Learn how a large utility company successfully turned to MixMode after their SIEM failed to meet their SOC requirements.

The Challenge

A large utility company approached MixMode with the following scenario: The enterprise SOC was utilizing a shared SIEM application that was being utilized by several stakeholders: the networking team, the SCADA team, the dev-ops team, the compliance team and cybersecurity teams for “basic search and investigation of log files to meet regulatory compliance requirements”. Although the compliance team at this utility found the SIEM satisfactory, the cybersecurity team was hindered by the system’s inability to perform several fundamental functions including its ability to:

• Identify and detect real-time network traffic analysis and variations they suspected would be reflective of state-sponsored attacks

• Alert on policy violations and network misconfigurations that represent serious threats to the organization

• Detect adversarial AI attacks

• Detect individual or collaborative hacker attacks taking place on a daily basis • Develop a baseline of expected network behaviors based on a continually evolving baseline

• Adequately monitor a mix of legacy systems, cloud data and on-prem resources