Case Study: a national telecommunications and internet technologies service provider detects employee fraud with UnderDefense and Splunk

National Telecommunications and Internet Technologies Service Provider - Customer Case Study

The customer, a national telecommunications and internet technologies service provider, faced the challenge of detecting internal fraud to protect the privacy of user data and the integrity of its systems. They engaged UnderDefense to implement a solution using Splunk Enterprise, along with Splunk DB Connect and the Splunk CIM, to analyze activities by users and entities in real-time and batch.

UnderDefense implemented a process to index and correlate over 600 million historical log lines and 2 million daily events from an Oracle database. They created a self-learning baseline of normal employee behavior to detect deviations and anomalies, with a specific focus on monitoring high-value "golden" client accounts. The results included the ability to detect and prevent insider fraud, leading to reduced operating costs, money savings, and increased customer satisfaction.