When CISO John Sapp joined the global medical device company, Orthofix International, he knew managing the company’s information security would require the help of an external partner. Personnel resources were in short supply, and building an internal security team would come at a premium cost.
The IT department lacked the budget and the justification for building the type of sophisticated in-house security operations center needed for the job. “Headcount was not going to be something that I could gain very easily from the organization,” explained Sapp. So the question quickly became: which company would be best suited to take on security for an international company managing tens of thousands of patient records and millions of files for patented orthopedic and spine technologies.
Orthofix has 900 employees and offices across the U.S., South America, and Europe. Thus, protecting its network and endpoints is no small undertaking. Sapp needed to build an IT security team from the ground up to help him gain network visibility, evaluate traffic flow, and identify suspicious behavior.
Recognizing his new team would be overwhelmed by the massive amount of security alerts Orthofix’s global network generates daily, Sapp needed a trusted partner to serve as a 24/7 watchguard, prioritizing threats, and escalating only critical alerts to him and his internal team. Most importantly, he wanted a rapid-response system that would empower his small IT department to quickly identify hackers and stop them in their tracks.
“Masergy’s managed detection and response solution gives me the ability to secure my on-premise and cloud environments. And that’s the key to enabling an overall protection strategy. They detect suspicious or malicious activity, giving me insight into any potential infiltration into my environment and actionable steps to respond appropriately.”
Solution: Adding Security Experts
As Sapp evaluated service providers in the marketplace, he found Masergy’s Unified Enterprise Security (UES) platform took an integrated “ecosystem” approach to enterprise cybersecurity. One particular attraction was the turnkey platform with a modular suite of proprietary and third-party detection and response tools including network visibility and traffic analysis.
Also appealing were the patented behavior analysis capabilities which identify, analyze, and correlate network traffic, alerts, and packet behavior, reducing both the number of false positive alerts as well as false alarms. Because Masergy’s UES also included embedded advanced security analytics and 24/7 continuous monitoring, Sapp knew it was the right choice for Orthofix.
Results: 75% Reduced Noise and Sleep at Night
Today, Orthofix reduces their cybersecurity alert noise by 75% thanks to 24/7 monitoring from Masergy’s global security operations center (SOC). Staffed by professionals with over 500 cumulative years of infosecurity experience and over 1,000 different industry certifications, the Masergy SOC saves Orthofix an estimated 700% when you include personnel costs, SIEM solution savings, and other security technologies.
Believing that security protection comes from a strategy that covers prevention alongside fast detection and swift response, Sapp feels Orthofix now takes a more comprehensive approach to security. And with General Data Protection Regulation (GDPR) as well as federal regulations like HIPAA top of mind, executives see managed detection and response as essential to the success of the business.
Masergy’s holistic approach provides Sapp with what he describes as a “much broader and deeper level of visibility into security health.” The global threat intelligence engine and correlated insights with more threat context have proved valuable in helping Sapp understand where to tighten security.
“We were able to identify ransomware, brute force attacks, and phishing attempts that we otherwise would not have known about. Now we’ve been able to detect and respond in a timely fashion,” he explained.
Masergy delivers peace of mind at a much lower cost than building the same security internally. That’s why Orthofix leverages Masergy’s team of experts. Backed by a combination of patented behavior analytics technology alongside expert security analysts using customized escalation procedures, Masergy delivers security efficiency that reduces the Orthofix workload.
When other executives ask him what keeps him up at night, Sapp says he sleeps soundly knowing Masergy is working through the night to protect the company’s network and information.
“In the past 18 months, I have only had one call in the middle of the night. So, I’ll take that,” Sapp said with a smile, explaining that this “measuring stick” is an indicator that Orthofix’s security operations have now achieved an acceptable balance or comfort level in its corporate risk management strategy.
- Reduced security alert noise by 75%
- Enhanced visibility with broader and deeper insights via correlated monitoring
- Saved 700% on SOC operations when compared to building an internal team and purchasing comprehensive technologies