Increased insights and visibility into security and infrastructure￼
With tens of thousands of users and devices, and hundreds of applications, a major South Australian government department needed a method of increasing visibility across the network. In partnership with leading data and security vendor Splunk, Chamonix was engaged to help develop a platform which would bring together security operations and monitoring of applications to reduce risk and decrease time to resolution of priority incidents.
Data plays a pivotal role in an organisation’s ability to manage, maintain and secure applications and data. The existing infrastructure is managed by multiple external contractors which has led to multiple systems being used for management and monitoring, with limited visibility over traffic that passes between systems in order to provide a single pane of glass for security events.
The solution was to increase size, scale, and coverage of their Splunk deployment. This included migrating data and services from on-premises to Splunk Cloud and developing new data sources and services that would cater for the increased priority of security and infrastructure monitoring. Data ingestion has risen from 300GB/day on-premises to 3TB/day in Splunk Cloud, significantly increasing the scope of data sources to include active directory authentication, Microsoft Azure service logs and metrics, to application and service logs.
In order to increase security monitoring and alerting, the project team implemented Splunk Enterprise Security (Splunk’s Security Information and Event Management platform), closely aligning security content to the ES Content Updates use cases and Mitre Attack Framework to develop a solid platform to increase our customer’s security posture. The implementation of this security content has allowed the customer to begin the establishment of a Security Operations Centre to combat security events in real-time.
The second pillar of Chamonix’s involvement in the Splunk deployment has seen us assist with data collection and service mapping to provide insight into critical application performance within the environment. With the implementation of Splunk IT Service Intelligence and utilising perfmon metrics in conjunction with application and service logs, visibility is being dramatically increased into root cause incident analysis which will drastically reduce time to resolution in the future.
We subsequently facilitated our customer’s transition to new ways of working with integration, including training and up-skilling of their tech teams across relevant design patterns, incorporating DevOps concepts and cloud foundations in line with their wider cloud strategy and technology landscape.