Problem

The company invested on tools such as Antivirus, Firewall, and network monitoring to solve security problems, and observed that these tools are only capable of solving specific problems. To access company systems, attackers use the gaps between these tools, which need to be filled to ensure general security. In this regard, a decision was made to receive service from SOC with the purpose of SIEM positioning and solving the incidents in a short time.

With hundreds of service points and approximately 10 branches managing the payment processes of customers and conducting their invoicing processes, the company places importance on business continuity. A need to manage MDM- EDR-EPP applications, as well as incident management and response processes occurred. A monitoring and instant response system against potential cyber threats on the communication infrastructure should be installed.

Relevant IT infrastructure compliance requirements defined by the Energy Market Regulatory Authority (EPDK) should be met. IT team is responsible for the real-time analysis of Internet access logs, VPN access analysis, and centrally monitoring the problems on the threat identification systems.

Solution

As a result of the needs analysis conducted during the POC, Logsign SIEM platform was designed with its working structure comprised of 10.000+ EPS and 5 clusters. The system was activated following the completion of installation and training processes by the company. Moreover, a cSOC was decided to be established against possible cyber threats. With an internal cSOC model, job descriptions and a work strategy were formed among departments. The cSOC incident management and response plans were created on Logsign SIEM. Assets on the Network and System infrastructure were added on Logsign SIEM. Log files received from applications such as WAF, EDR, EPP, MDM, Firewall, Switch, Server, SAP, etc., as well as alerts and reports demanded by the company were created. Logsign SIEM enabled the cSOC operation and the working of departments with the delegation model. The project was completed after ensuring a 24/7 monitoring by cSOC, and after the relevant teams created dashboards and alert mechanisms on Logsign SIEM against possible fraud and cyber-attacks.

Result

First of all, the risks detected regarding informational assets were reduced by 90%. For the application infrastructure to operate uninterruptedly, and as a result of the monitoring of online systems and alerts created for them, an instant response process followed by incident monitoring was started. A central control system against cyber threats was activated. This system ensured the detection and automatic prevention of these threats. Furthermore, terabytes of data were processed daily, and inquiries were conducted within these data. The compliance requirements defined by EPDK, as well as the requirements of PCI, DSS, ISO 27001, and GDPR were met. An alert created to detect access without VPN authorization, and an SMS notification was enabled accordingly. Finally, dashboards were created to facilitate monitoring for cSOC.