Blog
Why RV Connex Chose Swimlane As “The Powerhouse” Of Their SOC
Read More
Why RV Connex Chose Swimlane for Automation
Find out more about how Swimlane helps RV Connex.
Case Study
Background
RV Connex is a national defense and space manufacturing company based out of Thailand. With their foundation in local defense, Cynclair, RV Connex’s Managed Detection and Response (MDR) services, neutralizes nation-state threats and works to demystify the digital landscape and help companies identify, neutralize, and end threats before they become a vulnerability or attack. The company’s overall goal is to provide the best and most innovative products, services, and solutions the industry has to offer.
RV Connex Vice President of Cybersecurity and Chief Information Security Officer (CISO), Tanajak Watanakij, says “I knew Swimlane would be the Powerhouse of our SOC from the first call.”
Thailand’s Unique Cybersecurity Challenges
Insufficient Awareness of Advanced Cybersecurity Technology
Global cybersecurity threats are increasing both in terms of frequency and sophistication. In Thailand, many people are unaware of how to use security automation to keep pace with threats.
According to Watanakij, nearly 90% of companies in Thailand have implemented firewall and antivirus tools with the misconception that these two elements alone suffice for efficient cybersecurity. However, this approach overlooks the dynamic nature of cybersecurity threats, as antivirus solutions often fail to keep up with evolving attack signatures. The reality is that cybersecurity infrastructure in Thailand needs a more comprehensive strategy that goes beyond the mere installation of antivirus and firewall systems.
“Thailand specifically has ransomware running rampant all the time and not enough awareness around threat detection.” Watanakij recognized. That’s why swifter mean-time-to-detection (MTTD), triage, investigation, and response is imperative. This need is critical for both RV Connex’s internal SOC and their Cynclair clients, and the solution for both is security automation.
Straight from the Source
I knew Swimlane would be the Powerhouse of our SOC from the first call.
Tanajak Watanakij
Vice President of Cybersecurity and Chief Information Security Officer
Security Automation Solutions
Company-wide Automation with Swimlane
RV Connex needed a tool that could scale their security operations (SecOps) capabilities internally and externally. For Watanakij, the choice of Swimlane as their security automation solution stemmed from a rigorous evaluation process. He mentioned a common starting point for organizations – checking Gartner Peer Insights ratings. Swimlane, despite not being a familiar name to Watanakij, stood out as the #1 company with the best user reviews, prompting him to engage.
After selecting Swimlane, RV Connex leveraged security automation to transform incident response capabilities for their Cynclair customers, which significantly reduced incident response times. As a result of security automation, Cynclair clients no longer experience manual customer engagement, command line dispatches, or waiting for execution on alerts.
“The unwavering support of Swimlane makes for an amazing partner. In about 2-3 years of starting MDR, we’ve managed to make a very scalable business because of the automation from Swimlane.”
Critical SOC Use Cases
Proactive Defense Against Malware and Ransomware Attacks
Security automation helped RV Connex streamline alert prioritization and accurately differentiate true from false positives. Automation of these intricate procedures resulted in accelerated time to detect, triage, investigate, and respond. By integrating Swimlane into their customers’ threat intelligence platforms, RV Connex was able to harness security automation capabilities for weekly “retro threat hunting”, which continuously monitored customer logs for high-severity malware and ransomware attacks, or indicators of compromise (IOCs), enhancing their threat detection and response capabilities.
Vulnerability Management
The Swimlane platform is capable of integrating with any API. RV Connex took advantage of this by integrating Swimlane with scanning server tools, access management systems, and task management solutions. This allowed them to automate vulnerability detection, assessment, and remediation actions. As a result, RV Connex found their processes were streamlined and the team workload significantly reduced. This enabled their SecOps team to prioritize MDR processes while also maintaining a robust internal cybersecurity posture for RV Connex. According to Watanakij, “with vulnerability management being automated, the team has way more time to do detection engineering and playbook improvement.” Ultimately, vulnerability management strengthened RV Connex’s overall security posture.
Automation Beyond the SOC
Fraud Case Management
“Our SOC is not like a traditional SOC, our SOC is a cyber fusion center, not only consisting of cybersecurity alone, but also fraud,” Watanakij explained. Unlike most MDR providers, RV Connex has combined cybersecurity and fraud prevention capabilities. In collaboration with subject matter experts from the fraud team, RV Connex developed algorithms that seamlessly integrated customer data streams with the Swimlane platform. Once the fraud and alert data was consolidated, the team leveraged Swimlane’s robust case management capabilities to streamline fraud monitoring and incident response. The fraud case management details feed into highly composable dashboards for RV Connex customers.
Access Management
RV Connex approached automation from every angle. Watanakij highlighted the immense customization capabilities that enabled them to extend automation to complex and unconventional security use cases. For example, they integrated Swimlane within their HR databases, Monday.com, and active directory systems in order to achieve seamless automation across departments. “Before, we would’ve had to have a larger HR team, but now we can automate many processes, like employee onboarding and offboarding.” By extending Swimlanes automation capabilities, RV Connex was able to achieve maximum ROI from security automation throughout the entire organization.
Unyielding Support from Swimlane
“We saw the sincere support that Swimlane could give us from the first call we had with Swimlane. They even bring in the CTO or higher up management support team to make sure the platform is providing optimal value for our organization. I think this unyielding support from Swimlane and the product, which is extremely intuitive and meets all the requirements of our entire company, is the most important deciding factor of why I chose Swimlane over every other vendor.”
Vendor Agnostic With No Extra Cost
“Swimlane isn’t vendor specific and has so many integrations available. If an integration is not available we can always ask Swimlane support to build it for us, without any cost!”
Scalability and Results with Swimlane
300% Increase in Customer-to-Analyst Ratio
The success of the Swimlane implementation was widely apparent throughout all of RV Connex.
Watanakij measured automation success based on the number of customers that one SOC analyst could effectively handle. This key performance indicator (KPI) serves as their primary gauge for evaluating the impact of their Swimlane investment, with an emphasis on analyst efficiency.
Previously, a SOC analyst could merely manage 2 – 3 customers, but today, that number has surged to an impressive 8 – 10 customers per analyst. This remarkable scalability is RV Connex’s new norm, which not only enhanced their scalability but also accelerated the response time of their security analysts. This customer-to-analyst ratio is the most pivotal KPI in Watanakij’s assessment of Swimlane’s automation effectiveness.
Advice for Organizations Thinking About Automation
For those starting with security automation, Watanakij says it’s crucial to have a well-established process in place because this process serves as the foundation for effective playbooks. “If you don’t have the ideas of how to automate your SOC, don’t worry because Swimlane can really help you with the process and playbook design – Swimlane does this really well and they really helped us with our SOC.”
Watanakij speaks highly of the success achieved with Swimlane.“I truly appreciate the people before anything. Swimlane people are very supportive and anyone who will use this product will not be disappointed. The team is very knowledgeable and they will help you get the results you want. I would recommend for anyone considering a security automation platform, to consider Swimlane first!”
Explore Swimlane Turbine
The world’s most capable security automation platform
