Case Studies

Turkish Red Crescent

Industry

NGO

Company Size

3000+ Employee

Services Used

Logsign Next-Gen SIEM

Founded in 1868, Turkish Red Crescent is non-governmental organization (NGO). Since its foundation, Turkish Red Crescent has been taking on important tasks to ensure social solidarity, to contribute to the development of social welfare, and to provide poor and needy people with shelter, food, and medical care.

The NGO operates on areas such as blood donation, natural disasters, international aid, immigration and refugee services, social services, health, first aid, education, youth, and mineral water.

Problem

With more than three thousand users, the organization prioritized the monitoring of user file sharing / accessing activities. Access activities, especially to critical documents, were demanded to be reported and be made analyzable. A second demand was regarding the instant detection and prevention of possible threats. With respect to the possibility of a traffic from a malicious IP or URL that is defined on the cyber security intelligence services, the organization had issues regarding cyber threat monitoring and analysis, as well as the interruption of this traffic. With more than three thousand users, the organization demanded the following: Monitoring of user file sharing / accessing activities, Reporting of critical file access activities, and their becoming analyzable, Ensuring automatic action on firewall in case of a traffic from a malicious IP or URL that is defined on the cyber security intelligence services.

Solution

Sources creating the organization’s file sharing / accessing logs were added on Logsign SIEM. All client logs were received via the WEF (Windows Event Forwarding) infrastructure. Client file access logs were sent to Logsign SIEM. Dashboards were created for the correct monitoring of User-File analyses. Compliance reports were deployed to Logsign SIEM. Reports containing the data between the desired dates were scheduled to be sent to the organization officials. Alerts that are required in case of an access to files critical for the organization were identified, and SMS / E-mail notifications were sent. All IP and URL information, which was either accessed or demanded access, was investigated by the Logsign Threat Intelligence service, and logs were enriched. Various investigations were conducted by the TI service for Phishing, Botnet, Malware, Brute Force, etc. categories, dashboards and reports were created. Automatic action module was activated on Logsign SIEM against possible cyber threats. Thus, access to malicious IP and URL was automatically blocked on the organization’s firewall.

Result

With Logsign SIEM, all data became processable. IT managers and teams were enabled to rapidly analyze data. High data access performance was ensured with an active-active infrastructure with a 3-node cluster. With Logsign TI, a real-time investigation process was conducted, and threats were automatically prevented. By benefiting from more than 30 TI sources that are accepted by the industry, Logsign enables threats to be understood and seen. More productive and efficient time management was ensured as real-time investigations were conducted automatically, while they would manually take an hour.