Get the reportMore
From legacy on-prem to a modern cloud SIEM
Running an inefficient SIEM solution left Knauf’s SOC team unable to scale at the same pace of company growth.
As a business in operation since 1932, Knauf’s IT infrastructure had expanded through the years, becoming a large, legacy on-premises environment with decentralized SCADA systems, production tools, and many regional locations. Knauf was running McAfee Enterprise Security Manager (ESM) on-premises for their SIEM solution to gain real-time security monitoring of the extended environment. But the McAfee solution was unreliable.
Dawid Krochmal, SOC Manager at Knauf, explained that “McAfee ESM was highly inefficient. An analyst wouldn’t just go for a coffee; he could go to lunch during the time it took for a query to run. Just to learn that after an hour, the query had an error, and he had to start again and wait another hour.”
McAfee ESM wasn’t serving the company’s needs, and in parallel, Knauf was growing rapidly and wanted to pursue a significant transformation of its IT environment. The goal was to move away from legacy, on-premises systems to a cloud-native architecture that enabled Knauf’s IT security and operations to run more efficiently, effectively and smoothly.
Pursuing a cloud-native strategy for the company’s new SIEM solution, Knauf conducted an in-depth evaluation of ten vendor solutions and selected Sumo Logic Cloud SIEM as its winning security platform.
A modern cloud SIEM that’s easy to deploy and use
The SOC team’s first big win with Cloud SIEM was the ability to centrally see everything across the organization’s environment and user-friendly features, including more than 600 out-of-the-box rules. That made it easy for the security team to ramp up and get started within two hours.
“Sumo Logic is very user-friendly. The helpful support team, out-of-the-box rules, and ‘click and go’ integrations helped us avoid any heavy lifting. We had the rules in use within a couple of hours and tuned them over the next two to three days. Then, we were good to go,” said Krochmal.
Invaluable insights to manage threat investigations
Cloud SIEM delivers significant improvement for the SOC team in handling threat investigations. With the solution’s cloud-native architecture, the team no longer has to worry about disc space for log ingestion or latency in obtaining search results. With Cloud SIEM’s advanced analytics, Knauf gets millions of threat signals distilled down to insights for the SOC team to focus on.
Cyberattacks immediately tested Cloud SIEM's ability to deliver meaningful insights. “The company encountered a severe cyberattack, and Sumo Logic’s dashboards helped us focus on what's been infected and the appropriate response actions,” said Krochmal adding, “What I really like the most with Cloud SIEM is what we see on the screen; the fancy radar and red spots that help direct our investigation efforts.”
Flexibility to support new use cases
Now that Knauf has a strong SIEM foundation, the SOC is ready to pursue new use cases with the Sumo Logic platform. Next, the team plans to automate incident response actions for the more common and easy response workflows, expediting the team’s remediation efforts and advancing the company’s security posture.
In addition, the team will leverage Cloud SIEM to adopt proactive threat hunting and threat intelligence to introduce cyber fusion by converging all security practices. Adding cyber fusion functions, including fraud detection and vulnerability management, will empower Knauf with a unified approach to dealing with potential threats by bridging team functions and fostering inter-team collaboration.