Case Studies Rule every threat with CASE STUDY | Roku Cloud SIEM

Edit This Case Study Record

	Rule every threat with CASE STUDY \| Roku Cloud SIEM

Rule every threat with CASE STUDY | Roku Cloud SIEM

Technology Category	Analytics & Modeling - Predictive Analytics Cybersecurity & Privacy - Security Compliance
Applicable Functions	Business Operation
Use Cases	Cybersecurity Remote Control
Services	System Integration Training
Challenge	When adopting a SIEM solution, Roku needed to avoid alert fatigue and stay agile to quickly address true issues. Maintaining a strong security posture is essential for Roku. “Our security team works day and night to protect the infrastructure and provide a reliable service for our customers. Our customers and their trust are important for us,” shared Huseyin Karaarslan, Sr. Security Engineer at Roku. As an important part of this strategy, Roku wanted to adopt a SIEM solution to gain cyber situational awareness and an ongoing picture of the company’s environment. Read More
About Customer	At its start in 2000, Roku pioneered streaming to the TV with its platform that connects viewers, publishers, and advertisers to the vast ecosystem of media content. With its product portfolio of streaming players, TV models, and a channel store, Roku serves millions of customers across North America, Latin America, and Europe. Roku has established itself as a significant player in the broadcast media and consumer electronics industries, providing a reliable and innovative service to its extensive customer base. The company is committed to maintaining a strong security posture to protect its infrastructure and ensure the trust of its customers. Read More
Solution	For its cyber situational awareness, Roku wanted rapid and accurate insights into their domain to understand what’s happening and to ensure active responders could make quick, accurate decisions. This requires an investment in data collection and analysis to maintain a continuous picture of Roku’s infrastructure, and for that, Roku chose Sumo Logic Cloud SIEM. Built natively in the cloud, Cloud SIEM makes it fast and easy to gain deep security insights with pre-built applications including out-of-the-box dashboards, queries, and rules. With 700+ rules that each map to a tactic and technique related to the MITRE ATT&CK framework, Roku’s security team had a strong starting point for obtaining security insights. As a first step, the team embarked on tuning Cloud SIEM rules. “Cloud SIEM’s rules are powerful, and we wanted to tailor them specifically to our organization and infrastructure. Tuning was important for us to familiarize ourselves with the tool, prove value in our investment, and optimize the platform so we could focus on true alarms that require our attention,” commented Karaarslan. Read More Log in to view content
Contents

Technology Category

Analytics & Modeling - Predictive Analytics

Cybersecurity & Privacy - Security Compliance

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Remote Control

Services

System Integration

Training

Challenge

When adopting a SIEM solution, Roku needed to avoid alert fatigue and stay agile to quickly address true issues. Maintaining a strong security posture is essential for Roku. “Our security team works day and night to protect the infrastructure and provide a reliable service for our customers. Our customers and their trust are important for us,” shared Huseyin Karaarslan, Sr. Security Engineer at Roku. As an important part of this strategy, Roku wanted to adopt a SIEM solution to gain cyber situational awareness and an ongoing picture of the company’s environment.

About Customer

At its start in 2000, Roku pioneered streaming to the TV with its platform that connects viewers, publishers, and advertisers to the vast ecosystem of media content. With its product portfolio of streaming players, TV models, and a channel store, Roku serves millions of customers across North America, Latin America, and Europe. Roku has established itself as a significant player in the broadcast media and consumer electronics industries, providing a reliable and innovative service to its extensive customer base. The company is committed to maintaining a strong security posture to protect its infrastructure and ensure the trust of its customers.

Solution

For its cyber situational awareness, Roku wanted rapid and accurate insights into their domain to understand what’s happening and to ensure active responders could make quick, accurate decisions. This requires an investment in data collection and analysis to maintain a continuous picture of Roku’s infrastructure, and for that, Roku chose Sumo Logic Cloud SIEM. Built natively in the cloud, Cloud SIEM makes it fast and easy to gain deep security insights with pre-built applications including out-of-the-box dashboards, queries, and rules. With 700+ rules that each map to a tactic and technique related to the MITRE ATT&CK framework, Roku’s security team had a strong starting point for obtaining security insights. As a first step, the team embarked on tuning Cloud SIEM rules. “Cloud SIEM’s rules are powerful, and we wanted to tailor them specifically to our organization and infrastructure. Tuning was important for us to familiarize ourselves with the tool, prove value in our investment, and optimize the platform so we could focus on true alarms that require our attention,” commented Karaarslan.

Impact #1	Optimized situational awareness with rule tuning.
Impact #2	Built natively in the cloud, Cloud SIEM makes it fast and easy to gain deep security insights with pre-built applications including out-of-the-box dashboards, queries, and rules.
Impact #3	The security team’s tuning process was highly efficient, beginning with using the Sumo Logic platform to write queries to identify the rules that created the highest volume of alerts.

Impact #1

Optimized situational awareness with rule tuning.

Impact #2

Built natively in the cloud, Cloud SIEM makes it fast and easy to gain deep security insights with pre-built applications including out-of-the-box dashboards, queries, and rules.

Impact #3

The security team’s tuning process was highly efficient, beginning with using the Sumo Logic platform to write queries to identify the rules that created the highest volume of alerts.

Benefit #1	700+ rules that each map to a tactic and technique related to the MITRE ATT&CK framework.

Benefit #1

700+ rules that each map to a tactic and technique related to the MITRE ATT&CK framework.

Download PDF Version

Overview

Rule every threat with CASE STUDY | Roku Cloud SIEM

Operational Impact

Quantitative Benefit