The silicon solutions of tomorrow
Imagination Technologies Group has more than 25 years of experience in designing and licensing intellectual property (IP) processor solutions. Headquartered in the UK, the organisation’s computing, graphics, and artificial intelligence (AI) IP delivers security, performance, and low power consumption in the smallest silicon area, enabling chip makers to develop new innovations in digital products.
Three years ago, Imagination’s cybersecurity infrastructure and operations were struggling to keep pace with business growth. With revenues climbing across all sectors and geographies – and an overriding need to protect semiconductor IP – multiple security challenges were emerging.
- Reliance on point security: Multiple, disjointed security tools made it difficult to create a complete, unified picture of the security posture. Uncontrolled “shadow” security solutions flourished, especially in satellite offices with no dedicated IT resources. According to Paul Alexander, Director of IT Operations, Imagination Technologies Group, “Until recently, we survived on ‘best endeavours.’”
- Culture not geared to cybersecurity: As an engineering-led organisation, Imagination’s focus was on agile, innovative processor development – less on data security. Paul explains, “We used to comment that cybersecurity was important until it was inconvenient. Nothing was allowed to impact engineering, and the perception was that restrictive cybersecurity controls did exactly that.”
- Security team stretched: With no dedicated security operations centre (SOC), the lean security team was overwhelmed by manual, repetitive processes. Up to 15% of their time was spent remediating for IoCs (indicators of compromise), for which the average response time was 36 hours.
- Complex infrastructure: Imagination’s global estate spanned more than 1,000 staff, 14 sites, and more than 12,000 devices. Existing security controls struggled to cope with highly bespoke systems such as development hardware, and the visibility of internet of things (IoT) and operational technology (OT) devices was limited. Paul comments, “We didn’t know what we didn’t know.”
It was time for Imagination to re-imagine cybersecurity.
In response to the limits and gaps in their security posture, Imagination Technologies launched their “Cyber Transformation Programme” to take proactive control of cyber risks. Palo Alto Networks was an early partner in this forward-thinking strategy. “The flexible ‘beachhead’ agreement with Palo Alto Networks gave us a suite of security tools to trial for 12 months to see what worked for us. This gave us exposure to ‘the art of the possible’” says Paul.
"Palo Alto Networks ML-Powered Next-Generation Firewalls, one of the best moves we ever made."
–Paul Alexander
Director of IT Operations, Imagination Technologies Group
Putting security at the centre of operations
Imagination had previously deployed Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFWs) in their data centre – “One of the best moves we ever made,” says Paul. This experience and the “beachhead” agreement led to the defining of several requirements:
- To protect IP using an intelligent, automated cybersecurity platform.
- To establish a SOC, unifying security operations.
- To consolidate multiple point vendors in a unified stack.
- To move security to the centre of operations, rather than it being an afterthought.
A no-compromise security posture
The Cyber Transformation Programme introduced a dedicated security operations (SecOps) team, leveraging the Palo Alto Networks portfolio to create a no-compromise security posture. “Our philosophy is ‘do it right, do it once’ – and Palo Alto Networks gives us that capability. Across network, endpoint, and cloud security, the technologies are proven, agile, and highly flexible,” says Paul.
The deployed portfolio includes:
- ML-Powered NGFWs: Deployed in every site, these AI-powered platforms instantly prevent new threats, automate processes to prevent advanced attacks, and extend visibility into all applications, all users, and all devices – including IoT.
- Cloud-Delivered Security Services (CDSS):
- DNS Security: Applies predictive analytics to disrupt attacks that use DNS for command-and-control or data theft. Analytics and insight into DNS traffic reduce investigation and response times.
- IoT: Discovered more than 12,000 devices, including highly specialised semiconductor “development boards”, bespoke silicon devices and unmanaged devices. Also detects behavioural anomalies, recommends policy based on risk, and automates enforcement that goes beyond traditional IoT security solutions. Because it is integrated as part of the Palo Alto Networks NGFW, IoT can simply be turned on and prevent known and unknown IoT and OT threats, instead of deploying another security solution.
"Innovations such as Cortex XSIAM mean we are always moving forward, innovating the way data, analytics, and automation are used to outpace threats."
–Paul Alexander
Director of IT Operations, Imagination Technologies Group
- Cortex XSIAM: The breakthrough autonomous security operations platform powers today’s modern secure operations centre (SOC) and fundamentally changes the way data, analytics, and automation are used across enterprise and cloud security operations. Imagination were part of the XSIAM Design Partner Program in 2022 and purchased licences at product availability. Imagination have now implemented XSIAM in the SOC to deliver automated end-to-end threat management wherever threats originate. This automation-first security operations platform turns widespread infrastructure telemetry, threat intelligence, and external attack surface data into an intelligent data foundation to fuel effective automated detection and threat response.
- Prisma Access: Always-on, secure remote access, providing 1,000+ users with consistent user experience and continuous protection – regardless of location. Prisma Access allowed Imagination to fully realise leastprivileged access while reducing risk with continuous trust and threat verification for all users, devices, apps, and data. For example, during the pandemic, the company was able to immediately and securely switch almost all their employees to homeworking without deploying point hardware. Having consistent security regardless of where employees were simplified operations and improved security.
- Unit 42 Managed Threat Hunting (MTH): Proactively searches for TTPs known to threat actor groups and emerging IOCs that Unit 42 are privy to via their own intelligence networks. Paul comments, “Previously, we only had a ‘Monday to Friday’ pair of eyes. Now we have 24/7 Managed Threat Hunting anywhere in the environment, including unmanaged devices and remote users.”
- Resident engineer: Two expert, embedded Palo Alto Networks professionals help make the most of the Next-Generation Firewall platform – for example, by de-risking the deployment, coordinating playbooks, and building out the operational service.
"Prisma Access brings protection closer to our users, so traffic doesn’t have to backhaul to headquarters to reach the cloud."
–Paul Alexander
Director of IT Operations, Imagination Technologies Group
Seamless connections
“This is frictionless no-compromise security at its very best,” says Paul, commenting on the portfolio. “Everything connects seamlessly with Palo Alto Networks – the technologies, the people, and the future roadmap.”
The benefits include:
- Secure transformation: Despite an accelerating rate of change, Imagination’s IP and people are reliably protected from known and unknown threats. Paul comments, “We are never complacent. However, thanks to Palo Alto Networks, Imagination Technologies are extremely well defended against cyberattacks. We’re confident now.”
- Automated efficiency: The three-person team are liberated from performing time-consuming manual security processes, enabling them to focus on more strategic tasks – like proactive threat hunting. For example, the number of incidents per day has dropped from approximately 175 to less than 30. Most of the balance will soon be automated too.
"Now we have 24/7 Managed Threat Hunting anywhere in the environment, including unmanaged devices and remote users."
–Paul Alexander
Director of IT Operations, Imagination Technologies Group
- Increased SOC agility with one-minute MTTR and complete visibility: Imagination is achieving a one-minute mean time to repair (MTTR) using Cortex XSIAM. Complete visibility from within the same console with the same workflows, fully integrated data, and ML-Powered automation all contribute to agile, responsive SecOps. Paul comments, “XSIAM really is a single pane of glass. All our SecOps processes happen in one place, which means less context switching and people don’t need additional skills to use multiple tools. That’s a huge saving for a small team like ours.”
- Simplified operations: Cortex XSIAM reduces manual effort, cuts delays in onboarding/offboarding employees, lowers the likelihood of misconfigurations, and provides fully-audited, repeatable processes. “Native automation means accessible automation,” Paul explains. “The intuitive ingestion of extra data sources, together with the enrichment and normalisation of that data, gives us great confidence in the data for decision-making.”
- End-to-end estate visibility: “We know about everything now; there’s no more ‘gut feel,’” says Paul. “If someone in China downloads a malicious file at 4am, we are alerted instantly. We can triage the incident automatically and quickly.”
- Agile security: The correlation of data between network, endpoint, and cloud security results in a more agile, intelligent security posture – and has led to a significant drop in the number of false positive alerts. “Even our most cynical critics now agree security is available in a single pane of glass,” says Paul.
- Support for the hybrid working model: The cloud-based solution worked well throughout lockdown – and continues to. “Prisma Access is now supporting our post-Covid/hybrid working arrangements. Given the war on talent, this flexibility is an important component in helping to attract and retain the best talent,” says Paul.
The wraparound support team are also part of Imagination’s fabric. “We’re not just a small customer at a big supplier. Customer Success, Unit 42, and executive support are continually looking after our best interests,” Paul explains. “Palo Alto Networks leadership came to understand how they could help Imagination Technologies with their teams through the Executive Briefing Centre and listened to our needs.”
"This is frictionless no-compromise security at its very best. Everything connects seamlessly with Palo Alto Networks – the technologies, the people, and the future roadmap."
–Paul Alexander
Director of IT Operations, Imagination Technologies Group
Discover the Palo Alto Networks portfolio here. Read the other Imagination case studies to go into the details of how they use Cortex XSIAM and Prisma Access.