Imagination Technologies Group have more than 25 years of experience in designing and licensing intellectual property (IP) processor solutions. Headquartered in the UK, the organisation’s computing, graphics, and artificial intelligence (AI) IP deliver security, performance, and low power consumption in the smallest area of silicon possible, enabling chip makers to create new, innovative digital products.
Several years ago, Imagination launched a bold and imaginative “Cyber Transformation Programme” to create a no-compromise security posture. A connected portfolio of Palo Alto Networks network, endpoint, and security operations technologies protects Imagination’s IP and people from known and unknown cyberthreats – quickly and automatically.
However, some common challenges persisted in the SOC. Business growth and an expanding attack surface generated more security data from more siloed sources. There was significant reliance on reactive manual interventions by the lean security operations (SecOps) team, which in turn led to longer investigation times and reduced efficiency.
“One of the drawbacks to business growth is information overload,” says Paul Alexander, Director of IT Operations at Imagination. “Threat actors are highly sophisticated, but we only have the same number of hours each day to tackle those threats. Previously, when we saw suspicious activity, we had to decide where to start the investigation. That required input from the front desk team, application team, server team, and network team. With so many people involved, investigations were slow, complex, and burdened with risk.”
According to Paul, the company’s existing SIEM was one of the main causes of the problem: “We were collecting vast amounts of data from the network, endpoints, and cloud – but the SIEM was not designed to examine data on that scale or variety. We were only looking at a single data type or a certain type of log. We were never connecting the data or deriving real intelligence from it.”
Working with Palo Alto Networks, Paul and his SecOps team identified that they would require a modern security intelligence and automation management platform to:
Imagination have implemented Palo Alto Networks Cortex extended security intelligence and automation management (XSIAM) in the SOC to deliver automated end-to-end threat management wherever threats originate. This breakthrough automation-first security operations platform turns widespread infrastructure telemetry, threat intelligence, and external attack surface data into an intelligent data foundation to fuel effective automated detection and threat response.
This cutting-edge system supports Imagination across three vectors:
Unlike a traditional SIEM, new data is automatically integrated into XSIAM for richer analytics.
Cortex XSIAM is automating and scaling Imagination’s SecOps to protect against advanced threats. The benefits XSIAM delivers include: