Customer Stories

Keeping valuable data safe with a proactive approach

Database Consultants Australia

  • Icons_TL_Problem
    Problem
    DCA deals with large amounts of confidential data which includes personal information. As their business and footprint grew, so did their potential for being a target for Threat Actors. Smaller-scale solutions like anti-virus software would not offer sufficient protection.
  • Icons_TL_Solution
    Solution
    24x7x365 behaviour-based monitoring through the Triskele Labs Security Operations Centre (SOC). Triskele Labs monitors all behaviours on the network, flagging and escalating behaviour that doesn’t fit the baseline as needed.
  • Icons_TL_Results
    Results
    The Triskele Labs SOC provides DCA with better visibility of its network, and better protection. DCA have visibility over issues they never had the resources to examine previously. What’s more, it is much more difficult for a Threat Actor to duplicate the baseline level of behaviour, that is unique to DCA in this independently monitored environment.

 

dca logo

Database Consultants Australia (DCA) provides a wide range of services: from parking management software to loyalty programmes to lead generation and more. The theme of these is the same: a significant amount of data flows through the organisation.  

DCA handles millions of records every month. This means DCA needs to proactively protect potential Threat Actors.  

Triskele Labs understood us, knew what the hot spots were, and knew they could deliver on dealing with those.
Steve Toal, Director
Database Consultants Australia
Customer Stories 1922 x 812 - Richard

The problem_

You don’t know what you don’t know 

DCA takes security seriously. To offer their customers the best protection DCA’s approach is, proactive rather than reactive.  

As their business expanded, it wasn’t enough to have the capacity to respond to issues. By then, it might be too late. Rather, DCA needed visibility over potential entry points into their system before Threat Actors found them. That way, they could fix potential problems before they turned into breaches, rather than wait for them to be exploited.  

 

 

 

 

The solution_

Security Operations Centre (SOC) 

Triskele Labs implemented the ISO27001 certified Security Operations Centre (SOC) for DCA. This is a 24x7, 365 days a year service that monitors the entire organisation and flags potential security breaches.  

“It’s not like your anti-virus software,” said DCA Director Steve Toal. “It’s behaviour-based.”  

The difference is that anti-virus software looks for viruses. It’s reactive. The SOC is proactive. Rather than scan for breaches, the SOC scans for behaviours outside the baseline of normal behaviour that may indicate a breach or a potential breach. This is a critical difference because sophisticated attackers figure out ways around traditional endpoint security solutions. Antivirus software, for an organisation the size of DCA, isn’t sufficient because it is such a significant target.  

Signature-based tools like antivirus aren’t enough for a company of our size. The SOC is the next level up.
Steve Toal, Director
Database Consultants Australia

 

 

The SOC works by establishing a baseline of normal behaviour, such as which accounts typically log into which machines. From there, the SOC flags any behaviour that falls outside of the baseline - such as an admin account logging in to a machine it has never logged into before.  

The SOC then triages behaviours and escalates things to the DCA team as needed. It’s similar to systems that banks use to monitor credit cards. If a banking customer goes on holiday and swipes their card in a foreign country, they are likely to get a confirmation phone call from their bank to make sure it’s a legitimate transaction. The SOC follows a similar protocol: identifying the baseline, then investigating behaviour outside of that baseline.  

“There were lots of false positives in the beginning,” Steve said, “but this showed how powerful the service was - it was reassuring.”  

Over time, the number of false positives reduced as the SOC figured out the baseline behaviour. 

Customer Stories 1922 x 812 SOC

The results_

Visibility

The SOC provides a level of visibility that was not possible before. Now, DCA can see and respond to potential weaknesses in their system before Threat Actors find them.  

“99.9% of it is benign - like a network administrator logging in from a different location because they’re on holiday. But these events deserve investigation.”  

By triaging and informing the DCA team about events outside of the baseline level of activity, Triskele Labs has effectively created a “moat” for DCA. Now, they can stay on top of their network in a way that wasn’t previously possible - by knowing about, investigating, and potentially responding to every irregular behaviour.  

The key benefit of this approach is that it depends on a baseline of behaviour that is specific to DCA. This specificity means it is very difficult - if not impossible - for Threat Actors to know and mimic. The constant monitoring relative to a baseline gives the high level of security that an organisation with a footprint like DCA’s needs.  

Triskele Labs are highly responsive; they engage quickly and they maintain focus until issues are resolved.
Steve Toal, Director
Database Consultants Australia

Explore related products & services

Talk to us today

Need incident response or Cyber Security advice? Reach out to understand why we are the only Cyber Security experts you'll ever need to talk to.