A three-times faster response time to security events
Operating a complex infrastructure based on a legacy data center, Carrefour’s Security Operations Center (SOC) team previously spent significant amounts of time and effort managing systems — rather than focusing on protecting the business from malware. By centralizing security analysis and integrating multiple data sources, Splunk Cloud Platform has significantly improved the SOC team’s ability to respond to incidents in real time.
“Splunk Cloud Platform handles all of our logs, whether from our antivirus software or endpoint detection and response,” says Romaric Ducloux, SOC analyst at Carrefour. “Splunk raises the alert, opens a ticket and contacts the on-call SOC analyst. It’s the cornerstone of our security operations.”
Using the cloud model means Splunk manages security operations and infrastructure, so Carrefour’s SOC team has more time to focus on application management, threat analysis and security investigations. The team can now intervene during incidents before they cause damage to systems or affect customers. In the event of a breach, it gathers information about what went wrong so it can improve its systems in the future.
Now the team responds to incidents three times faster. “Splunk Cloud Platform allows us to refocus on our most important task: ensuring customers always have a safe shopping experience,” says Ducloux.