Bajaj Auto Finance bolsters security with threat-hunting SOC

In its Information Technology Framework for the non-banking financial companies (NBFCs), the Reserve Bank of India (RBI) mentions that information is an asset to all NBFCs and explicitly calls for protection of these assets to achieve organizational goals.

For the auto finance division of one of the most diversified NBFCs in India, one that has catered to more than 30 lakh customers since 1987 – trust is a key factor in business continuity.

According to Gartner, 95 percent of CIOs expect cybersecurity threats to increase and impact their organization. Rajendra Bisht, CIO at Bajaj Auto Finance, recognizes the need for a comprehensive and smart security strategy to combat new-age threats.

The organization deployed an MDR (manage, detect and respond)-based SOC for monitoring and detection of all kinds of threats.  “When it comes to catching threats which are Known, Unknown, and Unknown Unknown in nature, existing and traditional tactics and defenses in place are no longer enough,” revealed Bisht. 

Why an SOC? 

The management of complex risks requires strategic cyber policies, and not just implementing point solutions. According to Gartner, there’s a need for investment in cybersecurity operations centers (SOCs) focusing on threat detection and response.

Bisht explained that there was a challenge when it came to mitigating evolving known and unknown threats, vulnerabilities, brute force attacks, insider threats, amongst others.

Rajendra Bisht/Bajaj Auto Finance

The existing security architecture lacked clear visibility on network traffic, threat advisories, and also needed to be compliant with industry regulations and standards such as the RBI, NIST, etc. Furthermore, there was a need to proactively monitor and protect the systems 24/7 from known and current attacks using various feeds.  

However, it’s not just about setting up a SOC. Gartner estimates that by 2022, half of all SOCs will transform into modern SOCs, with integrated incident response, threat intelligence, and threat-hunting capabilities.

A threat hunting SOC, and dedicated teams

The IT team at Bajaj Finance, Auto Finance Division integrated multiple security technologies to get more insights into the prevention and protection of digital assets. Additionally, it also automated the process to rule out the possibility of human errors. The organization implemented precise use cases from public web and dark web feeds, which helped in creating relevant rule-based prevention methodologies. 

Threat anticipation enabled the IT team to proactively identify and fix vulnerabilities. Integration with global threat intelligence helped the team recognize indicators of compromise, known bad IPs and domains. The dedicated SOC team now actively monitors threats using AI/ML capabilities.  Furthermore, there is a separate team that manages incidents and forensics to compact malware breakdowns or any other eventualities in the organization.  

According to Parag Kulkarni, senior manager, information security operations at Bajaj Auto Finance, deploying separate teams to monitor incidents and forensics has been a strategic approach for the organization. The dedicated SOC team does work with incident team to ensure checks are met around the clock including – profiling activities at various stages of the kill chain, historical data analytics –prevalence and occurrence (current and past) and behavior analysis, and prevention, detection and response – to better safeguard against new reported global threats. 

Case for compliance   

Apart from the technological benefits of the project that include automation, threat prevention, and anticipation, a 24/7 incident response against internal and external vectors, Bajaj Auto Finance has also observed key compliance business benefits after deploying an SOC. 

This includes application availability, data leakage prevention and adherence to security controls and standards such as with the IT Act, 2000, the RBI, NIST, amongst others. 

Bisht explained that the organization has plans to further strengthen its security posture by adopting a zero trust model, better IT governance, risk and compliance controls, identity access management and database masking, and virtual dispersive networking. 

One thing’s for sure – to mitigate the entire spectrum of threats – known, unknown, and unknown unknown, IT leaders are now thinking beyond the box and perimeter.