The Ohio Attorney General’s Office centralizes its log files for two important functions: meeting security compliance requirements, and detecting and mitigating cybersecurity threats in real time.
In 2019, the agency’s IT security team deployed Splunk’s security information and event management (SIEM) software to aggregate the log data from its servers, firewalls and other security and networking equipment into a central repository.
The software allows the Attorney General’s Office to satisfy regulatory mandates by retaining logs for compliance reporting and audits. It also correlates and analyzes the data. When the tool discovers suspicious behavior and potential security threats, it sends out real-time alerts to the security staff.
“Having that visibility makes a huge difference and allows us to stay on top of what’s going on in our environment,” says CISO Joe Cossin.