Rheinmetall AG

Introducing a comprehensive POC on an appliance basis

The SIEM license was approaching a renewal date, and Mr. Malewski saw this as an opportunity to explore alternatives. Considering the previous experience with OpenText, an extensive POC began to compare functionality, automation opportunities, and ease of use. He commented, “Our priority was to determine if OpenText Enterprise Security Manager can follow our SOC analysts’ workflows and designs. We wanted to see a positive user experience, seamless SOAR and ecosystem integration, and one central system to manage all roles and their access to data sources.”

The Rheinmetall POC was deployed on an appliance basis, with OpenText providing the hardware and software needed to operate the solution. This significantly eased the installation and maintenance effort and ensured that Rheinmetall can run OpenText Enterprise Security Manager fully on-premises in its own robustly secure environment.

Leveraging advanced ecosystem integration capabilities

The POC was supported by local OpenText technical engineers, as well as OpenText Professional Services. Mr. Malewski quickly saw the familiar capabilities he looked for, such as sophisticated dashboards.

“We really appreciated OpenText’s dynamic dashboards,” he said. “I can just click on a bar graph, for example, and the dashboard will dynamically change to focus on this specific element for full transparency.”

Rheinmetall also liked OpenText’s native integration capabilities. The organization uses WebEx, and this was easily incorporated using a simple API. New data sources were straightforward to add, even from external parties, such as the threat intelligence service provider, so that relevant data is readily available for analysis and correlation purposes.

A key component of the OpenText Threat Detection and Response portfolio is OpenText Security Log Analytics. This is a comprehensive SIEM log management tool and security analytics solution that eases compliance burdens and accelerates forensic investigations. Mr. Malewski’s team already leveraged the MITRE ATT&CK framework—a globally accessible knowledge base of adversary tactics and techniques based on real-world observations, used to develop specific threat models. With the MITRE ATT&CK content, the Rheinmetall penetration testing team can quickly see how much coverage it has against the tactics and techniques within the framework and map it to Rheinmetall use cases. OpenText Security Log Analytics helps identify risks, prioritize them, and take timely action.

Improving SOC productivity and bolstering security posture with SOAR

SOAR capability is a natively integrated part of OpenText Enterprise Security Manager, proving a real differentiator compared to the legacy SIEM suite. In the previous environment, the team operated a dedicated ticketing system where all security incidents were managed. Incident alert details were automatically sent to the ticketing system, but the SOC analysts had to conduct manual investigations.

Mr. Malewski explained how SOAR improved this process: “SOAR not only automates alerts, but it also intelligently logs the initial automated investigative actions, such as checking the CMDB or other sources. The documented output shows the exact real-time status of the alert. And thanks to SOAR’s native integration into the SIEM platform, we have a real-time correlation engine that can respond directly to alerts. This is very different from solutions we’ve worked with in the past, where data logs had to be scheduled every five or ten minutes. Because we can respond quickly to a developing threat, we can easily block domains or push information to a certain proxy. The added, coincidental benefit is that the SOAR interface looks very similar to the look and feel of our previous ticketing system, which made migration easy for our SOC analysts.”