For Vodafone Idea Ltd., Adding User Behavior Analytics Was Key to Its SOC Modernization

We recently had a chance to talk to Mathan Babu Kasilingham, Chief Technology Security Officer & Data Privacy Officer at Vodafone Idea Limited. Vi, as the company is known, is a result of a merger between Vodafone India and Idea Cellular. Now Vi is the third largest telecom services company in India, serving more than 250 million consumer and enterprise customers throughout the country. Consequently, there’s a lot at stake in terms of protecting customers’ private information as well as the systems that run the business.

Vodafone Idea Ltd. Launched a SOC Modernization Project

Mathan’s team has just gone through a major SOC modernization project. They needed to infuse the SOC with more modern technologies that are better able to detect advanced threats and prevent cyber-attacks. According to Mathan, the company had a traditional SIEM and wanted to replace it with next-generation technology, including machine learning, generative artificial intelligence, and security analytics.

He also acknowledged the need to add user behavior and identity into their analytics. As Mathan explained, “We wanted to be able to look at security incidents in a different manner than we had been doing. We wanted to be in a position to map events that were happening to the cyber kill chain, and to follow a framework like Mitre ATT&CK. We have to look at infiltration attempts, as well as exfiltration attempts. In both cases, when we map to the physical events that happen in a cyber incident, it is very important to analyze that there is always user involvement too. So, identity became a most important objective when we did the SOC modernization.”

Gurucul Won the Head-To-Head Competition Against Other SIEMs

His team undertook an evaluation of Gurucul Next-Gen SIEM, along with several competitors in the next-gen SIEM market. They conducted pilot projects and proof of concept implementations of the leading contenders. Very early in the Gurucul pilot, it became clear to Mathan that our platform primarily surfaces true positive instances. The benefit, he told us, is that “Gurucul minimizes the false positives and gives our analysts the ability to focus on the actual threats. That eliminates time wasted on things that aren’t important.”

Mathan says it is most helpful that the Gurucul platform supports machine learning models for many different use cases out of the box, but even more important is that his analysts can use Gurucul STUDIOTM to create custom ML models to support their own unique use cases. “It really enhances our predictive security analytics and gives us even more value from the platform,” he says. What’s more, the security analysts can train the models with their own situational data. “We find this drastically compresses the time needed for investigations,” says Mathan.

Then there is the whole aspect of incorporating user behavior and identity. Mathan says they were looking to bring out the involvement of users in their security analytics. Gurucul’s User and Entity Behavior Analytics (UEBA) gives Vi just what it needs to correlate cyber incidents with some specific user action, which deeply strengthens the investigations. “Gurucul provides that in a fairly turnkey manner for us,” says Mathan. Now, the SOC is promptly alerted when there is anomalous user activity that is deemed to be a risk. Gurucul collects and presents all the supporting and contextual information so that an investigation, or mitigation, can be initiated.

Gurucul’s strengths ultimately won Vi’s business. The company went from pilot stage to full implementation on operational systems in just 2 to 3 weeks. “We were able to put the platform into our live operations directly,” says Mathan.

“The out-of-the-box threat content they brought delivered real true positive situations on the first day we migrated and fully moved onto their platform. We could put to use some of their sample use cases immediately to start showing quicker value back to us.”

Integrations and Support Provide Extra Value

Of course, no cybersecurity platform exists in a vacuum, and that’s certainly the case at Vi. The company found it easy to integrate the Gurucul platform with other tools the SOC uses. “When we have an incident, it triggers a workflow. Gurucul’s ability to integrate with our service desk platform and to automate and orchestrate responses was a crucial objective for us. This was a clear factor in our choice of Gurucul,” says Mathan.

VI is taking advantage of all the support Gurucul provides, including a comprehensive training program to upskill the security analysts and to bring in their knowledge of the telecom domain to incorporate into Gurucul’s use cases to make them more appropriate for VI’s environment. Vi also is working with Gurucul Labs to take our engineering expertise to help evolve their overall security operations.

Today, VI has a thoroughly modernized SOC that incorporates the most advanced technologies to protect the company’s vast computing environment as well as the private information of 250 million+ customers pan India.

Watch the Customer Testimonial Video

Hear directly from Mathan Babu Kasilingham in this Gurucul customer testimonial video: