Executive Summary
Customer: Malaysian Rubber Council
Industry: Government Agency
Location: Malaysia
Challenges
- No Dedicated Security Resources
- Limited SOC Service Scope
- Unclear SOC Service Effectiveness
- Communication Challenges with SOC Service
- System Disruption caused by Sensitive Configurations
Sangfor Solution
- Sangfor Athena Managed Detection and Response (MDR)
About Malaysian Rubber Council (MRC)
The Malaysian Rubber Council (MRC) is a government agency that promotes, develops, and facilitates the global growth of Malaysia's rubber industry, supporting local companies through marketing, branding, and trade initiatives.
With around 100 staff at its headquarters, the council plays an important role in promoting local companies on the global stage, ensuring quality standards, and facilitating international trade opportunities.
We spoke to Mr. Kevin Cheah, Director of the Information Technology Department, and Mr. Zulhilmi Zainal, Senior Executive for the Information Technology Department, who previously coordinated all IT matters, including IT Security. They shared insights into how Sangfor Athena MDR has improved their cybersecurity posture and met their expectations in managing cyber threats.
Cybersecurity Challenges
The internal IT team comprises six staff members who manage both daily IT operations and cybersecurity. With no dedicated in-house security team, IT staff were required to juggle multiple roles, from maintaining systems and applications to investigating and responding to potential cyber threats.
Previously, we didn't have any dedicated IT security staff. Everything was handled by the same small team that also managed daily IT operations. That is not an easy task as our role as the primary council also collaborates with various rubber product industries, exposing us to more threats and cyber risks.
Information Technology Director, MRC
While the above represents the primary issue faced by the council, the following table provides a comprehensive overview of the security challenges they experienced.
| Pain Point | Details |
|---|---|
| 1. No Dedicated Security Resources | i. All security responsibilities were managed by the six-person IT team that also handled general IT operations. This created gaps in expertise and immediate attention for cybersecurity matters. ii. When critical security issues arose on production servers, staff could only attend to them within an hour, on average. |
| 2. Limited SOC Service Scope | The council previously leveraged the security operations center (SOC) services of their cloud service provider (CSP) to alleviate the burden on the IT team. However, the CSP only monitored cloud workloads running on eight cloud instances, leaving on-premises servers and endpoints without coverage. |
| 3. Unclear SOC Service Effectiveness | The CSP saw hundreds of thousands of logs per month relating to the council's cloud workloads. However, in their service reports, the CSP mostly focused on raw traffic numbers rather than cyberattack-centric analysis that provide insight into the council's security posture. This left the IT team concerned about service effectiveness and whether threats were being thoroughly addressed. |
| 4. Communication Challenges with SOC Service | i. The CSP's SOC service didn't assign a dedicated single point of contact (SPOC). This meant that the IT team had to re-explain context for each incident, such as asset importance, operational protocols, and baseline network behaviors, to different analysts, including those from partnering third-party vendors. ii. This slowed response times, averaging up to one hour for more complex issues, and eroded trust in the vendor's ability to provide quick issue resolutions. iii. Additionally, the CSP communicated through email, which slowed response by 10–15 minutes for critical/high-severity incidents. |
| 5. System Disruption caused by Sensitive Configurations | i. The existing endpoint security solution occasionally caused disturbance with an alert notification every few hours on workstations and servers due to overly sensitive configurations. ii. While not severely disruptive, these incidents created unnecessary operational friction and frustration for staff and IT team occasionally received complaints from staff on this matter. |
Sangfor Solution
Facing the high cost and long lead time of building an in-house SOC, the company turned to Sangfor Athena MDR for a faster, turnkey solution to strengthen its cybersecurity posture.
Backed by over 400 security experts, Athena MDR delivers enterprise-level protection with over 80% cost savings annually compared to maintaining an internal SOC. The service provides 17× wider coverage across cloud, on-premises servers, and workstations, with 24/7 monitoring, accurate threat detection, and rapid incident response operated from ISO/IEC 27001–certified global SOCs in Malaysia and abroad.
Following a successful proof of concept (PoC), the customer adopted Athena MDR to gain 75% faster response time, actionable security reporting, and ongoing monthly optimization reviews — ensuring stronger, uninterrupted protection without disrupting business operations.
Solution Benefits and Outcomes
Security Posture Summary Before and After Sangfor Athena MDR Deployment
| Pain Points | Before the Deployment | After the Deployment | Benefits |
|---|---|---|---|
| 1. No Dedicated Security Resources | No dedicated security team; relied on a small IT team to manage both IT and security operations. | Gained on-demand security expertise and essential tools through Athena MDR, saving over 82% annually compared to building an in-house SOC. | Enterprise-Level Protection with Significant Cost Savings |
| 2. Limited SOC Service Scope | CSP's SOC service only covered cloud workloads, leaving on-premises servers and endpoints unprotected. | 17x (times) wider service coverage, with 24/7 monitoring and alert validation across all on-premises servers, workstations, and cloud infrastructure. | Broader Visibility and Protection |
| 3. Unclear SOC Service Effectiveness | CSP's SOC service reports mainly focused on raw traffic data rather than cybersecurity-centric insights. | Security notifications and reports that clearly show the organization's current security posture, and provide confidence that threats are being detected and resolved. | Comprehensive and Actionable Security Insights |
| 4. Communication Challenges with SOC Service | No dedicated vendor support engineer; each incident required re-briefing a new analyst, leading to slow response times (1 hour on average), which eroded confidence. Additionally, the SOC service communicated through email, which slowed response by 10–15 minutes for critical/high incidents. | 75% improvement in response time; a dedicated Customer Success Manager (CSM) now acknowledges and acts on incidents within 15 minutes or less. Moreover, Instant messaging made updates far more efficient than logging and tracking tickets for every incident as experienced with the previous SOC vendor. | Consistent Communication and Faster Response |
| 5. System Disruption caused by Sensitive Configurations | Overly sensitive configurations in the existing solution caused minor disturbance on computers. | Monthly security policy reviews to optimize configurations, ensuring that protection is strong but not disruptive to servers, applications, and staff's daily work. | Minimized Business Disruption |
1. Enterprise-Level Protection with Significant Cost Savings
Building an in-house SOC with dedicated staff would have required at least four to five additional hires, each costing thousands of Malaysian Ringgit per month. Instead, Sangfor Athena MDR delivers enterprise-grade protection at a fraction of that cost, bundling essential security technologies such as Sangfor Athena EPP into a single, affordable, and fully managed solution.
According to Sangfor's MDR TCO calculator, the MDR service provides an estimated ROI exceeding 82% in combined CAPEX and OPEX savings annually, compared to maintaining dedicated in-house SOC operations.
Bundling MDR together with the necessary sensors made it much more cost-effective compared to buying separate tools and services. From a cost perspective, this was the most impressive part.
Information Technology Director, MRC
2. Broader Visibility and Protection
The CSP's SOC service focused only on cloud instances, leaving on-premises systems and endpoints unmonitored. Athena MDR closed this gap by protecting every layer of the environment — cloud, servers, and workstations — expanding coverage by 17 times more assets for the council, significantly reducing blind spots and strengthening overall resilience.
The Athena MDR platform ingests approximately 169 million logs per month from endpoint and network telemetry. Leveraging a combination of AI-driven analytics and security expert investigation, Athena MDR transforms this vast data volume into a small number of verified, high-confidence incidents. Only verified incidents are then escalated to the council, at a noise reduction rate of around 97%.
Athena MDR also reviews alerts across all severity levels, not just high-severity and critical ones, ensuring that no potential threats remain hidden or uninvestigated.
3. Comprehensive and Actionable Security Insights
Instead of receiving reports filled with network traffic statistics from their CSP, the council now benefits from actionable intelligence with Athena MDR. Each report clearly outlines the threats detected during the reporting period, the actions taken, root causes identified, and tailored remediation recommendations.
This gives the council a clear picture of their security posture and the confidence that threats are being handled. The insights also help them prioritize and drive ongoing security improvements.
4. Consistent Communication and Faster Response
With the CSP's SOC service, every incident required re-explaining the context to a new analyst, often delaying response times by up to an hour.
With Athena MDR, incidents are now acknowledged and acted upon within 15 minutes or less, representing a 75% faster response time [(60-15)/60 x 100 = 75%]. The IT lead highlighted the benefit of having a dedicated CSM who fully understands their environment. This continuity has eliminated the need to re-explain context, resulting in faster resolutions and more consistent communication.
Additionally, the CSP's SOC service relied solely on email communication and ticketing, adding 10–15 minutes of delay each time a new alert or update was shared — a significant gap when responding to critical security events.
In contrast, Athena MDR uses instant messaging like WhatsApp for real-time collaboration with the council's IT team. This approach ensures immediate visibility and two-way interaction. In urgent cases, every minute counts, and instant communication enables faster validation, decision-making, and containment actions.
Athena MDR customers have found that having a dedicated CSM and instant messaging as the primary communication platform not only improves response speed but also builds greater confidence and transparency, as they can see, ask, and act alongside our analysts in real time.
5. Minimized Business Disruption
The Athena MDR team went beyond core threat detection and response duties by proactively optimizing the configurations of existing security tools. This removed the occasional alert pop-ups that affected several systems before MDR adoption. In addition, the MDR team conducts monthly security policy reviews to continuously fine-tune configurations, ensuring they remain both effective and non-disruptive. As a result, the council has maintained strong security resilience without compromising business performance or causing disturbance.
Watch the Customer Testimonial Video
Conclusion
This case demonstrates how a resource-constrained organization can transform its cybersecurity posture with Sangfor Athena MDR. By replacing fragmented SOC services and manual in-house monitoring with a comprehensive managed service, the council achieved:
- Stronger visibility and assurance across all IT assets.
- Reduced workload and stress on a small IT team.
- Faster and more consistent response, with direct analyst engagement.
- Cost savings, avoiding the expense of building an internal SOC team.
With Sangfor MDR, the organization gained not just a service, but a trusted partner in security operations, ensuring resilience against evolving threats while enabling its staff to focus on their daily tasks with less concern about business disruption caused by cyberattacks.
