Clorox leverages Cloud SIEM across security operations, threat hunting, IT Ops
Clorox is a $6 billion global consumer packaged goods (CPG) company that has operations in 25+ countries, approximately 8,800 employees across 83+ sites, with 33 manufacturing plants globally.
Their computing environment is composed of approximately 1400 to 1500 Windows servers, ranging everywhere from 2003 all the way up to 2019. They run about 300 Linux servers in the environment with direct internet access at each of their locations, with a firewall at each of those sites. They have about 7,500 PCs, mostly laptops—predominantly Windows—with about 200 Macs in the environment.
Coming from a managed security service provider (MSSP) with SIEM as part of their service, Clorox wanted to look for a modern SIEM that could more flexibly meet their needs and requirements. They evaluated leading providers in the cloud SIEM space and undertook a 30+ day proof of concept with those vendors using live production data.
Moving away from their MSSP, they learned a lot of lessons about what they didn’t want in a SIEM and what they were really looking for. After putting the same exact data into different platforms for a true head-to-head comparison, they selected Sumo Logic’s Cloud SIEM solution, ingesting approximately 250 gigabytes per day. It’s geared for 12 months of data storage, and they also subscribed to Sumo Logic’s Special Operations service.
Getting their data into a platform—whether it was next-gen antivirus, their EDR solution, single sign on, firewall logs, server logs, cloud services logs, web proxy logs—wasn’t the difficult part. Gary Conner said what’s important to them was what they could do with that data. “Just because you have the data doesn’t mean you understand the data,” Conner shared.
As the senior threat protection lead at Clorox, Conner shared six areas where Sumo Logic delivered value for their organization.