Case Study

Connecting the Dots for Security Analysts

Why EY Customers Chose Splunk SOAR

Ernst & Young LLP (EY) is a Big Four professional services firm that helps clients with some of their most difficult problems, including lack of resources, siloed workflows, lack of collaboration and manual processes. And with more than 200,000 clients in 150 countries — from startups to multinationals across all sectors — EY understands the need for cybersecurity.

Splunk® SOAR is not just a platform for one function of security, it's a platform that enables security as a foundational piece of the strategy going forward for any cyber organization.
Robb Mayeski, Senior Manager for Cybersecurity
We come in and we're not just in there to solve the automation problem — we look at things holistically across the entire cyber landscape. When we do that, we see a lot of siloed processes, siloed technologies and teams that aren't communicating or collaborating.
Robb Mayeski, Senior Manager for Cybersecurity

Meet Robb Mayeski, a senior manager for cybersecurity at EY (aka “security automation magician,”) who leads the firm’s security orchestration, automation and response (SOAR) practice for all of the Americas. We sat down with Robb to talk about the EY and Splunk Alliance, as well as how Splunk SOAR has made an impact. “We're a global firm that has 240,000-plus employees in pretty much every country in the world,” he says. “We looked at Splunk SOAR and said, ‘If we can use it ourselves and make it work, we can make it work for pretty much any of our clients in some of the most complex environments.’”

With Splunk SOAR, everything is in a single pane of glass so you can see who's doing what and when, while being able to track it and have accountability. For an organization as complex and as large as EY, this has been critical for our growth and success.
Robb Mayeski, Senior Manager for Cybersecurity

Why Splunk SOAR?

Clients struggling with siloed processes and technologies, or a team that isn’t communicating, can lack productivity. Robb says Splunk SOAR helps connect the dots between those silos. “We’re now able to see where the cyber defense team is able to talk with the threat intelligence team or the data protection team. And they're able to share useful metrics. These insights can then roll up to the C-suite, who are then able to make educated decisions based on the risk to the organization,” he says.

Splunk SOAR helps insurance provider stop ransomware

The resulting success was proven with an EY client, a large insurance provider that had just rolled out Splunk SOAR. Ransomware became one of the first use cases for Robb’s team following numerous high-profile attacks on large organizations. By implementing Splunk SOAR, the client was able to automate tasks and orchestrate workflows. Two days after the EY team enabled the automation process for ransomware mitigation, the insurance provider was subjected to a ransomware attack. Splunk SOAR responded automatically, which both stopped and contained the threat to a single system. This prevented the ransomware attack from spreading or causing any outages.

Client Challenges
  • Siloed processes and technologies
  • Lack of communication
  • Manual, repetitive work
Business Impact
  • Integrated security infrastructure
  • Increased team collaboration
  • Automatic detection and response to threats