EPAM Systems, Inc. (#721 in Fortune Global 2000) is an American company that specializes in service development, digital platform engineering, and digital product design, employing one of the largest software engineering workforces in the world to support a wide range of projects delivered to EPAM’s customers.
To secure the remote endpoints of tens of thousands of engineers across the globe, EPAM is operating an award-winning 24×7 Security Operations Center that relies significantly on a modern Endpoint Detection and Response (EDR) infrastructure to cover the distributed fleet of devices.
To successfully handle the large volume of cybersecurity events, EPAM is required to implement automatic pre-processing of all events before they reach SOC Analysts in order to:
- Service Development
- Digital Platform Engineering
- Digital Product Design
Optimizing with Torq
Because EPAM is a highly technical organization, it compared the options of implementing this approach in-house versus using a security automation platform, such as Torq.
In collaboration with Torq’s Solution Architects, a framework was developed capable of handling more than 10,000 weekly events, applying a combination of “optimistic” and “pessimistic” automated checks on every identified information security threat in order to either proactively close it as one that doesn’t require analyst attention or better prioritize its severity.
Critical Success Factors
“Time-to-market” of adding and adjusting the logic that processes threats:
A change in behavioral detection may lead to up to 40,000 new events within a short period of time, making human analysts unable to process anything close to the amount they are faced with; they need to be able to respond quickly with automatic pre-analysis and clean up.
Guaranteed processing time of under 4 minutes for each threat: Analysts need to engage with IT security threats that have the highest probability of being most dangerous within a quick response time.
Confidence in logic changes not deteriorating detection efficacy: Flooding analysts will result in blind spots and disability to handle the events and effectively protect the organization.
The Torq Solution
- A collection of automated analysis rules performing optimistic/ pessimistic analysis, leveraging a specific endpoint platform (Windows / Mac / Linux)
- A confidence level calculation system based on multiple analysis rules providing independent estimations for the eventual verdict
- Test scaffolding allowing verification of new rules versus historical IT security events to understand the impact on the verdict
- Rapid development and implementation in three weeks— From there, the system went into staging, parallel to the initial homegrown system
With Torq, EPAM Systems is benefiting from a stable environment that handles IT security events in under 4 minutes. It is now executing between 10,000-20,000 workflow runs per week with 100% success. And when it needs to introduce further changes to the environment, they can be implemented in mere minutes.
“Torq has transformed our IT security posture for the better, by introducing an easy-to-implement, high-velocity security automation platform capable of handling the ever-increasing workflows our complex environment requires,” said Miroslav Sklansky, Senior Director, Global Head of Information Security Technology, EPAM Systems. “Torq has been a trusted partner, working with our IT security team to comprehensively calibrate its solution for our needs and ensuring business continuity for our employees and customers alike. With Torq, we’re secure in the knowledge that our cybersecurity infrastructure is optimized for maximum efficiency and rapid remediation.”
See Hyperautomation in Action
With Torq, any security professional of any skill level can easily connect multiple tools into an automated workflow that can be run as needed — triggered from an alert, or according to schedule. Get started automating today! Zero coding or API knowledge required.