Cybersecurity has become as much a business necessity as having electricity says South African financial services and insurance company, Sanlam.
Threat actors are constantly evolving and relentlessly hunting for vulnerabilities, cybercrime has become so profitable that exploitation is their business priority, and regulation is increasingly complex to navigate and manage.
For Sanlam, cybersecurity has always been more than plugging holes and filling gaps, it’s a priority that has to be embedded within business foundations while managing cost, growth, customer experience, data analytics and regulatory controls.
“Developing a comprehensive and holistic cybersecurity solution is a mandate for us, one that we must meet to ensure customer, stakeholder and industry trust. It has also rapidly become an expensive exercise as we’ve expanded our requirements, data points and security posture,” says Chris Vermeulen, Chief Cyber and Information Security Officer at Sanlam.
“In our search for a security investment that could meet our rigorous corporate and compliance requirements, we found that many solutions were prohibitively expensive while not quite meeting our standards or needs. We had even started looking at building our own open-source platforms to see if we could get the same value at a lower cost while increasing our scale and security.”
While investigating the open-source route, Sanlam found that the Nview platform from Nclose was built on the same product set it was planning to build in-house.
The platform came with what Sanlam believes is trusted support and reliable service and immediately reduced the company cost burden while also ticking more than one of the organisation’s security boxes.
As Vermeulen points out, “[Nclose] had already done the work, the pricing was in Rands, and the solution saved us a lot of effort as it met our stringent requirements from the outset.”
The Solution Requirements
Alongside the need to upgrade security capabilities and manage costs, Sanlam required a Security Operations Centre solution that could scale and cope with the company’s capacity requirements.
“We couldn’t trust our alerts,” says Vermeulen.
“Because of capacity constraints, we were dropping events the moment that our previous solution hit the events per second limit. The result was blind spots due to the ineffective correlation of events in the source data. This was a big concern for us and it restricted us from maturing our system any further; as we could not add more data sources without drastically increasing cost.”
Sanlam’s team wanted the ability to analyse the data to gain a richer perspective of the attack types, the frequencies, the patterns. They wanted to grow the capabilities of the system to ensure the information was accurate and relevant.
“When we ran simulated attacks, we could see there were gaps,” says Vermeulen.
“We didn’t have any losses or open ourselves up to risk, but we could see that there was potential for losses and risks and this had to be eliminated.”
The Nview platform was the primary component implemented by Nclose for Sanlam. As a robust, trusted and scalable security operations solution, it stepped in and replaced the older, less reliable, system and ticketing platform to ensure up to date and accurate incident management.
What Success in Cybersecurity Looks Like
“[Sanlam’s] SOC team was extremely frustrated with the previous product and the lack of support,” says Vermeulen.
“This has completely changed. Working with Nclose is like having access to a bigger team. Their technical and management-level people are helpful and knowledgeable, always helping us to leverage and optimise our investment as much as possible. Their solution has grown with us, and it makes all the difference.”
The security operations platform has given Sanlam the ability to scale seamlessly and has been developed in collaboration with the company to ensure that it meets expectations and rigorous requirements.