Pharmaceutical Case Study

How a global Pharmaceutical Company expanded their use of Splunk and reduced expenditure.
Customer Profile
A global pharmaceutical company were looking to migrate their Security Operations centre running Splunk Enterprise Security whilst expanding their use of the Splunk platform and sustaining their future data analytic requirements. All at the same time as consolidating their technologies and reducing their overall expenditure.
Technology Products

Enterprise
The easiest way to aggregate and get IT, Security, IoT and business answers from your Machine Data at a massive scale and speed to give you true insights.

Enterprise Security
Gain end-to-end visibility into your security posture with actionable intelligence that helps you prioritise and act fast.
Challenges
Performance issues, software out of date, system stability, complex migration from 2 Search Heads to dual search head clusters. New use cases requested across the business, meeting the demands of varied data owners and requirements.
Solution
New rollout of a global Splunk environment consisting of 2 multi-site indexer clusters, 2 search head clusters, global deployment server architecture, load balancing for Splunk Stream and collected data source collection, heavy forwarders and cloud data sources. Data sources consisted of the following:
Cloud based data sources
AWS, Azure
On prem infrastructure
Windows, Linux, UNIX
Security Tools
Custom Applications
Database data
Network Data
Physical Hardware
A parallel implementation, building two new multi-site indexer clusters across the globe, with two search head clusters, one for ES and one for Service and Infrastructure monitoring. Then onboarding over 50 different data sources, whilst also maintaining the live environment prior to migrating to the new environment within extreme time pressures.
Why Somerford?
Somerford was able to orchestrate and deploy multiple consultants to run different pipelines of work in parallel to meet the time pressures, whilst our in-house project management team were able to maintain strong forward momentum and a high level of communication within the team to accurately track all tasks and outstanding actions.
The complexity of the tasks and the requirement for no downtime to critical security operations meant the migration and handling of the migration process was not trivial. Running items in parallel, meant the split firing of data was required to maintain security data into the old system whilst onboarding new data sources into the new environment before the full migration was completed. Additionally, the migration was designed in a way that completed an upgrade of the platform, merging and consolidation of configuration, removing any erroneous and damaging config, upgrading the environment and planning for a new index design.