TekStream Remediation Solution Increases Protection and Operational Efficiency

This global QSR brand used Splunk Enterprise Security (ES) as its enterprise SIEM solution for over seven years. However, a recent focus on cloud security and POS platforms took the attention off the Splunk environment, leaving it stale and ineffective. Alerts that were being surfaced were largely ignored. Risk scoring was inadequate. Error messages became more frequent and identities and assets weren’t defined appropriately.

The wide range of responsibilities tasked to the company’s small team of skilled security professionals left the Splunk versions unattended and, as a result, unable to deliver the protection the enterprise demanded. And without in-house Splunk expertise, the environment would continue to degrade, rendering the company’s significant investment in Splunk unusable.

Download the Case Study

Technologies Involved

Splunk

Splunk Enterprise Security
Splunk SOAR

Splunk

Pain Points

An outdated Splunk ES created vulnerabilities in an enterprise-wide security approach.

Skilled but small security team lacked Splunk expertise.

Key security-related data sources weren’t integrated into Splunk ES.

TekStream provided security and technical expertise guided by an Enterprise Security remediation methodology to efficiently evaluate and revamp the usage of the Splunk security platform.

  • Focused on improving visibility, fidelity and automation (VFA)
  • Implemented drill-down searches to provide additional source context for incidents
  • Instituted regular risk reviews
  • Performed in-depth use case analysis, codifying risk-based vs. Notable use cases for phased
    implementation
  • Helped to develop standardized interaction between SIEM and SOAR
  • Collaborated on SOAR playbook process modifications
  • Expanded search coverage across key domains, including AWS, Okta and Point of Sale

“We were able to get our Splunk instance back on track by augmenting our security team with TekStream. Their knowledge of the platform helped us extract maximum value from our Splunk investment.”

– Leading QSR brand

Key Successes

  • Completed initial triage in just two weeks and delivered upgraded enterprise SIEM/SOAR solution.
  • Implemented 46 correlation searches and developed proactive use cases to address immediate threats or day-one triage.
  • Created direct linkage between threat alerting and automated incident response to ensure only meaningful threats surface for human intervention.
  • Effective enterprise SIEM/SOAR solution that the company can easily use and maintain directly.

About the Company

Customer: Leading Quick-Service Restaurant

HQ: Atlanta, GA

Revenue: $6.4 billion (2022)

Number of Locations: 2,800+

This global QSR brand is universally loved for their delicious sandwiches and amazing sides. The lemonade can’t be missed.