To support customers in responding to security incidents within an increasingly shorter timeframe, Secure-24’s investigative team needed the right technology core at the heart of its operations.
After evaluating leading security orchestration and automation platforms, the team deployed an IBM Resilient solution that integrates systems and offers dynamic workflow capabilities to speed processes.
Transforms organizationwith dynamic incident response capabilities
Accelerates responseand performs key steps in minutes instead of hours
Helps customersmore easily address auditing and legal demands
Business challenge story
Shorter response windows increase pressure
Putting customer relationships, business reputation and financial well-being at risk, a security breach is a highly stressful situation for an organization to manage under any circumstances. With new regulatory deadlines in place for incident reporting, companies are under pressure to respond more rapidly than ever before.
“Businesses used to have days, weeks or even months to let people know that an incident occurred,” says Brian Herr, Chief Security and Privacy Officer for Secure-24. “In today's world, we're talking hours — and there’s an enormous amount of work that has to get done.”
A provider of enterprise security solutions for nearly two decades, Secure-24 maintains a dedicated team of specialists to help organizations act quickly in the face of a cyber attack. “Our investigators look at phishing, malware, ransomware, unauthorized access — it runs the gamut,” says Herr. “We work across all different verticals and all different types of systems.”
To support its customers in responding to security incidents within an increasingly shorter window, Secure-24’s investigative team needs the right technology core at the heart of its operations.
“As our program grew, we discovered that a lot of tools out there are lacking,” says Herr. “Clients need things fast, but they also need to feel confident that our investigators have done their due diligence. We needed an incident response platform that was both easy to use and highly reliable in collecting evidence for audits and potential legal proceedings.”
A dynamic solution with customizable workflows
Evaluating leading incident response solutions, Secure-24 was impressed by the integrative capabilities of the IBM Resilient Security Orchestration, Automation and Response (SOAR) platform. “We looked at a lot of tools and we found that Resilient is the sweet spot,” says Herr. “Resilient integrates with our other IBM platforms and with platforms from the other big industry leaders.”
In addition, the Resilient platform’s dynamic playbooks functionality supports Secure-24 in creating customized workflows for incident response as well as easily updating, adjusting and combining them as needed.
“The dynamic playbooks feature is the most important part of the tool for us,” says Herr. “Our investigators have been able to create a methodology that’s flexible but keeps every investigation tight. From the beginning, we’re following a step-by-step process that gathers everything needed for an audit and for evidence in case an incident goes to law enforcement.”
An IBM Resilient team visited Secure-24 onsite to help the company customize the module for its investigative needs. “We had IBM experts who really understood investigations come out and take the time to put together playbooks with our investigators,” says Herr. “From there it went viral — every single investigator wanted to participate in this new program of Resilient dynamic playbooks.”
To further optimize its incident response program, Secure-24 evaluated security information and event management (SIEM) tools to integrate with the Resilient SOAR platform, including the IBM QRadar® Security Information and Event Management solution, an intelligent platform designed to rapidly analyze vast quantities of network data.
“We had our investigators doing mock investigations using a number of top SIEM solutions out there,” says Herr. “The platform we found fastest, easiest to use and most consistent was IBM QRadar.”
Enhanced speed, flexibility and responsiveness
Together, the Resilient SOAR platform and QRadar SIEM technology provide Secure-24 with a powerful and transformative combination. “We refer to Resilient, QRadar and the whole IBM ecosystem as a force multiplier,” says Herr. “We’ve evolved into an organization with a completely comprehensive and dynamic program around security incident response.”
By integrating Secure-24’s systems and supporting quick workflow adjustments, the solution greatly enhances the investigative team’s speed, flexibility and responsiveness.
“Resilient saves us so much time — some of our steps have gone from hours to minutes,” says Herr. And when a CIO is on the line with their lawyers and their executives, sweating bullets, wanting to know exactly what’s happening, we have a platform in place that allows us to speak confidently.”
In addition, the Resilient platform is instrumental for Secure-24 in helping customers address their auditing and legal demands.
“We have all the data needed to show the work that has been done — it can be audited or used as part of a legal case should it ever be required,” says Herr. “And we integrate information on applicable laws and breach notification timelines into Resilient workflows to help provide our customers with the information they need.”
Finally, Secure-24 appreciates the ongoing collaboration with and support from IBM in continuing to evolve with the Resilient platform.
“We chose Resilient in part because the IBM team was incredibly, incredibly helpful,” says Herr. “The degree to which they helped us onboard was phenomenal. And now that our investigators are constantly innovating with the platform, they can reach out to IBM for guidance.”
Secure-24, an NTT Communications company, provides application hosting, cloud and managed IT services. With nearly two decades of experience, the company serves businesses worldwide, offering expertise and advanced technology to help them innovate, transform and grow. Secure-24 is headquartered in Southfield, Michigan and has approximately 800 employees.
Take the next step
To learn more about the IBM solutions featured in this story, please contact your IBM representative or IBM Business Partner, or visit the following websites:
- IBM® QRadar® Security Information and Event Management
- IBM Resilient® Security Orchestration, Automation and Response