Fintech · 24/7 SOC

A 24/7 Security Operations Centre for an East African digital lender.

A digital lending platform with 800,000+ customers had grown faster than its security capability. They needed monitoring, incident response, and a credible story for the regulator — without building a SOC in-house.

Cyber SecurityManaged IT Services
Security operations centre — fintech cybersecurity monitoring
Client
East African Digital Lender
Sector
Fintech · Cybersecurity
Duration
Ongoing
Year
2024-ongoing

The challenge

The lender had a small in-house security team that was firefighting daily. The CEO had received a board mandate after a near-miss incident, and the regulator was asking pointed questions. Building an internal 24/7 SOC would have taken 18 months and cost twice the budget.

East African business professionals — operational context
How we worked

The approach in 5 phases.

01

30-day onboarding

Asset inventory, log source mapping, SIEM integration, threat model. Quick-win control fixes (MFA hardening, default credential sweep, off-hours admin alerts) in the first two weeks.

02

SIEM tuning for fintech

Tuned the SIEM specifically to fintech attack patterns — credential stuffing, account takeover, fraud signals. Reduced alert noise by 78% in the first quarter.

03

Runbook authoring

Documented incident-response playbooks with named roles, escalation matrices, comms templates and regulator notification timelines.

04

Monthly threat hunts

Structured threat-hunt cadence with a written hypothesis, scope and outcome. Two material findings in the first six months — both remediated before exploitation.

05

Tabletop & comms

Quarterly tabletop exercises with the executive team. Pre-drafted regulator and customer comms templates that can be deployed inside 60 minutes.

Outcomes

What we delivered.

8 min
Mean time to detect
24/7
Coverage
0
Material incidents · 24 months
−78%
Alert noise
"

Their SOC has been running our managed detection & response for two years. We have not had a material security incident on their watch — and the monthly threat-hunt reports tell us they're looking. That's all I want from a security partner.

CISO, Regional Fintech
Digital lending platform
More like this

Related case studies

Working on a similar problem?

Get in touch and we'll arrange a 30-minute call with the practitioner most relevant to your situation.