Home
Case Studies
CarbonHelix
There’s one major advantage cyberattackers have—even over today’s most advanced cybersecurity teams. “They only need to find one vulnerability, one exploit, and they can go from there. On the security side, we've got to be looking at everything at once,” says Mark Precious, Cybersecurity Operations Partner at CarbonHelix. “That means we have to continually move with greater speed and greater accuracy.”
CarbonHelix is a managed security service provider (MSSP) that delivers 24x7 security operations center (SOC) services to customers in a wide range of industries. It incorporates industry-leading technologies, including proprietary solutions, to develop custom playbooks and escalation processes. “Everything's unique to every customer,” says David DeLozier, Vice President of Sales at CarbonHelix.
So how does CarbonHelix manage to deliver customized services across industries while constantly achieving greater speed and accuracy? Its highly skilled human experts commit to leveling up with the most advanced and emerging capabilities of their technology solutions, including the IBM® QRadar® Suite.
As the first step in delivering customized services, CarbonHelix uses QRadar to provide full visibility across a customer’s environment, no matter what technologies and platforms the customer uses. “We can deploy QRadar in any form or fashion—on-premises, in air-gapped environments, if we host it, if a customer hosts it, hardware, virtual, AWS, Azure, it doesn't matter. It can live anywhere,” says DeLozier. “And there's nothing that we have come across that we have not been able to integrate into QRadar, including homegrown and third-party applications.” That integration also includes platforms that are often challenging to integrate into security information and event management (SIEM) systems, such as the IBM AS/400 server, IBM AIX® operating system and mainframe systems common in the banking industry. “It’s a level of visibility that we can’t get with other SIEMs,” says DeLozier.
And to continually drive faster, more targeted threat detection and response, CarbonHelix applies the QRadar machine learning (ML) based user behavior analytics (UBA) and network threat analytics (NTA). “The machine learning is able to analyze activity patterns on a scale that no human analyst is capable of,” says DeLozier. “So, it’s really effective at detecting anomalies that the analysts can then decide how best to handle.” Further, by integrating UBA into the IBM QRadar SOAR component, CarbonHelix combines ML driven detection of risky user behavior with automated responses to quickly mitigate threats.
CarbonHelix has had particular success with NTA in the healthcare space, using the technology to support the proper functioning of medical devices and the security of medical data. IT and security teams for hospitals sometimes have zero visibility into devices on their network, but a single infected device can create broader problems that threaten patient care. DeLozier recalls an instance of an infected MRI machine. Normally, the machine would share data with only one desktop, but through ML analysis of flow data, the NTA app detected that the MRI machine had begun reaching out to many other devices in the hospital. Fortunately, the early detection enabled CarbonHelix and the hospital to shut the machine down and then implement a patch for the problem before the hospital suffered any damage.
While these efficiencies are highly effective today, Mark Precious notes that adversaries are also finding ways to move faster all the time. As part of the ongoing effort to retain its competitive edge, CarbonHelix is building IBM Guardium® data security solutions into its managed services. It’s also forming a dedicated team within the SOC to apply AI to accelerate threat response. The company is specifically integrating QRadar with third-party AI for endpoint detection and response (EDR), to analyze endpoint activities and drive even faster responses. “We’re using AI to feed our SOC better information, quicker,” says DeLozier.
“The goal is to more completely respond to a threat and understand whether a given threat is part of a larger campaign, and to always do both faster than before,” says Precious.
CarbonHelix (link resides outside of ibm.com), an IBM Business Partner, has the experience and expertise to lead today’s AI-augmented cybersecurity efforts. Since 2015, CarbonHelix has provided cybersecurity services from its US-based SOS that meet the highest compliance requirements. The company has established itself as a trusted partner in a wide range of industries, including financial services, healthcare, education, manufacturing, government, and more.
Legal
© Copyright IBM Corporation 2024 IBM, the IBM logo, Guardium, and Qradar are trademarks or registered trademarks of IBM Corp., in the U.S. and/or other countries. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
Client examples are presented as illustrations of how those clients have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
No IT system or product should be considered completely secure, and no single product, service or security measure can be completely effective in preventing improper use or access. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.