Faster incident response and reduced alert fatigue at NKGSB Bank

NKGSB Co-operative Bank Ltd. (NKGSB Bank) was set up in 1917. The bank currently has operations in the states of Maharashtra, Karnataka, Goa, Gujarat, Madhya Pradesh, and union territories of Daman, Diu, Dadra, and Nagar Haveli. Amit Jaokar, CISO at NKGSB Bank, shares that they had legacy security tools and wanted to update them to secure the bank’s evolution in the banking and financial services industry (BFSI). “Our legacy solution worked on a signature based approach, and did not protect the bank against zero-day and unknown threats,” he states.

Since NKGSB Bank was using traditional antivirus software that typically operates at the endpoint level, they lacked holistic visibility across their entire network. “We relied on signature-based detection or simple behavioral heuristics to identify known malware. Needless to say, this approach was insufficient to catch sophisticated or zero-day attacks that use advanced techniques to evade detection,” says Amit. He shares that the limitations of this approach made it difficult to detect and respond to advanced threats that were spread across multiple systems or that were happening at the network level.

On account of legacy antivirus software, the bank often lacked contextual awareness on the broader security context, and was therefore unable to identify complex attack patterns. Along with this, the security team at NKGSB Bank experienced alert fatigue and false positives. They had to manually investigate and respond to each incident, which was time-consuming and resource-intensive. As a result, this led to delayed responses, increasing the risk of exposure for the bank.

NKGSB Bank was after an endpoint detection and response (EDR) capability, but they needed a tool that would enable them to integrate data from multiple security tools, such as endpoints, network devices, and the cloud. Amit shares, “We struggled to provide seamless incident response, as coordinating and orchestrating responses across multiple systems and devices were becoming too complex. Compounding this challenge, we lacked proactive threat hunting capabilities, making it difficult to identify and mitigate emerging threats in real time.”

The bank wanted to scale their security capabilities to accommodate organizational growth. Amit and his team sought a solution that could integrate multiple security data sources, provide a unified view, and manage security across a larger infrastructure. They wanted the solution to integrate with a wide range of security tools, including firewalls, security information and event management (SIEM), and threat intelligence platforms.

NKGSB Bank was on the lookout for a solution that would uplift their security team to proactively respond to threats.

They wanted a solution that could offer:

• EDR
• Behavioral analytics
• Threat intelligence management, automated threat hunting, and seamless incident investigation and response
• Integration with SOAR
• Cross-platform coverage

It was essential for the bank to gain complete visibility across their entire IT ecosystem, including endpoints, networks, cloud environments, and applications. Amit and his team conducted an exhaustive competitive analysis and selected Palo Alto Networks NGFWs, Panorama, and Cortex XDR. He goes on to say, “We wanted an integrated approach to cybersecurity and selected Palo Alto Networks as they are leaders in Gartner’s Magic Quadrant for the eighth consecutive year. The combination of Palo Alto Networks NGFWs’ advanced network protection, Panorama’s centralized management, and Cortex XDR’s extended threat detection and response capabilities provides a comprehensive security framework for the bank. This integrated approach can enhance our ability to detect and respond to threats, streamline security operations, and improve overall resilience against cyberattacks.”

NKGSB Bank wanted automated intelligence sharing between endpoints and firewalls. With WildFire, Amit says, the bank can automatically create a network signature for any threat identified by the Cortex XDR endpoint agent and the entire network gains coverage instantaneously. Cortex XDR automatically integrates NGFW alerts to endpoint process information. Amit adds, “Having a single, unified incident investigation flow provides better visibility across endpoints and network threats. With this consolidation, the challenges and dependencies that we had on different vendors are now a thing of the past. Complete visibility helps us identify security gaps and improve our defense posture.” The bank now has a holistic view that allows for better detection and response to threats, spanning multiple platforms. With Cortex XDR, NKGSB Bank has a comprehensive and integrated approach to threat detection and response, resulting in improved security posture.

Palo Alto Networks NGFWs provide extensive logging and reporting capabilities, and NKGSB Bank has gained detailed visibility into network traffic, user activity, security events, and system health. This facilitates incident response, compliance audits, and security monitoring. With Cortex XDR, NKGSB Bank has enhanced visibility across their entire IT ecosystem. This holistic view allows for better detection and response to threats that may span multiple threat vectors.

Centralized management and better integration

Palo Alto Networks Panorama offers centralized management consoles that provide a unified interface for configuring, monitoring, and managing multiple firewalls across the organization. This simplifies administration, policy deployment, and rule management. Palo Alto Networks NGFWs integrate well with other security solutions, such as intrusion detection systems (IDS) and SIEM platforms. Palo Alto Networks NGFWs and Cortex XDR solutions integrate well together.

Faster incident response and contextualized insights

With its integrated and automated approach, Cortex XDR provides security teams with actionable insights and response capabilities, enabling them to respond quickly and effectively to security incidents. Automated response actions can also help contain and mitigate threats in real time. Security alerts are also enriched with contextual information, enabling security analysts to understand the scope and impact of an incident more accurately, and within a broader context.

Reduced alert fatigue

Palo Alto Networks Cortex XDR reduces the overwhelming number of security alerts that security teams face daily. By consolidating and prioritizing alerts based on their relevance and severity, it enables security analysts to focus on high-priority threats, reducing alert fatigue and allowing for more efficient resource allocation. This will result in cost savings in the long run.

Being in the banking sector, It was essential for NKGSB Bank to upgrade their legacy security infrastructure to proactively detect and respond to security threats, while also ensuring that they adhered to regulatory requirements. “Palo Alto Networks empowered us to strengthen our security posture and maintain regulatory compliance. The solution provided us with a unified view of security data, enabling compliance monitoring and enforcement,” states Amit.

Since Cortex XDR is designed to scale and adapt to evolving security needs, NKGSB Bank is confident that as the organization grows and adopts new technologies, they can accommodate additional data sources and security tools into the existing framework, ensuring that the security infrastructure remains effective and up to date.