04/12/2024
Challenge
A variety of disordered incidents coming from different sources, no automatic classification, a lot of tasks with manual handling, lack of transparency in operations – all these factors lead to mismanagement incompanies’ cyber security and cause complex issues. Unfortunately, each organization that has no implemented incident management process faces the problems mentioned above and the Mining company was no exception.
Besides, the Company had an additional requirement connected with its business niche: incident information had to be transferred to a government agency in a special report form, when severe incidents occur.
After comparing the products of different vendors, the Mining company has chosen the Defensys SOAR as a perfect solution, that fulfills all necessary tasks.
Implementation & Results
First of all, Defensys has set up integrations with the antivirus, SIEM system, and a vulnerability scanner already used in the Company, so that the SOAR immediately receives all data regarding coming incidents.
The main changes have affected the SOAR’s incident card: there are entities’ interdependencies at the core of the new card. Defensys engineers have developed customized scenarios covering the Company’s needs and added new fields to the card. Each incident is now processed according to a certain scenario, it’s assigned a registration number and a type, that determines the incident’s category. Accordingly, the required range of fields appears in the incident card depending on its status.
Thanks to this, users also can choose a required value from the existing list in the card’s field and a new group of fields connected only with the chosen parameter will be displayed. If users change the value, the other group of fields will be available in the card.
Thus, incident information is ready for further transfer to the authority. The responsible employee only needs to press a button in the Defensys SOAR and the data will be proceeded to the government agency.
As a result of the Defensys software implementation, the Mining Company got a clear incident management process, that can be easily adjusted for the employees’ needs if they appear in the future. The Company has fully appreciated the tool, that classifies information and prepares it for further transfer according to legislation’s requirements. The Company’s employees now can start working with incidents right after the information has been received by the Defensys SOAR without wasting their time searching for information and saving it in a convenient format.
In addition to standard e-mail notifications, Defensys team has also set up notifications through messengers. This helps System’s users to be aware of a current situation any time and to rapidly take actions, when needed.