As a state financial institution playing a crucial role in providing financial services to people nationwide, the bank recognized the importance of cybersecurity and protecting customer data. Previously, the bank had a log storage system as required by the Computer Crime Act, but this system was fragmented across various departments, primarily focusing on storing records to comply with legal requirements. There was no analysis or utilization of this data to detect threats or security incidents that might occur within the system, creating a gap in visibility and response to cyber threats that could impact business operations and customer confidence.

Given these challenges, the bank became interested in developing a more modern and efficient security system by implementing Security Information and Event Management (SIEM) technology. Advanced Information Technology Public Company Limited (AIT) played a significant role in consulting and proposing the Splunk Enterprise Security, a world-leading SIEM platform widely recognized, especially in the finance and banking sector. The team was not just a solution vendor but also acted as a consultant deeply understanding the bank’s needs and limitations.

The project began with a detailed analysis of the bank’s IT infrastructure and security requirements. Advanced Information Technology provided comprehensive consultation, ranging from designing an appropriate system architecture for the size and complexity of the IT structure, selecting high-performance hardware that supports future growth, to designing a flexible and scalable system architecture. With their experience and expertise, the team recommended that the bank start using Splunk Enterprise Security with critical systems as the first line of defense, including Network and Security Systems, along with Authentication Systems, to build a solid foundation and achieve clear results from the outset.

Starting with these systems was a logical strategy, as they are the front line in defending against external threats and controlling access to critical organizational resources. The team meticulously planned the integration of various systems with Splunk Enterprise Security, including firewalls, intrusion prevention and detection systems, switches and routers, antivirus and anti-malware systems, data loss prevention systems, and various authentication systems such as Active Directory, LDAP, Single Sign-On, and Multi-Factor Authentication. Collecting logs from these systems provided the bank with a comprehensive overview of the security status both externally and internally, as well as complete visibility into user access and usage.

A key strength of Splunk Enterprise Security is its ability to be a true centralized system. Instead of monitoring logs from multiple fragmented systems, Splunk Enterprise Security serves as a Single Pane of Glass that consolidates data from all sources into one place. The team developed specific Use Cases and Correlation Rules, such as detecting Brute Force attacks, Command and Control Communication, DDoS, Data Exfiltration, multiple failed login attempts, Impossible Travel, out-of-hours access, use of suspended accounts, Privilege Escalation, and unauthorized configuration changes.

Most importantly, the team conducted detailed and systematic data analysis. They didn’t just install the system and hand it over; they analyzed the data to provide the bank with a true picture of its security status. The analysis covered monitoring external attack attempts, identifying attack patterns and threat sources, evaluating the effectiveness of existing defense systems, discovering suspicious usage behaviors such as logins at unusual times or locations, privileged account usage inconsistent with duties, access to irrelevant data, and the use of dormant accounts that might have been compromised. The analysis also identified protection gaps, outdated rules, and correlations between events to detect Advanced Persistent Threats.

The analysis results were presented in comprehensive and easy-to-understand reports, showing an overview of the current security status, strengths and weaknesses, identified threats, and recommendations for improvement. These reports served as crucial information for both the IT team and senior management for strategic decision-making. Additionally, real-time dashboards displayed attack statistics, threat sources, the number of failed logins, and unusual access, allowing the bank to monitor the situation continuously and respond quickly.

Advanced Information Technology also emphasized knowledge and skill transfer to the bank’s team by organizing practical training on Splunk usage, writing Search Queries, creating Dashboards, developing Use Cases, and responding to security incidents. This enabled the team to operate independently and further develop in the future.

The results exceeded expectations. The bank gained a system that detects and alerts to both external and internal threats in real-time, reducing incident response time from hours to minutes. The security team could identify and investigate incidents more quickly and accurately, thoroughly monitor individual user access and usage, fully comply with regulatory requirements, and, most importantly, gain a deep understanding of the true security status. It’s not just about having a system, but having a system that works effectively and provides value in protecting the organization. This success built confidence for future expansion of Splunk Enterprise Security to other systems, such as servers, applications, and databases.

Currently, the bank uses Splunk Enterprise Security as its primary cybersecurity management system and continuously develops and refines Use Cases to align with evolving threats. This success stems from a deep understanding of the business, the team’s expertise in the financial industry, the selection of Splunk Enterprise Security with its comprehensive capabilities, the emphasis on data analysis to generate true insights, and continuous knowledge transfer support. This project demonstrates AIT’s capability to be a trusted partner and deliver solutions with valuable analysis and recommendations that effectively address the complex needs of the financial sector.