THE KHALEEJI BANK EXPEDITES THEIR INCIDENT RESPONSE TIME USING AXONIUS.
.webp?width=800&height=167&name=Khaleeji-Eng-H-Lock-Black%20(1).webp "Khaleeji-Eng-H-Lock-Black (1)")
The Khaleeji Bank (formerly the Khaleeji Commercial Bank) provides a range of banking and investment product services to financial institutions, corporate entities, and high-net-worth individuals. Headquartered in the Kingdom of Bahrain, the Khaleeji Bank has offered Shari’a-compliant financial services since 2004.
Axonius Cybersecurity Asset Management
The Khaleeji Bank’s information security team successfully harnessed the power of Axonius, enabling them to achieve a comprehensive, accurate, and continuously updated asset inventory. This noteworthy accomplishment has resulted in significantly reduced incident response times, while also achieving greater autonomy in asset management. Additionally, Khaleeji Bank has achieved full compliance with the Central Bank of Bahrain’s requirements, positioning itself as a leading example in the industry.
In the dynamic world of banking, time is a valuable asset in every sense. Establishing a robust and secure IT infrastructure is of utmost importance, while effective asset management plays a pivotal role in identifying vulnerabilities and potential threats.
Yusuf Hasan Husain, the information security manager at Khaleeji Bank, highlights the importance of visibility in security. He firmly believes that in order to defend against threats, one must have a clear understanding of what they are up against.
When it was time to conduct asset inventory and security reports, Husain and his information security team heavily relied on the invaluable support of Khaleeji’s IT department. The IT department, dedicated to delivering exceptional customer service and providing unwavering support to Khaleeji in Bahrain’s fast-paced banking industry, played a vital role in this process.
In the pursuit of continuous improvement, the IT department at Khaleeji Bank took proactive measures to streamline operations and enhance cybersecurity practices.
Recognizing the significance of an automated cybersecurity asset management system, the bank prioritized its implementation due to two key factors: the Log4j vulnerability and new security regulations mandated by the Central Bank of Bahrain (CBB). During the global Log4j vulnerability incident in 2021, Khaleeji Bank promptly responded by requesting the IT department to compile a list of vulnerable assets.
Additionally, the CBB, as the financial industry’s regulator, responded swiftly to a security breach at a local bank in Bahrain. This incident served as a catalyst for the CBB to release 61 cybersecurity requirements, including the adoption of automated cybersecurity asset management within a specified timeframe.
Supported by the bank’s chief risk officer and senior management, the information security team (led by Yusuf) had already been actively investing in infrastructure and internal security control enhancements even prior to the release of the CBB’s cybersecurity requirements. This proactive approach ensured that Khaleeji Bank remained at the forefront of cybersecurity practices and maintained a robust framework for safeguarding its assets.
The Khaleeji team heard about Axonius through another company the bank worked with.
“The criteria that we use to evaluate a solution is very simple,” Husain said. “It needs to be efficient, user friendly, and accurate.”
As part of their evaluation, Khaleeji sought a vendor that met its standards and would make a long-term commitment. The team met with Axonius for a demo. Husain said Axonius went “above and beyond” answering questions, providing the Khaleeji team with additional requirements that fit their program.
The bank’s chief risk officer later met with Axonius, reviewing what the cybersecurity asset management solution offered and how it met Khaleeji’s security requirements. At that point, the bank’s senior management signed off on Axonius.
“Senior management is always supporting our security initiatives,” Husain said. “They understand the risks behind security, and they have a zero risk tolerance when it comes to security activities. They're always supporting these kinds of initiatives and knowing what Axonius has to offer, it was easy to sell it to them.”
With Axonius, Husain and his team achieved significant results in reducing incident response time and improving accuracy. As a result, the information security team’s operations became more efficient and streamlined in various ways.
“What we have accomplished with Axonius is a significant boost to our autonomy,” he noted. “Autonomy is crucial for maintaining strong security measures. We no longer have to rely on other departments for evidence, logs, or reports, which is a game changer.”
Initially focused on asset management, the information security team expanded their goals and objectives after leveraging the capabilities of Axonius. They discovered numerous additional use cases and ventured into in-depth risk assessment.
“Axonius offers incredible versatility, enabling us to tackle anything from simple asset management to comprehensive vulnerability management,” he emphasized. “It empowers us to gather data from a wide range of sources, enabling us to create a unique and tailored solution that perfectly suits our organization.”
“We approach security with a comprehensive mindset, prioritizing actual security over mere compliance,” Husain continued. “While having endpoint protection is important, it raises important questions. Are we effectively monitoring end-user behavior? Are certain users posing higher risks? Axonius empowers us to seamlessly correlate these data points, providing accurate risk assessments that go beyond simple ‘yes’ or ‘no’ answers.”
In addition to significantly reducing incident response times and fostering independence from IT, the information security team has streamlined their audit processes and other tasks through Axonius.
Husain relies on Axonius for approximately 80% of his daily operations, continually discovering new features and modules that greatly simplify his work.
Axonius has transformed the audit process, making it faster and more efficient for the team. This allows the IT department and the information security team to focus their time and energy on other critical tasks.
When it comes to working with Axonius, Husain highlights the exceptional value of the technical team. He holds regular meetings with them to discuss the bank’s progress and set goals for the upcoming quarter.
“I always receive immediate and comprehensive answers to my questions. The Axonius team feels like an integral part of our own team. They deeply understand our requirements and consistently offer innovative approaches to help us achieve our goals,” Husain expressed.
Axonius plays a pivotal role in driving Khaleeji Bank towards its goals and objectives.
“Thanks to Axonius, we have made remarkable strides in enhancing our security measures. By leveraging this powerful solution, we have achieved a level of autonomy and control that is unparalleled,” he said. “Our newfound empowerment has allowed us to establish an incredibly resilient security framework, free from external dependencies.”
“We do have a national-level initiative to help other organizations and Bahrain, in general, to become cyber resilient,” Husain added. “And Axonius is helping us understand where the gaps are in our own organization, as well as how we can push this to the other organizations and help them close those gaps.”
The Axonius and AWS partnership provides joint customers like Khaleeji Bank a more efficient approach to manage their ever-evolving asset security posture inclusive of AWS infrastructure and AWS security services.
With the AWS native integration, customers extend the Axonius asset security posture and visibility across the AWS infrastructure — from EC2 instances to EBS volumes, Lambda functions, databases, IAM policies, and much more — on every AWS region. The integration also correlates insights from AWS security services — such as vulnerability findings from GuardDuty and security control insights from SecurityHub — with other IT and Security solutions to reduce their attack surface as they move more assets into the cloud.
As an AWS partner, Axonius integrates with many AWS services including Macie, SecurityHub, GuardDuty, and Inspector to help customers mitigate threats, navigate risk, decrease incident response time, automate action, and inform business-level strategy.
See the Axonius Platform for yourself with an interactive product tour, where we'll guide you through key applications of our Cybersecurity Asset Management and SaaS Management solutions.
Request a demo to learn how the Axonius Platform provides a system of record for all digital infrastructure helping IT and security teams manage an always-expanding sprawl of devices, users, software, SaaS applications, cloud services, and the tools used to manage and secure them.