Sanlam translates cybersecurity complexity into high-end, yet simple security

Leading financial services institution with global reputation cements security foundations with investment into trusted solutions provider

Cybersecurity has become as much a business necessity as having electricity. Threat actors are constantly evolving and relentlessly hunting for vulnerabilities, cybercrime has become so profitable that exploitation is their business priority, and regulation is increasingly complex to navigate and manage. Organisations are under pressure to invest into new tools, new solutions and new approaches to mitigate the threat while trying to run businesses that are capable of handling a diverse, remote and digital workforce. For Sanlam, cybersecurity has always been more than plugging holes and filling gaps, it’s a priority that has to be embedded within business foundations while managing cost, growth, customer experience? data analytics and regulatory controls.

“Developing a comprehensive and holistic cybersecurity solution is a mandate for us, one that we must meet to ensure customer, stakeholder and industry trust. It has also rapidly become an expensive exercise as we’ve expanded our requirements, data points and security posture,” says Chris Vermeulen, Chief Cyber and Information Security Officer at Sanlam. “In our search for a security investment that could meet our rigorous corporate and compliance requirements, we found that many solutions were prohibitively expensive while not quite meeting our standards or needs.  We had even started looking at building our own open-source platforms to see if we could get the same value at a lower cost while increasingly our scale and security.”

While investigating the open-source route, Sanlam found that the Nview platform from Nclose was built on the same product set it was planning to build in-house. The platform came with trusted support and reliable service, and immediately reduced the company cost burden while also ticking more than one of the organisation’s security boxes. As Vermeulen points out, “They had already done the work, the pricing was in Rands, and the solution saved us a lot of effort as it met our stringent requirements from the outset.”

[The Solution Requirements]

Alongside the need to upgrade security capabilities and manage costs, Sanlam required a Security Operations Centre solution that could scale and cope with the company’s capacity requirements.

“We couldn’t trust our alerts,” says Vermeulen. “Because of capacity constraints we were dropping events the moment that our previous solution hit the events per second limit. The result was blind spots due to ineffective correlation of events in the source data. This was a big concern for us and it restricted us from maturing our system any further; as we could not add more data sources without drastically increasing cost.”

The team wanted the ability to analyse the data to gain a richer perspective of the attack types, the frequencies, the patterns. They wanted to grow the capabilities of the system to ensure the information was accurate and relevant, and to ensure that they could eliminate the risk of inaccurate information which was potentially leaving holes in the company’s ability to detect attacks.

“When we ran simulated attacks, we could see there were gaps,” says Vermeulen. “We didn’t have any losses or open ourselves up to risk, but we could see that there was potential for losses and risks and this had to be eliminated.”

The Nview platform was the primary component implemented by Nclose for Sanlam. As a robust, trusted and scalable security operations solution, it stepped in and replaced the older, less reliable, system and ticketing platform to ensure up to date and accurate incident management.

“Their thinking matched with ours 100%,” says Vermeulen. “We wanted a solution that was scalable, saved time, leveraged what we already had in place, and fit within our business culture. We did compare the Nclose solution with other off-the-shelf solutions but all of the other mature ones had an event-per-second or data throughput driver in the cost model, so the moment the volume scaled, so did the price. Many of them were also Dollar or Pound based so costs rapidly became prohibitive.”

[What Success Looks Like]

“The SOC team was extremely frustrated with the previous product and the lack of support,” says Vermeulen. “This has completely changed. Working with Nclose is like having access to a bigger team. Their technical and management-level people are helpful and knowledgeable, always helping us to leverage and optimise our investment as much as possible. Their solution has grown with us, and it makes all the difference.”

The Nview solution from Nclose provided Sanlam with a user-friendly solution that enhanced capabilities and allowed for the team to grow the number of data sources being monitored and alerted without incurring additional costs. The security operations platform has given Sanlam the ability to scale seamlessly and has been developed in collaboration with the company to ensure that it meets expectations and rigorous requirements.

“There’s an excellent culture fit in terms of how the teams work,” says Vermeulen. “They have learned from us, and we have learned from them. It’s more of a partnership than us feeling like a client and we’ve improved the skill levels in our team as a result. They also have a very pragmatic approach – the system isn’t flashy, it’s easy to use and effective and that’s what we wanted.”

The Sanlam team found it easy to get up to speed once the solution had been implemented – they were familiar with the tool and they appreciated the service that came with it. Issues are resolved faster, additional data sources have been included without incurring higher costs, responsiveness is exceptional, and support is immediate and relevant.

“Nclose has differentiated itself with its service and its solution,” concludes Vermeulen. “Their support is so different from the type of service we’ve received from large providers in the past and the entire installation was relatively painless. This has been a positive experience and relationship, and one that we plan to extend in the future.”

Need to Mitigate a Cyber Risk?