Critical IT and Cybersecurity Services for the Public Sector
We use what we sell – and in this case it’s IBM’s Security QRadar Suite. Our team delivers critical IT and cybersecurity services to a range of public organisations and corporations across industries. We turned to our partners at IBM to ensure our Security Operations Centre (SOC) offering always remains 3 steps ahead of the rapidly changing threat environment.
With cyber attacks becoming more sophisticated all the time, the SOC team was excited to integrate the IBM Security QRadar Suite for AI-based automations and wide visibility across systems and platforms, uplevelling their security measures across the board.
The results so far have been incredibly promising; we remediate threats 60% faster and have eliminated 20 hours of manual work every month, helping our analysts spend more time on complex issues—for greater overall security.
The solution has impressed from the start; our team had been using UBA for only a week when a brute-force attempt targeted a boxxe user ID. Within five minutes, UBA detected abnormal logins and began increasing the activity’s risk score, allowing the SOC team to respond and prevent any damage. The manually made rule triggered an alert almost 10 minutes later.
We’re now taking advantage of IBM’s AI tools to deliver efficiency at scale; the team has deployed UBA in a multitenant architecture and activated more than 1,500 rules, and has only received one false positive. And although we’re only just beginning to use UAX, it’s already represented a massive leap forward – as Kemp says, “we can use it to integrate pretty much anything. It's federated search appears to be quite unique, as it goes to other platforms, reads their data and returns results back to you with filters you select. We used to operate 14 dashboards. We’ve used UAX to consolidate them down to three, and we plan to get to just one. We can escalate in UAX, we can deal with alerts in it, we can cross reference it, do reputation scans from it, threat hunting—all in one single pane of glass.”
We believe that tech can transform businesses and empower individuals. With our deep expertise, collaborative approach, and practical know-how, we're dedicated to implementing flexible tech solutions that accelerate business growth. Our goal is to give people the confidence to leverage tech for their best and better—commercially, socially, and sustainably.
Taking boxxe's MTTA from 17 minutes to 6 minutes.
Taking boxxe's MTTT from 13 minutes to 10 minutes.
We also fitted adjustable Multisensors for greater coverage and to magnify key details.
Although our customers all have varying security needs, it’s boxxe’s mission to make all of them as safe as possible. The customers we deal with tend to have 5 or 10 people who are security inclined, though not necessarily experts in analysing or dealing with threats. With attack vectors changing rapidly, the need for proactive protection has never been greater.
According to Charlie Kemp, our SOC manager extraordinaire, attackers augmented by generative AI (gen AI), are becoming more sophisticated at finding weaknesses or deceiving users. For example, there’s been a rise in hyper-convincing, highly-targeted phishing emails, which can influence people to click – such a small action can lead to massive consequences.
In order to identify and act on ever changing threats before they affect customer operations, Kemp’s SOC team decided to implement IBM Security ®QRadar® software. With this, boxxe can take advantage of its AI-based automations for greater speed, and its ability to integrate with practically any system or platform for the widest possible visibility.
boxxe used an earlier version of QRadar for several years, but when considering how to further enhance our security capabilities, we needed to evaluate a variety of different threat detection and response solutions. IBM Security QRadar SIEM on cloud combined with IBM Security QRadar SOAR came out on top, offering what the SOC team felt were the best tools for tackling today’s security challenges.
IBM aren’t the only ones offering certain capabilities, but they do stand out in the way they deliver. For example, other tools have user behaviour analytics (UBA), but the machine learning and the AI behind IBM’s solution have been well developed, making it much easier for the SOC team to use. The same goes for QRadar’s security orchestration, automation and response (SOAR) and unified analyst experience (UAX) capabilities… They’re not necessarily new, but they are far ahead of other offerings. With IBM’s tech we’re now capable of mitigating advanced threats that we may not have been able to detect previously.
IBM’s multifaceted support also factored into our decision to go with their solution – as an IBM Business Partner we were able to take advantage of IBM’s Build Fund, an IBM Partner Plus financial assistance program, and receive a discount on our purchase. IBM’s Expert Labs helped with implementation and provided a readily available expert to answer questions and help solve challenges as they came up.
QRadar’s automations have helped our analysts to eliminate about 20 hours per month of manual reporting, so that we have time to focus on things of more concern.
Looking ahead, there’s an even greater potential for automation in end-to-end responses – essentially we could detect anything bad, deal with it, inform the customer of resolution and then return to ‘business as usual’ within half an hour. It has so much potential to enhance our SOC offerings, and in turn, ensure our customers can simply focus on doing and being their best, safe in the knowledge that everything else is being taken care of.
Do you need a comprehensive 24/7/365 SOC service? Call us on the number below or fill in the form and one of our specialists will be in touch.
on your rights under the UK GDPR.