Security automation, protection and SOC modernization for GrowPro Consulting & Services Co., Ltd.

GrowPro Consulting & Services Co., Ltd. (GrowPro) is an IT network and security company based in Thailand with extensive experience in various types of IT security services, including product-related services and consultancy. The company’s 24/7 SOC and managed detection and response (MDR) service aim to deliver cyber resilience using 360-degree threat detection and response coverage. Tracing the history of the company, Khongsit Detampornchai, Managing Director, GrowPro, reflects on how the company began by specializing in security information and event management (SIEM) implementation many years ago. “As we worked with traditional SIEM implementation for many large system integrators and resellers, we witnessed glaring gaps on SIEM platforms, on account of our traditional security operations center (SOC). While SIEM has many out-of-the-box rules in place for security protection, it was impossible to use manual processes to combat emerging threats,” says Khongsit. As a result, GrowPro was on the lookout for a solution that could help provide strong detection and response as part of a managed service.

As with most traditional SOCs, GrowPro was also dealing with issues, such as overworked teams that lacked the necessary skills to mitigate sophisticated cyberattacks and a rapid increase in the number of daily alerts. “It was important that we took the necessary steps to move beyond traditional, manual processes to endpoint detection and response (EDR),” explains Khongsit.

GrowPro’s traditional SOC was bogged down by the limitations of the SIEM tools, with little protection against critical threats. As an MSSP, the company needed to cater to the needs of its customers—many of whom had requested advanced services such as remediation at endpoints and network for critical incident management. “Our existing SOC could not successfully cope with the increasing number of alerts, as it requires many skilled analysts. Additionally, the barrage of evolving modern threats made it hard for our teams to detect threats manually, especially user and endpoint machine behavior. Since an increase in support engineers would increase our operating expenses or OpEx, we needed SOC modernization, strong security automation, and endpoint protection,” says Khongsit.

GrowPro was keen to meet their objective of adopting the NIST Cybersecurity Framework (published by the U.S. National Institute of Standards and Technology), and Khongsit’s team identified an effective MDR solution from Palo Alto Networks that met the following requirements:

• Improve detection and identification of modern threat activities and achieve a 10-minute response time for any major threat incident.
• Transform a traditional SOC to an automated SOC.
• Improve collaboration between internal teams and users within customers’ organizations and satisfy the stakeholder’s key performance indicators (KPIs) within the end-user organization.
• SOC modernization and playbooks automation.

Khongsit wanted GrowPro to achieve its goal of meeting the guidelines set by the NIST Cybersecurity Framework and opted the Cortex platform from Palo Alto Networks. For Palo Alto Networks, GrowPro is the first Cortex Extended Managed Detection and Response (XMDR) certified partner in the ASEAN region, and this is, therefore, an important milestone.

“We see marked improvement with respect to threat detection, identification, and response, using Cortex XDR from Palo Alto Networks, he says. Elaborating further, “Also, Cortex XSOAR helps us handle the triage processes in our SOC with reference to automations, which significantly reduced response time. In fact, we are able to meet our customer’s service-level agreement (SLA) of a 10-minute response time for any major incident or attack,” says Khongsit.

Instead of getting logs from customers’ protection tools, which limits modern threat detection capabilities, with Palo Alto Networks Next-Generation Firewalls (NGFWs) as a network sensor and with full subscriptions to parallel their customers’ protection tools, GrowPro can now see the incidents from network detection and response. GrowPro uses Cortex XSOAR to cross-check Cortex XDR incidents against their customers’ protection tools and often recommends that their customers deploy Cortex XDR to stitch the endpoint data and network logs together.

GrowPro can also build many service catalogs with Cortex XSOAR to unlock the power of threat intelligence. With Cortex XSOAR Threat Intelligence Management (TIM), enrichment playbooks can be automated, providing more details and context, such as approval email requests with just ‘reply’ emails. Despite a lengthy integration, GrowPro’s SOC team made the transition to a modernized SOC smoothly. The Cortex XSOAR integration is leveraged to natively create playbooks for automation.

GrowPro was able to close the gaps that existed within their traditional SOC with respect to SIEM. They were able to rapidly deploy detection, identification, and response tools to target precise root causes. They could also adhere to their customers’ requirement of a 10-minute response time for any critical incident. This was especially important as many of their customers are government organizations or operating in the financial services sector.

By opting for the Cortex platform, GrowPro has been able to maintain the same number of analysts as before, even though their customer base has increased. Khongsit says, “With the solution from Palo Alto Networks, we have achieved a 50% increase in productivity, with no additional OpEx costs incurred. Despite having the same number of analysts in our SOC, they now have the bandwidth for additional customers.” Analysts at the SOC respond to the network and endpoints quickly and identify the root cause rapidly to achieve improved service efficiency. GrowPro is also able to develop several new service catalogs.

Customers now realize the shortfalls of using the traditional MSSP model in Thailand (using traditional SOCs with SIEM), opting to make the switch to MDR instead. With Palo Alto Networks Cortex solutions, GrowPro has started an MDR revolution in the country. Khongsit adds, “Customers have moved their MSSP services to our MDR services, which often results in deploying XDR agents to all of their endpoints, ranging from 200 to 1,000 endpoints within a year.”

The relationship between GrowPro and Palo Alto Networks has steadily progressed. Although GrowPro usually works with prime contractors or resellers, the company opted for this independent implementation from Palo Alto Networks. Khongsit sums things up by saying, “On seeing the incredible outcome of their Cortex XDR solution for one of our customers, we applied the same solution internally. This was then adopted by our MDR and MSSP customers. Today we are proud to qualify as an XMDR partner to Palo Alto Networks.” In fact, GrowPro is Palo Alto Networks first XMDR partner in Thailand and the ASEAN region and is extremely optimistic about the future of their relationship together.