Government Solutions

Challenge

First installation of Cribl LogStream in a Federal enviroment. Architected 40 TB/day ingest AWS with heavy use of Agile/Scrum. >50 FTEs analyzing >1 trillion log events.

Solution

Implement API/data onboarding of cloud sources across agency lab sites into a Big Data Platform (BDP). Managed > 50 FTE's across entire engagement. Ingested and analyzed > 100 BN log events.

Results: All lab sites were able to send data to a centeralized location and for headquarters to get an accurate depiction of the security landscape across the Enterprise.

Challenge

Setup and manage Splunk enviroments for (3) other Federal agencies within the Angencies Managed Security Service Provider (MSSP) enviroment.

Solution

Implemented MSSP enviroment for 8+ agencies. Aggregated data from other tools and continuously monitor for threats, 24/7. Heavy use of agile reporting in JIRA and ServiceNow for operational efficentcy. Over 55 FTEs.

Results: Effective Splunk Cloud infastructure management, cloud migration of on-premise components, and data onboarding for terabytes of data.

Challenge

Provide SME support for Splunk customers within a large technology integrator's services offering.

Solution

Results: Built technical capacity of the engineering team with new Splunk knowledge, skills, and abilities. Engineering team was able to monitor, track, assess, and report on new threats.

SUCCESS STORIES

Challenge

Transition from the old Splunk infrastructure to a new infrastructure. Implement “App as a Service” (AaaS).

Solution

Migrated the infrastructure in production. Led team of 8 Splunk engineers on.

Results:Provided AaaS for > 10K users, while ensuring 24/7/365 up-time.

Challenge

Complete the first-ever government cloud to government cloud migration in Splunk's history. With a goal of just 3 weeks.

Solution

Coordinated with Splunk Professional services, checks and balances, with a bucket-for-bucket scan of data being migrated. Moved all data feeds. Set up TCP routing to double feed old stack and new stack.

Results: Success. On-time. Within budget. We successfully migrated the production environment to the Splunk Cloud. One of the government technical leaders stated, “We are truly impressed with how fast CYBRILL completed this very, very complex project. And we are extremely grateful for everything they did from day one.”

Challenge

Provided SME leadership, addressing multiple technical and coding issues. Integrate threat intelligence feeds into Splunk Enterprise Security.

Solution

Performed advanced troubleshooting and data parsing across the environment. Correlated technical and coding issues with customer’s concerns. Cleaned up correlation searches. Customized monitoring. Implemented ingest actions to split data by customer to separate indexes to also shrink Splunk license expenses.

Results: Moved the environment from red to green. Rectified technical and coding issues, enabling a new set of correlation searches to be created by the SOC. Beginning next phase of enhancing the cyber security environment.

Certifications

Strategic Security Partners

Deep Bench of SIEM Expertise

Scroll to Top