Case Study: Implementing SIEM on a Budget


Z&Z Insurance Brokerage*, an insurance company with 200 employees spread over 5 offices, faced regular critical system outages and malware attacks that threatened business operations, reputation, employee morale and required significant costs outside of budget.

After a full assessment, Z&Z* decided that implementing a solution for logging network activity and monitoring user access across the enterprise would help them deal with their challenges. Kalki worked with Z&Z* to evaluate their biggest monitoring challenges, assess their needs from a logging solution and select and implement a tool.



  • Lack of audit trail
  • Network Interruptions and access issues
  • Risk of un-noticed malicious activity
  • Inability to diagnose and prevent future network issues
  • Lack of budget for a full-scale enterprise logging and monitoring solution


  • Regular network outages and downtime
  • Compliance issues
  • Lost revenues


Kalki worked with Z&Z* to balance the needs of the business with the cost of implementing a logging solution. Kalki provided a full breakdown and comparison of various solutions and worked with the client to select the best fit.

Prior to solution implementation, Kalki restructured the network elements as required and prepared the environment for the addition. An ArcSight Logger appliance was installed, configured and fully tested in Z&Z’s* network.



Z&Z* is now actively able to measure and monitor:

  • Total failed logins on perimeter devices
  • Antivirus tool policy breaches
  • Policy breaches by specific user (any possibly malicious downloads)
  • Potential cryptolocker variant outbreaks
  • Consolidated updates from business critical applications

Z&Z* now regularly receives alerts regarding:

  • ArcSight configuration changes to environment or setup to prevent unauthorized changes
  • Alerts for 3 failed logins on across all network and infrastructure within 60 seconds
  • Antivirus policy breaches (pulled from the antivirus tool)

The Road Ahead

Z&Z* is now in a place where they are able to track and maintain an audit trail of user activity as well as proactively monitor network activity and prevent network issues. All major devices and systems within Z&Z’s* network send event log data to the Logger for aggregation and alerting, bringing all the information to a centralized location and allowing for intelligent real-time analysis of network and user activity.

The ArcSight Logger implementation has the ability to recognize many attack types and prevent issues before they begin. Z&Z* is now armed with alerts to notify them of malicious activity in addition to the network monitoring capabilities of other tools. Z&Z* has been provided with the tools and processes by which to handle and escalate any issues found by the logging system.

Printer friendly version

Key facts


  • Industry: Insurance
  • Regulations: Financial Services & HIPAA
  • Network outages and downtime
  • Inability to diagnose network issues and track user access


  • Needs review and assessment
  • Solution comparison and breakdown
  • Network restructuring
  • ArcSight Logger installation
  • Logging and monitoring ruleset creation and implementation


  • Measurement and monitoring of all network and infrastructure elements
  • Monitoring for malicious activity
  • Regular real-time alerting for high risk issues




envelope_64pxDon’t miss a thing! 
Sign up to receive important security alerts about
your devices both at home and work.

Case Study: Implementing SIEM on a Budget

See how we’ve helped a previous client implement a form of Security Information and Event Management on a budget.

Fill in the form below and your download will be emailed to you right away!

* These fields are required.

Pin It on Pinterest

Share This

Share This

Share this with your friends!