Santhosh John Thomas, CIO, African Eastern, discusses key moments in their cybersecurity journey so far and what the investment in a Security Operations Centre means going forward.
Can you provide an overview of your organisation’s cybersecurity journey up to this point? What were some of the key milestones and challenges you encountered along the way?
African + Eastern, a name synonymous with excellence, boasts a remarkable history spanning more than three centuries, first as a general trading company originating in Africa and more recently in the Middle East with in excess of 50 years expertise exclusively in the distribution of alcoholic beverages in the Arabian Gulf. We proudly hold the distinction of being the leading distributor in our region across the key categories in which we operate.
Our cybersecurity journey began approximately 25 years ago when our organisation was relatively modest, comprising around 25 to 30 employees. At the time, our IT infrastructure was basic, featuring the PIX firewall, which was considered state-of-the-art back then. However, our quest for cybersecurity excellence led us to progressively enhance our defences. We ventured into developing our in-house firewall solutions and gradually integrated more robust security measures, such as perimeter firewalls, vulnerability assessments, intrusion prevention systems, and next-generation firewalls, among others. Over time, we diligently implemented these crucial components.
Yet, there came a point when we realised that the path we were on might not be the right one. Despite our extensive security infrastructure, we needed to shift our perspective. It was a turning point when we recognised the need for a comprehensive cybersecurity portfolio, viewed from a different angle. This realisation prompted us to embark on a new direction: establishing our very own Security Operations Centre (SOC). We initiated a thorough evaluation of various options, embarking on a journey to explore the realm of SOCs. This is how we reached where we are today, with a heightened focus on cybersecurity analysis and our ongoing journey in the world of SOCs.
Why did you decide to invest in a Security Operations Center (SOC) service for your organisation’s cybersecurity needs? What were the driving factors behind this decision?
At African + Eastern, our IT department are structured into four key pillars. The first pillar is dedicated to IT operations and IT security, serving as the foundation of our technological framework. Our second pillar, the Enterprise team, focuses on managing ERP systems. The third pillar, the Digital Transformation team, is at the forefront of our technological evolution. Lastly, the newest addition to our portfolio is the Data Analytics team, which contributes to our data-driven decision-making.
Security is an exceptionally serious matter at African + Eastern, and it’s a core aspect of our IT operations. As we assessed our security parameters, we came to realise that the various components we had in place, including the CO firewall, perimeter firewall, vulnerability assessments, and next-generation EDR solutions, presented a significant challenge for our organisation. Despite our commitment to security, the complexity of our security infrastructure was a challenge we needed to address. Recognising this, we made the strategic decision to establish a dedicated Security Operations Centre (SOC). The SOC’s primary role is to provide continuous, round-the-clock monitoring of our IT applications and endpoints throughout African + Eastern.
In our quest for the right SOC partner, we discovered Secureworks®, a recognised leader in the field of security operations centres in our region. Our discussions with them culminated in a collaborative partnership. Today, we can confidently state that we’ve entrusted our security operations to Secureworks, effectively transferring and mitigating our security risks.
What specific security goals or objectives were you looking to achieve by implementing a SOC service? Are there any particular threats or risks that prompted this move?
Initially, there was a noticeable absence of dedicated personnel overseeing security matters in our organisation. While we had various security tools in place, the critical element of vigilant monitoring was lacking. Given the expansive nature of African + Eastern’s IT landscape and our substantial size, we faced the challenge of not having a dedicated resource to comprehensively analyse the vast array of logs generated. This realisation prompted us to take action, recognising the pressing need for rigorous monitoring of our secure development practices. Thankfully, we’ve experienced a relatively secure environment thus far, thanks in part to regular security audits. However, these audits also underscored that while we were secure, we had not reached the level of security we aspired to attain. Consequently, we arrived at the decision that establishing a Security Operations Centre (SOC) was imperative to provide continuous, 24/7 monitoring of African + Eastern’s entire IT landscape.
Can you explain the timing behind the decision to implement a SOC service? What factors influenced the decision to do it now?
The need for a Security Operations Centre (SOC) became evident as the world and African + Eastern grappled with the challenges posed by the pandemic. Internally, numerous debates took place, leading to a year-long deliberation on the best course of action. The central question revolved around whether to invest in establishing an in-house SOC or continue to acquire and manage the various security components independently. During this period, we continued our investments in other security areas, attempting to find the right balance.
However, a pivotal moment occurred when it became clear that our current approach was inadequate. We realized that the threat landscape was continually evolving, and merely investing in isolated security solutions was not a sustainable strategy. This realisation led to the unanimous decision that a dedicated SOC was imperative. After over a year of careful consideration and evaluation of numerous potential partners, we ultimately chose to collaborate with Secureworks. Their global expertise and comprehensive SOC services aligned perfectly with our security requirements and vision for the future.
What were the key considerations that led you to choose Secureworks as your SOC service provider? Were there any unique features or capabilities that stood out to you?
Our decision to partner with Secureworks was shaped by several critical considerations. Firstly, the reliability of their XDR (Extended Detection and Response) platform, known as “Taegis™,” stood out. This flagship platform proved to be exceptionally effective during our rigorous evaluation process. It offered comprehensive threat detection and correlation rules, which impressed us greatly. This level of effectiveness left no room for doubt in our discussions, making it abundantly clear that Secureworks could meet our security requirements.
Secondly, our interactions with the local team at Secureworks, led by Gopan Sivasankaran, underscored their distinct advantage. Gopan’s local presence set them apart, unlike many other SOC service providers in the region who lacked a senior resource on-site. This local presence was particularly valuable in cases requiring swift escalation, such as responding to security incidents or potential breaches. We found this aspect to be a crucial parameter when assessing the suitability of a partner.
The third vital factor that weighed in favour of Secureworks was the depth of expertise they brought to our region. Our interactions with their local technical team left us thoroughly impressed. Their knowledge and support, especially during a proof of concept, exceeded our expectations. At no point during this process did we doubt our decision to partner with Secureworks. Their combination of expertise, resources, leadership, and a robust platform made them the clear choice as the right partner for African + Eastern in the realm of SOC services. Hence, we confidently selected Secureworks for our SOC journey.
How does the Secureworks SOC service align with your organisation’s broader cybersecurity strategy and objectives?
At African + Eastern, we hold security in the highest regard, recognising its paramount importance. This perspective is mirrored by Secureworks, making our conversations about our security objectives seamlessly aligned. We embarked on discussions at a broad level, delving into our security priorities, and found a remarkable resonance with the approach taken by Secureworks. This synergy enabled us to chart out our objectives and correlate them with the metrics and strategies they had to offer.
Secureworks, with its wealth of expertise, introduced valuable insights into our discussions. We found ourselves in strong agreement on critical aspects such as incident response, threat hunting, and the validity of security measures. The cohesion between their proposals and our organisational objectives was evident. Following these discussions, we swiftly solidified our partnership with Secureworks, marking the beginning of a mutually beneficial journey. Their commitment to security aligns perfectly with our vision, making them an ideal collaborator in our pursuit of safeguarding our organisation.
In what ways do you envision the SOC service evolving to meet the changing threat landscape and your organisation’s evolving security needs?
Every organisation, regardless of its size, whether small, medium, or large-scale, requires a dedicated Security Operations Centre (SOC). The choice between establishing an in-house SOC or opting for a global partner depends on the organisation’s specific needs and preferences. However, it’s essential to recognise that a SOC is not merely the endgame in the ever-evolving landscape of cybersecurity.
Hackers continually devise sophisticated strategies to breach an organisation’s defences. To effectively combat these evolving threats, a SOC must be dynamic and mature, capable of adapting to the changing threat landscape. In my perspective, the evolution of SOCs is an ongoing journey. We should encourage the development of multiple SOC players across the world, fostering the creation of comprehensive threat databases and threat vectors. It’s a path that needs to be nurtured and refined over time to keep pace with the evolving threat landscape and safeguard organisations effectively.
What advice would you offer to other CIOs or organisations considering a similar path towards enhancing their cybersecurity through SOC services and providers like Secureworks?
African + Eastern has always recognised the importance of security. Yet, due to various challenges, including resource constraints, user-friendliness concerns, and budget limitations, the journey towards bolstering our security measures was complicated. It’s a challenge shared by many organisations in this region, where security is often viewed as an expensive necessity, rather than a readily embraced priority. Some might question the substantial investments in security, asking why such extensive measures are essential.
In response, I’d pose a simple question: Why do we take out insurance for our personal lives? The same principle applies to our organisations. In a rapidly evolving security landscape, where new threats and vulnerabilities emerge daily, investing in security is akin to securing insurance for our digital existence. It’s an indispensable safeguard that shouldn’t be overlooked. Cybersecurity is not a destination but an ongoing journey, one that necessitates continuous investments, the right expertise, alignment with business goals, and support from management to ensure that your organisation remains well-protected in the complex realm of application security.
Tell us about your partnership with Finesse
As we began our search for the ideal SOC partners, we swiftly recognised Secureworks as one of the foremost choices in this region. Their global and local presence made them a strong contender. However, we understood that this wasn’t the entire solution; we required a local SOC partner to address our specific needs. This realisation prompted us to explore how we could further enhance our security infrastructure beyond Secureworks.
Enter Finesse—a significant addition to our cybersecurity equation. Engaging in discussions with Finesse, who acts as a direct partner of Secureworks, was a pivotal moment in our journey. Finesse boasts deep expertise in the platform provided by Secureworks, offering the local support we required. This collaboration provided us with a seamless and efficient avenue for bolstering our security.
Since African + Eastern doesn’t maintain an in-house security team, we entrusted Finesse with the task of managing our security operations. Their proficiency of the Secureworks platform, combined with the local presence of Finesse in Dubai, has contributed immensely to keep us safe and secure. Should any security issue arise, we know exactly who to contact first and have a well-defined protocol for escalation. Finesse has proven to be the right partner in our ongoing cybersecurity journey.