SIEM Solution
SIEM Solution for 70+ US State Agencies.
About
Customer
The end customer is the government of one of the US states that comprises 70+ state agencies.
Challenge
The end customer was looking to create a centralized SIEM solution that would replace scattered security systems operating at the state agencies and connect them to the unified security operation center (SOC) in order to provide all the agencies with the needed level of security monitoring stipulated by the state administration. Since 5 agencies had already been using IBM Security QRadar SIEM, the Customer decided to develop the future solution using the same platform. Taking into consideration the scope of the project, the Customer was looking for a highly professional SIEM team that could implement the system according to the provided requirements.
Solution
ScienceSoft was selected to participate in the project as one of only 7 IBM Advanced Partners holding a Silver Accreditation in IBM Security QRadar SIEM in the world and having more than 12 years of expertise in SIEM solutions development and customization for companies in Banking and Finance, Telecommunication, Healthcare and Public Sector.
The 6-month project was completed fully on the Customer’s site. The project started with the deployment of IBM QRadar SIEM according to the architecture provided by the Customer. The deployment included configuration of the existing and newly acquired appliances, software upgrading and patching in order to ensure the stable functioning of the platform.
Once the platform was deployed, ScienceSoft’s experts passed to the analysis, configuration and connection of log sources to IBM QRadar SIEM. This stage was the most complicated since it was required to install and configure event and flow collectors at more than 70 independent agencies and then to ensure the transmission of all events to the event processors’ clusters in the SOC.
During this stage, ScienceSoft’s team configured in total over 5,000 log sources and developed 30+ log source extensions (uDSMs/LSXs) for unsupported log sources as well as 20+ log source enhancements (LSEs) that allowed to normalize data coming to IBM QRadar SIEM. All the log sources that previously had been sending log events to agencies’ local systems were reconfigured, all the data was migrated to the new system.
To facilitate the connection of the state agencies to the SOC and improve event transmission, ScienceSoft’s SIEM specialists developed the whole range of custom tools. Among them, there are:
A tool that automatically mounts and runs patches, checks and configures NTP settings, enables routing for the event collector and iptables configuration for both event collector and flow collector
An FPI Reporter that automatically scans all the servers and builds up charts of server load
A tool that enabled a simultaneous patching of all QRadar supported systems in just several hours (versus native consecutive patching that took up to one week)
WinCollect stand-alone deployment script and toolbox that allowed to automatically detect and connect all the log sources running on Windows servers to QRadar including Windows Event Logs, MS ISS, MS SQL, DHCP logs, debug DNS logs and any number of logs from unsupported applications (with pre-configured log paths in configuration file)
A syslog-ng daemon configuration checker
A tool to upload a Log Source list to an Excel spreadsheet (to easier sort and filter log sources) with search and renaming suggestions, as well as an LSX misconfiguration checker, working remotely through HTTPS
Tools for massive log source renaming and deletion working remotely through HTTPS
A server-side tool to verify Event Collectors’ availability and notify immediately if any of them went offline
Various tools enabling remote information queries from IBM QRadar SIEM (e.g. Custom Properties, WinCollect plugins versions, etc.)
- Not providedSize in euros
- Not providedPrice
- Not providedDuration in month
- Not providedTeam size
Tech Information
Skills
Services
Industries
Markets
ScienceSoft Portfolios
Company Description
Founded in 1989, ScienceSoft is a US-headquartered provider of custom software development and IT consulting services with 700 employees located internationally.
For over 32 years we’ve been bringing custom and platform-based solutions to midsized and large companies in Healthcare, Telecom, Retail, Financial Services and other industries. The likes of Walmart, Nestle, eBay, T-Mobile, Baxter and IBM rely on our solutions in their daily operations.
With the background rooted in science, we build on our legacy knowledge and grow it dynamically in the areas of Collaboration, CRM, Data Analysis, VoIP and Information Security. As part of this journey, we partnered with Microsoft, IBM, Oracle, Salesforce, Episerver and more tech leaders so that our clients can benefit from these high-level networks too. Currently, we are recognized with 8 Gold Microsoft Competencies in Application Development, and Collaboration and Content.
The core of our client operations is at our US headquarters in McKinney, TX, and EU office in Vantaa, Finland. At the same time, the major development centers in Eastern Europe. From here, our teams nurture and apply their competencies worldwide: while Northern America remains our principle market, our customers come from over 30 countries.
Experience 32 years in IT
Size 700 employees (600 IT professionals)
Customers 60 countries, 30 industries
Turnover 75% of the revenue comes from 1+ year-long customers
INDUSTRIES
ScienceSoft has been delivering software solutions for middle-market and enterprise customers across multiple target industries. Our hallmark projects include:
Banking and Finance: СRM for a bank with 7 mln clients Award-winning mobile banking solutions Intranet portal for a bank with over $400 bn assets Information security projects for financial institutions on three continents
Healthcare: Business intelligence solution for 200 US healthcare centers Medication order processing system for a US healthcare company with more than $15 bn revenue and 60,000 employees
Retail: Modules for one of eBay’s e-Commerce platforms with over 2.5 mln members Private label product analysis and reporting used by Walmart Trade promotion management solution used by Heinz Brand health monitoring system used by Nestle
Telecom: Viber, one of the world’s most popular instant messaging and VoIP apps with 600+ mln users Information security projects for telecoms in Europe and Asia
Public Sector: Nationwide civil registry for an EU country Mobile document management solution for a parliament We have also built up experience in Education, Manufacturing, Oil and Gas, Media and Entertainment, Transportation and Logistics.
PROJECT MANAGEMENT
With an established project management culture, ScienceSoft has achieved 100% project delivery owing to:
ability to work with both detailed and vague project scope realistic estimation and, thus, staying within budget during implementation effective resource allocation to lessen risks being able to apply various software development methodologies ensuring smooth communication with the Customer and 3rd parties all-round Quality Assurance to guarantee that the application runs as intended
KEY TECHNOLOGY EXPERTISE
Back-end and desktop: Microsoft .NET, Java, C++, PHP, Qt, Node.js Front end: HTML5, CSS3, JavaScript Mobile: iOS, Android, Windows Phone, Xamarin, Apache Cordova, Qt Web development: Drupal, WordPress, Joomla, Pimcore, Magento, Sitecore, EPiServer
Company Information
- ScienceSoftCompany Name
- 700Number of Employees
- English, RussianSpoken Languages
- https://www.scnsoft.com/Website
- [email protected]Email
- 1989Year Founded
- United States, United Arab Emirates, Finland, LatviaHeadquarters
