ASICS has taken proactive steps to safeguard its business over the years. These include setting up the information security committee and information security office, as well as the computer security incident response team (CSIRT) and security operations center (SOC). After putting the resources in place, however, the company was still unable to centrally manage and analyze the logs generated from internal systems scattered across different locations including firewalls, proxy servers and endpoint detection and response systems, while preserving the trails of evidence for the purpose of social accountability. All of these tasks have been time-consuming, requiring a lot of manual procedures.
Another priority is to accurately detect and provide timely response to every endpoint threat, whether it is an email fraud, a cyberattack or any other issue, through 24/7 monitoring. For crisis prevention, ASICS also needs a reliable mechanism for extracting anomalous patterns and identifying suspicious devices through correlation and historical analysis of log data. Splunk Enterprise not only meets all these requirements but also impresses ASICS with its flexibility to work seamlessly in a small-scale commercial SOC environment and the capability to go live within a short timeframe with a small investment.