In 2017, the Matmut group wanted to acquire a log management solution that would deliver correlated views, facilitate incident searches, improve prevention and trigger threshold notifications. The scope was to improve event visibility across the entire IT architecture and reduce incident response time. The project was strategic for Matmut’s IT division and prioritized in the company IT master plan.
“I wanted a flexible, fast-response and easy-to-use solution for all the teams, in particular, one that could easily be used to create dashboards and make data and subsets of data available on a selective basis. Cost-efficiency was also a prerequisite in the scoping of a solution”, says Cédric Chevrel, CISO at Matmut.
A SIEM solution would empower Matmut to reduce security risks, notably by achieving visibility of data and events such as suspicious extraction of data, statistics on use of Active Directory accounts (attempts, successes, failures, etc.) and the correlation of minor security events, that individually may pass unnoticed, but in combination triggers an alert.
The aim was also to facilitate the correlation of events when handling load-balancing and inter-architecture communications across platforms.