Improved security processes
Challenges
The customer, a logistics company in the CEE region , planned to significantly improve the company's security maturity. For this purpose, he was searching for a suitable partner to set up a completely new Security Operation Center (SOC).
The goals of the project were:
- To achieve full visibility over the network infrastructure via the implementation of a SIEM (security information and event management) Solution for log collection and aggregation.
- To implement SOAR (security orchestrations, automation, and response) Solution to facilitate rapid incident containment and investigation.
- To integrate a Threat Intelligence Platform to streamline the OSINT information feed for threats and zero-day exploits which may affect the infrastructure.
- To deploy EDR (endpoint detection and response) and NDR (network detection and response) Solutions for better network and end-point security.
- To fully outsource the incident monitoring, detection, and response process to experienced SOC Analysts with entirely Managed 24/7 Service.
Solution
DIGITALL was selected as a partner for the implementation of a new Security Operation Center and had deployed IBM's XDR (extended detection and response) platform - Cloud Pak for Security with an integrated Data Explorer App (SIEM functionalities), Case Management App (SOAR functionalities), Threat Intelligence Insights App and the UBA (user behavior analytics) App.
All implementation, installation and configuration requirements were successfully completed by DIGITALL. In addition, an ongoing 24/7 SOC service was provided to the customer.
Due to the successful project delivery and SOC services, the customer is currently experiencing:
- 67% reduced time to react
- 78% fewer false-positives
- 82% fewer incidents recorded
- 117%* return on investment for the first year
With this project, DIGITALL became one of the first European system integrators to have deployed the IBM XDR platform.
*based on estimated risk value of mitigated attacks in 2022
