India’s largest private sector bank was using a SOC provider with a team of nine resources. The partner helped the bank to transform its SOC into a NextGen CSOC. Network Intelligence after getting the order, it initiated the project takeover in April 2018 and in short span of time turned the SOC to a 27 seater Next Gen CyberSOC with automation and setting of key metrics to establish the efficiency of the SOC.
The technology landscape covered in this project was 12,500 servers, 1,10,000 Endpoints (10 per cent increase year-on-year) 1,500 + Log Sources (10 per cent Increase year on year) 77,500 events per second (capable of scaling to 160K EPS), 300+ security events (offences) reviewed monthly.
The first phase was split into conducting an existing, maturity model assessment and plan, create runbooks, training methodology, catalogs and use cases, developing KPI development and analytical models and comprehensive product evaluations of existing setup. The second phase was all about automation script development, Big Data, Security Analytics and Machine Learning, Threat Intelligence Fusion, threat hunting for Next-gen platform management, orchestration and automation, incident response and remediation and lastly reporting and measurements.
The incumbent SOC setup was in existence for more than three years. After the partner picked the project, majority of the time was invested in reviewing their existing setup, processes, runbacks, etc. Once this was done, it saw the obstacles that were coming in its way is to reach the desired goal of the customer. The core project solution was centred around People, Process and Technology (PPT). This PPT model helped in addressing the hindrances that came up in day to day activities.
Creating good expertise of people and investing in their skill development helped the partner. Ensuring that the processes of the bank are followed and its own processes are in line with various compliance and regulations that the bank has to comply to, helped the partner. Network Intelligence also optimised the existing technologies and prioritising their use.
Looking at the key benefits of this project the bank saw improvement of security incident detection and remediation. With the integration of the ticketing tool of the bank, the response time to respond to alerts and carry out remediation has reduced by 1/3 of the original time (before setup of the Next Gen CyberSOC). It gives single visibility/dashboard of the security landscape and improved collaboration of all the security technologies and investments done.
The solution helped the bank in creating KPI and key metrics. CISO Dashboards : The CISO was having various management consoles, to view his security landscape. With a key deliverable from the partner side was CISO Dashboards, the CISO gets direct business benefit by way of visibility and presentation to the management of key metrics set.
The bank has one of the largest infrastructures in the country and is considered to be a benchmark for all other banks in India and abroad. Many companies and banks speak about a NextGenCyberSOC, but, in reality that is very difficult to achieve. Network Intelligence has taken its SOC to a Next Gen CyberSOC with key defined metrics and success criteria.