Case Study

Inspira’s Cyber Fusion Centers automate incident response with Cortex XSOAR


Optimized frameworks result in automation, orchestration, and faster response time for incident management, benefitting end customers.


INTRODUCTION

Inspira’s Cyber Fusion Centers automate incident response with Cortex XSOAR

Established in 2008, Inspira is a full-fledged global cybersecurity player that undertakes digital transformation for customers in three areas—consulting and advisory, transformation, and operations. Inspira has a strength of over 1,500 people and offices spread across the U.S., UAE, Kenya, India, Singapore, Indonesia, and the Philippines. The company provides services across various industries, including BFSI, energy and utilities, retail, telecom, public sector, healthcare, and pharmaceuticals.


As the Vice President of International Sales and Global Leader for Integrated Cyber Threat Management Practice, Gaurav Deshpande and his team focussed on providing cybersecurity solutions across the entire lifecycle to Inspira’s customers. As a security solutions provider, the organisation’s goal is to focus on continuous improvement to ensure its customers have access to best-in-class industry solutions. Plus, as a managed security service provider (MSSP) with close to 50 customers,Gaurav wanted to optimize incidents within the company’s own environment and reduce incident handling timelines.


CHALLENGE

SOC optimisation, reduction of manual processes, and lowering time spent on incident resolution

Explaining how Inspira manages the entire cyberthreat management landscape for customers on one hand and its security operations centers - called Cyber Fusion Centers (CFCs) - as an MSSP player on the other, Gaurav highlights the challenges he faced on both fronts. The company wanted a managed security service offering that could automate the CFCs, allowing faster deployments and onboarding of clients.

As Inspira manages security services for customers across multiple layers, it was imperative to provide a unified view of the cyberthreats they encountered daily and their response mechanism.

“Parameters like what the incident lifecycle is, the mean time taken to detect or MTTD, and mean time to respond or MTTR, are integral to customers from a security service provider’s standpoint,” Gaurav said. “As an MSSP, we sought to harness the power of automation to optimize operations through a mature security orchestration, automation, and response (SOAR) technology in our own environment.”

Having implemented SOAR solutions for their customers, Gaurav and his team had seen the advantages an operations team could derive from them. Hence, the thought process was to replicate the same within the CFCs at Inspira to optimize the incident management process and reduce the incident handling timeline..

In addition, as a service provider, Inspira strives to offer continuous improvement. “We wanted to ensure that the time taken to resolve any incidents was minimal as more time taken to resolve an incident only meant more bandwidth taken away from critical functions,” explained Gaurav.


REQUIREMENTS

Improved operational efficiencies and mature security posture

When Inspira looked at threat management as a concept, it needed to work at two levels:

As a security solutions provider:

  • Reduce manual activities for P1 and P2 security incidents (lower severity incidents).
  • Automate and orchestrate security response to reduce incident remediation time.
  • Invest in a solution that could offer customers an integrated security automation platform.

As an MSSP:

  • Optimise incident management in its own environment with a stable and mature SOAR solution to be able to offer better turnaround times to end customers.
  • Global presence to scale to different geographies as and when needed.

quote

Parameters like what the incident lifecycle is, the mean time taken to detect or MTTD, and mean time to respond or MTTR, are integral to customers from a security service provider’s standpoint. As an MSSP, we sought to harness the power of automation to optimize operations through a mature security orchestration, automation, and response (SOAR) technology in our own environment.

— Gaurav Deshpande, Vice President of International Sales and Global Leader for Integrated Cyber Threat Management Practice, Inspira

SOLUTION

A comprehensive SOAR platform offers automation, real- time collaboration, unified case management, and security incident management

Since Inspira was looking at a solution that could optimize incident management within its CFCs as well as the CFCs built and operated for their customers across regions, it evaluated multiple solutions. Inspira needed to ensure that the solution selected had the required integration capabilities to mesh with multiple technologies in the CFCs.

“Cortex XSOAR from Palo Alto Networks demonstrated integration capabilities far superior to other platforms,” Gaurav said. In addition, the complete Cortex portfolio of Cortex® XSOAR, plus XDR and other components, made it crystal clear that this was the solution Inspira needed to opt for.

With 300 plus engineers in its CFCs, Inspira was looking at building the right use cases and playbooks that could be deployed for its customers to optimize its operations. Many of the company’s engineers had already worked with Cortex XSOAR in customer environments and had seen its effectiveness.

Cortex XSOAR helped Inspira achieve increased efficiencies by unifying case management, automation, and real-time collaboration in the industry’s first extended SOAR offering. Inspira creates playbooks in its own environment that can be implemented by the customer. At this stage, Inspira has developed over 15 playbooks for each of its 10 top customers. In its own CFCs, it has more than 20 playbooks. “With Cortex XSOAR, Inspira can manage alerts across all sources, standardize processes with playbooks, take action on threat intelligence, and automate response for any security service, thereby reducing the average incident resolution time from a total of 12 hours to 1.5–2 hours or by as much as 70 percent,” Gaurav explains.

Inspira also wanted a partner with a successful track record across all regions worldwide, as they wanted to scale the solution to other global offices when necessary.


quote

With Cortex XSOAR, Inspira can manage alerts across all sources, standardise processes with playbooks, take action on threat intelligence, and automate response for any security service, thereby reducing the average incident resolution time from a total of 12 hours to 1.5–2 hours or by as much as 70 percent.

— Gaurav Deshpande, Vice President of International Sales and Global Leader for Integrated Cyber Threat Management Practice, Inspira

BENEFITS

Reduction in time taken for end-to-end incident handling (time from incident identification to resolution)

After deploying Cortex XSOAR, the end-to-end incident handling seen across P1 and P2 incidents (which are on the lower scale of criticality) has reduced drastically with automation, saving analyst time to focus on more critical tasks.

“With Cortex XSOAR, Inspira can manage alerts across all sources, standardise processes with playbooks, take action on threat intelligence, and automate response for any security service, thereby reducing the average incident resolution time from a total of 12 hours to 1.5–2 hours or by as much as 70 percent,” Gaurav explained.


Increased efficiencies as resources are freed up for alternative tasks

The auto-remediation and automation of responses have enabled team members who earlier used to work on incident handling and triage to now be available to conduct a deeper analysis of critical incidents. The same team members can now develop use cases to optimise activities further. They can also design playbooks and increase Inspira’s asset library of use cases and playbook campaigns such as the rapid breach response playbook (against new attacks), phishing response playbook, endpoint malware infection playbook, threat hunting, rapid IoC hunting playbook, and vulnerability management playbook that can be implemented for customers.


Provision of an integrated security automation platform

Moving from a siloed solution integrated together to a more unified view dashboard mechanism has been another significant benefit. With Cortex XSOAR, Inspira can automate responses and offer multiple use cases across various stages of the cyber kill chain. Gaurav put it brilliantly, saying, “Once you can define playbooks and implement these playbooks in the Cortex XSOAR solution, we can truly offer our customers an integrated security automation platform. Customers are not looking for information in a piece-meal manner. With Cortex XSOAR, an integrated story can be stitched together and offered as a powerful security incident management service solution.”

CONCLUSION

Inspira can combine Cortex XDR® with their managed services offerings to help customers worldwide streamline CFCs operations and rapidly mitigate cyberthreats. Gaurav expressed a sense of great satisfaction as he talked of the partnership with the team from Palo Alto Networks, saying, “We at Inspira obtain access to a host of assets, allowing us to keep to our core belief of continuous improvement in the solutions we offer our customers. We have received tremendous support from the leadership team, and as we look forward to take the relationship ahead in the Middle East, ASEAN and the U.S. too, we know that Palo Alto Networks has the capabilities to support us in these markets.”

Palo Alto Networks has regular communication with the team at Inspira to track progress on the company’s skills and capabilities. The team undertakes training programs to certify sales and technical resources at Inspira on Palo Alto Networks technologies. As he concludes, Gaurav emphasised the benefits of the Professional Services delivery program at Palo Alto Networks, through which technical engineers at Inspira gain access to resources for Cortex, Prisma® and StrataTM solutions, enabling them to further strengthen their skills and capabilities.