Customer Case Studies
Case Studies
E-Commerce Retailer - Security
One of Keos’ first customers was a large brand name on-line retailer.
The company had recently been breached by a disgruntled former employee and internal security detections were needed.
Keos resources were hired to look at existing log sources, install Splunk ES, configure Splunk and write Splunk ES security detection.
The detections were focused on internal threat activity.
Log data was plentiful, including badge access logs and authentication logs.
At this time, Splunk ES was a relatively new product so there was a challenge getting Splunk ES datamodels to populate and dashboards constructed.
The Splunk ES identity look up tables was created from HR data showing all current and former employees.
The project was completed on time and on budget.
The customer was now seeing that a former employee had exfiltrated data.
Comforting to know that any future attempts would be immediately detected and blocked.
Email Provider - Security
One of the largest email providers in the world licensed Splunk ES and asked Keos to both install and configure the SIEM.
Unbeknownst to the customer, they had already been breached and had lost customer data related to their email accounts.
The hackers tried covering their tracks by deleting audit trails.
Before Keos could finish their initially assigned tasks, Keos was uncovering bread crumbs that hackers unknowing left behind.
The customer was soon using the new SIEM and discovering the magnitude of the problem.
Keos completed the install ES install and erected detections that have ever since prevented prevented any successful future attempts.
Electronics Retailer - IT Operations
Keos was engaged with a large public company operating in California that successfully sells consumer electronic devices.
Due to the customer’s large (multi-petabyte) internal operations, the customer chose Splunk software and Keos services.
The customer’s business is so large that at any time if any one of their online services was interrupted, the customer would lose millions of dollars in revenue per minute.
Clearly, sever uptime is critical.
Keos worked with customer employees to predict service failures before they could affect business operations.
This was the largest successful deployment of Splunk IT Operational modeling on record.
Social Media - Splunk Cloud Migration
One of the largest and most successful social media companies decided to move their operations from on-premise to Splunk Cloud.
Keos was called in to migrate petabytes (!!) of historical on-prem buckets to Splunk Cloud.
But before, Keos could get started, there had to be a clear plan with all involved internal departments (e.g. security, netops, itops)
Keos wrote the operational plan, wrote the scripts to automate bucket movement, and reconfigure all the existing sources to send data to Splunk Cloud.
The entire operation had one chance to “stick it”.
The single attempt was successful.
In large part due to the amount of upfront planning and coordination with all parties involved.
Credit Card - Regulatory Comapliance
A large credit card company called in Keos to help satisfy government auditing requirements.
Financial companies often need to provide evidence that they comply with various government standards.
This customer was no exception.
The problem is that the log data needed in Splunk resided in main frames.
Keos worked with the customer to get the data into Splunk and Keos wrote the searches that proved compliance.
Interestingly, the customer also realized that the data in Splunk could also detect fraud and money laundering.
Though not in the initial project scope, Keos stuck around to participate in the money laundering detection effort.
Bank - Staff Augmenation - IT Operations
The largest bank in the United States retained Keos resources to manage their numerous ultra-large Splunk stacks.
This demanding customer had fired as many contractors as they had hired over the years prior to engaging with Keos.
The reason for the high turnover is due to the project size, girth, and the bank’s use of internal proprietary tools needed to automate their Splunk deployments.
These internal tools are not publicly available and there are no classes or training for consultants to learn.
The only survivors who could provide the resources needed by this demanding customer were Keos employees.
The most valuable consulting resources are the smartest people who can learn quickly and adapt to the customers environment.
Wholesale - AI/MLTK - Security Operations
Keos was retained by the nations largest grocery wholesaler to write Splunk security detections.
Keos has an earned reputation for advising customers and writing risk-based Splunk alerts.
Branded as AI security, Keos devised mechanism’s that accurately detect bad actors combining Splunk’s machine learning toolkit with risk based alerting.
The result was increased alert fidelity.
Today, this AI-like security mechanism’s is in high demand.
And Keos is the thought leader, author and developer of this technology.