About

The Customer is an American bank with more than 100 Dollor bn in total assets. The Customer provides banking, insurance, investments, mortgage and commercial financial services to more than 3 million consumer, business and government clients. The bank runs over 500 branches and 1500+ ATMs throughout the United States.

Challenge

The Customer was using an out-of-the-box version of IBM Security QRadar SIEM (QRadar). The out-of-the-box correlation rules and building blocks, as well as the default QRadar configuration settings had to be adapted to the Customer network infrastructure and security monitoring requirements. VolgoTechnologies was requested to perform QRadar fine-tuning according to the Customer network topology, data communication flows and regulatory compliance.

Solution

VolgoTechnologies experts carried out QRadar fine-tuning in the following stages:

During this stage, our SIEM team verified if QRadar initial deployment had been carried out correctly, checked schedules of the system backups, reviewed and corrected Network Hierarchy definitions, and helped the Customer to create user roles (Security Administrator, Security Analyst, etc.).

Staging

Datawarehouse

Dataware House

Desktop Application

Results

VolgoTechnologies successfully accomplished the task by fine-tuning IBM Security QRadar SIEM according to the Customer requirements. After fine-tuning, the system is now fully adapted to the Customer network and is able to detect offences that previously were overlooked or identified as false-positives in the absence of appropriate custom settings.

Technologies and Tools

IBM Security QRadar SIEM, Python, Regex, Linux Shell.