The vSOC every CISO needs

Senseon customer: Oodle Car Finance

The cyber security market has never been so crowded and it can seem like a thankless task to have to wade through the noise and marketing fluff to find a solution that you at least think is going to go some way to achieving your ambitions. In this blog, I will share my journey as a CISO in navigating the market, the challenges of deploying technology during the COVID-19 pandemic, and the transformation and security efficiencies that the Senseon team and technology have provided us.

The journey of Oodle Car Finance

In March 2016, Oodle Car Finance issued its first ever loan. Since then, we have been on a mission to revolutionise the way people buy cars, by putting our customers’ needs front and centre of the second largest retail industry in the UK. We are modernising the car-buying industry by building digital retail processes around what our customers actually need. Inspired by Amazon’s one-click purchase model and with an arsenal of powerful algorithms, we’ve built a customer-first, fully integrated digital retail experience.

Since then, we have seen incredible growth and knew we needed a robust cyber defence strategy and a platform that could scale with us and protect both the business and our customers.

Technology driven, it’s paramount to us that the workload from our security stack is manageable and doesn’t overwhelm our team with too many alerts. Like many fintech organisations, we have a blend of on-prem and cloud services and so the challenge comes when you try to maintain oversight and visibility over all these disparate services.

Defending against tomorrow’s attacks, today

Our impressive growth and expansion coupled with our ambitious plans will not have gone unnoticed, so we need to manage the risks of attention from malicious cyber actors and groups. Recent examples such as the attack on TravelEx have put Ransomware firmly on our radar and these days it’s less a case of ‘if we get targeted’ and more ‘when’ so we need to be prepared.

When it came to developing our detection and protection strategy around these core issues, we found ourselves considering a couple of possibilities, including going down the route of engaging a fully outsourced SOC; or building our own internal SOC around a central SIEM.

We decided that we actually wanted to land somewhere in the middle, opting instead to deploy an intelligent threat detection and investigation platform. We’d determined that this was the most cost and resource effective way of addressing our challenges that would not require a huge outlay in investing in third party services or having to hire a lot of additional analysts to deal with the increased workload.

There were a couple of overarching ambitions behind our decision to go for this option. Primarily, we wanted to be able to keep control of the tools and platforms we deploy within our own environment without being beholden to a third-party provider. When it comes to outsourcing your security operations, you may be able outsource the capability but never the responsibility. So it was important for us to consolidate our existing security infrastructure in an effort to rationalise the stack and identify areas where we could trim some fat.

Lost in the noise - a deluge of PoCs

Anyone who has considered purchasing new tools recently or is in the process of doing so will appreciate how difficult this task is. It can feel like a thankless task to wade through the noise and cut through the marketing fluff to find the solution that you at least think will go some way to delivering what you’re looking for. Cyber security is an incredibly crowded market space at the moment; there are literally thousands of vendors (and with them, lots of salespeople eager for a portion of your time), each scrambling for their piece of the information security pie.

Senseon is by far and away the most versatile solution we have experienced and the applications of the information the platform is able to output go far beyond just security operations. As the business scales and grows, it’s really important to me and the team that the information security function is able to grow with it. That means a robust and comprehensive strategy and toolset in place from the outset.

Clearly setting themselves apart from this noisy landscape, Senseon is the only solution with a vision far beyond what I have seen from the rest of the market and with the team to enable them to pull it off. Senseon gives us the threat intelligence we need to target our protection through life.

I’ll be honest, I was somewhat hesitant to accept a meeting with Senseon. Any fellow CISO reading this can relate: grabbing 10 minutes between calls, phone rings. Cold caller. Eugh.

We were actually already underway with a PoC of a network monitoring solution and prior to that we’d tried a SIEM. And by this point we were absolutely exhausted with the process and wanted to pull our hair out. Both solutions that we tried surfaced lots of data without ever presenting us with information that was actually useful. Without exception, we found that the alerts that these other tools produced required extensive additional investigation and analysis by one of our analysts in order to establish whether it was something we actually needed to be worried about. Thankfully there was nothing too serious for us to be concerned about buried in these alerts, but quite frankly we’d had enough of burning daylight wading through false positives. It quickly became apparent that this simply would not be an efficient operating model long term due to the sheer number of alerts and the time it was taking to investigate them all. We were crying out for a tool that would increase our operational efficiency.

It seemed to us that the other tools lacked the necessary surrounding contextual information to enable us to answer the question, ‘so what?’ Sure enough, they surfaced lots of data, but the burden fell to us as a team to make this intelligence actionable or join the dots between events. This process quickly became laborious and an ineffective use of time. This was a major consideration for me when deciding whether to give Senseon five minutes of my time, let alone consider doing yet another PoC; frankly I didn’t want to spend another two months getting to grips with a tool that produces a lot of noise and some mediocre findings, without ever actually providing me with any new value.

A refreshing approach to Sales

Senseon took the worry and hassle out of this for me. By opting for one of their ‘Quick Start Deployments’ we were able to get all the logistical pain points out of the way.

The Senseon team took a highly consultative approach, taking the time to understand us as a business and identify areas where they felt they could help. Their Use Case Workshops are a novel and refreshing way to engage with vendors. Senseon worked with us to identify our specific use cases and were open and transparent when it came to mapping the product’s capabilities to our requirements.

By setting themselves highly ambitious goals and success criteria based on our requirements, they really set the bar high for proving the value of their solution. Almost immediately they delivered. During our first onboarding session they demonstrated that not only had they asked the right questions but that they’d been paying attention, absolutely nailing the brief. I was able to use the information they surfaced as part of a wider campaign internally to shape and change network behaviour amongst users. This was something I really wouldn’t have been able to do with the other solutions we tried without a lot of manual configuration on my part.

Moving the goalposts: a game changing way to think about security

Senseon’s approach to doing business is matched only by the technology behind their platform. As opposed to the network monitoring solutions we had previously reviewed, Senseon combines both network monitoring and endpoint detection and response capabilities into a single platform.

This approach has increased the visibility we have over users, devices and our network exponentially and without the need to navigate between numerous solutions to pull out the information that Senseon can provide within a single view.

Not only does Senseon capture more data than any other cyber security tool I have ever used, what they then do with the data is truly innovative. Through ‘AI Triangulation’ Senseon is effectively able to look at potential threats from different perspectives in order to establish whether what it’s seeing is worthy of further (human) analysis because it is interesting or malicious or whether it can be ruled out as benign, a false positive or noise for the time being.

AI Triangulation automates the threat detection and investigation process that would normally have to be done manually by a first line SOC analyst. This process is brilliant: Senseon correlates thousands of connected events every second of every day on your behalf completely autonomously. In the event that a particular series of events aren’t deemed malicious at the time they are observed, Senseon never dismisses this information. Instead, it stores them within the platform and is able to intelligently link recent events weeks, or even months, later to things it has observed today. Because it is constantly monitoring in the background, you’re no longer dependent on a team of analysts trawling through endless logs to link together seemingly irrelevant bits of data.

Too good to be true? A 99.3% workload reduction

Deploying Senseon has had a massive impact on our team and security operations as a whole. We are getting fewer security alerts than we have ever had. Initially this took some adjusting to; we were so used to noisy tools churning out hundreds of alerts a week. However, the alerts that Senseon does produce are the exact opposite of those produced by other tools we evaluated - they are full of the context we were so desperate for, removing the need for us to find it ourselves through lots of manual correlation. Already we are experiencing a workload reduction of 99.3% as compared to the time we were spending investigating alerts that turned out to be false positives. These stats are automatically produced by the platform and are invaluable when it comes to demonstrating the return on our investment. We’ve seen a real shift in the way we operate. Senseon has enabled us to streamline our operations and focus on taking a proactive approach to our security operations.

From the very outset, the Senseon team has been a pleasure to work with. Since our first session together, they have really made an effort to understand the challenges we were trying to solve and at all times have made me feel like they are here to enable us to succeed. We felt they had invested in us. As a general rule, I find cyber security sales (and salespeople) today often too pushy and focused on a shiny new feature and if you’re lucky the capabilities of their products, rather than the benefit it will actually bring to me. The Senseon team clearly does not subscribe to this model of sales at all. They were only too happy to work with us in mapping how Senseon would fit into our threat detection and protection plan, without trying to push for a sale.

This made Senseon a much easier sell to the board internally . The calibre of their team attending these use case sessions was second to none. Everyone, the sales reps, engineers and analysts are a credit to Senseon and their CEO, David. They may be a young company, but they are an exceptionally impressive bunch and definitely one to keep your eye on in the future.

Working with Senseon through COVID-19

Not long after we officially signed on the line, the proverbial hit the fan and we, along with the rest of the world, found ourselves having to think creatively about ways we could continue to provide a world-class service to our own customers (from the comfort of our own homes).

Our resolve that we made the right decision in choosing to go with Senseon has only been strengthened in light of the current challenging circumstances. We initially decided to deploy the Endpoint 360 feature (that protects remote and travelling workers, even when off the VPN) to a select number of remote sales team devices as well as our VIPs.

Once it became apparent that we’d need to roll this out to our entire workforce to accommodate the new remote working model, Dave and the team were incredibly supportive in enabling us to rapidly scale up this deployment. “Thank you Dave.” At such a genuinely devastating time for so many reasons, it means so much to be working with a company that genuinely wanted to do all they could to help their customers get through this.

This was a real weight off mine and Phil’s shoulders and made life a little bit easier at a really hard time. Senseon is the true embodiment of my opinion that cyber leaders with a passion for security should be doing their bit to help companies survive the crisis to fight through and become future trusted customers. Working in partnership is a core value at Oodle and we have been delighted to find that this seems to be true of the Senseon ethos, too.

The future

As a security professional looking to the future at a time of such economic uncertainty, I think the industry analysts have got it pretty spot on when they say that cyber security budgets will remain resilient. Over the past couple of years, the community has done an excellent job of raising this up to be a board level concern and managing to loosen the purse strings. However, I think a caveat to this point is that future expenditures are going to be scrutinised to a degree that they never have before and teams are going to have to really dot the Is and cross the Ts in order to justify the purchases they want to make. Senseon produces the rare breed of new value for their customers that will absolutely stand up to this test of scrutiny.

I’m excited at what the future holds for Senseon and our collaboration with the team. If you find yourself looking for a company that is taking a genuinely new approach to solving the fundamental problems facing the information security community and a refreshingly non-pushy and consultative approach to doing business, I wholeheartedly recommend that you consider having a conversation with Dave and his team.

About the author

Karl McCarthy, CISO, Oodle Car Finance

Having held a range of Information Security roles, Karl is a highly experienced executive capable of delivering truly transformative and strategic changes for business-led IT.