The existing security operation method had each solution operating individually, leading to a decentralized log collection and analysis, which limited real-time threat detection and rapid response capabilities.
We established an integrated security monitoring system based on SIEM. To collect and analyze financial sector-specific threat information in real-time, we enhanced the linkage with FCTI (Financial Cyber Threat Intelligence) and expanded and advanced the analysis scope through EDR/NDR log collection.
By introducing a next-generation monitoring system that overcomes the limitations of the existing ESM, we built a security monitoring system tailored to the financial sector. Through the integration of FCTI and EDR/NDR, we can comprehensively analyze threat factors within the financial system and respond proactively. This has laid the foundation for enhancing the reliability and efficiency of security operations.