The business challenge
NEC Australia is trusted to provide a wide array of communications, networking, and security services across Australia and, as such, has increased exposure managing a range of applications and networks for its customers. NEC Australia also has a diverse and widely dispersed workforce, with employees nationwide accessing both in-house and third-party systems daily. Prioritising the company’s cyber defences to avoid unnecessary exposure to risk across its IT environment is imperative.
“Our leadership takes protecting our critical assets and data very seriously and we continue to invest in enhancing our cybersecurity posture, continual security training, and expert resources. Decreasing our attack surface through effectively managing our distributed workforce, the myriad of applications they use, and the complex networks they connect on is key. It is also vitally important that we meet regulatory and industry compliance requirements to avoid financial disruption,” said Jason Gilliham, Cyber Security Lead, Security & Compliance at NEC Australia.
Some of the areas NEC Australia identified as challenges include a lack of visibility across the entire threat landscape, coupled with the company’s ever-expanding digital estate, which proved increasingly difficult to manage and keep up to date.
NEC Australia was also very aware that threat actors were constantly evolving the use of advanced technology and social engineering while the company’s own IT environments were growing in complexity.
“The balance between convenience and security was emerging, where employees want the latest cloud-based apps and services but are seldom aware of the risks that come with these,” states Gilliham.
“NEC Australia Security is continually applying proactive cybersecurity practices to reduce our risk, decrease our attack surface, and manage our costs. As part of the global NEC technology group and having a national footprint, our concerns are focused on securing our data, having extensive visibility across our people, processes, and systems all whilst aligning to our global cyber security approach,” explains Gilliham.
The Exabeam solution
Being aware that the number of vendors involved in a cybersecurity solution will amplify the risks, NEC Australia was committed to using a single, full-service cybersecurity platform.
NEC Australia’s decision to refresh their SIEM solution provided an opportunity to assess how their new platform would secure their IT environment within acceptable levels of risk, ensure the company had extensive visibility into how people were operating within the environment, and allow them to cost-effectively respond to audits and compliance requirements.
Also of paramount importance was the desire to reduce alert fatigue, which in turn would drive down security analyst overhead.
“We needed to ensure that our NEC Australia cybersecurity SIEM platform not only enabled effective security monitoring of our internal IT environment, but also our existing and emerging managed service customers. It was determined that our incumbent’s features and support were not keeping up with market demands; they were not clear in their future direction and indicated that they were moving away from dedicated onshore support,” said Gilliham.
After an in-depth market, technology, and business-fit evaluation including a detailed weighting exercise considering market reviews, pros and cons of various features, NEC global security teams’ feedback, and a commercial review in line with budget expectations, Exabeam Fusion SIEM was the SIEM and XDR platform of choice.
Key considerations for this decision included:
- Exabeam Security Operations Platform’s ability to ingest logging information from hundreds of top security products, including any other SIEM platforms
- Its ease of use, especially navigation and intuitive, built-in threat investigation methods and use cases
- Its integration of risk and behaviour-based analytics, coupled with advanced behaviour analytics capabilities.
“We conducted a robust review across a range of SIEM + XDR technology platform providers to determine the best technical, business, and commercial fit for NEC Australia,” states Gilliham.
Exabeam has provided extensive customised training for NECA staff, as well as a range of online training modules.
A customer turned partner
“Exabeam provides us with a deeper insight via behavioural analytics and greater visibility via a wide range of cloud connectors across our environments that we never had before. This allows us to find further risks that are present and work with the correct teams to remediate them which results in the increase of our security posture,” continues Gilliham.
NEC Australia has also extended its relationship with Exabeam to provide managed threat detection and response services to end users as part of the company’s GTM cybersecurity offering.
The partnership with Exabeam provides NEC with local Australian and global support, on hand 24 hours a day when called upon. The platform also has a comprehensive online support ecosystem, account support, and instructor-led certifications.
“All these factors were important to ensure ease of integration with our SOC and customer requirements,” states Gilliham.
Exabeam also complies with NEC’s internal security requirements, as well as being able to support multiple clients.
NEC Australia found the platform to be easy to navigate and operate, as well as being easily scalable.
Return on investment
Analysts have found significant time savings following the move to Exabeam, especially from the reduction of repetitive, mundane tasks such as manually constructing a timeline of events for a user or asset during an investigation. NEC Australia estimates that their security analysts are saving around 30% of the time they previously spent on repetitive manual tasks, freeing them up for higher-level analysis and insights.
Furthermore, moving to Exabeam’s new, cloud-based platform has allowed NEC Australia to realise a cost savings of 35%, including time savings and more efficient processes. The platform has also brought a new level of visibility into NEC’s environments and depth of threat detection that was not previously possible.
This allows the company to prioritise areas deemed to be of greatest risk, allowing employees to focus efforts where they are most needed.
Gilliham concludes, “Exabeam has given us the ability to see and do more across our environments. We have streamlined processes and our workflow which has dramatically increased not only productivity, but team morale. Our previous SIEM product was very much demotivating with its lack of abilities to successfully drive modern cybersecurity operations. The product itself makes it easy to deploy on-prem collectors and set up cloud connectors for cloud service logs such as Azure.”