In cyber security, it’s the unknown unknowns that are most likely to trip up an enterprise.
Life insurance business TAL needed a modern security solution aligned to its business and technology strategies. Microsoft Sentinel promised enhanced visibility, a rapid deployment thanks to native connectivity, as well as inbuilt analytics to help detect threats rapidly, providing opportunity for proactive defence and rapid response.
Around 4.5 million Australians trust TAL to do the best by them and their families – the company paid around $2.7 billion in claims last year. They also trust that the data they provide to TAL will be properly protected and preserved.
With a cloud-first approach to digital modernisation, TAL has now deployed a broad array of Microsoft Azure based solutions across the business.
To protect those systems and the all-important customer data, it has also rolled out security solutions Microsoft Sentinel, Microsoft Defender and Intune.
Dr Venkat Balakrishnan is TAL’s Chief Information Security Officer and wants to make cyber security a differentiator for the business, and is taking an engineering approach to the challenge by working with partners and technology leaders to rapidly deploy proven security solutions and approaches.
At TAL that meant Balakrishnan and his team working with Microsoft to deploy Microsoft Sentinel, becoming one of the first Australian enterprises to do so.
The partnership also helps TAL grow its own expertise in cyber security that it can then share with its financial services partners – for example the superannuation providers, who use TAL life insurance products as part of their package to their clients.
Balakrishnan envisages sharing insights with those organisations sharing security artefacts, running workshops and supporting TAL’s network of partners with their own cyber security endeavours.
Instant threat insight
At the heart of TAL’s cyber security modernisation is Microsoft Sentinel, Microsoft’s industry-first cloud-based security information and event management (SIEM) platform that provides instant insights about threats.
The native integration with all the other Microsoft platforms in use at TAL made it a natural contender according to Balakrishnan. Having worked as a security consultant prior to joining TAL, he was well aware of the value of having an automated security platform, which would surface cyber threats without manual intervention and automatically generate analytics.
Microsoft Sentinel, he says, provided a comprehensive range of services, meaning that it would not be necessary to stitch together and manage multiple different systems – Sentinel provides a one-stop-shop.
It also delivered security insight much faster – and was far more comprehensive. Balakrishnan says TAL now has 50-60 times more insights than were previously available.
Also; “We used to find one high-alert once in a while, but now we are looking at one every day. That’s how the landscape has shifted. And the beauty is it used to be highly manual before, but not with Sentinel,” he says much more security monitoring and remediation can be automated. Sentinel has supported his team to roll-out several security guardrails as a proactive measure, and to be on the front foot.
Having visibility of all the threats that TAL faced delivered much more peace of mind to the business, and is also useful as a demonstration to regulators that the firm is doing everything in its power to protect customer data.
Balakrishnan notes that without the rapid alerts from Sentinel, threats could have been overlooked, and, left unchecked, may have turned into significant security incidents. With a relatively lean team of cyber security professionals, he says;
End points secured
To augment its security further TAL has deployed Intune to simplify and improve end point device management. That has streamlined security by replacing a series of point solutions with the integrated Intune capability. “Now the device management is completely done by Intune,” says Balakrishnan.
Those devices are further protected using Microsoft Defender which integrates with Microsoft Sentinel to close the loop on protection and oversight.
While Balakrishnan acknowledges the capability of Microsoft’s security suite, he notes that keeping pace with Microsoft’s pace of security innovation can be a challenge for corporates which are used to a statelier pace of change.
He is however pleased at the progress that TAL has made to lift its overall security posture.
“Industry need to accelerate the adoption of identity-centric security, and then overlay various contexts, such as, user behaviours, location and other metadata to perform adaptive access management and to position against sophisticated attack, because we know that happens.”
Balakrishnan acknowledges that as CISO for a major corporation he inevitably is “intensely paranoid” about protecting systems and data. However, by deploying state of the art integrated security solutions, TAL’s overall security posture continues to improve by leaps and bounds.