McGraw Hill Amplifies Security Efficiency With Splunk SOAR

mcgraw hill

Without integrated security tools, McGraw Hill was manually responding to thousands of malicious emails every day, which slowed MTTR and increased the possibility of a successful attack or infiltration.

By increasing automation with Splunk SOAR McGraw Hill has achieved faster response times, centralized investigations and event management, increased ROI and accelerated productivity.

Small teams need the right tools to work efficiently.

As a learning sciences company, McGraw Hill provides customized educational content, software and services for pre-school through postgraduate education. The organization also has a large digital products group that develops learning sciences platforms. McGraw Hill currently operates in 28 countries, has more than 5,000 employees globally, and offers products and services to over 135 countries in 60+ languages. 

Because they provide an essential product globally, it is critical that the McGraw Hill team do so securely — and they learned how through experience. 

“We had an incident when copies of our internal user addresses were released, and we received tons of phish to exploit the situation,” says Jason Mihalow, senior cloud cyber security architect. “When something like this hits, the clock starts.” These incidents were monitored through a simple email inbox, and with few people to monitor this inbox, it was impossible to clear them all. “It's a completely manual process,” says Mihalow. “When you’re targeted by a few of these waves, you come to realize there's no number of people who can solve the problem. Automation is the only solution.”

Data-Driven Outcomes
months worth of manual security tasks automated within the first 6 months of 2020
full-time employee workload equivalent completed by small team within the first 6 months of 2020
security events resolved via automated response within the first 6 months of 2020

The Right Tool for the Job

With Splunk SOAR, McGraw Hill is able to automate its response to these threats. Now, the McGraw Hill team automatically puts all of these reports into Splunk SOAR and pulls them into a container. “A container case management–based system prevents us from having to chase down emails in an inbox,” says Mihalow. “We have everything in a single system, and we know everything's been addressed. We have a record of what happened and what the analyst has done, which has been a generational leap for us.”

Before Splunk SOAR, Mihalow says all of this information lived in 10 different tools and completely disparate logs. Consolidating this all into Splunk SOAR has been a huge help to the team. “Instead of having to go into other tools and do that blocking there, I've created playbooks that can automatically do that stuff,” says Mihalow. “Analysts now don't have to leave Splunk SOAR to respond to the malicious emails.”

Our gears have shifted since Splunk SOAR has been implemented. Any new process is always first viewed through the scope of ‘how will we do this with Splunk SOAR?’
Jason Mihalow
Senior Cloud Cyber Security Architect, McGraw Hill

This shift has saved McGraw Hill time on training new analysts who join the team. “Splunk SOAR has enabled us to consolidate our SOC. Previously, when we hired someone, we had to say, ‘here are your 10 tools and how to use them,’” says Mihalow. “Now, I can abstract all of that and just introduce Splunk SOAR. It brought all of our operations into a single place that we can maintain.”

Splunk SOAR Security Orchestration & Automation
Harness the full power of your existing security investments with security orchestration, automation and response. With Splunk SOAR, execute actions in seconds not hours.

The Splunk SOAR Advantage

Since McGraw Hill implemented Splunk SOAR, team members have seen a variety of changes in how they handle security. “We have found many use cases for Splunk SOAR,” says Mihalow. “In total, we have 40 something playbooks that I've created. We use it for everything.”

There's going to be a point when you’ll be overwhelmed with the amount of work that exists and won’t be able to hire more people. It’s humanly impossible to process the amount of data that needs to be processed, and the only path forward is automation."
— Jason Mihalow, Senior Cloud Cyber Security Architect
Industry: Education
Do More With Splunk