From overwhelmed to in-control: How we helped a Fortune 50 firm automate a threat intelligence program
Snapshot
A Fortune 50 software and cloud services provider came to us with a serious problem: They were falling behind in their ability to keep track of emerging cybersecurity threats to their customers.
At a time when security threats are multiplying and becoming more sophisticated, this posed a serious risk to the software company’s ability to keep their customers’ operations safe and secure. We rebuilt their processes for dealing with threats from top to bottom, creating an automated system that allowed them to keep track of customers’ needs and questions, to keep decision-makers at the software company on top of evolving and changing threats, and to keep their customers’ operations running smoothly.
Challenge
The software company’s security team was responsible for providing actionable information to the rest of the organization on the security threats that its customers are – or could be – facing. But they found themselves with a common problem: too much information, and not enough capacity to process it all. The team’s existing system for keeping track of threats was largely manual, and it was too cumbersome and time-intensive for the team to produce quickly the information the company needed to respond to customers’ questions and needs.
Approach
Kalles Group started with a thorough analysis of the company’s processes, workflows and sources for cybersecurity threats. We built detailed maps of the existing ecosystem, and compiled a list of requirements for what should be added to their processes so that the security team could collect real-time, evolving data about threats, understand customers’ needs and problems, keep team members in the loop on what was happening, and present this information in appropriate ways to relevant stakeholders at the company.
We built an online portal system for storing and accessing libraries of data on cyber threats and customers’ needs. We made this portal searchable, allowing the data to be accessed quickly and arranged as needed. We built in tools to ensure that everyone on the security team would be kept up-to-date on changes and developments; to customize reports for various different audiences; to integrate open-source security intelligence, enriching the threat intelligence reports; and to allow the team to scale up the volume of work with limited resources.
Results
With all this done, we were able to deliver a cleaned and easily accessible data set to the security team. Thanks to our integrated, automated solution, the software company was now able to:
- Quickly access data on ongoing tasks, allowing the security team to answer questions from other team leaders in real time.
- Generate reports and analyze data on customers’ questions and needs.
- Use automated notifications to keep the team informed on the status of all requests.
- Allow analysts working on reviews to look across a year of data on assets, requests and content produced, for the first time. This alone saved analysts many hours of work, leading to a better understanding of operations.