The Story

Yasser J. Alghamdi is director of the Cyber Defense Center at Saudi Telecom. His team is responsible for identifying, analyzing, and responding to all cyber threats and attacks. Yasser discusses how he collaborated with the Cisco Services team to strengthen cybersecurity and keep pace with an evolving threat landscape.

Saudi Telecom Company (stc) is the largest internet service provider in Saudi Arabia, with 60 percent of the country’s internet traffic going through our network. We are continually expanding and have acquired 14 new subsidiaries over the last few years.

We are a forward-thinking company, and we strive to provide the latest innovative services and platforms to our customers. We provide connectivity and managed services to a variety of organizations, including businesses, utilities, government, and defense as well as internet service to households.

At stc, we also play a unique role in enabling digital transformation throughout our country. In 2017, Saudi Arabia announced “Saudi Vision 2030,” a massive investment built around three primary themes: a vibrant society, a thriving economy, and an ambitious nation.

As a provider of essential national infrastructure, stc plays a large part in the Saudi Vision 2030, especially as we upgrade our technologies to prepare for a 5G world.

Because so much of the country’s internet and communications traffic depends on stc, a security issue that impacts our service can ripple through and have a dramatic impact on businesses, government, and people’s lives. Protecting our critical infrastructure from cyberthreats is vital not only for our company, but our country.

A strategic approach to security

Security is essential to everything we do at stc. In 2019, our organization set out to revamp the Cyber Defense Center to bolster security and detect and respond to threats before they could impact our operations—or our end customers.

I joined stc as the director of the Cyber Defense Center [(CDC)]to provide strategic direction and implement enhanced security from the ground up. Previously, we had been impacted by a series of ransomware and espionage attacks.

In order to successfully update the CDC and achieve our new mandates, we selected a partner that could address the new maturity target. Cisco had a strong reputation for always being available to help solve a potential challenge quickly.

Security issues occur all the time, and it was important to us that our partner have operational teams available in a variety of places, backed by a vast ecosystem. Cisco also offered a deep level of expertise and best practices in the latest technologies, such as 5G, which aligned with our overall strategic vision.

Close collaboration and valuable guidance

From the outset of the initiative, the Cisco Services team worked closely with our organization to fully understand our pain points, objectives, and expected outcomes, from both a business perspective and a technology perspective.

Ultimately, we wanted to enhance the capabilities of our cybersecurity environment with more advanced monitoring, machine learning, automation, and other new capabilities. We knew that we needed a customized solution that fully aligned to our requirements, and the team helped us create a plan for the desired solution.

The Cisco Services team provided a maturity assessment of the state of our environment at the outset. They also provided roadmaps to help guide our improvement initiative and conducted cybersecurity strategy workshops.

They provided valuable assistance in helping us develop documentation required by our government. They helped us document our current service and capabilities, our strategy, and our service design. On our own, this process could have taken up to three or four months, but we were able to deliver this much faster with the support of Cisco.

At stc, we operate a diverse environment with solutions from a variety of different vendors. The Cisco Services team applied a vendor-agnostic approach to our security solutions, making it easy for our systems to work together. For example, a threat-hunting solution using machine learning covers solutions from all our telco vendors, making this a simple and easy process.

Increasing security cover up to 95%

Today, we have more than 100,000 network nodes, 10,000 servers, 30,000 endpoints, and 250 critical applications in our system, along with 14 TB of events to store and process per day. With the help of the Cisco Services team, we've increased the security coverage for these components by up to 95%.

Cisco also worked closely with us to create more than 20 automation playbooks to better support incident response. We’ve dramatically enhanced the accuracy of incident response at stc. We have also strengthened incident response operation processes and reporting and have acquired missing forensics and malware analysis toolkits.

The results speak for themselves: with these resources and better platform management, we’ve reduced time to response by 87%, from 8 hours to one hour, and time to contain by 92%, from 48 hours to four hours.

We were also able to align with the MITRE ATT&CK framework, which helps us capture more information about attackers, their techniques, and their locations.

We have made a major enhancement and have built more than 100 use cases to be aligned with the MITRE standard. This enables us to better understand today’s threats and build better capabilities to detect and mitigate the attacks on our side. 

Creating a cybersecurity center of excellence

Our team’s priority is to enhance the CDC and position it as a center of excellence for the entire industry. The solid foundation we have built will not only help us deliver quality services but will also support us as we adopt emerging technologies and new approaches in the future.

We have created a comprehensive strategy to revamp the operations of the center to strengthen the quality of monitoring and incident response services even more.

The strategy includes restructuring the center to address future demand, increasing visibility across the company’s assets, and improving the quality of services provided by the center.

In addition, we are strengthening technical capabilities and building a culture of advanced practices, improving performance metrics and efficiency of operation, adapting emerging technologies and automation, and establishing a strong governance model to ensure the sharpness of the operation.

Through our partnership with Cisco, we feel confident that we have achieved a strong level of maturity, and we are now in the process of seeking to advance our cybersecurity posture even further.

We look forward to working on the future strategy, which includes increasing integration with business sectors, adopting emerging technologies such as 5G and IoT, and optimizing financial and operation overhead.

We strive to be a role model as we invest in innovation, and our goal is to position stc as a regional and global leader in the field of cybersecurity. Together, we can continue making a positive impact on Saudi Arabia and support the Saudi Vision 2030.