Low-code security automation helps InComm Payments unlock attack surface visibility to improve efficiencies.
InComm Payments brings innovative payment technology to customers around the world. With end-to-end payment platforms and emerging financial technology solutions, InComm Payments is an established industry leader. Major retailers like Target, Walmart, CVS and more carry a range of their products.
A global payment technology leader needs an equally strong security operations center (SOC). Leading InComm Payments SOC is the CISO, Jonathan Kennedy. Soon after joining his team, Kennedy identified a challenge in the SOC – finding a way to connect their siloed, disjointed security tools.
The Search for a Powerful Automation Solution
Kennedy searched for an answer, from creating an in-house solution to exploring a range of Security Orchestration, Automation and Response (SOAR) platforms. But none of these prospects were hopeful. Building an in-house solution “would have taken an army of engineers hundreds of hours for us to create something that was workable”. Other SOAR platforms offered limited customization possibilities, something that was a high priority for Kennedy’s SOC team.
In the quest for a customizable solution that streamlined operations led to a clear choice: low-code security automation.
Versatile Automation Across the SOC
The first indicator of success was Swimlane’s versatility in automation. Security teams can make as simple or as complex of automations as they’d like. “When we started testing with Swimlane, our engineers found out that they could create their own integrations and create their own automations and could make “A” talk to “B” the way that they want it to. There wasn’t any extra noise. There weren’t any extra complications or other steps that had to take place. This platform gave us the ability to code in our own solutions. And that’s what really nailed it for us.”
“Our engineers are able to still use those plug-and-play types of automations that are already there and built for us. However, we can even expand on those and customize them to how our attack surface needs to be addressed.”
Solution: Centralized Case Management
We didn't have a centralized way to focus our efforts on one tool for case management. So if you have an event that takes place, we would have to go into our EDR platform, go into our network detection response, look into our SIEM. All these platforms have their own case management systems.”
A solution was needed that could connect these solutions into a single location for faster processes. Swimlane low-code security automation offered dynamic case management that could be customized to InComm Payments unique needs.
Solution: Customized Dashboards
Another major selling point for Kennedy was “the ability to create customized dashboards that we can create for the individual user around what they care about.”
SecOps teams can create dashboards with a range of viewers. “When I talk to my director of security operations, they care very much about the analyst metrics, how quickly they’re responding, what issues they’re having, tool sets that are behaving as they should. But when it comes to me in the C-level, we’re able to have an executive dashboard that can speak to that party, as opposed to the nitty gritty technical stuff.”
The advantages go beyond the SOC to visualize value to external stakeholders. “It’s the ability not only for us to have the single pane of glass and all the integrations and all the automations we need, but we can actually show the return on investment to all parties throughout the company. And it really speaks a lot to the platform.”
Solution: A Way to Reduce Staff Burnout
As a CISO, Kennedy concentrates on metrics that directly affect analysts. “It’s no secret in this industry that analysts have a high amount of burnout. There’s a lot of tickets that come in, there’s a lot of alert volume.” With Swimlane, their SOC team is able to see trends in performance and adjust automation processes accordingly.
If it’s taking longer for analysts to respond to incidents, that could be a sign of alert fatigue or burnout. And as Kennedy explains, “it’s not good for the analysts, but it’s also not good for the organization.” By automating mundane, repetitive tasks, analysts can spend more time responding to high-level alerts. Efficiencies in the SOC increase, as well as job satisfaction.
Results with Swimlane
Return on Investment: “It’s one of the tools that actually allows us to buy time. And when you talk about the velocity of attacks that occur today, time is the most valuable asset that you have.”
3x Faster Case Remediation: “Analyst feedback has always been that they can now stay in this one platform, in this one dashboard, work a case to full remediation without having to reach out to ten, 15, 20 different tools or trying to get RFI from threat intelligence. Just being able to live within Swimlane and respond to an incident has been a major benefactor for them.”
Decrease in MTTR: “Analysts can spend 100% of their time actually responding to the incident as opposed to just gathering more information. And we have seen a dramatic decrease in our mean time to respond to incidents since we’ve had all these automations in place.”
Improved Engineer Capabilities: “For my engineers, they really speak highly of Swimlane when I give them an abstract idea – or they bring me an abstract idea – and they run with it. They’re not restricted in their imagination of what they can accomplish in some way.”
Case Study: InComm Payments Unifies Siloed Security Tools with Swimlane
Read more about how the InComm Payments SOC team was able to unify siloed security tools with the help of Swimlane low-code security automation.