Security at scale
Gathering continuous streams of data from infrastructure logs, security software logs and application logs, Lenovo China generates two terabytes of data every day. With this ever-growing amount of distributed data, Lenovo needed a reliable solution for proactive monitoring and intelligent analytics that would allow the team to quickly identify and respond to security incidents.
Before Splunk, Lenovo’s security engineers had to retrieve and correlate information from various system logs, then integrate and present the results in a visual format. Demanding hours of the engineers’ time, this labor-intensive process made troubleshooting slow and complicated. If there was a virus infection, for example, engineers were forced to sift through numerous disparate terminal security platforms for relevant details before having to manually correlate all the data.
In search of a scalable platform for log management and security analytics, Lenovo evaluated the efficiency and cost-effectiveness of Splunk, ultimately choosing Splunk Enterprise for its stability, performance and ability to simplify system development.