Case Study

A top global asset manager was looking for a detailed assessment of their existing Splunk architecture and uses cases, in an effort to streamline their source types, dashboards, add searches to ultimately provide data driven decision making to the business. Although the firm has a very strong and capable IT department, at times, their management team desires outside experts to optimize outcomes due to the multitude of IT services, applications and platforms that they provide to both their internal and external customers. A strong believer in the power for both the IT operations and security awareness that the Splunk platform provides, the firm elected to partner with Zivaro for assistance enabling their team and optimizing the architecture to ensure scale and alignment to best practices.

The firm partnered with Zivaro’s Splunk Professional Services team in 2017 to come in and do a thorough assessment of their existing Splunk environments, assist with data on boarding and use case development for cyber security initiatives and their alignment to best practices. The goals were to provide not only recommendations for architecture, but also, to provide future-state best practices recommendations to help ensure scale and maximize their return on investment.

The Zivaro Splunk services team collaborated with the firms enterprise architecture and security leaders to identify areas of opportunity for improvement and efficiency across architecture, source types, use cases, and reporting of their multi-terabyte Splunk environment. Over the course of the two-year engagement, Zivaro’s Professional Services resources identified several areas for enhancement of the reporting for the firm’s executives including index, search head and server class organizations, consolidated inputs and general preparedness for expansion to ensure optimal future state. In addition, the Zivaro team helped the client’s security team with a service decomposition and KPIs identification for Splunk’s IT Service Intelligence (ITSI) and Enterprise Security (ES) premium applications.

The need to expand the number of resources with Splunk expertise within the firm became apparent in order to maximize their return on their growing investment in the premium applications. With Zivaro being one of just a handful of Splunk Certified Training Centers in N. America, a custom Splunk training path for their security operations center (SOC) team was developed and deployed enabling their SOC team to become more self-sufficient with the platform.

The firm’s new Splunk platform has resulted in faster searches, optimized infrastructure, enhanced reporting and an increased awareness of the potential power of Splunk for their business. In addition, the IT and SOC teams are now able to provide better contextual insights and reporting to their executives as well as a more proactive and automated posture in both their IT and security operations. Ultimately, this engagement has helped the firm understand that Splunk is not just another IT tool, but a true platform for operational and security intelligence that can be leveraged by virtually anyone looking to glean insights from their data to provide better operational efficiencies. When considering that this firm is consistently in the top firms for client service in the U.S., the maturation in their postures for IT operations and security helps enable fund administration, which ultimately translates into client satisfaction and retention.

990 S. Broadway, Suite 300
Denver, CO 80209
o: (877) 603-1984
e: advisory@zivaro.com