Case Study
Multinational financial services company saves millions on security data ingestion and storage with cloud-native security services
OUR CLIENT
With a storied history dating back to the 1800s, this European financial services company has operations around the world, with annual revenues over €100 billion. The company employs well over 100,000 people that serve nearly a 100 million individuals and commercial customers.
THE CHALLENGE
Firm wanted to bolster cybersecurity with a cloud-based SOC
The client wanted to transform its security posture by establishing a next-generation security operations center (SOC). IT leaders did not want a traditional Managed Security Services provider (MSSP) model. Instead, they wanted a hybrid model where cloud and on-site resources would complement each other. Specifically, the firm wanted to:
- Deploy a cloud-native security information and event management (SIEM) solution - to support a hybrid cloud and on-premises architecture.
- Adopt a more holistic, risk-based approach to threat detection - to increase security resilience and responsiveness.
- Integrate an orchestration and automation platform - to increase threat detection and remediation capabilities and minimize business impact.
- Implement best-practice SOC processes and innovative tools - to enhance operational efficiencies and reduce costs.
THE TRANSFORMATION
Microsoft Sentinel, CyberProof Defense Center solution provided cloud-native SOC
The project team at CyberProof, a UST company, implemented one of the first commercial deployments of Microsoft Azure Sentinel Security Information and Event Management (SIEM), a cloud-native threat monitoring solution that supports data collection for on-premises, hybrid, and multi-cloud ecosystems with intuitive dashboards and reporting that provide continuous security and intelligence insights. CyberProof consultants in Paris, Tel Aviv, and Trivandrum, India work as an extension of the customer’s security team and are an integral component of its cybersecurity strategy offering a full range of managed cybersecurity services, including 24/7 event monitoring, enrichment, and triage; incident response with customized threat detection rules, use cases, and digital playbooks; and a Use Case Factory that’s fully integrated in the CDC platform.
The project team also implemented the CyberProof Defense Center (CDC) platform, a scalable next-generation service delivery platform that automates and orchestrates security processes, and provides other advanced SOC services, such as targeted threat intelligence, managed endpoint detection and response (EDR), and vulnerability management. With robust automation capabilities, the CDC platform enriches event data, proactively queries external sources, responds to analyst requests with contextualized and actionable information, automatically creates incidents based on collation and context without human intervention, executes non-intrusive steps in digitized playbooks, and automates some SOC tier 1 and tier 2 activities. The CDC also leverages analytics and deep-learning algorithms to process huge volumes of data to rapidly detect and evaluate potential known and unknown threats.
“This is probably the biggest Sentinel deployment in the world right now. CyberProof’s scalable, cloud-native services delivered through their CDC platform provide us with a transparent and collaborative hybrid SOC environment.”
Head of Cyber Defense
THE IMPACT
Transformed security operations
With a combination of managed services and automated processes, the integrated Microsoft/CyberProof solution provided the cloud-based SOC the firm needed to bolster its security posture. Now, the company has:
- Fewer false positives and shorter dwell time - thanks to improved data collection, less errors, and faster time to detect.
- Improved operational efficiencies - because of the cloud-native, hybrid deployment model, tools, and automations.
- Less business risk - with faster response times and better visibility because of the process orchestrations and automations.
- A single view of security operations and collaboration across SecOps teams - enhanced by real-time alerts and recommendations.
- Extended security monitoring - for Office 365 and other web applications.
RESOURCES
Managed Security Services
https://www.ust.com/en/what-we-do/digital-transformation/managed-security-services