How Swimlane helped Lumen scale and overachieve KPIs
As a multinational technology powerhouse, Lumen Technologies is one of the most recognized brands that is enabling companies to capitalize on emerging applications and the power of the 4th Industrial Revolution (4IR). Lumen integrates network assets, cloud connectivity, voice and collaboration tools, and importantly, security solutions into one platform that enables businesses to leverage their data and adopt next-generation technologies. In a word: Wow!
For a rapidly-growing business like Lumen, expanding organically in terms of capacity and manpower while maintaining the integrity of security operations prompted the organization and its security practice director to deploy Security Orchestration, Automation and Response (SOAR) in order to adapt to business growth across the SecOps infrastructure.
“It’s about delivering clients with a variety of managed security services, managed detection response services, and professional security services,” according to Wai Kit Cheah, who is director of the security practice for Lumen Technologies, maintaining and operating two security operations centers (SOCs) in Asia Pacific out of eight global SOCs.
Watch the video featuring Wai Kit Cheah from Lumen:
Servicing a Diverse Client Base with Scale
With a client base that spans different verticals, from real estate, property management, investment firms, banks, logistics companies, and even vehicle distributors, Cheah needed a security automation solution that could augment and help adequately address the capacity constraints they might face down the road.
For Cheah, the selection criteria were crystal clear: Find a solution that would be easy to manage, easy to support, and easy to operate from a partner that could provide the technical support they needed. Swimlane quickly became the solution of choice.
“Swimlane maximizes the utility of how we could actually automate the response and the enrichment of events that we receive,” Cheah added. With the robustness of Swimlane’s automation engine, events can be processed from any source. This enables the Lumen security team to integrate security automation with user and entity behavior analytics (UEBA), ServiceNow for ticketing, as well as third-party threat intelligence feeds for enrichment. “It’s a whole ecosystem,” according to Cheah.
“It’s very important to keep a holistic view of how you want the ecosystem setup, where Swimlane SOAR integrates with the different platforms,” Cheah continued. “We think of how a particular security event is triggered, how it would flow through the entire ecosystem, and at what stage would Swimlane be responsible to act.”
Security Automation Results
When Wai Kit Cheah first embarked on the automation project, the key performance indicator (KPI) to his team was to increase the automation level by 10%, which for Cheah, refers to how many security events hitting the SOC could be fully automated without human intervention.
Results came quickly. Within the first quarter, the team achieved a 30% automation level, and after six months, the organization was doing approximately a 50 to 60% automation level. Today, Cheah and his team are averaging a 70% automation level.
“We have actually overachieved what I started off with as the KPI, and that’s a great success in my opinion,” commented Cheah. “Swimlane has become an essential core component of our SOC. It’s part and parcel of our SOC operations today, and I would say that it’s almost impossible to do without Swimlane.”
Gartner: Create a SOC Target Operating Model to Drive Success
“Security and risk management leaders often struggle to convey the business value of their security operations centers to non security leaders, resulting in reduced investment, poor collaboration and eroding support…” — Access this Gartner SOC Operating Model report – courtesy of Swimlane.