A top 20 European Bank, which operates across multiple countries, was struggling with cyber, financial crime, fraud and internal threat investigations. The team was using mostly manual file investigation based tools to try to investigate problem areas for the Bank. A major Data Lake project had centralized a lot of data but that wasn’t solving any problems for the internal investigation teams. The cyber team had access to Splunk which was used as a SIEM but was not useful for historic investigations. Other tools used did not allow a holistic integration of unrelated data leading to slow, cumbersome investigations which resulted in difficult training and onboarding of new staff.
The Bank implemented Siren themselves with no help from the Siren Client Services team. As existing users of Elasticsearch installing Siren was a quick upgrade to the existing cluster. The solution involved ingesting multiple data sets from Splunk, the Data Lake, local databases, forensics data and ad hoc input such as CSV files.
A specialist team of investigators across multiple domains (cyber, financial crime, insider threat etc.) now has access to a single investigation platform as a starting point for all investigations. With pre-integrations to the Data Lake, Splunk & other key data sources the foundations for many investigations are in place. The users are now trained on basic search capabilities, running graph analytics in Siren (common communicator, shortest path etc.) and are quickly up to speed on using the platform. The users are now able to produce auditable reports which are defendable internally and when necessitating sharing with local law enforcement. This has led to better coordination between the cyber team and the financial crime team. Plus the Risk & Compliance unit has a much better evidential trail of actions taken when dealing with local regulators keen to see action on money laundering, KYC and cyber crime.