CABI, a non-profit organisation that aims to help peoples lives, has announced it has improved visibility and workflows while securing necessary resources to implement security measures using Logpoint Converged SIEM.
To support knowledge sharing, CABI has 20 IT operations professionals, with five people overseeing the IT infrastructure, including 500 workstations, 100 Windows servers and 20 Linux servers.
While the company says the IT infrastructure is not “massively complex”, people depend on digital resources from many different locations.
Until recently, the security team consisted of only one person, a security engineer, who alone was responsible for the entire organisation’s cyber posture.
CABI’s security engineer came to the realisation that the organisation had too many log sources, alerts and individual tools to manage manually, which left the organisation exposed to cyber threats.
With the organisation’s dependence on access to knowledge from a range of different locations, there was a need to gain better visibility of the activity in the IT infrastructure to bring down the cyber risks threatening to obstruct the information flow.
Given the small team of one, they also needed the ability to work more efficiently to bring down the workload and make better use of the security engineer’s resources.
They wanted a simple monitoring solution that could easily integrate with CABI’s current security tools, centralise all data and make it available in a digestible and manageable way, enabling them to maximise the manpower.
“The organisation was at risk of missing a serious security incident if it occurred,” said Jamie Brown, Security Engineer at CABI.
“I was trying to manage all security alerts in a virtual Security Operations Center (SOC) environment, using a mailbox and all the security tools individually.
“The setup simply didn’t provide enough visibility of what was happening across our infrastructure.”
Logpoint provided the centralised security monitoring solution it sought.
As an additional benefit, the native SOAR capabilities unlocked the opportunity for CABI to automate processes and tasks in the SOC.
“Logpoint was easy to reach out to and spent a lot of time with us to ensure we were happy,” said Brown.
“The customer service side of things goes quite a long way when selecting a vendor, Logpoint also integrates with other tools really easily compared to other platforms, which often seem more labour-intensive.”
With help from Logpoint’s team, CABI brought all its log sources into the Logpoint platform and set up relevant dashboards.
Now, the platform has become a key part of CABI’s security operations with all data sources connected.
Shortly after the installation, CABI leveraged the visibility achieved with Logpoint to realise that more human resources were needed in the SOC.
Now, an actual SOC team of four people is working from different locations to ensure a cyber posture and expanded security operations coverage.
With Logpoint’s platform installed, CABI now has visibility across the IT infrastructure from a single pane of glass.
The security team can get an overview of the security posture and find security events that would otherwise have been difficult to detect.
“Logpoint comes with many cool features, which saves us so much time,” said Brown.
“I don’t have to spend all day looking through pages and pages of logs anymore and I’ve been able to focus on adding value to the business in other ways, through project work and improvements to services, for example.”
CABI is now looking to undergo a Logpoint training programme around the SOAR capabilities, which help get incidents shipped to CABI’s internal service desk tool to advance collaboration with the rest of the IT organisation and automate many processes and tasks manually by the SOC team.
“We’re really pleased with Logpoint’s ease of use, excellent training and after-sales support,” added Brown.
“We had an excellent experience with the Customer Success team.
“They’ve been so helpful and nothing’s too much trouble for them, which is great.”
The security team can now share monthly high-level overviews of the threat landscape and the cyber risk with the senior management team.
With those insights, the senior management team has better understood the cyber threats the security team deals with and the implications for the business.