The Client: A Fortune 100 multinational automaker

Overview

The client had a central team to track cybersecurity cases across the global organization. Most of the time, they had to painstakingly sort through multiple emails and spreadsheets, and manually gather case data from various sources. MetricStream Case Management App offered them a better approach by automating case management workflows, while also integrating global case data from various sources, and consolidating all of it in a common database. This has helped the client get a better, quicker, and more real-time view of cases across the global organization.

Download a Case Study

Solution

Among all the cybersecurity case management solution providers evaluated by the client, MetricStream was chosen based on the advanced capabilities and configurability of their offering.

MetricStream Case Management App has provided a single point of reference for approximately 70 employees in the client organization to manage and track all cybersecurity cases across the global enterprise. The App streamlines and automates the case management lifecycle - right from case detection, to analysis, notification, containment, action plan management, and resolution.

All cybersecurity team members, including case owners, case approvers, case action owners, and case admins are mapped to their specific roles and processes in the App, thereby enhancing accountability and transparency.

The App also integrates with SIEM tools such as IBM QRadar and BMC Remedy Software, capturing critical information, including potential breaches and SIEM artifacts (affected system logs, incident reports, vulnerability information of affected assets, threat advisories/ zero day alerts). The app then consolidates this data along with other cybersecurity case information in a centralized database. This has made it easier for the client to track and resolve cases. In addition, a range of advanced reports provide complete, real-time visibility into the status of each case.

Why MetricStream

The client chose MetricStream for the following reasons:

Market leadership: MetricStream GRC solutions are widely used across the retail and consumer goods industry

Scalability: Thousands of employees and third parties from across the global enterprise can access the MetricStream solution over a web-based interface.

Automation: The solution replaces cumbersome manual tasks with swift, automated workflows.

Extensibility: In the future, the client can extend the solution to other GRC areas such as third-party compliance management, third-party audits, and social compliance

Below is a glimpse into the MetricStream Case Management App’s capabilities at the client organization:

Why MetricStream

Whenever a new cybersecurity case ticket is raised, the MetricStream App allows the case to be logged in the system, and assigns a unique case number that can be used to track the incident as it goes through various stages.

The App captures detailed information about the case, including the case description, title, severity rating, and impact. It also helps categorize the case into various types based on pre-defined criteria, the case severity level, and the responsible business unit. Users can define multiple levels in a case – parent/child – as the case evolves and as the components escalate.

Users can also add a business context to the incident/case (e.g. BU, regulatory impact).The App also helps in qualitative and quantitative impact analysis, and supports correlation of the case with past data to enable quick analysis, and to support decision-making on the need for remedial action.

Case management

The MetricStream App routes each incident/case for review and analysis to authorized users based on pre-configured rules for review, approval, and disposition. The application’s decision-tree functionality helps identify reportable events, as well as the type of report that needs to be filed. Case data is captured from external sources via the App’s interfaces to third-party products.

Through the App, Case Owners can add more details about the case, edit its description, and attach further evidence/ files. The App also helps finalize the severity level of the case -- Critical, High, Medium, or Low, supported by a color coded chart (e.g. Red = Critical, Yellow = Medium, Blue = Low).

These severity levels indicate how soon the case needs to be resolved. For instance, a critical case would need to be resolved in 10 days, while a low severity case can take up to 30 days.

The App then captures the action plan for investigating or resolving the case. For instance, if a virus has infected a system, the action plan might be to test the system controls, and determine what went wrong, what was impacted, and whether or not additional controls are required. All these steps are outlined in the MetricStream App, and assigned to a Case Action Owner along with predefined timelines.

Solution

Among all the cybersecurity case management solution providers evaluated by the client, MetricStream was chosen based on the advanced capabilities and configurability of their offering.

MetricStream Case Management App has provided a single point of reference for approximately 70 employees in the client organization to manage and track all cybersecurity cases across the global enterprise. The App streamlines and automates the case management lifecycle - right from case detection, to analysis, notification, containment, action plan management, and resolution.

All cybersecurity team members, including case owners, case approvers, case action owners, and case admins are mapped to their specific roles and processes in the App, thereby enhancing accountability and transparency.

The App also integrates with SIEM tools such as IBM QRadar and BMC Remedy Software, capturing critical information, including potential breaches and SIEM artifacts (affected system logs, incident reports, vulnerability information of affected assets, threat advisories/ zero day alerts). The app then consolidates this data along with other cybersecurity case information in a centralized database.  This has made it easier for the client to track and resolve cases. In addition, a range of advanced reports provide complete, real-time visibility into the status of each case.

Below is a glimpse into the MetricStream Case Management App’s capabilities at the client organization:

Case initiation
Whenever a new cybersecurity case ticket is raised, the MetricStream App allows the case to be logged in the system, and assigns a unique case number that can be used to track the incident as it goes through various stages.

The App captures detailed information about the case, including the case description, title, severity rating, and impact. It also helps categorize the case into various types based on pre-defined criteria, the case severity level, and the responsible business unit. Users can define multiple levels in a case – parent/child – as the case evolves and as the components escalate.

Users can also add a business context to the incident/case (e.g. BU, regulatory impact).The App also helps in qualitative and quantitative impact analysis, and supports correlation of the case with past data to enable quick analysis, and to support decision-making on the need for remedial action.

Case management
The MetricStream App routes each incident/case for review and analysis to authorized users based on pre-configured rules for review, approval, and disposition. The application’s decision-tree functionality helps identify reportable events, as well as the type of report that needs to be filed. Case data is captured from external sources via the App’s interfaces to third-party products.

Through the App, Case Owners can add more details about the case, edit its description, and attach further evidence/ files. The App also helps finalize the severity level of the case -- Critical, High, Medium, or Low, supported by a color coded chart (e.g. Red = Critical, Yellow = Medium, Blue = Low).

These severity levels indicate how soon the case needs to be resolved. For instance, a critical case would need to be resolved in 10 days, while a low severity case can take up to 30 days.

The App then captures the action plan for investigating or resolving the case. For instance, if a virus has infected a system, the action plan might be to test the system controls, and determine what went wrong, what was impacted, and whether or not additional controls are required. All these steps are outlined in the MetricStream App, and assigned to a Case Action Owner along with predefined timelines.

Once the action items have been performed, the Case Action Owner enters the results in the MetricStream App, and routes it to a Case Approver for final review, approval, and closure.

Case monitoring and reporting
At each stage of the case management process, the MetricStream Case Management App helps track the progress/ status of the case against pre-defined timelines (e.g. 5 days for case analysis, 2 days for case validation, 14 days for case reaction).

The App also automatically populates case reports with data. Therefore, at the click of a button Case Admins get access to key reports such as a list of all cases or incidents across the organization, as well as an action list report and an audit trail report.

Powerful dashboards provide in-depth visibility into case data and statistics such as case ratings, severe cases, outstanding open cases, types of cases, and sources of cases. Users can slice and dice this data from various perspectives to identify trends and areas of concern, and to make informed decisions.

Integration with security information and event management systems
The MetricStream App has “Infolets” or connectors that link to SIEM tools such as IBM QRadar and BMC Remedy Software to capture and import security incidents. These incidents are then routed through the usual workflow of investigation and action plan management in the MetricStream App.

Challenges

The client’s cybersecurity team, headquartered in North America, holds the important role of investigating and resolving all cybersecurity cases across the organization’s global operations. The team helps ensure that incidents such as malware attacks are proactively mitigated before they spiral into larger issues with far-reaching consequences.

Previously, the approach to cybersecurity case management was largely manual and siloed. Multiple emails would go back and forth between various stakeholders, detailing each case and seeking approvals. Reports would be painstakingly created by hand.

Making matters more challenging, case data would often be scattered across several complex and unwieldy spreadsheets. Plus, additional data had to be aggregated from various Security Information and Event Management (SIEM) applications such as IBM QRadar.

Keeping track of all this data at a global level became increasingly challenging for the cybersecurity team. At any given point, it was difficult for them to get a complete, real-time view of cases across the enterprise. The team spent considerable time and effort manually gathering case data from various sources, and putting it together.

It quickly became evident that this approach was neither cost-efficient nor scalable. The client needed a new system that would automate cybersecurity case management, while also integrating case data from across global operations and applications into a central database for complete visibility.

Why MetricStream?

The client chose MetricStream for the following reasons:

Market leadership: MetricStream GRC solutions are widely used across the retail and consumer goods industry

Scalability: Thousands of employees and third parties from across the global enterprise can access the MetricStream solution over a web-based interface.

Automation: The solution replaces cumbersome manual tasks with swift, automated workflows.

Extensibility: In the future, the client can extend the solution to other GRC areas such as third-party compliance management, third-party audits, and social compliance

Benefits

  • Simplified cybersecurity case management
    Instead of sifting through multiple cumbersome emails, spreadsheets, and applications, the client now has a single App to manage and track all cybersecurity cases across the global organization. The App cuts across business and geographic siloes, integrating all case data into a common database.
  • Better visibility into cybersecurity incidents
    At the click of a button, the client gets a comprehensive, real-time view of all cybersecurity cases. Each case can be efficiently analyzed from various perspectives. Plus, powerful dashboards and reports help in drawing out insights from the case to strengthen cybersecurity measures across the organization. For each case, the App maintains a detailed incident history, and also tracks the resolution status and key metrics such as loss information.
  • Minimal manual effort
    The MetricStream App has replaced time-consuming manual processes with automated workflows. This has helped the client accelerate cybersecurity case management, right from case identification to resolution. It has also freed up more time for the client to focus on more critical tasks such as case analysis and cyber threat mitigation.

Notes

The client’s cybersecurity team, headquartered in North America, holds the important role of investigating and resolving all cybersecurity cases across the organization’s global operations. The team helps ensure that incidents such as malware attacks are proactively mitigated before they spiral into larger issues with far-reaching consequences.

Request a demo Download RFP Template Pricing Contact