Infosys Limited

Deep visibility and actionable intelligence across entire global infrastructure

As a company renowned for its innovation, Infosys has a culture of continuous improvement and creativity. This mentality is applied to all aspects of the IT consulting giant’s operations, including security. Vishal Salvi, senior vice president and chief information security officer, described, “Cyber criminals are becoming better organized and increasingly sophisticated. We are constantly evaluating our security measures to ensure that we’re defending ourselves appropriately and are able to respond quickly should we detect any potentially malicious activity.”

A Monumental Challenge

The magnitude and complexity of the Infosys attack surface is significant; encompassing hundreds of thousands of endpoints spanning the entire globe, a highly mobile workforce and huge datacenters. Tasked with protecting the entire infrastructure, Salvi and his team have created a highly detailed framework that is used to model their environment: It utilizes a one-to-five scoring system to reflect the risk and readiness of each element across a selection of individual security- related functions. Salvi elaborated, “The framework provides us with a very comprehensive maturity model to enable us to define risks and specific control requirements for cyber security across the company.”

Video

Infosys partners with FireEye to deliver multi-vector protection

“We now have deep visibility into what’s happening across our entire network: The nature of the threats that are targeting us and how they’re getting blocked. We’ve elevated our threat-hunting capabilities.”

- Vishal Salvi, Senior Vice President and CISO, Infosys Limited

Modelling the Future

The proprietary Infosys model is based on the NIST (National Institute of Standards and Technology) Cyber Security Framework (CSF). Backward compatibility is maintained with NIST to support automatic two-way correlations: ensuring that all procedures leverage the most up to date perspectives. To guarantee objectivity and confirm that the maturity model accurately reflects the risks and state of readiness, Salvi engages one of the ‘Big Four’ global accounting firms to perform a company-wide audit of results.

In 2016, a review of the company’s infrastructure revealed a need to enhance protection against advanced persistent threats (APTs). “The maturity model allows us to create a roadmap of where we are now, to where we need to be,” stated Salvi. “We use this information to define the solutions and services that will get us to where we want to be.”

Disciplined, Structured and Clinical

Addressing the deficiencies highlighted by the maturity model required enhancing protection on Infosys’ primary threat vectors, including endpoints, email and its extensive global network.

As befitting a world class technology consulting company, Infosys executed against a clinical, highly structured evaluation process – using a comprehensive set of measurement criteria – to identify the optimal solutions to address its needs. The final requirements document contained over 7,000 factors that were used to evaluate potential candidates.

Infosys Limited

 

Infosys Limited

Industry: Information Technology Consulting

Founded in 1981, Infosys is a multinational corporation headquartered in Bengaluru, India. Providing a broad array of technology-related services to clients in more than 50 countries, it is the second-largest IT company in India. Employing almost 200,000 people, Infosys has a market capitalization of $34 billion and annual revenues over $10 billion.

“We’re able to take a proactive approach and the visibility we now have enables us to respond quicker and with more precision than we ever could before. Going with the suite of FireEye solutions was a no-brainer!”

- Vishal Salvi, Senior Vice President and CISO, Infosys Limited

...and the Winner is: FireEye

Salvi recalled, “We considered point products for advanced threat protection from individual suppliers as well as multi-capability offerings and conducted a proof- of-concept with a shortlist of contenders. After exhaustive evaluations the integrated suite of best-in-class solutions from FireEye was our ultimate winner.”

Infosys selected FireEye Network Security, FireEye Endpoint Security and FireEye Email Security. The platforms were supplemented by FireEye Security Orchestrator for added unification and automation capabilities; and a FireEye iSight subscription for proactive, forward-looking identification of potential threats.

“When we identified FireEye as the highest scoring proposal, it was not just about looking at the core technology, but also the fit with our existing environment and the ability to deliver the value we need for protecting our information assets from advanced threats,” said Salvi. “FireEye also stood out because of its accuracy of detection, ease of implementation, and of course, our compatibility with the team.”

Rapid Roll-out

To realize maximum value from his investment in FireEye in the shortest possible period of time, Salvi opted to simultaneously implement all of the solutions. He recounted, “Our board of directors set an extremely aggressive timeframe for completion. We partnered closely with FireEye to get everything operational at lightning speed. Despite the size of our deployment – including many remote locations – we were able to meet all of the deadlines.”

Enhanced Capabilities

“FireEye solutions give us a layer of protection that was previously missing,” conveyed Salvi. “We now have deep visibility into what’s happening across our entire network: The nature of the threats that are targeting us and how they’re getting blocked. We’ve elevated our threat- hunting capabilities.”

Infosys is a company that strongly believes in automation and innovation, making FireEye Security Orchestrator a great fit. “We try to remove as many manual steps as possible and automate as much as we can,” Salvi commented. “We’re now able to combine actionable intelligence, and IOCs [Indicators of Compromise] to automatically deploy the right defensive strategies across the entire company. The addition of iSight gives us insights into threat actors around the globe: Knowing your enemy is half of the battle won.”

He concluded, “We’re able to take a proactive approach and the visibility we now have enables us to respond quicker and with more precision than we ever could before. Going with the suite of FireEye solutions was a no-brainer!”