Faster, smarter investigations and effective threat prevention
When Check Point set up a security operations center to improve accountability for protecting the organization, it chose Splunk Enterprise Security. Splunk can ingest all of the many data formats Check Point uses and works with all of the technologies it relies on.
“We’re a data-driven company,” says Jony Fischbein, global chief information security officer at Check Point. “The main challenge was aggregating the huge amounts of data we collected and converting it into useful information.”
Only 17 days after migrating to Splunk, Check Point began to see benefits like increased threat awareness and faster security investigations, compared to its previous security information and events management tool.
Splunk’s dashboards help Check Point visualize the current state of its systems, and automated alerts notify them of any malicious activity or network vulnerabilities. Fischbein says Splunk also allows his team to quickly and effectively investigate potential harmful issues — such as developers taking source code out of the office, or a new vulnerability appearing in a product they use — before they can cause any damage.
“We now know what to investigate and whether we’ve solved the problem. And not just because someone has a gut feeling about it. The data shows us for certain,” says Fischbein.