Streamlining a credit union’s security operations
Snapshot
A not-for-profit credit union came to us with a serious problem: their system for managing online security and tracking cybersecurity incidents wasn’t working properly. The system had too many demands placed on it and was beginning to malfunction; it was “noisy,” meaning it was surfacing unusable, irrelevant or incorrect information; and staff were finding it hard to manage.
We set about the task of optimizing this system. Among other things, we designed an easy-to-use, not-too-demanding framework for prioritizing cybersecurity tasks. Thanks to our efforts, the credit union’s cybersecurity management system became more reliable, its Security Operations Center (SOC) was able to work more efficiently, and the organization was able to save money on the technology it was licensing.
Challenge
Our client’s Security Information and Event Management (SIEM) system was failing. A system like this is meant to be a one-stop shop where an organization can manage its cybersecurity tools, and analyze and respond to cybersecurity events. But this SIEM was oversubscribed, meaning too many demands were being placed on it. This can be very risky: An oversubscribed SIEM can mean that security breaches are able to happen, or that the system flags false positives. It can mean delayed processing of security events, or even events that weren’t processed at all. And it can mean system instability, decreased performance, and increased risk of downtime.
Additionally, as we analyzed the situation, we found that security alerts weren’t being properly prioritized, and the result was that the organization’s Security Operations Center (SOC) and security responders were overwhelmed, and were wasting valuable time.
Approach
After analyzing the situation, we designed a user-friendly prioritization framework that streamlined the work the SOC and responders would have to do to optimize the SIEM. We developed a set of recommendations for optimizing the SIEM that would allow the credit union to save money on its licensing fees by reducing the noise produced by the system, and by reducing storage needs.
We authored and implemented rule changes to the SIEM, and focused on specific “noisy” tools and services. We managed a backlog of work within the system over a period of several months, and we provided our client with a multi-year strategy to optimize its resources for cybersecurity response, reduce demand on the SIEM, increase performance, and control costs.
Results
With this framework in place, SOC and responders were able to prioritize the operational changes that needed to be made to the SIEM. That framework was later reused in other areas in the cybersecurity practice, informing the organization’s hiring and outsourcing strategies and saving it money.
Our work on reducing the noise in cybersecurity tools and services freed the organization’s engineers to focus on security priorities, instead of sifting through noisy data, which ensured that nothing important was missed.
This credit union now has a streamlined and formidable SIEM system to manage its cybersecurity needs.