About

The end customer is the government of one of the US states that comprises 70+ state agencies.

Challenge

The end customer was looking to create a centralized SIEM solution that would replace scattered security systems operating at the state agencies and connect them to the unified security operation center (SOC) in order to provide all the agencies with the needed level of security monitoring stipulated by the state administration. Since 5 agencies had already been using IBM Security QRadar SIEM, the Customer decided to develop the future solution using the same platform. Taking into consideration the scope of the project, the Customer was looking for a highly professional SIEM team that could implement the system according to the provided requirements.

Solution

VolgoTechnologies was selected to participate in the project as one of IBM Advanced Partners with more than 13 years of expertise in SIEM solutions development and customization for companies in Banking and Finance, Telecommunication, Healthcare and Public Sector.

The 6-month project was completed fully on the Customer s site. The project started with the deployment of IBM QRadar SIEM according to the architecture provided by the Customer. The deployment included configuration of the existing and newly acquired appliances, software upgrading and patching in order to ensure the stable functioning of the platform.

Once the platform was deployed, VolgoTechnologies experts passed to the analysis, configuration and connection of log sources to IBM QRadar SIEM. This stage was the most complicated since it was required to install and configure event and flow collectors at more than 70 independent agencies and then to ensure the transmission of all events to the event processors clusters in the SOC.

Staging

Data Ware House

Data Ware House

Desktop Application

Results

VolgoTechnologies SIEM team successfully completed IBM Security QRadar SIEM deployment and configuration in accordance with the Customer s architecture. More than 70 state agencies were connected to the unified security operation center that gathers and analyzes events from thousands of supported log sources and tens of unsupported ones due to log extensions. The provided solution now allows the Customer to process about 10,000 events per second and more than 300,000 flows per minute.

Technologies and Tools

IBM Security QRadar SIEM, QRadar API/AQL, Python, SQL, Regex, Shell, Batch, Linux network tools.