Facing new regulatory deadlines, businesses need to report and respond to security breaches more rapidly than ever before. With the IBM Security® SOAR Platform, Secure-24 boosted the speed and flexibility of its investigative team to provide even faster—but still highly reliable and auditable—support during stressful security events.
To support customers in responding to security incidents within an increasingly shorter timeframe, Secure-24’s investigative team needed the right technology core at the heart of its operations.
After evaluating leading security orchestration and automation platforms, the team deployed an IBM Security SOAR solution which integrates systems and offers dynamic workflow capabilities to speed processes.
Putting customer relationships, business reputation and financial well-being at risk, a security breach is a highly stressful situation for an organization to manage under any circumstances. With new regulatory deadlines in place for incident reporting, companies are under pressure to respond more rapidly than ever before.
“Businesses used to have days, weeks or even months to let people know that an incident occurred,” says Brian Herr, Chief Security and Privacy Officer for Secure-24. “In today's world, we're talking hours—and there’s an enormous amount of work that has to get done.”
A provider of enterprise security solutions for nearly two decades, Secure-24 maintains a dedicated team of specialists to help organizations act quickly in the face of a cyber attack. “Our investigators look at phishing, malware, ransomware, unauthorized access — it runs the gamut,” says Herr. “We work across all different verticals and all different types of systems.”
To support its customers in responding to security incidents within an increasingly shorter window, Secure-24’s investigative team needs the right technology core at the heart of its operations.
“As our program grew, we discovered that a lot of tools out there are lacking,” says Herr. “Clients need things fast, but they also need to feel confident that our investigators have done their due diligence. We needed an incident response platform that was both easy to use and highly reliable in collecting evidence for audits and potential legal proceedings.”
Evaluating leading incident response solutions, Secure-24 was impressed by the integrative capabilities of the IBM Security SOAR, previously Resilient. “We looked at a lot of tools and we found that Resilient is the sweet spot,” says Herr. “Resilient integrates with our other IBM® platforms and with platforms from the other big industry leaders.”
In addition, the IBM Security SOAR platform’s dynamic playbooks functionality supports Secure-24 in creating customized workflows for incident response as well as easily updating, adjusting and combining them as needed.
“The dynamic playbooks feature is the most important part of the tool for us,” says Herr. “Our investigators have been able to create a methodology that’s flexible but keeps every investigation tight. From the beginning, we’re following a step-by-step process that gathers everything needed for an audit and for evidence in case an incident goes to law enforcement.”
An IBM Security team visited Secure-24 onsite to help the company customize the module for its investigative needs. “We had IBM experts who really understood investigations come out and take the time to put together playbooks with our investigators,” says Herr. “From there it went viral—every single investigator wanted to participate in this new program of Resilient dynamic playbooks.”
To further optimize its incident response program, Secure-24 evaluated security information and event management (SIEM) tools to integrate with the IBM Security SOAR platform, including the IBM QRadar® Security Information and Event Management solution, an intelligent platform designed to rapidly analyze vast quantities of network data.
“We had our investigators doing mock investigations using a number of top SIEM solutions out there,” says Herr. “The platform we found fastest, easiest to use and most consistent was IBM QRadar.”
Together, the IBM Security SOAR platform and QRadar SIEM technology provide Secure-24 with a powerful and transformative combination. “We refer to Resilient, QRadar and the whole IBM ecosystem as a force multiplier,” says Herr. “We’ve evolved into an organization with a completely comprehensive and dynamic program around security incident response.”
By integrating Secure-24’s systems and supporting quick workflow adjustments, the solution greatly enhances the investigative team’s speed, flexibility and responsiveness.
“Resilient saves us so much time—some of our steps have gone from hours to minutes,” says Herr. And when a CIO is on the line with their lawyers and their executives, sweating bullets, wanting to know exactly what’s happening, we have a platform in place that allows us to speak confidently.”
In addition, the IBM Security SOAR platform is instrumental for Secure-24 in helping customers address their auditing and legal demands.
“We have all the data needed to show the work that has been done—it can be audited or used as part of a legal case should it ever be required,” says Herr. “And we integrate information on applicable laws and breach notification timelines into Resilient workflows to help provide our customers with the information they need.”
Finally, Secure-24 appreciates the ongoing collaboration with and support from IBM in continuing to evolve with the IBM Security SOAR platform.
“We chose Resilient in part because the IBM team was incredibly, incredibly helpful,” says Herr. “The degree to which they helped us onboard was phenomenal. And now that our investigators are constantly innovating with the platform, they can reach out to IBM for guidance.”
Secure-24 (link resides outside ibm.com), an NTT Communications company, provides application hosting, cloud and managed IT services. With nearly two decades of experience, the company serves businesses worldwide, offering expertise and advanced technology to help them innovate, transform and grow. Secure-24 is headquartered in Southfield, Michigan and has approximately 800 employees.
Legal
© Copyright IBM Corporation 2019. IBM Corporation, IBM Security, New Orchard Road, Armonk, NY 10504
Produced in the United States of America, May 2019.
IBM, the IBM logo, ibm.com, QRadar, and Resilient are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/trademark.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.