Case Study
In brief
Inspira
High technology
IT solutions provider specialising in digital transformation
1,500 employees
India
Inspira selected Cortex XSOAR because it offered superior integration capabilities, and the complete Cortex umbrella had several beneficial components.
INTRODUCTION
Established in 2008, Inspira is a full-fledged global cybersecurity player that undertakes digital transformation for customers in three areas—consulting and advisory, transformation, and operations. Inspira has a strength of over 1,500 people and offices spread across the U.S., UAE, Kenya, India, Singapore, Indonesia, and the Philippines. The company provides services across various industries, including BFSI, energy and utilities, retail, telecom, public sector, healthcare, and pharmaceuticals.
As the Vice President of International Sales and Global Leader for Integrated Cyber Threat Management Practice, Gaurav Deshpande and his team focussed on providing cybersecurity solutions across the entire lifecycle to Inspira’s customers. As a security solutions provider, the organisation’s goal is to focus on continuous improvement to ensure its customers have access to best-in-class industry solutions. Plus, as a managed security service provider (MSSP) with close to 50 customers,Gaurav wanted to optimize incidents within the company’s own environment and reduce incident handling timelines.
CHALLENGE
Explaining how Inspira manages the entire cyberthreat management landscape for customers on one hand and its security operations centers - called Cyber Fusion Centers (CFCs) - as an MSSP player on the other, Gaurav highlights the challenges he faced on both fronts. The company wanted a managed security service offering that could automate the CFCs, allowing faster deployments and onboarding of clients.
As Inspira manages security services for customers across multiple layers, it was imperative to provide a unified view of the cyberthreats they encountered daily and their response mechanism.
“Parameters like what the incident lifecycle is, the mean time taken to detect or MTTD, and mean time to respond or MTTR, are integral to customers from a security service provider’s standpoint,” Gaurav said. “As an MSSP, we sought to harness the power of automation to optimize operations through a mature security orchestration, automation, and response (SOAR) technology in our own environment.”
Having implemented SOAR solutions for their customers, Gaurav and his team had seen the advantages an operations team could derive from them. Hence, the thought process was to replicate the same within the CFCs at Inspira to optimize the incident management process and reduce the incident handling timeline..
In addition, as a service provider, Inspira strives to offer continuous improvement. “We wanted to ensure that the time taken to resolve any incidents was minimal as more time taken to resolve an incident only meant more bandwidth taken away from critical functions,” explained Gaurav.
REQUIREMENTS
When Inspira looked at threat management as a concept, it needed to work at two levels:
As a security solutions provider:
As an MSSP:
Parameters like what the incident lifecycle is, the mean time taken to detect or MTTD, and mean time to respond or MTTR, are integral to customers from a security service provider’s standpoint. As an MSSP, we sought to harness the power of automation to optimize operations through a mature security orchestration, automation, and response (SOAR) technology in our own environment.
SOLUTION
Since Inspira was looking at a solution that could optimize incident management within its CFCs as well as the CFCs built and operated for their customers across regions, it evaluated multiple solutions. Inspira needed to ensure that the solution selected had the required integration capabilities to mesh with multiple technologies in the CFCs.
“Cortex XSOAR from Palo Alto Networks demonstrated integration capabilities far superior to other platforms,” Gaurav said. In addition, the complete Cortex portfolio of Cortex® XSOAR, plus XDR and other components, made it crystal clear that this was the solution Inspira needed to opt for.
With 300 plus engineers in its CFCs, Inspira was looking at building the right use cases and playbooks that could be deployed for its customers to optimize its operations. Many of the company’s engineers had already worked with Cortex XSOAR in customer environments and had seen its effectiveness.
Cortex XSOAR helped Inspira achieve increased efficiencies by unifying case management, automation, and real-time collaboration in the industry’s first extended SOAR offering. Inspira creates playbooks in its own environment that can be implemented by the customer. At this stage, Inspira has developed over 15 playbooks for each of its 10 top customers. In its own CFCs, it has more than 20 playbooks. “With Cortex XSOAR, Inspira can manage alerts across all sources, standardize processes with playbooks, take action on threat intelligence, and automate response for any security service, thereby reducing the average incident resolution time from a total of 12 hours to 1.5–2 hours or by as much as 70 percent,” Gaurav explains.
Inspira also wanted a partner with a successful track record across all regions worldwide, as they wanted to scale the solution to other global offices when necessary.
With Cortex XSOAR, Inspira can manage alerts across all sources, standardise processes with playbooks, take action on threat intelligence, and automate response for any security service, thereby reducing the average incident resolution time from a total of 12 hours to 1.5–2 hours or by as much as 70 percent.
BENEFITS
After deploying Cortex XSOAR, the end-to-end incident handling seen across P1 and P2 incidents (which are on the lower scale of criticality) has reduced drastically with automation, saving analyst time to focus on more critical tasks.
“With Cortex XSOAR, Inspira can manage alerts across all sources, standardise processes with playbooks, take action on threat intelligence, and automate response for any security service, thereby reducing the average incident resolution time from a total of 12 hours to 1.5–2 hours or by as much as 70 percent,” Gaurav explained.
The auto-remediation and automation of responses have enabled team members who earlier used to work on incident handling and triage to now be available to conduct a deeper analysis of critical incidents. The same team members can now develop use cases to optimise activities further. They can also design playbooks and increase Inspira’s asset library of use cases and playbook campaigns such as the rapid breach response playbook (against new attacks), phishing response playbook, endpoint malware infection playbook, threat hunting, rapid IoC hunting playbook, and vulnerability management playbook that can be implemented for customers.
Inspira can combine Cortex XDR® with their managed services offerings to help customers worldwide streamline CFCs operations and rapidly mitigate cyberthreats. Gaurav expressed a sense of great satisfaction as he talked of the partnership with the team from Palo Alto Networks, saying, “We at Inspira obtain access to a host of assets, allowing us to keep to our core belief of continuous improvement in the solutions we offer our customers. We have received tremendous support from the leadership team, and as we look forward to take the relationship ahead in the Middle East, ASEAN and the U.S. too, we know that Palo Alto Networks has the capabilities to support us in these markets.”
Palo Alto Networks has regular communication with the team at Inspira to track progress on the company’s skills and capabilities. The team undertakes training programs to certify sales and technical resources at Inspira on Palo Alto Networks technologies. As he concludes, Gaurav emphasised the benefits of the Professional Services delivery program at Palo Alto Networks, through which technical engineers at Inspira gain access to resources for Cortex, Prisma® and StrataTM solutions, enabling them to further strengthen their skills and capabilities.