“We give our customers confidence in their ability to use technology to be their best, and a key part of that is implementing flexible solutions with world-leading security,” says Laura Smith-King, Marketing Communications Manager at boxxe, a managed services provider (MSP) based in the UK.
boxxe delivers critical IT services to a range of public sector organizations and businesses across all industries. “We believe that tech can transform businesses and empower individuals,” says Smith-King. “With our deep expertise, collaborative approach, and practical know-how, we're dedicated to implementing flexible tech solutions that accelerate business growth. Our goal is to give people the confidence to leverage tech for their best and better—commercially, socially, and sustainably.”
boxxe’s customers have varying security needs, but for Charlie Kemp, boxxe’s Security Operations Center (SOC) Manager, the mission is to make all of them as safe as possible: “The customers we deal with tend to have a team of five or 10 people who are security inclined, though not necessarily experts in analyzing or dealing with threats.”
But attack vectors are changing very fast. Attackers, augmented by generative AI (gen AI), are becoming more sophisticated at finding weaknesses or deceiving users. Kemp mentions a rise in convincing, highly targeted phishing emails as one example. “It can influence people to click, and such a small action can lead to massive consequence,” he says.
To identify and act on everchanging threats before they affect customers’ operations, the boxxe SOC team has implemented IBM Security® QRadar® software, taking advantage of its AI-based automations for greater speed and its ability to integrate with practically any system or platform for the widest possible visibility.
boxxe used an earlier version of QRadar for several years. When the team sought to continue to enhance its security capabilities, it evaluated other threat detection and response solutions and decided that IBM Security QRadar SIEM on cloud, combined with IBM Security QRadar SOAR, offered the best advantages for today’s security challenges.
“It’s not that IBM is the only one offering certain capabilities,” says Kemp, “it’s the way that it’s been done. It’s not uncommon for other tools to have user behavior analytics (UBA), but the machine learning and the AI behind IBM’s solution have been well developed. It makes it much easier for us to use.” Kemp says the same goes for QRadar’s security orchestration, automation and response (SOAR) and unified analyst experience (UAX) capabilities. “They’re not necessarily new, but they are far ahead of other offerings. We are now capable of mitigating advanced threats that we may not have been able to detect previously.”
Kemp relates a story of QRadar’s UBA outperforming a manually applied detection rule for brute-force hacks. The team had been using UBA for only a week when a brute-force attempt targeted a boxxe user ID. Within five minutes, UBA detected abnormal logins and began increasing the activity’s risk score, allowing the SOC team to respond and prevent any damage. The manually made rule triggered an alert about 10 minutes later.
Now, boxxe is taking advantage of that efficiency at scale. The team has deployed UBA in a multitenant architecture and activated more than 1,500 rules, and has gotten only one false positive. “It sits in the background doing all the learning itself,” says Kemp. “It doesn't need any input from us other than whom I’m looking for and what is the threshold.”
And although boxxe is just beginning to use UAX, Kemp says it’s already a major leap forward. “We can use it to integrate pretty much anything,” he says. “Its federated search appears to be quite unique, as it goes to other platforms, reads their data and returns results back to you with filters you select. We used to operate 14 dashboards. We’ve used UAX to consolidate them down to three, and we plan to get to just one. We can escalate in UAX, we can deal with alerts in it, we can cross reference it, do reputation scans from it, threat hunting—all in one single pane of glass.”
Another factor in boxxe’s decision to go with IBM was IBM’s multifaceted support. As an IBM Business Partner, boxxe took advantage of IBM’s Build Fund, an IBM Partner Plus financial assistance program, to receive a discount on its purchase. IBM Expert Labs helped with implementation and provided a readily available expert to answer questions and help solve challenges as they came up. And boxxe also received great support from the IBM Customer Success and sales teams.
boxxe has achieved significant time reductions in its major threat-response processes:
Further, boxxe’s security analysts use QRadar’s automations to eliminate about 20 hours per month of manual reporting.
“So we have more time to focus on things of more concern than a report,” says Kemp. And as he looks forward, Kemp sees even more automation potential. “The intent is end to end. To be able to essentially detect anything bad, deal with it, let the customer know it's been dealt with and be exactly where we were prior to the attack within half an hour. I think that that is the capability of it.”
boxxe (link resides outside of ibm.com) connects people in businesses across all sectors with hardware, software and managed IT services. Through 35+ years of expertise, perfecting what works for customers and tweaking what doesn’t, the company implements flexible tech solutions, all underpinned by world-leading security and smart data management. boxxe’s range of services empower organizations, enhance teams, and provide tech solutions through strategic consultancy, enabling effective performance and transformation, accelerating growth, increasing productivity and reducing downtime. With a passion for sustainability, boxxe puts people, partners and the environment at the heart of everything it does.
© Copyright IBM Corporation 2024. IBM, the IBM logo, IBM Security, and QRadar are trademarks or registered trademarks of IBM Corp., in the U.S. and/or other countries. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
Client examples are presented as illustrations of how those clients have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.