August 31, 2021 | Written by: IBM India Pvt Ltd
Categorized: . | Digital Reinvention | Security
Share this post:
Genpact, a global professional services firm, is accelerating digital-led innovation and digitally-enabled intelligent operations for its clients – many of them Global Fortune 500 companies – to deliver real-world transformation at scale.
With oversees global operations in 30 countries serving over 800 clients, Genpact’s 90,000+ employees are reinventing business models and running thousands of processes, helping businesses accommodate growing complexity introduced by remote work.
But scale and complexity are not the only challenges its Cyber Defense Center (CDC) team faces every day.
Headed by Vivek Attri, Cyber Defense Leader, Genpact, one of the earliest adopters of SIEM solutions, is responsible for ensuring avoidance of security attacks, detecting, and responding to security threats targeting Genpact.
Genpact CDC has, to its credit, won international recognition for its innovative approach in cyber situational awareness, security intelligence, threat detection and response capabilities, even as threat actors are becoming increasingly sophisticated.
In 2015, as Genpact was formulating its multi-year journey for internal digital transformation and cloud adoption and was also preparing to incorporate more digital technologies into its solutions to help accelerate clients’ digital transformation journeys, the Genpact CDC leadership wanted to be ready to play a strategic role in minimizing risks and providing world-class defense to create competitive advantage for Genpact clients.
Vivek says, “We started our CDC transformation journey in 2015 wherein the first step was to define exactly what we want to achieve out of this program. We performed extensive exercises involving respective leaders in Genpact from various domains such as HR, Legal, IT operations, business verticals and security SMEs for defining the transformation goals for CDC.”
With the cyber-threats becoming more sophisticated in the past few years and, envisioning the digital transformation would result in new types of cyber-risk considerations, Vivek and his CDC team mapped the business goals into the following cybersecurity requirements to enrich its cyber defense framework via automation and machine learning competencies, to:
- Reduce cyber-attack “dwell times” via intelligence-driven hunting/detection and mitigation processes which also consider threats in the context of the business.
- Augment investigation capabilities using forensics capability.
- Gain actionable insights into risky user behavior / potentially compromised accounts by deploying User Behavior Analytics (UBA).
- Expand coverage of security intelligence to include cloud technologies and threat feeds.
- Ensure the highest quality of delivery by further strengthening its CDC core skills and further maturing the governance processes.
In doing so, the team duly considered the adjustments it will have to incorporate due to the internal technology transformation to tune the cyber defense program to the newer applicable threats,
With these requirements in place, Vivek and team were quick to realize that they need to revamp to a new technology suite, supplemented with process and resourcing enhancements. To do so, they charted a CDC transformation roadmap:
- Implemented security intelligence platform: Evaluated and implemented next-gen SIEM platform, with advanced capabilities, across 25+ locations globally to provide a richer context for incident detection, prioritization, investigation, and reporting. Also enriched security intelligence with user behavior and machine learning capabilities
- Introduced an incident response platform: Designed and implemented an incident response platform to drive consolidation and consistency in responding to security alerts generated by various threat detection platforms and automate some aspects of incident handling.
- Strengthened incident response processes: Built dynamic workflows to investigate and respond to complex threats in an accurate and faster manner. Also defined key metrics to be measured to assess the performance of the incident response processes.
- Leveraging automation at scale for faster response: To handle the increased scale and complexity of attacks, as well as the significant number of events to be analyzed, Genpact CDC brought in automation capabilities innovatively to accelerate response time.
As the Genpact CDC continues its transformation journey, it has had one constant companion. IBM Security.
For their CDC revamp, Vivek and his team chose:
- IBM Security QRadar: They needed a next-gen SIEM for intelligent insights that enable it to accelerate security operations processes to reduce the impact of incidents. Learn more
- IBM Security Resilient: They wanted to accelerate incident response with automation, process standardization, and integration with existing security tools. Learn more
Vivek says, “When we evaluated the POCs, IBM Security QRadar offered a comprehensive feature set that would give us the ability to address key business use cases, and it also seemed easy to deploy. In addition, it is a flexible platform that can scale in line with our security operations. This combined with the stability of the IBM brand, and analyst credentials, especially from Gartner, made it an easy choice in the end.”
Few of the key success factors for Genpact CDC were to achieve key business use cases for effective security monitoring, drive a significant increase in situational awareness, and enhance the effectiveness of security incident investigation. IBM QRadar enabled this by providing a richer context for incident prioritization, investigation, and reporting with insights, along with coverage of the cloud. In addition, the Genpact CDC achieved highly effective monitoring and prompt response against progressive threat vectors, which QRadar enabled through the implementation of 100+ advanced use cases combined with User Behavior Analytics (UBA) capabilities. This helped Genpact CDC gain insight “we never had before.”
Another important aspect of Genpact CDC transformation was improving SOC analyst productivity and allowing them to focus on more value-added activities. Post-IBM SOAR implementation, end to end automation of Tier 1 incident handling via IBM SOAR resulted in considerably faster and highly consistent Tier-1 handling of security alerts with significant ROI. In addition, automation of specific Tier 2/3 analyst tasks resulted in increased overall capacity to handle more security alerts and incidents with the same team size.
“In the last 4 years, the CDC transformation journey has helped us in gaining insights we never had before, and automation of incident response run books has enabled our security analysts to orchestrate prompt and accurate response against observed threat vectors” concludes Vivek.
Amid the growing threat landscape, the Genpact CDC transformation will continue further. Genpact CDC will continue to focus on threat modeling to tune the program to where the risks are, and extensive cloud coverage, given the continual increase in cloud footprint.
Schedule a consultation with IBM Expert