Resolution Life Australasia has cut its mean time to repair (MTTR) from 24 hours to six after moving its security operations centre (SOC) in-house.
The insurer, which entered Australia in 2019 and subsequently acquired the AMP Life insurance business in 2020, initially used a managed security services provider (MSSP) to run its SOC.
However, in a bid to “find better ways to do things”, Resolution Life insourced the capability and now has five security analysts, supported by Palo Alto Networks’ Cortex XSIAM.
“We entered in 2019 and there was nothing here, and we wanted to take the modern approach,” Resolution Life Australasia senior manager of cyber security architecture Brendan Kelly said at Palo Alto’s Ignite conference in Sydney.
“We started with the traditional side of things. We also knew we wanted a foundational model in place, which is why we went out and bought everything from Palo Alto Networks.”
Kelly said that the insurer “evolved from a traditional SOC approach”, which it then automated through Palo Alto’s Cortex XSOAR.
The company then adopted Palo Alto’s XSIAM, which claims to provide a consolidated SOC platform for the cloud.
“We wouldn’t have been able to [insource the SOC] as well as we did if we weren’t able to consolidate the platform,” Kelly added.
According to Kelly, Resolution Life Australasia would consider it a “good day” to have an MTTR of 24 hours while the SOC was outsourced.
“Today under [Palo Alto’s Cortex] XSIAM, in the last 30 days, our MTTR has been about six hours,” he said. “It’s in a pretty place from that perspective.
“There’s always room for improvement. The more we use automation to resolve incidents, the more we will lower that number.”
Resolution Australasia has also used automation in other parts of its business, most notably to triage whether its insurance claims are “easy” or “complex” within 15 seconds of lodgement.