Case Study – Healthcare
Healthcare payment processor builds a single, global threat-led SOC in 6 weeks
DOWNLOAD THE PDFAbout the client
As a healthcare payment processor, the client solves complex operational challenges across all lines of business, including Medicare, Medicaid, Commercial, Individual and Self-funded employer health plans. By acting as a one-stop-shop for all health plan technology needs, the business aims to create meaningful operational cost savings for its customers.
The client’s challenge
The client had three SIEM tools and three Security Operations Centers (SOCs) and was struggling with maintaining visibility, duplication of effort, and spiralling costs. The business knew it was time to move to a single unified SOC that could improve threat visibility and exposure management. Goals for the project included:
- Increasing efficiency: Automating tasks that were traditionally performed by human analysts to enable faster detection and response to evolving threats.
- Lowering costs: Reducing operational spend and alleviating the potential costs of a major incident.
- Improving accuracy: Identifying potential threats faster based on risk exposure, and reducing false positives.
- Reducing technical footprint: Ensuring threat visibility, detection and response capabilities with a single, unified SOC.
Benefits
- Established a unified SOC: From three disparate SOCs and SIEMs, the client transitioned out multiple service providers and was able to onboard a single global SOC in just 6 weeks.
- Gemini’s advanced language capabilities: Gemini makes it easy to search for information and to train technicians and the SOC. It also has a direct impact on improving incident response, enhancing context around active threats and reducing Mean Time to Respond (MTTR).
- A new SecOps focus for the business: Automation has made operations far simpler, with 30+ log sources connected and parsed, from AWS and Azure to SaaS and on-prem, providing continuous visibility into potential exposure.
- Custom playbooks: Implementation of 120+ custom detection rules and created a single contextual best-of-breed threat-based playbook consolidating CyberProof’s experience and Google’s security playbooks.
Our solution
CyberProof worked closely with the client to develop and implement a successful migration strategy, focused on reducing exposure and improving threat prioritization, completing onboarding in just six weeks. Over six months, the client ensured operational efficiencies and compliance, before shutting off its previous solution entirely.
The CyberProof solution includes:
- Setting up a unified SOC and transitioning it from three SOCs and 3 SIEMs to establishing unified exposure visibility.
- Support and knowledge transfer for Google SecOps Enterprise Plus.
- Connecting 30+ log sources (AWS, Azure, SaaS, and on-prem), including custom parsers, with 20TB/month in production — billions in log sources every day.
- Creating 120+ custom detection rules and a unified contextual playbook for continuous threat exposure monitoring.
Results
Within weeks, the client was able to consolidate three disparate SOCs and SIEMs into a single global, threat-led SOC, gaining unified visibility across its hybrid environment. The new model improved detection accuracy, reduced MTTR and enabled continuous management of cyber exposure. By adopting a proactive, threat-led approach, The business strengthened resilience, reduced operational costs, and achieved full visibility into its most critical risks.
Speak with an expert
Explore how CyberProof can help you anticipate, prevent, and mitigate ever-evolving cyberattacks in hybrid and cloud-native environments.