IIFL Group ensures human-lead 24/7 monitoring and incident response to enhance cyber security capabilities.

Objective

IIFL Group is one of the leading players in the financial services space. They needed to meet the right requirements when it came to cyber security compliance and to put mature processes in place. To do this, they went through the process of selecting their MSSP; SecurityHQ.

IT Outcomes

• Increased visibility of security threats 24/7/365.
• Regional based SOC to meet compliance.
• Cyber security expertise and incident response available round the clock.

Business Outcomes

• Upskilled IT team supported by 400+ security specialists worldwide, and local team.
• Reduced risk and greater insight into the environment of IIFL.
• Collaborative steps taken and documented, to protect clients, partners, and suppliers.

Background

The IIFL team was acutely aware of the challenges its organisation faced with regards to their cyber security. They required the right combination of people, process, and technology, and would necessitate 24/7 resources. IIFL’S VP-Group Head Cyber Security, Ameya Sathye, stated the companies ‘wish list’ for the business, and the extensive journey taken to find the right MSSP.

When IIFL started looking into the requirement for having a managed security service provider to monitor their infrastructure, specifically for 24/7 security monitoring, they evaluated many service providers. There were 10 companies initially included in the review, and then after filtering out there were five vendors competing.

When it came to competition, there were a few players in the region who were good in terms of reputation, but they’re all big vendors. This meant that they lacked subject matter expertise within SOC domain and used more of a cookie cutter approach. There are hardly any niche players who specialises in SOC. Usually, SOC is provided as a complimentary service, but they don’t make it a core focus, which is what is needed for most businesses in the region.

Challenge

In terms of challenges that IIFL faced, one key element regarding compliance stood out. IIFL needed a local SOC, to meet with financial regulatory obligations. They also needed niche skills, and specialist that they could not find within other MSSPs, as well as the ability to scale and pivot directions easily.

The scalability of the solution, the disaster recovery plans, the SLAs, and availability were also necessary elements for IIFL. As a financial organization, IIFL must comply with multiple regulations, such as SEBI & RBI. Nowadays the government and regulators are saying that data must be within the geographical limits.

IIFL required a state-of-the-art SOC, SOC monitoring capability and a technical team, combining the talent of L1, L2, L3 analysts, Security Manager, and Incident Response Teams. The SecurityHQ team are technical experts, especially with regards to the current attacks, patterns, detection, different various scenario, etc. Skill wise, SecurityHQ have a very skilled team.

IIFL also required matured processes, and proof of finding and retaining the right talent. Finding the right talent within the security industry, to act as an extension of their team, and retaining them for a long period of time is a tough task but showcases the right company culture.

Conclusion

When analysing the value that SecurityHQ brought, IIFL highlighted the necessity of the right skills, education, and then retaining these skills.

After conducting detailed technical analysis, SecurityHQ had fantastic ratings. But what IIFL liked most, was that SecurityHQ are mainly focused towards 24/7 monitoring.

From day one, the SecurityHQ team have been in constant contact with the IIFL team, putting in relentless 24×7 efforts as analysts and responders. Some of the incidents which the SecurityHQ team caught, were not expected by IIFL. Whatever IIFL have suggested, the SecurityHQ team adapt to and commit to deliver.

• Total Assets Protected 1384
• 850+ Million Logs Analysed
• 1874 Total Incidents Acted On
• 32 Incidents Every 24 Hours on Average