Challenge
The Credit bureau with millions of loan and credit records was looking for automation tools to quickly respond on incidents, manage IT infrastructure and meet cyber security standards. Defensys solutions attracted Bureau’s attention, because they’re flexible, customizable and easy to work with. The Defensys SOAR and SGRC were chosen to meet the Company’s needs.
Implementation
As for the major part of our customers, Defensys’ team has integrated the SOAR and SGRC with an antivirus and AD. Furthermore, an integration with a data base was implemented to receive information regarding networks and equipment.
A challenging part for Defensys’s engineers was the integration with the platform, which is used as incident repository in the company. This platform also acts as the first line of the company’s SOC. Accordingly the Defensys SOAR has become the second SOC line. Due to this reason, the SOAR should constantly receive a lot of information, classify it, and save in its register. Limited integration functions of the Customer’s platform didn’t allow the Defensys team to implement a pre-installed connector, that’s why Defensys engineers managed to develop a customized integration to connect with the platform and transfer incident data to the SOAR.
As for the SGRC, Defensys’s team has designed customized audits to comply with the Bureau’s internal requirements. New frameworks were created based on the existing policy and provided check-list and were successfully implemented. Defensys’s users now spend less time on conducting audits and have quick access to the required data.
Additionally, the Bureau needed customized incident and asset reports for better control over cyber security in the company. Incident reports contain detailed information regarding incidents, their types and responsible employees for a chosen period of time. The other report type displays information regarding all related equipment, its quantity etc.
System’s users create mentioned reports on a daily basis and have left a positive feedback regarding the crafted reports.
As a necessary step in system’s implementation, asset cards has been updated too. Apart from the fields with general information, certain fields are displayed now in each card depending on the status. Actions, such as access to a connector pushing a button, can be taken only in certain statuses.
For example, depending on the status, incident type and incident results several fields can appear and disappear. False positives are also taken into consideration and have their own business process. Due to this, system’s users are able to see and fill in only fields, that are necessary for the particular case, that significantly reduces processing time spent on each incident.
Therefore, the Bureau was facing several issues, when incidents weren’t graded according to their severity level. To update the existing business process and categorize these incidents Defensys has added fields for tags, which are assigned depending on the severity level and then grouped in accordance with the tags.
Besides, managers wanted to monitor SLA compliance in incident cards. That’s why another group of tags has been installed and now shows timeline details: when an incident was received, how long it was on hold, and when it was closed.
Results
Having experienced all advantages of the Defensys solutions, the Credit bureau decided to expand the product line of Defensys software in the organization. As a further step, the Bureau plans to purchase and implement the Defensys VM and TDP.