About the client
A multinational transportation company approached CyberProof for assistance with security operations. The company has offices at multiple locations around the globe. The client’s existing service operations relied almost exclusively on manual tasks and processes to perform monitoring and response security operations.
The client's challenge
The client was interested in eliminating as many of these manual processes as possible without compromising on accuracy and replacing them with more efficient, automated operational processes. They were looking for a Managed Security Services Provider (MSSP) that offered a transparent and collaborative approach, replacing the “black box” solution of the incumbent provider.
They were also looking for a vendor that would augment the capabilities of their existing security operations center (SOC) and security team.
The client sought to engage with an MSSP who could support all aspects of their security operations – including 24×7 coverage for their Level 1 SOC activities. They were interested in introducing more efficient, automated processes; at the same time, they also needed to continue leveraging their existing tools and technologies. They wanted to reduce the time to detect and respond to incidents and improve the effectiveness of their operations based on clearly measurable KPIs.
- Improved security visibility by expanding the organization’s monitoring in cloud environments, using Azure Sentinel SIEM.
- Greater operational efficiency by automating 70-80% of Level 1 alert notification, triage, investigation and response activities.
- Better transparency and collaboration by leveraging the CDC platform, which has a ChatOps feature and offers full visibility into SOC operations for both the client’s security analysts and the CyberProof team.
- A more future-proof solution catering to the client’s medium and long-term needs, by creating a security infrastructure that’s capable of monitoring Operational Technology (OT) and the Internet of Things (IoT) – whenever the client opts to bring these technologies on board.
- Reduction in operations costs of over 40%, achieved by integrating CyberProof’s cloud-native tools and automations.
CyberProof was selected to provide the client with a fully managed security event monitoring capability.
Working together with Microsoft, one of our strategic partners, CyberProof developed a security analytics and SOC monitoring proposition that has the ability to scale up, as well as down – providing the client with the level of flexibility they required in adopting new technologies and services.
CyberProof deployed a full range of managed cybersecurity services, including:
- 24/7 event monitoring, event enrichment, and triage
- Incident response with customized threat detection rules, use cases, and digital playbooks
- Use Case Management that is fully integrated with the CyberProof Defense Center (CDC) platform – our next-generation service delivery platform that leverages automation, orchestration and collaboration capabilities to deliver co-sourced SOC services.
CyberProof was able to facilitate the successful automation of up to 80% of the client’s L1 activities by leveraging the capabilities of our Use Case Catalog – a library of customized Use Case Kits consisting of prevention controls, detection rules and response playbooks. Moreover, CyberProof was able to leverage the client’s existing technology investments – such as their SOAR platform – by building custom integrations with the CDC platform that support process automation & orchestration.