Switzerland’s Leading Private Banking Group Increases SOC Response Efficiency by 431% with xorlab ActiveGuard

By Diana
4 min read
The Challenge
Keep company communication channels free of ransomware/malware, phishing, and social engineering attacks. Increase security awareness and employee engagement without increasing operational costs.
The Solution
xorlab ActiveGuard (Active Threat Defense & Active Incident Response)
The Results
• +431% efficiency increase in SOC analysis and response to user-reported email incidents
• -51% reduction of related SOC operational costs
• +247% increase of employee engagement
• x2.5 better visibility into potential threats

About Switzerland’s Leading Private Banking Group

The leading Swiss private banking group has its headquarters in Zürich, Switzerland, and 60 offices in over 25 countries. The company has been helping private clients achieve their financial aspirations for over 130 years, providing tailored investment advice on wealth accumulation, wealth preservation, and wealth transfer to next generations.

As the international reference in wealth management, the bank manages assets that amounted to CHF 486 billion at the end of June 2021. And with this competitive market position come complex security challenges.

Coping with Adversarial Communication

The private bank has always made it a priority to protect customer communication as well as collaboration among its employees. In this sprawling undertaking, having a highly effective and reliable email security solution is crucial.

Email is important for all organizations, but especially for banks, where everything is happening via email.

– CISO

With an email volume of approximately 180’000 messages per day and a growing number of adversarial emails making it past the bank’s legacy Email Gateway, the company needed to act.

To cope with the incoming waves of phishing, fraud, and malware ridden emails, the bank sought solutions that could:

  1. Improve the detection capabilities and accuracy of inbound message filters.
  2. Equip employees with the tools to act as an early warning system when dealing with suspicious-looking messages.
  3. Streamline security workflows and processes by automating as much as possible.

The bank turned to xorlab to address its email security challenges and found its solution in Active Threat Defense & Active Incident Response.

Better Threat Visibility & Detection for Secure Communication

Active Threat Defense (ATD) analyzes the entire context in which a single exchange of messages is happening. It uses machine intelligence to understand the context of communications and leverages this knowledge to detect anomalies based on the risk profile of every email it processes. By understanding every individual sender-recipient relationship in the organization, ATD is able to spot and stop targeted attacks.

Using xorlab Active Threat Defense as a second control behind its legacy gateway, the bank effectively prevented 60 cases of potential malware, 23’650 cases of potential phishing, 196 cases of potential fraud cases, and 68’364 spam messages in the last 7 months. Without xorlab’s inbound email protection solution, these threats would have been delivered to employees—a significant security risk.

Improved visibility and contextual knowledge did more than help capture threats that would have previously come through. They also reduced friction, allowing the security team to focus on actual threats instead of chasing false positives. Email false positives—safe emails incorrectly identified as malicious by security solutions—typically lead to Help Desk inquiries and reduce users’ productivity. ActiveGuard did not produce any business critical false positives and provided highly accurate threat blocking.

Illustration 1. ActiveGuard makes the entire incident response process faster and more efficient by allowing employees to report suspicious emails. It manages user submissions and can auto-resolve and provide instant feedback to approximately 80% of cases. It also alerts SecOps teams about the unresolved cases and enables them to investigate and respond to threats rapidly, with deep contextual data for each incident. SecOps teams can then send feedback to employees and update their security filters accordingly.

Turning Employees into a Powerful Frontline Defense

Furthermore, with xorlab, the bank has significantly improved the incident detection and response workflow by empowering its employees to quickly report suspicious emails. The integration of a simple reporting tool directly into Outlook and automatic contextual feedback, together with regular phishing tests and security awareness campaigns, increased the number of reports from 17’000 (2019) to an estimated 42’000 (2021), with a 96% YoY increase from 2020.

By providing an easy and fast way to report incidents and get instant feedback, ActiveGuard has made it possible for employees to stay engaged and become a powerful frontline defense against attacks. Employees are now helping the security team discover potential attacks and threats related to third-party risks. The banking group has seen an almost 4-fold increase in the number of cases that required specialist analysis (+375%), and 247% more threats could be identified.

The same newfound, in-depth visibility also made it easier for the team to analyze, triage and respond to employeereported emails more efficiently. Security analysts have all the data at their fingertips to decide on a case quickly. Any issue that arises can be instantly inspected and acted on. This increases their productivity and reduces SecOps costs significantly. The bank’s cost per decided case went down from more than €29 to below €7, which amounts to a 431% increase in analyst efficiency.

In addition, with Active Incident Response (AIR), the SOC team can now fully enjoy the benefits of automated workflows—which will help to further reduce costs. A high volume of user-reported email threats usually means a lot of manual and repetitive work, possibly missing threats, and longer triage and response times. But this is no longer an issue for the bank’s security analysts. ActiveGuard allows them to automatically collect employee-reported emails, group them into campaigns, and analyze and rank them according to threat risk, thus making the incident response process seamless.

In xorlab, the organization found the comprehensive, reliable protection it needed for its email users, across all email threats. The security team can now better understand the risks they face and respond to threats faster.

“New security analysts are up-and-running quickly with the solution. It is easy to use. 10 security analysts are already working with xorlab ActiveGuard.”

– Senior SOC Analyst

If you want to explore how xorlab could help keep your business communication and collaboration safe from compromise, book a demo today.

New call-to-action