Ausenco has increased its detection capabilities and reduced the time to resolution for security incidents by rolling out observability software across its multinational IT operations.
The engineering and construction services provider deployed Arctic Wolf’s security information and event management (SIEM) platform in mid-2021.
Chief information officer Anuj Anand told iTnews that “the entire organisation’s telemetry” across its 26 offices and 80 project locations in 15 countries is “now viewable from a single pane of glass.”
Anand said that, comparing an average month in 2020 to 2023, “the detection capability has increased by at least 40 percent,” and resolution time for the average security incident ticket has “dropped from 15.42 hours to 6.66 hours, which is nearly a 60 percent decrease.”
The platform trains itself on data collected from Ausenco’s IT operations to recognise anomalies and evaluate whether their level of contrast with regular activities warrants an alert or automated intervention.
“So it might recognise that a ‘travel scenario’ like a user logging into Australia and then South America within 20 hours is suspicious enough to warrant an alert but maybe not ‘impossible’ enough to warrant automatically blocking the user,” Anand said.
“However, say that same user logs into Australia and then China within 20 hours – China’s pretty impossible for them to login in from at this stage.
“So it could say, ‘Let’s block this user from China for now’ and go back to the IT team to see what the next steps are.”
Before the partnership, the Brisbane-headquartered company’s security was previously focused “mostly on endpoint solutions” such as “firewalls or antivirus protection on users’ devices.”
Anand said that “because systems became more connected and accessible across our entire framework,” Ausenco needed to invest in protections against attacks “getting into networks, email platforms and other tools.”
A 2021 IBM audit highlighted “not having a SIEM platform” as “one of the gaps in our security landscape”, he said.
Unified visibility was also necessary to reduce workload on Ausenco’s small security team which was inundated with alerts.
The team previously used a range of interfaces – “data loss prevention, data classification, email protection and other cyber solutions” – for incident detection and response.
Anand said Arctic Wolf’s “concierge service” – what the vendor calls its onboarding operation – had provided “a lot of support” since, around billing, examination of alerts, but also “advice in our monthly meetings and they update us constantly on zero-day vulnerabilities.”