Fortune 500 Distribution Company
Automotive & Industrial Distribution
USA (Global Operations)
Modernized Security Operations (SIEM/SOAR)
Google Cloud (Google Security Operations)
ASSIGNMENT
Migrate from a managed Splunk SIEM to an in-house, cloud-native Google Security Operations (SIEM + SOAR) environment. Design, deploy, and train SOC teams for improved detection, visibility, and compliance.
Overview
A Fortune 500 automotive and industrial distributor transformed its global cloud security operations by migrating from a managed Splunk service to Google Security Operations (Google SecOps) with ScaleSec.
This migration delivered a unified, AI-driven SOC that improved visibility, reduced costs, and empowered internal teams with direct control across a complex multi-cloud environment.
In the initial phases the customer identified multiple existing systems that they would need to leverage their new payments system, but did not yet have a clear understanding of the boundary of their Cardholder Data Environment (CDE) or the full scope of PCI in their environment. ScaleSec performed an in-depth analysis of the customer’s proposed Google Cloud architecture, their existing cloud environment, and ensured the true scope of PCI was identified, with the appropriate Self-Assessment Questionnaire (SAQ) selected.
ABOUT THE CUSTOMER:
A global service organization distributing industrial and automotive replacement parts through 10,000+ stores and fulfillment centers in 17 countries, supported by more than 63,000 employees.
The Challenge: Scaling Security Across a Global Enterprise
As a global enterprise with a complex IT footprint (including on-premises systems, supply chain platforms, and multi-cloud deployments across GCP, AWS, and Azure), the customer needed a unified, scalable approach to cloud security.
Previously, the company relied on a managed security provider using Splunk, which initially offered baseline visibility. However, as operations and cloud adoption accelerated, the model became inefficient and costly. The security team faced rising ingestion fees, slow response times, and limited flexibility to adapt.
Key challenges:
- Escalating SIEM and MSSP costs tied to ingestion and service fees
- Fragmented visibility across retail, distribution, and corporate networks
- Limited automation and tuning capabilities for detections
- Compliance and data custody concerns with third-party log management
- Lack of integrated ticketing and workflow automation
With increasing data volumes, multi-cloud complexity, and strict compliance demands, the company needed a more agile, cloud-native security operations center (SOC).
The Solution: Migrating to Google Security Operations
Google Cloud engaged ScaleSec, a trusted Google Cloud Security Consulting Partner, to lead the migration through Partner Service Funds, allowing the project to proceed at no cost to the customer.
ScaleSec designed and deployed a dedicated Google Security Operations tenant (SIEM + SOAR), giving the customer direct control, centralized visibility, and AI-driven automation across its global environment.
Key implementation steps:
- Conducted architecture assessment across on-premises and multi-cloud environments
- Deployed and configured the Google Security Operations tenant
- Designed IAM roles and RBAC policies for least privilege and separation of duties
- Integrated BindPlane for enterprise-wide log aggregation
- Ingested and normalized logs from servers, firewalls, SaaS platforms, and multi-cloud systems
- Converted Splunk detection rules to YARA-L and rebuilt dashboards in Google SecOps
- Created end-to-end documentation, migration diagrams, and SOC training materials
This cloud-native implementation unified global data sources into a single, scalable, and secure platform.
Implementation: A Collaborative, Global Migration
ScaleSec partnered with the customer’s corporate IT and cyber defense teams to design, deploy, and validate the new Google SecOps environment.
Migration milestones:
- Led discovery and design workshops to capture business and technical requirements
- Coordinated cross-functional teams and vendors using detailed project plans, RAID logs, and risk registers
- Normalized and centralized thousands of log sources into Google Security Operations
- Developed SOAR playbooks to automate response actions and streamline SOC workflows
- Validated IAM, monitoring, and compliance requirements for PCI and GDPR readiness
- Delivered detailed documentation and training to ensure long-term SOC independence
This structured approach ensured a seamless transition, reduced operational risk, and accelerated global delivery.
The Results: A Modern, AI-Driven Cloud Security Platform
The new Google Security Operations environment now powers a modern, AI-driven SOC with measurable improvements in speed, cost efficiency, and compliance.
|
Outcome |
Impact |
|
Complete migration from Splunk |
Full normalization of retail, distribution, and cloud logs within Google SecOps |
|
AI-powered threat detection |
Analysts use Google Gemini AI for natural language queries and detection building |
|
Faster response times |
Incident resolution accelerated from days to hours via automated SOAR playbooks |
|
Cost predictability |
Eliminated variable ingestion costs with flat, scalable billing |
|
Unified visibility |
Centralized SIEM/SOAR visibility across multi-cloud and on-prem systems |
|
Enhanced compliance |
Simplified PCI and GDPR audit readiness with improved data custody |
|
Improved analyst efficiency |
Analysts complete more investigations per shift with no added headcount |
“Owning our Google SecOps tenant gives us predictable costs and the flexibility to adapt quickly as our business grows. The transition has made our security operations more efficient and aligned with the needs of a global enterprise.”
Chief Information Security Officer
Fortune 500 Distributor
Looking Ahead: A Stronger Foundation for Global Security
By migrating from a managed Splunk-based service to Google Security Operations, the company gained complete control of its SOC, reduced operational costs, and improved agility across its global footprint.
Key achievements:
- Delivered a cloud-native, AI-driven SIEM/SOAR platform
- Improved compliance, cost predictability, and response time
- Enabled full SOC ownership and independence
- Accelerated security transformation through Google’s Partner Service Funds
With ScaleSec’s delivery expertise and Google Cloud’s modern SecOps platform, this global distributor established a scalable, future-ready foundation for cloud security across its enterprise.
“Partnering with ScaleSec and Google Cloud allowed us to move quickly and build a stronger foundation for our security operations.”
Global Senior Director for Cyber Defense
Fortune 500 Distributor