Infosys delivers security at scale with automation from Cortex XSOAR

Being a leading digital services and consulting provider with more than 250,000 staff spread across 100 locations in over 50 countries worldwide means that Infosys has plenty to protect—even before taking into consideration its growing managed IT services practice for cybersecurity.

Most organizations are not well-positioned to handle the complex cybersecurity needs of today’s landscape. CISO and Head of Cyber Practise Vishal Salvi explained that today’s enterprises have started to distinguish between what is core and non-core to their skill sets, and for the vast majority, security is not a core competency.

Enterprises seek out Infosys to manage their cybersecurity because it’s more efficient and cost-effective to outsource this function to experts. With the landscape of sophisticated threats evolving daily, most organizations simply don’t have the resources to keep pace on their own.

Infosys has embraced this opportunity with its renowned Cyber Defense Center operations—a network of security operations centers (SOCs) in locations from Bangalore, Hyderabad, Pune, and Chennai to Bucharest and Indianapolis. These centers protect Infosys’ own vast business, covering virtually every industry sector.

Lakshmi Narayanan Kaliyaperumal, Vice President and Head of Cyber Security Technology & Operations at Infosys, leads the team responsible for the enterprise security architecture and is also accountable for developing security standards and guidelines for the entire infrastructure’s projected tools. Altogether, Lakshmi oversees a large team of cybersecurity technology and operations experts, all of them dedicated to protecting Infosys and its customers from a world of threats.

Infosys collects logs from more than 50 different types of log sources, reporting on upwards of 50,000 devices located in both on-premises data centers and the cloud. These logs generate an almost unimaginable inbound alert volume of one million events per second. This is a significant challenge, even for a large and expert global team.

Across its users, the time to remediation was ranging from four hours to as many as 48 hours, in some cases. It was imperative to reduce that time.

Also, with a globally distributed organization, incidents were coming in from different systems. Analysts had to use multiple consoles to really understand what was going on. It was a complex way to manage risks, and one that could lead to human error.

“We used to collect all these logs, but there are certain tools even if we collect the logs, that is not enough,” Lakshmi notes. “We had to log into the console. So, the first challenge was for the security analyst, whether it is a Level 1, Level 2, or Level 3, to log in to multiple consoles to get their view for their incident.” That was a significant deterrent from achieving the agility and effectiveness Lakshmi and the team sought.

Layer on top of that the human factor. Trying to stem the huge, continual wave of alerts had become an overwhelming task for the analysts, who were spending their time doing repetitive Level 1 work. Morale in the centers was low, and turnover was high. This made everything even less efficient due to long ramp-up times for new SOC employees. Enabling his team of security professionals to focus on the higher value incidents, rather than just the manual and repetitive Level 1 tasks, became one of the leader’s primary objectives.

Vishal and Lakshmi knew that to secure their own business and build a leading managed service practice, they needed to eliminate as much manual work as they could, leveraging automation to support the security needs of both Infosys and its security customers. They also needed a source of truth that would enable them to handle all incidents from a single platform. “We look for automation, orchestration, and integration in a very purposeful manner,” Vishal says.

Infosys had to fulfill a number of primary requirements to help increase efficiency in its Cyber Defense Center operations, including:

• Automate all Level 1 activities that are high-volume, manual, and repetitive in nature.
• Automate more than half of Level 2 and Level 3 activities to reduce response times on more critical and complex events.
• Provide deep role-based access control (RBAC) to enable partnerships with internal teams like HR and IT.
• Automate data collection from disparate security systems.
• Consolidate information in a single console so teams do not need to bounce between sources.
• Ultimately, find a reliable partner. With its own global network to support and a constantly evolving threat landscape, Infosys needed a cybersecurity partner that could work closely with them to enable reliability and trust.

Having automated whatever they could internally, the Infosys team now needed new ways to manage all the repeatable manual tasks with a high degree of automation. This would allow the company to grow the team’s bandwidth for the deeper cognitive work vital in cybersecurity operations.

With Cortex^® XSOAR. Infosys has been able to improve the operational efficiency of its Cyber Defense Centers with automation that orchestrates security activities with configurable playbooks.

Before deploying Cortex XSOAR, Infosys had already been using a next-generation security information and event management (SIEM) platform and generating alerts from it. Infosys also had user and entity behavior analytics (UEBA) as well as cloud-based monitoring services already integrated into the SOC.

What wasn’t integrated was automated orchestration. As a result, when the SIEM generated an incident, it was manually assigned to an analyst who then had to figure out additional context and determine if the incident merited further investigation. Infosys had manual playbooks that directed security analysts’ actions, but they needed to digitize and automate those playbooks. That is what Cortex XSOAR enables.

Cortex XSOAR integrated with the existing Infosys security stack, making it easier to deploy. On top of that, Infosys had previously been manually calculating the mean time to detection and response (MTTD and MTTR)—a difficult and time-consuming task. With Cortex XSOAR, that calculation is automatic. Both leaders note the value and simplicity Cortex XSOAR provides.

“We found that Cortex XSOAR was the best fit solution for automating and getting us to the next level of hyperautomation that we were looking for,” Vishal says. “Given the success of that deployment and the amount of automation that we’ve been able to do, we’ve now extended that to all our managed security services. So now, all our Cyber Defense Centers across the globe use that layer of Cortex XSOAR to automate all their use cases.”

By eliminating manual tasks with Cortex XSOAR, Infosys has reduced employee turnover. Lakshmi observes that his analysts aren’t getting burned out anymore by repetitive, monotonous tasks. Now, those lower level tasks are being automated, which has led to improved employee retention.

Thanks to the increased automation from Cortex XSOAR, employees are focusing on higher level, more interesting tasks, Lakshmi explains.

With Palo Alto Networks, Infosys isn’t just getting Cortex XSOAR. The company is getting a trusted partner who listens to and works with the Infosys team to continuously improve.

One aspect of this partnership involves Infosys participating in Palo Alto Networks customer advisory forums. The leaders are able to provide feedback that helps to further improve the overall security solution. Vishal notes that it’s always good to get more features and that Palo Alto Networks is always very responsive.

With Cortex XSOAR as part of the security operations stack, Infosys has been able to achieve its objective of focusing humans on higher level tasks while automation handles the scalability challenges of an increasing volume of data. No longer are incidents slowed down by manual processes and disparate systems. With digitized playbooks and orchestrated responses enabled by Cortex XSOAR, Infosys can offer the highest levels of assurance and service-level agreements to its cybersecurity customers.

“With Cortex XSOAR, you can automate so that the team only needs to focus on the incidents which are complex in nature,” Lakshmi points out. “This is how we are providing assurance to management, and to our customers. They know all the incidents are handled in a proper way. And we are not missing any incidents in a day. That’s very important.”

“We believe truly that the combination of Infosys and Palo Alto Networks can really be very potent in the industry,” Vishal adds, “to drive innovation and assure customers that we have their back.”

Visit us online to find out more about how Palo Alto Networks Cortex XSOAR can help automate opportunities for your organization.