Splunk
  • Pricing
  • Training
  • Support
    • Support Portal
    • Support Programs
    • Contact Support
    • Splunk Answers
    • Documentation
    • Product Security Updates
    • Getting Started with Splunk Software
    • Community Support
    • Splunk Services
    • Deutsch
    • Español
    • Français
    • Italiano
    • 日本語
    • 한국어
    • Português
    • Pусский
    • 简体中文
    • 繁體中文
    • Login
    • Sign Up
Splunk
  • IT
  • SECURITY
  • IoT
  • BUSINESS ANALYTICS
  • WHY SPLUNK?
  • EXPLORE
    Products | Overview
    CORE
    • Splunk Cloud
    • Splunk Enterprise
    • Splunk Investigate
    • Splunk Data Fabric Search
    • Splunk Data Stream Processor
    IT OPERATIONS
    • Splunk IT Service Intelligence
    • SignalFx
    • VictorOps
    • Splunk Insights for AWS Cloud Monitoring
    • Splunk App for Infrastructure
    SECURITY
    • Splunk Enterprise Security
    • Splunk Phantom
    • Splunk User Behavior Analytics
    IoT
    • Splunk for Industrial IoT
    BUSINESS ANALYTICS
    • Splunk Business Flow
    Industries
    • Communications
    • Financial Services
    • Healthcare
    • Public Sector
    • All Industries
    Company
    • About Splunk
    • Customers
    • Partners
    • Trek-Segafredo Partnership
    • Pricing
    • Value Calculator
    • Blogs
    • Free Trials and Downloads
    • Resources
  • Free Splunk
Splunk Free Splunk
Login | Sign Up
IT
SECURITY
IoT
BUSINESS ANALYTICS
WHY SPLUNK?
Products
Overview
  • CORE
  • Splunk Cloud
  • Splunk Enterprise
  • Splunk Investigate
  • Splunk Data Fabric Search
  • Splunk Data Stream Processor
  • IT OPERATIONS
  • Splunk IT Service Intelligence
  • SignalFx
  • VictorOps
  • Splunk Insights for AWS Cloud Monitoring
  • Splunk App for Infrastructure
  • SECURITY
  • Splunk Enterprise Security
  • Splunk Phantom
  • Splunk User Behavior Analytics
  • IoT
  • Splunk for Industrial IoT
  • BUSINESS ANALYTICS
  • Splunk Business Flow
Industries
  • Communications
  • Financial Services
  • Healthcare
  • Public Sector
  • All Industries
Company
  • About Splunk
  • Customers
  • Partners
  • Trek-Segafredo Partnership
Pricing
Value Calculator
Blogs
Free Trials and Downloads
Resources
Pricing
Training
Support
  • Support Portal
  • Support Programs
  • Contact Support
  • Splunk Answers
  • Documentation
  • Product Security Updates
  • Getting Started with Splunk Software
  • Community Support
  • Splunk Services
Languages
  • Deutsch
  • Español
  • Français
  • Italiano
  • 日本語
  • 한국어
  • Português
  • Pусский
  • 简体中文
  • 繁體中文
Case Study

Local UK Councils Collaborate Over Security and IT Operations to Improve Operational Efficiencies

orbis logo
Industry
Public sector
resource-icon
Download PDF
Splunk at Orbis

Executive Summary

The Orbis partnership was created to streamline back office services across three local authorities in South East of England, comprising Brighton and Hove City, East Sussex and Surrey Councils. Spanning across 550 sites, Orbis delivers services such as finance, IT, procurement and HR to over 20,000 users. Combining such a vast infrastructure meant a standardized security information and event management (SIEM) solution was essential to improve efficiencies and security. Splunk has been a key part to Surrey County Council’s infrastructure upgrade and modernization, which kick-started the SIEM replacement process. Since deploying Splunk Enterprise and Splunk Enterprise Security (ES) as its SIEM, Orbis has seen multiple benefits including:

  • Unified security visibility across multiple locations
  • Improved information governance and compliance
  • Faster identification and resolution of faults and incidents
SPLUNK USE CASES
Compliance
IT operations
Security and SIEM
SPLUNK PRODUCTS
Splunk Enterprise
Splunk Enterprise Security
Challenges
    • Antiquated and disparate legacy systems including LogRhythm SIEM and Novell infrastructure monitoring tools
    • Needed to retain separate data ownership but present a comprehensive visibility across the partnership
    • Automation of varied compliance processes to streamline the audit process
Business Impact
    • Improved collaboration to create a single-pane-of-glass view across three councils
    • Secured information governance and compliance requirements critical to operating in the public sector
    • Improved customer service through faster response times to faults and incidents
Data Sources
    • Microsoft Active Directory
    • Proxy server logs
    • Firewall log data
    • DHCP log data
    • Windows Server logs
    • McAfee and Symantec
    • Nessus (vulnerability management data)
    • SupportWorks (CMDB integration)
    • Nedap (door access controls)
    • MobileIron (mobile device management)
    • Cisco (network devices)
    • Pule (VPN appliances)

Why Splunk

The three councils within the Orbis partnership deliver local government services to end users at various locations, ranging from corporate management offices and fire stations to youth centers. Shrinking budgets had caused the councils to look at blending back office systems as a way to improve efficiencies and reduce costs. However, diverged and disparate infrastructures made it hard for the security and networking teams to obtain an overarching view of compliance and IT operational needs.

Orbis member Surrey County Council had already chosen Splunk Enterprise as part of its own IT infrastructure modernization effort. Following a recommendation, the council chose Splunk ES as a natural fit to offer a standardized SIEM solution across all three councils, replacing existing products as they reached end of life or were deemed no longer fit for purpose.

Morgan Rees, technical delivery manager, Surrey County Council says, “Our desire within the partnership is to put everything on a converging basis but we must make sure that it’s fit for purpose for each individual council. East Sussex was using a version of LogRhythm which was coming up to end of life, so they looked at what was on the market, and what Surrey was doing and saw that Splunk was the best fit.”

“There is a cost avoidance benefit by identifying security issues and incidents early, and quickly, that meant things like when WannaCry was hitting the NHS we could quickly identify where there were issues and remove the offending device from the network to prevent it spreading further.”



Morgan Rees, Technical Delivery Manager
Surrey County Council

Comprehensive operational visibility

By replacing a raft of competing SIEM products and bringing that functionality under the umbrella of the Splunk platform, Orbis was able to achieve its desire of a single operational view while maintaining all-important information governance. “Splunk has allowed us to design and create three separate data stores for each organization and a common search head so that each council can maintain ownership or control over the data, and then using that common search head, data can be queried and searched to allow a centralized view and break down silos,” Rees says.

The Splunk platform also underpins Orbis’ adherence to various key compliance requirements by automating the collection, search, alerts and reporting of logs and machine data making it easier to build an audit trail. Of particular interest to Orbis was complying with Public Services Network (PSN) and National Health Service (NHS) regulations — crucial when handling vast quantities of the general public’s personal data or interacting with other government bodies.

“All compliance regimes require a good security practice, and that includes having a good SIEM tool that allows you to manage that risk with specific context to our organization. Splunk is a fundamental and underpinning part of those compliance regimes.”



Morgan Rees, Technical Delivery Manager
Surrey County Council

Improved fault resolution

Splunk Enterprise has been instrumental in speeding up fault diagnosis throughout IT services including social care, waste and road management. According to Rees, cost avoidance through tool consolidation has been an unforeseen but greatly valued additional benefit to the original SIEM replacement function. Using the indexed data gathered by Splunk, the network team has been able to reduce the time taken to identify and respond to incidents ensuring improved customer service. Regardless of whether it is a security alert or troubleshooting website issues, multiple teams can now identify and resolve faults, limiting downtime and disruption as there is no need to go through multiple departments for escalations and root cause.

“It has been a really straightforward product to implement. Getting data sources into it, indexing and searching on them has been a really straightforward task.”



Morgan Rees, Technical Delivery Manager
Surrey County Council

Ongoing plans for greater improvements

By using Splunk Enterprise and Splunk Enterprise Security, Orbis has gained greater efficiency of services at scale and improved operational visibility. With public sector finances coming under increasing pressure, the partnership will continue to look for ways to capitalize on collaboration and sharing of information and services, according to Rees

PRODUCTS
  • Splunk Cloud
  • Splunk Enterprise
  • Splunk Investigate
  • Splunk IT Service Intelligence
  • Splunk Insights for AWS Cloud Monitoring
  • Splunk App for Infrastructure
  • VictorOps
  • Splunk Enterprise Security
  • Splunk Phantom
  • Splunk User Behavior Analytics
  • Splunk for Industrial IoT
  • Splunk Business Flow
FREE TRIALS AND DOWNLOADS
PRICING
CALCULATORS
  • Splunk Value Calculator
  • Critical IT Incident Calculator
SOLUTIONS
  • IT
  • Security
  • IoT
  • Business Analytics
INDUSTRIES
  • Aerospace and Defense
  • Communications
  • Energy and Utilities
  • Financial Services
  • Healthcare
  • Higher Education
  • Manufacturing
  • Nonprofits
  • Online Services
  • Public Sector
  • Retail
CUSTOMERS
RESOURCES
  • E-books
  • Recorded Webinars
  • Videos
  • White Papers
  • More...
STRATEGY AND BUSINESS INSIGHTS
  • AI Ops
  • Machine Learning
  • Data Insider
  • Data-to-Everything
  • More...
PARTNERS
  • Become a Partner
  • Partner Login
  • More...
SUPPORT
  • Support Portal
  • Contact Support
  • Splunk Services
  • Support Programs
TRAINING
ABOUT SPLUNK
  • Careers
  • Events
  • Investor Relations
  • Leadership Team
  • Locations
  • Newsroom
  • Splunk for Good
  • Splunk Protects
  • Splunk Ventures
  • More...
CONNECT WITH SPLUNK
  • Support
  • Partners
  • Sales
SPLUNK SITES
  • Splunk Answers
  • Blogs
  • Community
  • .conf
  • Developers
  • Documentation
  • Splunkbase
  • SplunkLive!
  • T-shirt Store
  • User Groups
Splunk
Sitemap | Contact | Careers | Privacy | Terms of Use | Export Control | Modern Slavery Statement
© 2005-2019 Splunk Inc. All rights reserved.
Splunk, Splunk> and Turn Data Into Doing are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.