Beijing National Greenfield Technology Co., Ltd.

Digital transformation requires single cyber security platform

Although NenKing’s business interests are very diverse, IT is the common area for all divisions. Having moved beyond a traditional business process focus, NGT’s sights are firmly set on foundational technology capabilities, such as AI, big data, and cloud enablement. Each business unit has its own processes and business applications, but NGT provides common IT services to empower them all. Mr. Stanley Wang, CEO of NGT, explains further: “We provide a digital platform and end-to-end operations for our group businesses. Cyber security is a key focus area for us to support our digital transformation. Having held CIO positions for major consumer brands, I have had the opportunity to work with ArcSight before. I feel that ArcSight doesn’t just provide information security but extends into security operations capabilities and can closely align itself with key business functions such as HR and finance. We need a single platform to deliver security capabilities and visibility.”

It was also important to NGT that OpenText™ was recently recognized as a 2021 Gartner® Peer Insights™ Customers’ Choice in SIEM for its ArcSight platform.* Mr. Wang has a good relationship with the OpenText™ China leadership team, and it was clear to him that the OpenText™ Cybersecurity division invests heavily in the future of the ArcSight portfolio. This, coupled with a flexible licensing structure, made ArcSight a compelling commercial proposition. “Because ArcSight covers so many different scenarios, it suits the diversity of our business model particularly well and realizes fast ROI,” says Mr. Wang. “Just delivering functionality is not good enough though, and we were pleased to discover that ArcSight is a high-performance platform too. This is essential as we provide ArcSight as part of our foundational service.”

We have only worked with ArcSight for a year, and have already seen tremendous benefits. Our executive teams really appreciate the real-time insight, and our improved security posture has won us additional business.

Real-Time ArcSight dashboard enables data-driven decision making

The team decided on the following ArcSight modules: ArcSight ESM by OpenText to deliver real-time threat detection with powerful SIEM correlation analytics; ArcSight SOAR by OpenText to accelerate effective incident response with intelligent automation; ArcSight Recon by OpenText to support threat hunters with big data search, visualization, and reporting; and ArcSight Logger by OpenText to simplify log management and compliance. Together, these ArcSight modules form the core of NGT’s digital command center. Here, all data and security logs are stored, ready for monitoring, processing, and analyzing. A real-time dashboard of the organization’s health empowers business leaders in understanding the risk they might be exposed to. This is a very useful management tool to support data-driven decision making across all business units.

The sports business units, one specializing in football and the other in basketball, manage particularly sensitive personal data about the performance of their sportsmen that needs to be protected against potential exfiltration. The units share a foundational ArcSight-driven Internet of Things (IoT) cyber security platform to collect and ingest data from a variety of endpoints. The data is leveraged to detect threats using behavioral analytics with machine learning providing timely and actionable insight. This is then investigated through triage for prioritization, followed by an orchestrated and automated response to remediate. The base cyber security scenario can be customized for different business units to suit a variety of requirements.

Because ArcSight covers so many different scenarios, it suits the diversity of our business model particularly well and realizes fast ROI.

ArcSight to scale in line with aggressive company growth ambitions

“Now that we have created an effective cyber security foundation for all business units to leverage, it is time to expand our vision,” comments Mr. Wang. “Our five-year plan includes a 7-fold growth that will require ArcSight to scale substantially. We want to empower more regions with ArcSight, and increase the level of ArcSight functionality and our security operations ecosystem in general, such as in the direction of application, data, and identity security. We have a multi-cloud deployment plan, as different business unit requirements dictate a different cloud approach. Our IoT scenarios work particularly well, and we are now focused on integrating these more closely into our core cyber security operations.”

He concludes: “We have only worked with ArcSight for a year, and have already seen tremendous benefits. Our executive teams really appreciate the real-time insight, and our improved security posture has won us additional business. I estimate that we currently deliver just 20-30 percent of the true value our ArcSight platform can give us. Our partnership with CyberRes (now OpenText Cybersecurity) will grow, and we will develop our team’s capabilities to leverage ArcSight to its full potential.”