Non-profit

CTC's game-changing move: A dive into their cybersecurity shift from Splunk to Log360

CTC

About Concurrent Technologies Corporation

Concurrent Technologies Corporation (CTC) is a nonprofit organization specializing in applied scientific research and development, and professional services. Teaming up with Enterprise Ventures Corporation (EVC), its technology transition affiliate, CTC offers comprehensive, end-to-end solutions encompassing research, development, testing, and evaluation. With a focus on engineering and manufacturing, information technology, and readiness solutions, CTC provides robust and innovative offerings to protect national security and maintain a technological advantage for the U.S.

With over 400,000 square feet of state-of-the-art facilities, including secure high-bay spaces, CTC develops advanced manufacturing technologies and creates large-scale prototype structures. Through its partnership with EVC, CTC ensures a seamless technology transfer process for clients in government, private, and public sectors. Notably, CTC's research initiatives have resulted in cutting-edge solutions like the Carriage, Stream, Tow, and Recovery System (CSTRS) and Advanced Guard for Information Security, which have found applications in the defense sector and beyond.

  • Organization

    Concurrent Technologies Corporation
  • Country

    USA
  • Industry

    Nonprofit

Navigating the seas of cybersecurity: The day-to-day operations and challenges

Being an integral part of the defense industrial base, the IT team's routine is far from typical. The cybersecurity manager, Danielle Gerko, elaborates, "Day to day, we work with our cyber stack, our cyber applications. We do everything from end-user support [and providing] permissions to accessing things to determining what hardware and software to purchase or configure [next]." The uniqueness of CTC's daily operations mean a standard IT security solution doesn't suffice, underscoring the need for versatile, customizable SIEM software to streamline its tasks.

Two of the key areas that the IT team is vigilant about are cybersecurity compliance and supply chain robustness. Gerko emphasized, "We’re always [questioning] are we compliant? Are we secure? How secure is the supply chain?" With regulations such as NIST SP 800-171 and Cybersecurity Maturity Model Certification (CMMC) 2.0, compliance is a significant aspect of the team's daily work. This includes frequent internal reviews with third-party audits every three years.

Real-time access to key data points like active accounts is a game-changer for meeting these compliance requirements. It increases efficiency and reduces potential errors arising from outdated or incorrect information. This helps them not only to achieve compliance, but also to ensure the security of the supply chain.

The pivot point: From Splunk to Log360

At the heart of its cybersecurity operations, this US Department of Defense affiliate was leveraging Splunk. However, the organization required an affordable SIEM solution that is packed with correlation abilities and was more user-friendly for their junior and mid-level administrators. "We were a long-time customer...we ultimately decided to go with Log360," noted Gerko.

This decision was significantly influenced by Log360's affordability and customizability, factors that Splunk couldn't meet. CTC found that Log360's user-friendly interface and intuitive design made it accessible to users with varying levels of systems knowledge, which helped simplify and streamline operations.

“The manageability of [Log360] and what was built in as opposed to the behemoth that is Splunk—I think that was probably the number one selling point.”

Jim Erb, Cybersecurity operations senior technical lead at CTC

The absence of pre-built correlation capabilities, alongside the significant time and cost implications of manually configuring correlations in Splunk, strongly influenced CTC's decision to switch. Log360’s design tackles these challenges and provides an exceptional user experience. Log360 excels in correlation capabilities and provides advanced fine-tuning options that align well with CTC's network events. Additionally, CTC needed a solution that could make it easier for its IT team to manage and customize the correlation engine in the long run.

In its quest for an efficient and robust cybersecurity solution, CTC considered various alternatives, including Rapid7's SIEM, SolarWinds, LogRhythm, and Microsoft Sentinel. But it was Log360's on-premises deployment option that resonated with their business needs. "We ended up going with [Log360's] perpetual licensing. It was a nice option that we could leverage," Gerko stated.

Overall, the decision to switch from Splunk to Log360 was driven by the organization's need for a SIEM solution with correlation abilities, ease of use, affordability, and compatibility with its IT team of junior and mid-level administrators. The transition marked a new chapter in CTC's cybersecurity operations, positioning it for increased efficiency and robust network protection.

Tailoring Log360 to meet unique security needs

With a challenging landscape of security threats ranging from phishing and spam to brute force and scripted attacks, CTC needed a robust, intuitive SIEM solution. Log360 plays a multifaceted role in the organization, meeting critical security requirements such as compliance auditing, network monitoring, and threat detection. Log360 helps ensure compliance with regulatory standards, particularly alongside M365 Manager Plus and other Active Directory security and management components.

CTC also mentioned how Log360 helps protect the Controlled Unclassified Information (CUIs) in line with CMMC requirements. Furthermore, the solution eased the workload for the IT team, allowing analysts to focus on data analysis rather than system configuration. Gerko appreciated the out-of-the-box and customizable features, highlighting the value of user entity behavior analytics (UEBA) in detecting insider threats and monitoring data trends.

The onboarding process was notably enhanced by the invaluable assistance of ManageEngine's Onboarding team. The team's guidance enabled CTC to thoroughly comprehend and leverage the system without any sense of being hurried. This understanding and patient approach was key, as it empowered the organization to familiarize itself more effectively with the product. Reflecting on the experience, Gerko commended the Onboarding team's involvement, noting, "It didn't feel like there was that kind of pressure. So it allowed us to learn the product a little better as we were going."

Along with the help of the Onboarding team, Log360's creative customization options were able to meet CTC's unique needs. Discussing her experience with the Onboarding team, Gerko affirmed, "They have been immensely helpful throughout the onboarding process."

CTC's IT team expressed high praise for the onboarding process, appreciating the absence of unnecessary stress and the positive, supportive learning environment created by the Onboarding team. Speaking about her experience with ManageEngine's Onboarding service, Gerko stated that, "It felt like the emphasis was on ensuring our complete onboarding rather than rushing to meet a stringent time constraint."

Boosting efficiency and slashing costs with Log360

Log360 not only offered a more favorable pricing structure, but it also served as a one-stop solution for CTC's varied cybersecurity needs, which would have otherwise necessitated the integration of multiple different tools, further complicating the system and adding to overall costs. The organization found that "it just met the sweet spot with functionality and pricing."

Log360 delivered significant efficiency gains for the IT team. A key highlight was its capacity to alleviate the burden of system configuration from the analysts, allowing them to concentrate on their core task instead: analyzing data. Gerko explained, "The idea is that this doesn’t take as much manpower to maintain long-term and our analysts can focus on actually analyzing the data and not just the configuring of the system."

Another significant time-saver came in the form of Log360's search capabilities, automatic device discovery, and predefined correlation rules. Gerko remarked that these features "will allow our entire team to have a tool...to find information and log files quicker.” By eliminating the need for manual correlations, Log360 not only sped up search processes but also reduced the risk of human error.

The IT team found Log360 to be an "immensely helpful" tool that offered straightforward, real-time reporting and auditing capabilities. All of these benefits significantly contributed to improving the organization's cybersecurity posture while simultaneously simplifying processes, saving time and money.

In summary, the implementation of Log360 was successful in the challenging environment of a defense industrial base. Additionally, Log360 assisted with regulatory compliance, network monitoring, and threat detection. It simplified these processes, offering valuable time and financial savings and scoring a solid 4/5 for ease of use. With "no sense of being rushed," the Onboarding team was praised for its effectiveness and value. CTC confidently awarded an 8/10 when asked if it would recommend Log360, a clear endorsement of CTC's satisfaction.

About Log360

ManageEngine Log360, a comprehensive SIEM solution helps enterprises to thwart attacks, monitor security events, and comply with regulatory mandates. The solution comes bundled with a log management component that provides better visibility into network activity, incident management module that helps quickly detect, analyze, prioritize, and resolve security incidents, ML-driven user and entity behavior analytics add-on that baselines normal user behaviors and spots anomalous user activities, threat intelligence platform that brings in dynamic threat feeds for security monitoring and aids enterprises to stay on top of attacks. For more information about Log360, visit manageengine.com/log-management.

About Onboarding

Onboarding is a ManageEngine service that provides solution implementation to clients upon request. This service includes the installation and customized configuration of the ManageEngine solutions. It enables clients to seamlessly begin work without worrying about the complexities of installation, deployment, and product use. Every client environment is unique and requires additional support beyond the basic installation and standard features. With Onboarding, clients have the option to engage a team of product experts to manage the installation, implementation, customization and training based on the business needs.

Log360 is a unified SIEM solution with integrated DLP and CASB capabilities that detects, prioritizes, investigates, and responds to security threats. It combines threat intelligence, machine learning-based anomaly detection, and rule-based attack detection techniques to detect sophisticated attacks, and offers an incident management console for effectively remediating detected threats. Log360 provides holistic security visibility across on-premises, cloud, and hybrid networks with its intuitive and advanced security analytics and monitoring capabilities.

Follow Us

2022 Zoho Corporation Pvt. Ltd. All rights reserved.