Enhancing Security Operations for a UK Telecom Leader

Overview

The client, one of the largest mobile network operators in the UK, delivers essential telecom and internet services to millions nationwide. They faced significant challenges related to multiple security concerns within their complex IT ecosystem, comprising 30,000 devices, 200+ use cases, and 35,000 events per second (EPS).More

The client, one of the largest mobile network operators in the UK, delivers essential telecom and internet services to millions nationwide. They faced significant challenges related to multiple security concerns within their complex IT ecosystem, comprising 30,000 devices, 200+ use cases, and 35,000 events per second (EPS). Tech Mahindra partnered with the client to implement an advanced, integrated security solution, strengthening protection, enhancing visibility, and building a resilient framework.

Less
black-bg-blue-violet-glass-rounded-squares-thumb

Client Background and Challenges

  • Perimeter Protection and Visibility Gaps: Risk of missing suspicious events and limited visibility of emerging threats due to the absence of an integrated ecosystem.
  • Process and Resource Constraints: Lack of structured processes, outdated solutions, and insufficient in-house skilled resources to analyze and manage security events.
  • Slow Threat Detection and Response: Average detection and response times stretched from days to weeks, resulting in high MTTA and MTTR.
  • Limited Automation and Scalability: A heavy reliance on manual approaches and non-scalable legacy systems cannot cope with increasing log volumes and evolving threats.

Our Approach and Solution

Tech Mahindra partnered with the client to strengthen their security ecosystem through a fully integrated and scalable Security Operations Centre (SOC). Key actions included:

Building an SOC

Planned, designed, and built a dedicated SOC with state-of-the-art security products to ensure robust network, perimeter, and endpoint protection.

Establishing Continuous Monitoring

Implemented 24x7x365 “eye-on-the-glass” monitoring to detect and mitigate threats in real time, minimizing business disruption.

Integrating Log Sources

Onboarded workstations, servers, network devices, and applications in the SOC to expand visibility and improve security event detection across the enterprise.

Optimizing Platform Operations

Handled platform administration, fine-tuning, and development of custom use cases and rules to strengthen threat detection and response.

Business and Community Impact

  • Automated Threat Detection: Implemented 250+ SOC rules to identify and mitigate security threats across platforms.
  • Unified Visibility: Provided a single-pane-of-glass view by integrating all security tools and logs into the SIEM.
  • Global Best Practices: Ensured alignment with the MITRE ATT&CK framework for standardized threat management.
  • Proactive Defense: Strengthened threat intelligence and advisories to stay ahead of emerging threats.
  • Faster Response Times: Improved MTTA by 45% and MTTR by 25%, reducing business risk significantly.
  • Improved Accuracy: Achieved a 30% reduction in false positives and enabled 20% auto-closure of incidents.
  • Skilled Workforce: Maintained 100% trained and certified resources within the SOC platform.
  • Enhanced Coverage: Onboarded 30% additional assets to expand monitoring and protection.
  • Assured Availability: Attained 100% SLA compliance for platform uptime and performance.