Saudi Arabia announced "Saudi Vision 2030" in 2016, a bold pathway for the country's future. A transformative and deeply ambitious plan, it seeks to unlock Saudi Arabia's vast potential by creating a diversified, innovative country for the benefit of future generations. Since the launch of "Saudi Vision 2030," the country has witnessed unprecedented change and remarkable growth. One company playing a critical role in this transformation is the Saudi Telecom Company.
As the country's largest information and communication technology company, Saudi Telecom is at the convergence of computing, communications, and government policies that shape how information and communications should be accessed, secured, processed, transmitted, and stored. With its ambitious plan focused on the future, Saudi Telecom has been helping its citizens, businesses, utilities, and defense prepare for a 5G world. A forward-thinking company, Saudi Telecom provides customers with innovative internet services and infrastructure platforms as well as connectivity and managed services.
Because it hosts 60 percent of the country's internet and communication traffic, Saudi Telecom is uniquely positioned to drive digital transformation across the country. To enable these efforts, Saudi Telecom is extra vigilant about security challenges, including cyberattacks. Protecting critical infrastructure from cyberthreats is a strategic imperative for the company and the country. As a result, security is a key component of everything Saudi Telecom does.
In 2019, Saudi Telecom set out to reimagine its Cyber Defense Center (CDC) into a Center of Excellence with leading-edge security, detection, and defense capabilities. Yasser J. Alghamdi, Director of the Cyber Defense Center, joined to provide strategic direction and enhance overall security measures at a time when the company had been impacted by a series of ransomware and espionage attacks.
But to successfully update the Cyber Defense Center and achieve 2030 Vision mandates, Saudi Telecom needed a partner with deep expertise in cybersecurity; one with operational teams located in multiple geographies across Saudi Arabia to support incident response requirements. Cisco became that partner to Saudi Telecom, providing the deep level of expertise and capabilities needed for both cybersecurity and 5G.
"Cisco helps us keep our environment secure so we can continue
to support digital transformation across the country."-Yasser J. Alghamdi, Director, Cyber Defense Center, Saudi Telecom
To address cybersecurity issues, Cisco Business Critical Services experts worked closely with Saudi Telecom teams to understand their challenges, objectives, and key outcomes needed, from both a business and technology perspective.
Cisco then worked together with them to enhance Saudi Telecom's cybersecurity capabilities with advanced monitoring techniques, including machine learning, automation, and the integration of multiple security technologies. To do this, we created a customized solution to address their unique requirements.
A series of steps were taken to build a Cybersecurity Center of Excellence. Here's a sampling:
Today, Saudi Telecom has more than 300,000 network nodes; 10,000 servers; 30,000 endpoints; and 250 critical applications in its extensive system, along with 14 TB of events they capture and process daily.
Working together, Business Critical Services and Saudi Telecom teams were able to increase visibility across critical assets more than 90 percent. With the addition of new resources and better platform management, over the past three years, Saudi Telecom's Cyber Defense Center reduced mean time to detect (MTTD) from 48 hours to less than 30 minutes - a significant improvement of 95 percent.
Mean time to response (MTTR) decreased from 8 hours to less than 1 hour-an efficiency improvement of more than 87 percent. And time to contain undesired events decreased from 48 to 4 hours, a drop of 92 percent.
Incident response was optimized by creating and sharing more than 40 automation playbooks and 50 machine learning use cases. Plus, new incident response operation and reporting processes were developed, and forensics and malware analysis toolkits were acquired.
All of this contributed to Saudi Telecom's ability to acquire CREST SOC accreditation from the Council for Registered Ethical Security Testers (CREST) for their Security Operations Centers (SOC). Saudi Telecom's Cyber Defense Center was also recognized with a maturity score of 4 out of 5, according to the U.S. Information Systems Audit and Control Association (ISACA).
In addition, Cisco was able to help Saudi Telecom align with the MITRE ATT&CK framework, enabling them to capture information about attackers, including their techniques and locations. We helped them build more than 500 use cases aligned with the MITRE standard, so they can accelerate attack detection and mitigation. Always looking ahead, Saudi Telecom continues to strengthen its technical capabilities with investments in emerging technologies and automation and a strong governance model.
"Through our partnership with Cisco, we feel confident that we have achieved a strong level of maturity, and we are now in the process of seeking to advance our cybersecurity posture even further," says Alghamdi.
To read more about Saudi Telecom's story, visit the Cisco CX website.