CKW AG

SIEM structure

In the canton of Lucerne CKW AG has been providing their more than 180,000 end customers with electricity for almost 130 years. In addition, their portfolio includes innovative products and services in the fields of electrical engineering, photovoltaics, heating technology, e-mobility, building automation, ICT solutions and security throughout Switzerland. 

doIT solutions was authorized to set up and implement a SIEM. CKW's infrastructure is located entirely in the customer's own data center in Lucerne. Remote management is carried out by local employees from the Gelnhausen location. doIT solutions' data center and VPN endpoint are located in a data center in Frankfurt am Main.

doIT solutions designed and implemented a distributed Splunk system as a SIEM on a Nutanix cluster, which was made available to an external SOC operator. The connection of various data sources from administration and production ("OT") was carried out using standard and custom build add-ons (CIM compliant).

The Enterprise Security App was installed and configured for different user groups on several search heads (ES multi-tenant configuration). The Xpert Service monitors all performance-relevant parameters as well as the connected data sources. Availability is monitored and all components are troubleshooted. Regular updates of the OS, application, apps and add-ons are carried out, as well as the maintenance of custom build add-ons and apps.