State of Georgia Combines Security for On-Prem and Multi-Cloud Data in Splunk SIEM
Georgia Technology Authority (GTA) is the technology management arm of the State of Georgia. It is entrusted with the sound IT management and platform performance services for every agency providing services to the state populace. Direct vendor services, public records and human service agencies in Georgia rely on GTA to keep them running efficiently and securely while managing the daily needs of citizens, law enforcement, child services and more. Ransomware and outside threats to the environment are of grave concern. GTA needed to make a change to its security protocols.
GTA’s challenge centered around the governor’s directive to move to the cloud and pull data across the entire infrastructure. This included pulling data from the cloud, data center information, on-prem, Azure and AWS cloud locations. With the foresight to choose a modern comprehensive Splunk SIEM built on Enterprise Security, a full integration of their assets would replace an aging ATOS setup. At the start of this project, threat intel feeds indicated heavy activity at federal, state and non-profit agencies. Some of the threats were headline makers and a stronger defensive posture was warranted.
Technologies Involved
AWS Cloud
Enterprise Security
Key Pain Points
Existing system vulnerabilities prompted a switch to Splunk for enhanced security.
A mix of on-premises and cloud data increased complexity due to critical services/projects.
Lack of data ownership caused conflict with client oversight and strategy needs.
Solution Provided
TekStream transitioned GTA from its prior MDR provider to Splunk SIEM for a more comprehensive security program. During GTA’s cloud migration campaign, TekStream executed a security proof of concept focusing on cloud security. This approach prioritized use cases, mapping the old environment to the new one to ensure that GTA was covered from a security perspective.
As the next step in the SIEM project, TekStream looked for analogous searches/rules to replace the current setup. GTA added a significant number of use cases, including 1,500 security essentials and another 600 from TekStream, resulting in the prioritization of 2,100 use cases. These were specifically focused on GTA’s key cloud-focused security sources.
Using Splunk Enterprise Security, TekStream implemented a Syslog server farm as an out-of-the-box and custom data ingestion mechanism. This enables GTA to collect and alert on issues related to all its network devices. TekStream also implemented risk-based alerting and custom detections for specific advanced threats that GTA wanted to address. Additionally, a monitoring dashboard was provided to GTA to enable the organization to track the effectiveness of the team providing incident response coverage.
“TekStream’s expert application of Splunk on AWS enabled us to enhance our security capabilities for on-prem and cloud data. Our partnership has been essential in carrying out our mission and vision for the state of Georgia.”
– Georgia Technology Authority
Key Successes
- Established a cloud-centric security program, including alert and incident response mechanisms.
- Achieved custom integration with key applications during the transition to the new SIEM solution.
- Conducted an aggressive proof of concept to validate the security capabilities.
- Enhanced visibility and accuracy in alerts, which lead to actionable threat assessments.
- Introduced an operational metrics dashboard to monitor MDR effectiveness, track resolution time and prioritize by shift.
- Implemented an auditing dashboard to monitor user login times regardless of IP address or location.
Customer: Georgia Technology Authority
Industry: State Government Agency
Headquarters: Atlanta, GA
Annual Budget: $51,230,000
Georgia Technology Authority (GTA) provides technology leadership to the State of Georgia for sound IT enterprise management, ensuring state agencies and entities are tech-enabled.