, retrieve the quarantined file, submit it to a malware sandbox for detonation and analysis and then generate a report for the security analyst.

“This capability in Phantom saves us 35 hours per week — about five hours per day,” says Földesi. “In Denmark, that’s almost one full-time employee.”

With Splunk implemented in day-to-day workflows, Norlys security analysts have been able to save time and money, and better protect their organization.

“Automation is changing how teams traditionally use a SIEM,” says Földesi. “We heavily rely on Phantom and Enterprise Security. They complement each other in a very good way and allow us to improve security capabilities for the entire company.”

See the full story on how Norlys accelerated incident response to save 35 hours every week with Splunk Phantom here. If you’re eager to try Phantom, download the free community edition.

Olivia Courtney
Posted by

Olivia Courtney

As a proud member of the Gator Nation (Go Gators), Olivia graduated from the University of Florida with a degree in Telecommunication News and Broadcasting. From there, she moved to the Big Apple with a TV production job at The Today Show! Three years later, she thought "why not?" move to California, and discovered Splunk. Olivia started on the Global Event Marketing team learning the ins & outs of the tech world, where she fell in love with Security. Now, she's using her creative production skills to help her awesome team get Splunk's Security Product messaging out to the world.


Denmark’s Largest Utility Company Accelerates Incident Response

Show All Tags
Show Less Tags

Join the Discussion