Security Information & Event Management (SIEM) , Security Operations , Security Operations Center (SOC)
Insights From a Dual-Vendor, SaaS-Based SIEM Implementation
Shweta Kshirsagar of Flipkart on Successfully Deploying a Unified SOCImplementing one SIEM across a large enterprise can be challenging. Trying to implement two different solutions and make them work together is even harder.
See Also: AI-Driven Partnership for Enhanced Threat Detection
Information Security Media Group recently recognized Shweta Kshirsagar, business information security officer at Cleartrip, a Flipkart Group company, at the Dynamic CISO Excellence Awards and Conference in the area of SOC modernization for implementing two SaaS-based SIEM solutions across Flipkart Group's companies. One SIEM tool enables 24/7 alert monitoring for the SOC team, and the other generates compliance reports with longer log retention.
Challenges arose from integrating solutions from different vendors, requiring distinct approaches to log parsing and normalization.
"We ensured minimal impact on device performance by establishing a single point of ingestion, simultaneously streaming logs to both SIEMs. Additionally, role-based access control was designed to cater to different stakeholders' needs," Kshirsagar said.
This approach allowed for simultaneous streaming to multiple SIEM tools, minimizing the strain on device performance and ensuring effective log management.
Kshirsagar led the implementation project during her tenure as the head of cyber defense at Myntra, a Flipkart Group company.
In this video interview with ISMG after its Dynamic CISO Excellence Awards and Conference, Kshirsagar discusses:
- How Flipkart implemented a unified SOC across all its companies;
- Keeping costs under control in a SaaS-based SIEM;
- How to reduce alert fatigue.
Kshirsagar has nearly 20 years of experience in various domains of cybersecurity, including cyber incident response, data protection and privacy, information security audit, and compliance. She has expertise in cyberthreat intel, threat hunting, security investigations, SOC operations and security orchestrations and automation and has managed and executed projects across multiple countries.