The Client – an Overview
I&M Group is a leading Corporate Group in East Africa and has a major presence across Banking, Insurance, and Real Estate. The Group offers a full range of personal, business, and alternate banking services through its presence in Kenya, Tanzania, Rwanda, Mauritius, and Uganda. I&M Bank was founded in 1974 as a financial services company and later became a commercial bank. It is now a wholly-owned subsidiary of I&M Group and is a publicly listed company on the Nairobi Securities Exchange.
This multinational bank is among the leading players in the financial services sector of East Africa, operating as I&M Bank Limited, I&M Bank Tanzania Limited, I&M Bank Rwanda PLC, and I&M Bank Uganda Limited, four independent units across East Africa.
Background and Key Challenges
As cybersecurity threats became more sophisticated and prevalent, I&M Bank’s units across Kenya, Tanzania, Rwanda, and Uganda faced the challenge of protecting their customers’ sensitive data and ensuring uninterrupted operations. The banks required a comprehensive and agile infrastructure to ensure their extensive customer base, sensitive data, critical transactions, and financial assets remain secure. This became all the more important with the increasing frequency and sophistication of cyber threats.
I&M Bank’s regional operations presented distinct cybersecurity challenges, with complex IT infrastructures and different regulations.
- Limited Visibility: There was a lack of centralized visibility across the on-prem and cloud environments at each of the Bank’s units, obstructing the security team’s ability to timely detect and respond to security incidents.
- DDoS Attacks: There was a surge in cyber threats, mainly DDoS attacks putting the availability of the Banks’ digital channels at risk.
- Alert Fatigue: The existing security infrastructure generated a high number of alerts that led to missing real threats, or delayed responses, from the lean security team.
- Ensure real-time security monitoring, aggregating, and analyzing of data from various sources.
- Enable proactive advanced threat hunting and mitigation.
- Effective detection and response to threats involving endpoints.
- Identify the root cause of security incidents, and conduct detailed forensic analysis.
- Establishing effective fraud detection and prevention capabilities.
- Triage security alerts and ensure a timely response.
- Facilitate compliance reporting to meet specific regulatory requirements.
The Solution: Inspira Enterprise Approach
To address the challenges, I & M Bank chose to partner with Inspira Enterprise, a global cybersecurity risk management service provider with deep experience in implementing large-scale cybersecurity deployment programs and expertise in delivering modern AI/ML-based SOC.
Inspira’s team of cybersecurity experts reviewed I&M Bank’s existing security architecture and network, across the four locations and derived the SOW, PQ, and TQ for the successful rollout of the projects. A highly reliable and robust SOC architecture was designed using the Splunk Platform to offer the client 24/7X365 security monitoring.
The Solution comprised of,
- Real-time Monitoring and Alerting: Splunk’s Infrastructure Monitoring was used on both on-prem and cloud to deliver real-time monitoring and troubleshooting to maximize infrastructure performance with complete visibility. Potential threats and fraudulent activities were detected on time. With Splunk’s SIEM capabilities, logs, network traffic, and security events were continuously monitored. Patterns and Anomalies across the distributed infrastructure were identified based on predefined rules.
- Centralized Visibility: The Splunk Platform provided a single-pane view of all security events, enabling the SOC analysts to analyze and respond proactively to security incidents. The solution enabled data aggregation and visibility into the complete environment.
- Elimination of False Alerts: The Inspira team developed advanced algorithms that filtered out false alerts. By correlating security incidents with historical data, the number of false positives was reduced and the analysts could focus on real threats.
- Incident Management: With the Splunk platform, SOC analysts were able to perform incident investigations identifying their root cause and also perform detailed forensic analysis. Analysts were able to locate the necessary information speedily, thereby reducing the security investigation’s turnaround time.
- Compliance Reporting: With the platform, security teams could generate comprehensive reports on security incidents, investigations, and remediation efforts to demonstrate adherence to regulatory standards. The process of generating reports was streamlined establishing adherence to industry standards.
Benefits of the Solution
The implementation of the highly reliable as well as robust SOC architecture by leveraging Splunk delivered significant advantages to the Client.
- 24x7x365 Monitoring: Equipped with continuous monitoring capabilities, the security analysts were able to perform round-the-clock monitoring, analyze and proactively respond to threats, thereby protecting customer data and assets.
- Enhanced Security Posture: With real-time visibility into its security landscape, all potential threats were identified and mitigated. Fraud detection and prevention of fraudulent activities were successfully achieved with improved fraud management. The Splunk platform also helped to create and implement security analytics across a wide array of data sources and security use cases, quickly and effectively.
- Improved Incident Response: False alerts were drastically reduced and the efficiency of the SOC improved with the generation of meaningful alerts. This enabled the security team to reduce the time invested in investigating security breaches. Response times were improved and there was a faster remediation of security incidents with automation.
- Future-ready infrastructure: Since the SOC architecture is scalable, adaptability to future growth and emerging cybersecurity challenges can be addressed.
Nelson Nasongo, Group Chief Information Security Officer I&M Bank Group, said, “We deeply appreciate the outstanding cybersecurity services provided to our bank across Kenya, Tanzania, Rwanda, and Uganda by the Inspira team leveraging Splunk Platform. The newly established centralized visibility and threat monitoring capabilities have been instrumental in protecting our financial systems and customer data from potential attacks. Our current ability to detect and respond to threats in real time has provided us with the peace of mind that our assets are safe. The Inspira team has been attentive to our specific needs and unique challenges in each country and has contributed to making our cybersecurity infrastructure robust and reliable.”