InComm Payments Unifies Security Tools with Swimlane

Background

InComm Payments is a worldwide leader in innovative payment technology. From enhanced end-to-end payment platforms to emerging financial technology solutions, InComm Payments helps businesses in a wide range of industries. Their products can be seen in major retailers like Target, Walmart and more.

Jonathan Kennedy, CISO of InComm Payments, highlights the organization’s mission: “to transform the global payment system into innovative products that can help out consumers and retailers.”

Disconnected, Siloed Tools

As a global industry leader, InComm Payments’ security team has a responsibility to keep its large attack surface protected. Such an impressive organization requires an equally impressive set of security tools.

Kennedy explains, “We have a great toolset that we use to cover every domain and every bit of our attack surface. But when they’re all diverse and they’re all only working in their own panes of glass, it becomes a struggle for a security operations center (SOC) to run efficiently and be able to respond to attacks efficiently.”

Disjointed tools often lead to increased response times and human errors. Analysts must search through multiple sources for the information they need. This was evident for Kennedy as he led InComm Payments’ SOC team. They needed a powerful, centralized solution to eliminate these information silos.

Limited Visibility into SOC Performance

Another requirement for Kennedy was a “way to look at our own metrics to see where we were effective and where we were lacking.”

It’s not enough to look within individual tools to identify key performance indicators like mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR). For their security team to be effective, Kennedy needed insight into the SOC’s entire performance. This posed an issue.

“We didn’t have a centralized way to focus our efforts into one tool for case management. So, if you have an event that takes place, we would have to go into our EDR platform, go into our network detection response, then look into our SIEM. And all these platforms have their own case management systems.”

As the CISO, Kennedy understands how important visibility into his team was. “We didn’t have a way to hold ourselves accountable to meet our own standards for when we respond to security incidents.” A solution that provides visibility inside and even beyond the SOC was necessary for future success.

Why an In-house Solution wasn’t the Answer

Kennedy explored other options before identifying the need for security automation. While some SOC teams decided to explore alternative software, or outsource completely, the Incomm Payments team decided on a different approach.

“Originally we tried to build a solution in-house. All these different tools run their own APIs and have their own configurations and their own ways to integrate with each other. It quickly becomes a nightmare when these tools are not partners with each other.”

“To create an in-house solution, it would have taken an army of engineers hundreds of hours for us to create something that was workable, so that we could really attack our issues at hand and have a really robust and centralized solution to work from.”

Instead of relying on the security engineers to sacrifice time building an in-house solution, Kennedy sought out a solution to empower them. However, they still needed the full customization they expected with an in-house solution.

Robust Automation & Case Management with Endless Customization

InComm Payments needed a tool that could centralize all of its disconnect tools and siloed data into a “single pane of glass to make us better incident responders”. But during the search for a Security Orchestration, Automation and Response (SOAR) solution, Kennedy quickly saw a pattern in other providers.

“We looked at a lot of products. The common theme in this space is ‘out of the box’. You can click a few buttons and all of a sudden your tools all talk to each other. You have a single pane of glass, but it felt like the industry was forcing us to adapt to their solution. We couldn’t really build our own.”

InComm Payments found freedom and flexibility in low-code security automation. “When we started testing with Swimlane, our engineers found out that they could create their own integrations and create their own automations and could make “A” talk to “B” the way that they want it to. There wasn’t any extra noise. There weren’t any extra complications or other steps that had to take place. This platform gave us the ability to code in our own solutions. And that’s what really nailed it for us.”

Flexibility for Incomm Payments’ Unique Needs

“What makes Swimlane different is the ability to customize exactly what you need to get out of a SOAR platform. You’re not limited to prebuilt toolsets and your engineers can really create what they need to based upon your specific attack surface for your organization.”

“This platform gave us the ability to code in our own solutions. And that’s really what now for us, really, it’s as I previously mentioned, our ability to customize the platform exactly how we saw fit. Our engineers are able to still use those plug and play types of automations that are already there and built for us. We can even expand on those that are already built by Swimlane and customize them to how our attack surface needs to be addressed.”

Customizable, Buildable Dashboards

For Kennedy, another valuable feature in Swimlane is “the ability to create customized dashboards that we can create for the individual user around what they care about. When I talk to my director of security operations, they care very much about the analyst metrics, how quickly they’re responding, what issues they’re having, tool sets that are behaving as they should. But when it comes to me in the C-level, we’re able to have an executive dashboard that can speak to that party, as opposed to the nitty gritty technical stuff.”

“So just the ability not only for us to have the single pane of glass and all the integrations and all the automations we need, but we can actually show the return on investment to all parties throughout the company. And it really speaks a lot to the platform.”

Immediate Return

For InComm Payments, the most telling results came from an increase in efficiency across the SOC. In turn, analysts and engineers alike saw improvements in workloads and job satisfaction.

A Clear Return on Investment: “You’re trying to make your company as secure as you can. The way that I have pitched the return on investment for Swimlane: it’s one of the tools that actually allows us to buy time. And when you talk about the velocity of attacks that occur today, time is the most valuable asset that you have.”

3x Faster Case Remediation: Since implementing Swimlane into the SOC, Kennedy has seen cases handled within 20 minutes on average, three times faster than before. The reason is evident, “analyst feedback has always been that they can now stay in this one platform, in this one dashboard, work a case to full remediation without having to reach out to ten, 15, 20 different tools or trying to get RFI from threat intelligence. Just being able to live within Swimlane and respond to an incident has been a major benefactor for them.”

Increased Analyst Efficiency: With Swimlane, “analysts can spend 100% of their time actually responding to incidents as opposed to just gathering more information. We have seen a dramatic decrease in our mean time to respond to incidents since we’ve had all these automations in place.”

Improved Engineer Capabilities: “For my engineers, they really speak highly of Swimlane when I give them an abstract idea – or they bring me an abstract idea – and they run with it. They’re not restricted in their imagination of what they can accomplish.”

“I would recommend Swimlane to my peers, to all security operations departments and even to the C-level. It gives you a very robust look into the environment and gives your analysts the abilities to work efficiently within a single platform. So it might help me by aggregating my entire toolset into a single pane of glass, or my analysts to quickly respond and save time and be able to respond to incidents in a very efficient manner.”