• CASE STUDY

Thetabyte Delivers Sub-5 Minute Threat Containment to Africa’s Energy Leader

Request a Demo

Challenges

  • Analyst Overload & Alert Fatigue
  • Siloed Tools and Complex Infrastructure
  • Threat Detection Blindspots

Outcomes

  • 60% Tier 1 Triage Automated
  • 70% Incident Response Time Reduction
  • Threat Contained in Under 5 Minutes

About Thetabyte

The MSSP Partner: Thetabyte, a specialized cybersecurity services provider known for modernizing large-scale enterprise SOCs, was selected to lead this pivotal project for the Nigerian National Petroleum Corporation (NNPC).

The End Customer: NNPC, the state-owned national oil corporation of Nigeria, is one of Africa’s largest energy companies. Its vast operations underpin a critical portion of Nigeria’s economy, making security and operational uptime uniquely challenging and nationally important.

The Project: Thetabyte deployed Swimlane Turbine as the central AI automation platform to modernize NNPC’s Security Operations Center (SOC). Securing an entity of this magnitude required a highly flexible and robust solution capable of integrating diverse legacy infrastructure.

Cybersecurity Challenges

Analyst Overload & Alert Fatigue


Manual processes consistently slowed incident response, leaving analysts overwhelmed with repetitive, low-priority tasks.

Siloed Tools and Complex Infrastructure

NNPC’s legacy systems, which were diverse and siloed, led to critical fragmentation and a lack of centralized visibility, forcing analysts to manually pivot between security platforms.

Threat Detection Blindspots

Analysts could not reliably correlate Threat Intelligence (TI) feeds with SIEM alerts, resulting in significant blind spots in threat detection.

AI AUTOMATION SOLUTION

Dynamic security playbook workflow representing automated logic branching and orchestration pathways.

Simple Playbook Building Experience

Turbine Canvas delivers visual, drag-and-drop flexibility for building complex custom playbooks. This modular, low-code design makes automation easy and effective for analysts across all levels (L1 through L3), significantly accelerating Thetabyte’s delivery of new automation capabilities.

Animated technical diagram representing automated data flow and seamless logic orchestration within Swimlane Turbine.

Infinite Integrations

Turbine’s ability to integrate with virtually any tool via API, specifically through the Swimlane Marketplace, allowed Thetabyte to rapidly unify NNPC’s diverse security stack, even including proprietary threat intel tools.

Dynamic MSSP dashboard representing multi-tenant security operations, SLA tracking, and threat telemetry.

Unified Visibility for Stakeholders

Real-time dashboards and AI-augmented reporting provide operational transparency and visibility for both technical and executive stakeholders.

TOP USE CASES

SIEM Alert Triage

Threat Intelligence

Ticket Creation and Tracking

Elastic logo: A multi-colored geometric mark representing the search, observability, and security entity.

SIEM Alert Triage

Thetabyte integrated their SIEM, Elastic, with Turbine to filter out noise from SIEM alerts, ensuring only high-fidelity incidents are passed to the next stage. This critical initial step drastically reduces the volume of security events before any manual analyst intervention.

virustotal

Threat Intelligence

Thetabyte leverages Turbine to consolidate data from multiple threat intelligence sources, including VirusTotal and a proprietary feed. Turbine searches for known malicious Indicators of Compromise (IOCs) and performs internal asset database lookups to identify the affected owner, criticality, and location, ensuring analysts can pivot directly to investigation with a fully contextualized incident package.

Jira

Ticket Creation and Tracking

By integrating Turbine with Jira, Thetabyte ensured a complete audit trail and seamless handoffs between the SOC and remediation teams. This integration automated ticket creation and tracking, ensuring every step of the incident response lifecycle is logged, providing the necessary operational transparency and compliance readiness.

OUTCOMES

60% Tier 1 Triage Automated

Within the first three months, more than 60% of Level 1 triage tasks were automated, reducing workload on analysts and enabling them to focus on strategic security initiatives.

Gear and checklist icon representing enhanced security automation capabilities and technical hardening.

70% Incident Response Time Reduction

Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) fell significantly, while better audit trails and reporting instantly improved compliance readiness.

Line graph icon representing quantifiable ROI, performance tracking, and security automation telemetry.

Threat Contained in Under 5 Minutes

A malware campaign targeting NNPC employees was detected and isolated in under 5 minutes, successfully preventing any user compromise

Clock icon representing automated time savings, MTTR reduction, and increased SecOps operational efficiency.

“I would recommend Swimlane to my peers because it empowers security teams to do more with less. It automates the tedious tasks, accelerates critical response, and gives analysts the freedom to focus on what matters most.”

Ron Maman
Director of Operations
Blue quotation mark icon representing expert testimony, customer success, and industry leadership.
Ron Maman
About the customer

Ron Maman

Director of Operations, Thetabyte

LinkedIn logo: A minimalist blue icon representing professional networking and industry leadership.
GRC compliance audit readiness research
Report

GRC Chaos: The High Price of Audits and Non-Compliance

Read More
E-book

A Buyer’s Guide for Modern Security Automation

Read More
Blog

Vulnerability Management vs. Patch Management Explained

Read More
View All Resources

Request a Live Demo

Realize 240% ROI in year one through agentic AI with automated guardrails.

Request Demo