While stopping threats from becoming security breaches is the ultimate measure of success for a SOC, the efficiency with which it does so is also key on an operational level. And that’s where Askari Bank’s automation efforts have really delivered. Through QRadar SIEM’s ability to weed out false positives, the bank’s SOC has reduced the number of security incidents from roughly 700 per day to fewer than 20. Moreover, the QRadar SOAR playbooks implemented in the SOC enable personnel to resolve these incidents in an average of five minutes, as compared with up to 30 minutes prior to the bank’s security transformation.
As Umair Shakil points out, all these automation-driven efficiency improvements mean that SOC personnel can filter out the low-priority incidents and false positives that can swamp an SOC, and instead focus on addressing true risks and hunting for vulnerabilities. “For an SOC to be effective, the ability to prioritize our response to the most pressing security risks is nearly as important as detection,” says Umair Shakil. “In that respect, the QRadar solution we deployed has made our team far more effective at addressing the threat landscape.”
Importantly, that means threats that come from both outside and inside the bank. And that gets to one of the key security issues facing not just banks, but any organization: managing the security threats posed by “insiders.” In many cases, the tell-tale signs of insider threats are both botched login attempts and atypical or anomalous behavior within the network, such as when an employee attempts to access an application or database. To detect these risks, Askari Bank uses the User Behavior Analytics (UBA) app. By combining behavioral rules and analytics with log and activity data already stored in QRadar, the UBA app has enabled the bank’s SOC staff to streamline monitoring, detection and investigation, thereby improving the efficiency of insider threat management. Moreover, because UBA uses analytical algorithms to detect deviations in user activities—rather than strict rules—Askari Bank has been able to use it to reduce the frequency of false-positive incidents.
While there’s no single indicator of how far Askari Bank has come in improving its security posture since working with SPS to deploy its new QRadar solution, there are plenty of proof points. For instance, an SOC that didn’t even exist three years ago is now staffed by a team of more than 20 specialists. And there’s something else the bank has that it didn’t before: threat visibility. By virtue of the correlation capabilities of QRadar SIEM and its ability to provide high-fidelity alerts, Askari Bank can now get an accurate window on how many offenses it’s experiencing 24x7.
On top of this vastly improved threat visibility, Jawad Khalid Mirza points out, the automated responses enabled by QRadar SOAR mean that SOC personnel are working more efficiently and proactively to keep today’s cyberthreats—and tomorrow’s emerging ones—at bay. “The fact that we’re now able to comply with Pakistan’s cybersecurity regulations is critical, but only the beginning,” he explains. “With QRadar, we now have the efficiency and flexibility to adapt to a cyberthreat landscape that’s constantly changing, no matter how fast we grow.”