Case Study - Insurance

SOC & NOC unification streamlines security & network monitoring operations

Client challenge

The client is a large insurance carrier with offices in multiple locations. The client initially turned to CyberProof after having issues with their previous service vendor, who was providing security alerts but conducting no real triage.

The client’s team didn’t feel the vendor understood the environment; and the client’s team had to teach the vendor how to use their SIEM solution.

This meant that security operations were never fully optimized to their environment and system patching was consistently behind schedule.

Furthermore, the client wanted to be proactive, and wanted the ability to recognize, respond, and recover from attacks more quickly. They felt that they needed a platform that introduced automation into security operations.

Benefits

  • Reduced costs – A lower head count with the new, integrated operations center.
  • Fewer false positives – Splunk is a fully functional SIEM system, reducing noise and false positives.
  • Quicker response – The SeeMo virtual analyst combined with our cyber analysts cuts the client’s time to response through automation & orchestration and provides patch management assistance.
  • Single view for analysts – Provides alerts and recommendations for IT and security incidents.

Our solution

CyberProof fused the client’s SOC and NOC into a fully-integrated Operations Center, in which tier 1 and tier 2 analysts cover both security and IT tasks.

CyberProof also provided the client with a single pane of glass that provides a holistic picture of the client’s security and network environments.

With the implementation of the new platform, the client was able to streamline their staffing from having two separate teams to having a single team for both security and network monitoring. The CyberProof operations team includes an on-site team working Monday through Friday; ten people in India supporting the client 24/7; and tier 3 and 4 support provided by the team in Israel.

In the initial stages of engagement, CyberProof provided an in-depth Cyber Assessment. CyberProof assessed how the Splunk SIEM solution was being used, provided recommendations, and helped the client optimize the system. We also set up new rules and made sure all systems were feeding logs to Splunk.

Today, the CyberProof Defense Center is fully integrated with the client’s system, SeeMo (our virtual analyst) is providing live insights, and we continue to provide the client with threat intelligence on an ongoing basis. CyberProof was able to assist the client in meeting their goals of cutting their head count, reducing costs, and obtaining a single pane of glass for both IT network and cyber security – thereby optimizing their security readiness.

Speak with an expert

Explore how CyberProof can help you anticipate, prevent, and mitigate ever-evolving cyberattacks in hybrid and cloud-native environments.

SPEAK WITH AN EXPERT