Case Study

Advanced Info Service Transforms Security Operations Centre With Scalable, Automated Processes To Boost Incident Response Management


In brief

Customer

Advanced Info Service

Industry

Telecommunications

Country

Thailand


Challenges

Advanced Info Service had a traditional SIEM tool, with many incidents to manage on traditional CSOC processes. In order to manage incidents properly, AIS needed to have a ticketing information management system.

Outcome
    • Ease of management of incidents: manage incidents’ service level agreements (SLA)
    • Accelerated detection and response times: Reduced mean time to detect (MTTD) and mean time to respond (MTTR) as security alerts are qualified & remediated in minutes, instead of days, weeks and months
    • Reduced false positives: data is available for study within seconds, enabling proactive investigation
    • Filtering and sorting of incidents: incidents are prioritised after risk determination, as per incident scoring rules
    • Automation of repeatable response actions: reduced repetitive tasks in security operations
Solution

Cortex™ XSOAR to include both ticketing management as well as automation

Download PDF Share

Advanced Info Service Plc (AIS) is the leading mobile service provider in Thailand, with 42.8 million subscribers nationwide, as of June 2021. The company has three core businesses - mobile, fixed broadband, and digital services. AIS had a dedicated security department to manage security incidents within the organisation. As their businesses grew, AIS found the need to provide security services to their customers and opted for a ticket information management system from Demisto (acquired by Palo Alto Networks in 2019). The organisation was looking to enhance their cybersecurity operations centre (CSOC), together with existing traditional Security Information and Event Management (SIEM) tools to manage security incidents.

The need to bring in best-of-breed security vendors was amplified as several large enterprises in Thailand had faced ransomware attacks that compromised their security, recently. AIS wanted new out-of-the-box (OOTB) playbook integration to help with migration. The company was actively looking at getting a managed security service provider (MSSP) to streamline their security department. Sanjay Thomas, Chief Information Officer, AIS, says, “As the largest mobile operator in Thailand, we wanted the best-available security infrastructure and Palo Alto Networks was our obvious partner of choice”.

Full incident management through security orchestration, automation, and response (SOAR)

The traditional security solutions at AIS were suited to manage security operations within the company. However, they faced challenges while securing customer data. In November 2019, the security team at AIS opted for the ticket information management system from Cortex™ XSOAR.

The ticket information management system was selected to streamline the numerous security incidents within AIS and make them trackable, keeping with required SLA. While the solutions from Cortex XSOAR could streamline security operations and centralise tools within AIS’ CSOC team, achieving next generation CSOC was still an issue. “We faced major challenges in managing siloed information from several fragmented security tools, and this increased our turnaround time”, adds Thomas. “We needed a solution that could shorten MTTR, while also filling the requirement of having highly skilled security analysts to correlate information for greater accuracy, in order to provide real time updates on cyberthreats”.

Cortex XSOAR: scalable, automated processes for any security use case

Streamlining the numerous security incidents at AIS to trackable processes, meeting SLAs, maintaining continuous workflow, managing collaborations and integrations were becoming a challenge. They needed a solution that could help reduce false positives, prioritise incidents after risk determination, coordinate actions across security tools and automate repeatable response actions.

The Palo Alto Networks team worked closely with the team at AIS to fulfil technical requirements with the Cortex XSOAR platform together, with 20 full users license and professional services included. Cortex XSOAR, a robotic process automation platform, was deployed in December 2019. It involved implementation of playbooks, traditional SIEM integrations and installation of various versions, amongst other tasks. Cortex XSOAR, includes automation tools for security use cases as well as response playbooks, alerts, collaboration tools and threat intelligence using data from multiple sources.

“Being the first Cortex XSOAR deployment in Thailand and a brand new technology, we needed a security partner who could provide a comprehensive solution as well as strong team support and necessary training. Palo Alto Networks stepped up to the plate and delivered tireless support through their local presence in Thailand”, reiterates Thomas.

Advancing your CSOC with the most comprehensive SOAR platform

AIS aims to reduce the MTTR by enabling security alerts to be qualified and remediated in minutes, rather than days, weeks and months, with Cortex XSOAR.

By running security orchestration playbooks, data is available for study within seconds, enabling proactive investigation and reducing false positives.

In addition, highly skilled security analysts help prioritise incidents after risk determination, as per incident scoring rules. The human intervention in the playbook, allows analysts to evaluate the risk score of security incidents and adjust their priority, grouping similar incidents in a period of time, etc.

AIS has also gained the benefit of automation of repeatable response actions through the solution by Cortex XSOAR, thereby reducing repetitive tasks in their security operations. This has enabled the automation of incident response procedures at AIS.

Going forward, AIS is considering the industry leading SOC platform from Palo Alto Networks, including Cortex XDR to shorten MTTD and also implement a real-time threat detection and response tool that leverages artificial intelligence (AI) and machine learning (ML) to identify threats and correlated findings. Besides deploying Palo Alto Networks’ solutions, AIS has also become a Palo Alto Networks Managed Security Service Provider (MSSP) partner to bring world-class security solutions to Thai businesses together.

Get in touch

Visit us online to find out more about how Palo Alto Networks Cortex XSOAR can help automate opportunities for your organization.