A Global Technology Provider for 700+ financial services clients, Increases Efficiency of Personnel and SOC team by 37%

May 13, 2018 Off By David
Object Storage
Article Written by Arun Gandhi, Director of Product Management at Seceon and Grigoriy Milis, Chief Technology Officer at RFA

As security breaches and attacks continue to lead global headlines, effective cybersecurity protections are the "new normal" for conducting business today. In addition to recently enacted regulations, with more coming in near future, it is imperative for managed service providers (MSPs) to provide best-in-class security solutions to customers while differentiating themselves from the competition. 

Traditional solutions are no longer sufficient; tools must evolve to combat the increasing sophistication of cybercriminal techniques and technologies. Customized malware exists now that can evade and bypass many of the traditional endpoint security solutions. Traditional signature- and manual calculation-based approaches are simply not sufficient for providing security with the increasing sophistication of cyber threats. Above all, the biggest challenge remains integration of these point solutions as they are from different manufacturers and not built to communicate with each other inherently. 

In business for nearly thirty years, Richard Fleischman & Associates, also known as RFA, is a trusted technology partner to more than 700 clients globally who retain more than $900 billion in total assets under management. Serving as an MSP for its financial sector clients, RFA used a number of traditional solutions and services from large market leaders successfully, but was always challenged to find a solution that could address threats (i.e., detect, contain and eliminate) between the perimeter and endpoints to their required level of sophistication. Multi-layered approaches recommended by industry experts were rendered ineffective as the solutions were note properly integrated and remained silo’ed. Moreover, the level of protection afforded resulted in dissatisfaction when compared to the overhead cost. 

RFA formed an R&D group led by their Chief Technology Officer Grigoriy Milis to solve for these challenges with a key focus on cloud security, evaluating security solutions on a variety of factors, such as, economics, multi-tenant capability, scalability, quality of detection, automated remediation, rate of false positives, and integration with various contextual data sources. "We have built-in security and compliance features for our cloud platform, but we need to ensure we defend our sensitive information as well as our clients," said Millis. A core requirement for RFA was a solution that delivered perimeter-to-endpoints-to-network security and continuous compliance. Yet, despite evaluating a number of point security solutions, including SIEM and behavioral analysis products, Milis could not find any that could be easily brought together under one umbrella, nor deliver an effective path to profitability for new and value added client services. 

After six months searching for a comprehensive solution, RFA turned to Seceon for its expansive visibility and ease of integration with existing elements in the RFA network environment. Seceon’s aiMSSP solution, borne out of its innovative Open Threat Management (OTM) Platform, was able to analyze all network traffic, utilizing machine learning (ML), artificial intelligence (AI) and an anomaly detection algorithm capable of processing traffic behavior and correlate events in network without a need to establish rules. According to Millis, "When we did a side-by-side comparison between Seceon OTM and some of the other solutions from larger providers, Seceon was able to detect real-life security threats that the other platforms did not detect."

 

These capabilities allowed RFA to proactively detect threats and, more importantly, contain and eliminate them in real-time. The majority of current security solutions provided by major market leaders can detect, but not immediately remediate, making the choice to implement Seceon an easy one. More specifically, RFA relies on Seceon’s ability to bring together a variety of seemingly unrelated threat indicators to identify potential issues. Seceon’s ease of integration simplifies correlation of logs and events which significantly reduces Mean-Time-To-Identify (MTTI) the threats. 

Leveraging an intuitive user interface, RFA was easily able to set up its new system for RFA customers, starting data collection in less than one day for major use-cases including:

  • Ability to detect reconnaissance
  • Ability to detect data exfiltration
  • Ability to detect various external and internal threats 

RFA’s SOC team was able to see meaningful information coming from their systems within the first week. This resulted in an immediate benefit of considerable improvement in their security posture by detecting what other currently deployed solutions might have missed, as now they had the ability to analyze a substantially higher number of sources, events, and data. Specifically, RFA was now processing over 200 million events per day with an extremely low rate of false positives which increased the efficiency of their IT and SOC personnel by 37 percent! The SOC analysts could now look into the real alerts faster and considerably reduce Mean-Time-To-Response (MTTR) for their customers. "Seceon’s machine learning capability has been key to reducing noise and ensuring that critical alerts get the attention they require," concluded Mark Alayev, Director of Service Delivery. 

The improvement in security posture, the ease of installation and integration, and the ability for immediate remediation have greatly improved RFA’s competitive advantage as an MSP while allowing them to offer innovative technology to their clients at much lower costs than their competitors. 

Challenges:

  • Traditional solutions and services from large vendors could neither combat the increasing sophistication of cyber threats nor could detect between perimeter and endpoints to the required level
  • The level of protection afforded by signature- and manual calculation-based approaches are simply not sufficient compared to the overhead costs
  • Integration is the biggest challenge as point solutions from different manufacturers are not built to communicate with each other inherently 

Solution:

  • Analyzes all network traffic, utilizes ML, AI and anomaly detection algorithm capable of processing traffic behavior and correlates various events in network without needing to establish rules
  • Detects reconnaissance, data exfiltration, and various external and internal threats
  • Provides SIEM functionality and behavioral analysis under one umbrella on a single platform 

Benefits:

  • Increases efficiency of personnel and SOC team by 37%
  • Ease of set-up and integration is superior as it brings together variety of seemingly unrelated threat indicators to identify potential issues
  • Ability to remediate (contain and eliminate) threats in real-time
##

About RFA:

Richard Fleischman & Associates is the trusted technology partner to over 700 alternative investment clients globally, with more than $900 Billion in total assets under management, for nearly thirty years. Offering a full range of technology solutions with global data center operations and industry-leading service, RFA serves the IT and technology needs across the financial industry. It delivers scalable, reliable and secure enterprise-grade technology infrastructure. RFA is headquartered in New York City with operations in New York, Connecticut, New Jersey, Massachusetts, California, with EMEA operations headquartered in London.