Security in the financial services world remains as essential as ever. It seems news about hackers stealing customer banking data breaks on a weekly basis. As such, companies in this business sector that foster a strong focus on cybersecurity enjoy a significant advantage over their competition.
Still, some security processes suffer from inefficiency and are relatively time-consuming. In this scenario, a new collection of software solutions and tools known as Security Orchestration Automation and Response (SOAR) is a game-changer.
With an efficient and productive cybersecurity process in mind, let’s take a look at how SOAR helped one financial services organization protect its customers. At the same time, adopting SOAR let this company’s security personnel work smarter and more effectively. It can do the same for your business.
One financial services company’s fight against cybercriminals
Michael Cochran, an information security analyst for financial services company Hilltop Holdings fights on the front lines of the cybersecurity battle on a daily basis. His company is a target for hackers who are trying to steal data from customers in addition to the business itself. As noted earlier, keeping valuable data protected from nefarious agents remains a huge competitive differentiator in the world of finance.
Unfortunately for Cochran and his fellow security analysts, Hilltop Holdings’ former security process was largely manual. Cochran noted that their older workflow for phishing email triage required an analyst to spend a full day, every day, on this task. They’d analyze each individual email for rogue URLs and attachments containing malware.
Needless to say, this manual drudgery isn’t good for productivity. Thankfully, there’s a better way to stop phishing emails in their tracks. Enter SOAR and its ability to automate various security and IT processes. Rapid7 offers InsightConnect, a SOAR solution built to help security teams work faster and more effectively. Learn more about how InsightConnect solves this specific phishing use case.
SOAR lets companies automate inefficient security tasks
Cochran again highlighted Hilltop’s reliance on manual cybersecurity processes before implementing Rapid7’s SOAR solution, InsightConnect. He used InsightConnect to design a new automated workflow to handle the company’s phishing email triage process. This procedural analysis helped him devise new playbooks for making the process more efficient beyond automation itself. Additionally, when using the tool they realized the importance of upfront planning to design an effective process workflow.
InsightConnect’s intuitive workflow builder lets security analysts quickly craft new workflows for a wide range of security and IT processes. The solution includes over 290 plugins that make it easy to build new workflows while integrating with any organization’s existing tools and applications. Security analysts are now able to focus on only the important issues requiring human intervention.
Hilltop Holdings reaped the benefits of using automation and InsightConnect to handle the company’s phishing email triage. Cochran noted a process that used to require 100% of an analyst’s time, now took only a few minutes. Needless to say, this greatly increased the operational efficiency of Cochran’s team.
Advice for companies first implementing a SOAR solution
Companies looking at adopting SOAR as part of their security arsenal probably wonder about the difficulty of implementation. Cochran offered some advice for these organizations.
He felt doing the right amount of upfront work on automated workflow design is essential. In many cases, this approach helps everyone understand the entire process surrounding any security task. It leads to the well-designed workflows able to improve efficiency while boosting the productivity of the SecOps team.
In addition to the phishing email triage workflow, the Hilltop Holdings team also created workflows for other security processes. These included incident response and remediation, threat intelligence notifications, and auto-blocking rogue URLs at the firewall level. Cochran said he also felt InsightConnect was ultimately fun to implement.
Additionally, the helpful team at Rapid7 is available for help with a simple email or phone call. Cochran noted the availability of Rapid7 for advice on effective workflow design or to quickly get a question answered. If Hilltop Holdings wanted new functionality, the Rapid7 product team quickly added it to InsightConnect when possible.
In the end, Cochran felt the working relationship with Rapid7 was “awesome.” He definitely appreciates the fact he and his fellow security analysts are now significantly more productive. Hilltop Holdings’ customer data is safer than ever, and the company’s SecOps team is able to react to new threats more quickly and effectively.
You may be interested in...
Rapid7 InsightConnect makes SecOps efficient
InsightConnect helps companies adapt SOAR to make their SecOps team more efficient and effective. The automation of multiple workflows used in security lets your analysts focus on only the most critical threats. This Rapid7 tool automates everything from patching and remediation to communication with your employees and customers. It’s an essential part of any successful InfoSec process.
Remember, that InsightConnect also includes over 290 plugins to make it easier for companies to quickly get started with their own implementation. Contact us today to see how Rapid7 can help improve your organization’s security.