Deployment of LogRhythm SIEM to Improve Detection of Cyber and Network Incidents at a Major French Insurance Company

A major French insurance company, offering a full range of insurance and risk management services for individuals and businesses, has chosen to deploy LogRhythm SIEM to strengthen its cybersecurity and improve incident detection on its local infrastructure. Faced with increasing cyberthreats and the need to protect the sensitive data of its customers and employees, the company was looking for a solution to boost its visibility and ability to detect security incidents. As a complement to the group’s centralised SIEM, the LogRhythm SIEM solution enabled this entity to better meet its specific needs.

The Challenge

The company was already using a centralised SIEM at group level, based on Splunk, but this solution did not fully meet its specific regional needs. The Information Systems Security Manager (ISSM) explains: “We were concerned about visibility. The central SIEM did not exhaustively cover our local infrastructure, which created a risk of not detecting incidents that remained within our regional perimeter.”

The second challenge was detection time. During a red team test, the company discovered that attacks were only detected in their final stages. “We needed to reduce the detection time so that we could take effective containment measures and limit the potential damage,” explains the CISO.

The Solution

To meet these challenges, the company chose to deploy the LogRhythm SIEM solution as a complement to its centralized SIEM. Ease of integration was a determining factor, with connectors already developed for the company’s standard equipment, which made the implementation process quick and easy. The ready-to-use detection rules ensured immediate effectiveness after installation. LogRhythm SIEM offers a unified interface that brings together SIEM, SOAR, case management, and UEBA, simplifying day-to-day management. “We don’t need to manage several portals, which makes us more efficient,” explains the CISO. The “no code” aspect of LogRhythm SIEM was particularly appreciated, enabling complex queries without the need for scripts or proprietary languages. In addition, the pricing model, with a fixed price over three years, enabled the company to control its budget.

“The fixed cost, which is independent of the volume of logs collected, has enabled us to forecast our expenditure without any surprises, while maintaining a reasonable operational burden,” emphasizes the CISO.

Unexpected Bonuses

In addition to the expected benefits, the company has discovered several additional advantages with LogRhythm SIEM. The solution has made it possible to strengthen internal security policy (ISP) controls by ensuring that the defined usage rules are properly applied. “The solution helps us to monitor the application of our ISSP, which is an unexpected but very welcome bonus,” says the CISO. The solution also improved visibility for infrastructure teams, enabling wider use  beyond cybersecurity. “Infrastructure teams can now have their own dashboard with specific indicators, improving the operationality of the IT estate,” adds the CISO.

From the very first days of use, LogRhythm SIEM has demonstrated its effectiveness by rapidly detecting anomalies and poor practices. “We were able to identify incidents within the first week, which confirmed the solution’s effectiveness in terms of detection,” concludes the CISO.

“The fixed cost, which is independent of the volume of logs collected, has enabled us to forecast our expenditure without any surprises, while maintaining a reasonable operational burden”

• 

• CISO

  Major French Insurance Company