Case Study: Royal Dutch Shell doubles cyberthreat detection and scales SIEM with Amazon Web Services

Royal Dutch Shell Proactively Identifies Cybersecurity Threats Using AWS

Royal Dutch Shell, a global oil and gas company operating in more than 70 countries, faced mounting cybersecurity challenges as its on‑premises SIEM reached capacity limits and could not retain or analyze historical data needed for proactive threat hunting. The existing solution struggled with scalability and could only hold data for a few days, preventing trend analysis and timely detection of malicious activity.

Shell moved to Splunk Enterprise on AWS, running on about 100 EC2 instances and using EBS gp2 and sc1 volumes to balance performance and cost, ingesting roughly 4 TB of data per day into a multi‑petabyte data lake. The integrated cloud SIEM enabled real‑time monitoring and deep historical analysis, doubled detection and remediation of potential breaches, and empowered the CyberDefence team to identify and close vulnerabilities proactively.

Royal Dutch Shell

Oskar Brink

CyberDefence Manager