A Q&A with Head of Security Solutions at Abraxas

How Abraxas Transformed Their MSSP Operations with Swimlane Security Automation

One of my favorite parts of my job is getting to hear firsthand how our customers are solving real security challenges with automation. Recently, I had the chance to sit down with Christoph Müller, Head of Security Solutions at Abraxas, to talk about his team’s journey with Swimlane—what led them to automation, the roadblocks they faced, and the impact it’s had on their security operations.

Abraxas Informatik AG is Switzerland’s largest IT solutions provider focused on the public sector, delivering secure and integrated IT services to Swiss administrations, authorities, and businesses. As a managed security service provider (MSSP), they needed a way to eliminate repetitive tasks and streamline compliance processes without overburdening their team. Over the past four years, they’ve used Swimlane to transform their security operations—reducing manual effort, improving analyst efficiency, and enhancing service delivery for their clients.

In this Q&A, Christoph shares his experience, key takeaways, and insights on how automation is shaping the future of security operations at Abraxas. Let’s dive in!

Can you tell us a little more about yourself and your role at Abraxas?

My name is Christoph, and I’ve been working in IT for over 20 years, with more than 10 years in cybersecurity. I started at Abraxas as a cybersecurity engineer five years ago, and about a year ago, I took over the Security Operations team. I’m hands-on, particularly with security orchestration, automation, and response (SOAR). Before we implemented Swimlane, I had no prior experience with automation tools.

What security services does Abraxas offer?

Abraxas is the largest provider of end-to-end IT solutions for the public sector in Switzerland, headquartered in St. Gallen. We employ around a thousand people across Switzerland. Our company connects Swiss administrations, authorities, companies, and the population with secure, efficient, and integrated IT solutions.

What challenges were you facing that led you to security automation?

We offer classic SOC, XDR, and vulnerability management services as an MSSP. However, managing multiple tenants, especially in XDR services, was very labor-intensive. We had numerous repetitive tasks and a lot of manual data enrichment in our incident response process. Automation was a natural solution to reduce this workload and make our analysts’ jobs more engaging.

What was your evaluation process like for selecting an automation vendor?

We evaluated four vendors and selected two for a proof of concept. Price was an important factor, but we were also looking for flexibility, a wide range of integrations, and ease of use. Swimlane stood out due to its simplicity. In just a few days, we were able to create all our automation on our own without extensive training or courses.

What made Swimlane stand out from other security automation platforms?

Swimlane’s simplicity, ease of use, and wide range of integrations really impressed us. The product met all our needs, and what stood out even more was Swimlane’s customer-focused approach. We have regular calls to discuss new features, feature requests, and any challenges we face. Additionally, Swimlane’s support team has been outstanding. We’re in regular contact with them, not because we have issues but because we run Swimlane on-prem and they assist us with software updates.

How long have you been using Swimlane?

We started the proof of concept at the end of 2021 and purchased the license in spring 2022. We’ve now been using Swimlane for about three years. It didn’t take long to implement, but we’re still continuously improving. New features and improvements are regularly available, so we’re always optimizing our processes.

What are the main ways you’re using Swimlane in your security operations?

1. Incident Response: We created a single pane of glass for our analysts, centralizing incidents from various sources like XDR and our CM. These incidents are enriched with threat intelligence, user info, and other relevant data.
   
2. Automated Compliance and Vulnerability Scanning: We built an on-demand compliance and vulnerability scanning process. Our operations team can request a scan through the IT service management tool, and Swimlane automates the entire process, from requesting the scan to generating and sending the report.

What are your favorite features of the Swimlane security automation platform?

I really appreciate the automation workflow overview and the debugging functionalities. The application design builder is also great. It helps us design and deploy automation quickly.

Which integrations have been most valuable to your team?

Swimlane’s ability to integrate with both out-of-the-box integrations and custom Python scripts has been invaluable. If a tool has an API, we can integrate it into Swimlane quickly. The debugging functionality, especially for Python integrations, has made the process much easier.

How has Swimlane impacted your team?

Swimlane has made security operations more efficient and engaging for our team. By eliminating repetitive tasks, our analysts can focus on real threats instead of being bogged down by manual processes. We’ve also improved our mean time to response (MTTR) by automating actions like isolating endpoints or stopping malicious processes, allowing us to handle more threats without increasing workload. Plus, automation has expanded our capabilities, letting us leverage multiple threat intelligence sources without overwhelming our team.

What advice would you give to others starting their automation journey?

My advice is to create a playbook before jumping into automation. We learned the hard way by diving straight into creating apps and automating processes, which led to unexpected issues. Having a plan will help you automate much faster and more efficiently.

Would you recommend Swimlane to your peers?

I would recommend Swimlane because it’s not just a flexible and powerful automation tool; you also get a company that truly cares about its customers. The support is exceptional, and they’re always ready to help with any issues. Their knowledge and experience help you quickly get the results you want.

Closing Thoughts: Start with a Plan and Let Swimlane Take Care of the Rest

As I said before, one of the best parts of my job is hearing how our customers are using Swimlane and how it impacts their team and processes. After talking with Christoph, it’s a clear testament to the platform’s flexibility, ease of use, and exceptional customer support and their success is a reminder of how powerful Swimlane can be in transforming security operations and helping teams focus on what truly matters.

If there’s one takeaway from our conversation, it’s this: start with a plan and let Swimlane handle the rest.

“I would recommend Swimlane to my peers because you not only get a very good and flexible tool for automation. But you also have a company in the background that cares very much about their customers. They have outstanding support and help you with problems. They have a lot of knowledge and experience, so that you get things done fast that you would like to do.”

• Christoph Müller, Head of Security Solutions at Abraxas