Customer Case Studies
Case Studies
E-Commerce Retailer - Security
One of Keos’ first customers was a large brand name on-line retailer.
The company had recently been breached by a disgruntled former employee and internal security detections were needed.
Keos resources were hired to look at existing log sources, install Splunk ES, configure Splunk and write Splunk ES security detection.
The detections were focused on internal threat activity.
Log data was plentiful, including badge access logs and authentication logs.
At this time, Splunk ES was a relatively new product so there was a challenge getting Splunk ES datamodels to populate and dashboards constructed.
The Splunk ES identity look up tables was created from HR data showing all current and former employees.
The project was completed on time and on budget.
The customer was now getting alerts that a former employee had exfiltrated data.
Conforting to know that any future attempts would be immediately detected and blocked.
Email Provider - Security
One of the largest email providers in the world licensed Splunk ES and asked Keos to both install and configure the SIEM.
Unbeknownst to the customer, they had already been breached and had lost of customer data related to their email accounts.
The hackers tried covering their tracks by deleting audit trails.
Before Keos could finish their initially assigned tasks, Keos was uncovering information that hackers left behind.
The customer was immediately using the SIEM and discovered the magnitude of the problem.
Keos went on to complete the install ES install and erect detections that will prevent repeat attempts.
Electronics Retailer - IT Operations
Keos was engaged with a large public company operating in California that successfully sells consumer electronic devices.
Due to the customer’s large (multi-petabyte) internal operations, the customer chose Splunk software and Keos services.
The customer’s business is so large that at any time if one of their online services is interrupted, the customer loses millions of dollars in revenue.
Sever up time is critical.
Keos worked with customer employees to predict service failures before they could effect business operations.
This was the largest successful deployment of Splunk IT Operational modeling on record.
Social Media - Splunk Cloud Migration
One of the largest and most successful social media companies decided to move their operations from on-premise to Splunk Cloud.
Keos was called in to migrate petabytes (!!) of historical on-prem buckets to Splunk Cloud.
But before, Keos could get started, there had to be a clear plan with all involved parties (e.g. security, netops, itops)
Keos wrote the operational plan, wrote the scripts to automate bucket movement, and reconfigure all the existing sources to send data to Splunk Cloud.
The entire team had one chance to “stick it”.
Keos was successful in one attempt.
In large part due to the amount of upfront planning and coordination with all parties involved.
Credit Card - Regulatory Comapliance
A large credit card company called in Keos to help satisfy government auditing requirements.
Financial companies often need to provide evidence that they comply to various government standards.
This customer was no exception.
The problem is that the log data that needed to go into Splunk was on main frames.
Keos worked with the customer to get the data into Splunk and Keos wrote the searches that proved compliance.
Interestingly, the customer also realized that the data in Splunk could also detect fraud and money laundering.
Though not in the initial project scope, Keos follow on to participate in the money laundering detection effort.
Bank - Staff Augmenation - IT Operations
The largest bank in the United States retained Keos resources manage their numerous ultra-large Splunk stacks.
This customer had fired as many contractors as they had hired over the years prior to engaging with Keos.
The reason for the high turnover is due to the project size, girth, and the bank’s use of internal proprietary tools needed to automate their Splunk deployments.
These internal tools are not publicly available and there are not classes or training for consultants to learn.
The only survivors who could provide the resources needed by this demanding customer were Keos employees.
The most valuable consulting resources are the smartest people who can learn quickly and adapt to the customers environment.
Grocery Store - AI/MLTK - Security Operations
Keos was retained by the nations largest grocery wholesaler to write Splunk security detections.
Keos has an earned reputation for advising customers and writing risk-based Splunk alerts.
Branded as AI security, Keos devised mechanism’s that accurately detect bad actors combining Splunk’s machine learning toolkit with risk based alerting.
The result is increased alert fidelity.
Today, this AI-like security mechanism’s is in high demand.
And Keos is the author and supplier of this technology.