A Major Financial Network streamlines Incident Response with CafeX

In this case study
Key lessons from deploying CafeX at the Financial Network

1. Automate notifications and workflows to mobilize and manage teams for an effective response.

2. Ensure a clear understanding of the event by aligning all activity, information, and decision points in centralized workspaces.

3. Improve decision making by giving responders access to content and incoming data through robust application integrations.

4. Communicate with stakeholders instantly by leveraging chat, call, meetings, and their recordings and transcripts.


A major financial network provides a suite of business solutions to independent financial advisors. Their primary interest is in providing offerings that can sufficiently cover the diverse needs and practices of their advisors.

Due to the high diversity in the needs and number of their advisors, this financial network recognized the importance of investing in incident response so that their solutions could be kept up and running for both their advisors and their advisors’ customers. The company recognized the need to take an approach that sustains multiple points of failure in order to manage their end-to-end response beyond the initial notification.

Prior to using CafeX, the company saw the following issues arise during preparation simulations:
  • Decision makers could not quickly access key data because information was siloed across multiple systems.
  • Response teams could not easily adapt to the incident because they could not always bring in, or notify, the correct people.
  • Response teams found that knowledge sharing was time consuming and inaccurate because they could not keep track of information or align it to relevant tasks.
  • Response teams sometimes found it difficult to track incoming information that impacted their response. Without a consistent way to incorporate new information they tended to breach compliance and regulatory procedures.
  • Barriers were created between groups and they developed their own ways of working together, and reporting their progress to the larger team. This sometimes led to inconsistencies or delays while developing a response plan.

The Solution

CafeX provides organizations with a single solution to manage the entire incident lifecycle. In one unified platform, teams can coordinate their tasks, people, and resources to increase the effectiveness of their response and accelerate time to resolution. During a simulation, the financial network reported the following:


1. A monitoring application alerted the company that a peripheral server was running unauthorized software, indicative of an intrusion. This alert kicked off an automated workflow to trigger CafeX to create a workspace using a Security Breach template.

2. The Security Breach template appointed the Information Security team to carry out the initial triage. CafeX notified Information Security and invited them to the workspace. The workspace included predefined tasks that were assigned to members of the Information Security team with specific roles and responsibilities.

3. The Information Security team followed a CafeX knowledge article, a rich and embedded document, that contains the company’s runbook for such a scenario. They determined that Personally Identifiable Information (PII) may have been compromised, so they selected a workspace action to trigger a workflow that escalated the response to include the Privacy team.


4. The workspace action sent the Privacy team notifications that invited them into the workspace, and assigned new tasks for their team. They were able to begin work immediately and continue to adapt to the incident as it required.

5. The Information Security and Privacy teams needed to collaborate in order to provide a comprehensive assessment of the incident. They held meetings within the workspace to sync up on status and assessment. Transcripts and recordings were taken that were associated with tasks to support decision making and records of activity.

6. The Information Security team continued to simulate that the security breach had occurred, and it was likely to impact the Business Continuity of some services.

7. The Marketing and Customer Relations teams were brought in to handle communications to ensure a disclosure was provided to employees, vendors, and customers. To carry out the disclosure, they used the workspace publisher, a capability that takes selected content from the workspace and shares it on an external site for broader distribution, to update advisors.

8. The Information Security and Privacy teams continued to use the workspace to support their activities through the simulation. Team members were able to upload documents that they made offline, and link to applications, or file repositories; which immediately allowed workspace members to view the content without additional credentials.

9. Marketing and Customer Relations used chat commands to execute natural language directives, and workflows, such as: inviting other team members, scheduling meetings, and searching for relevant content.

After crisis improvements

10. The company could overview all activity, information and decision points as a digital logbook to guide process improvement and reporting. The response team utilized the recordings and transcriptions of meetings to inform this process and gain insight.

11. The Privacy team invited a third-party consulting group to assess the simulation event, and purpose it towards improving the Breach simulation and response. The logbook was shared with the consultants that captured all of the activities of the event.

12. The company took the advice of the consultant and updated the Security Breach template with modified tasks and resources, so that the next time it was used it would be available to the response team.

CafeX handles incidents end to end

Incident Response is more than responding to the actual event; it involves preparation before the event, coordination during it and process improvement after its resolution. This entails complexity and that’s where CafeX comes in – giving the Financial Network a structured, robust and centralized place to manage the incident across its entire lifecycle.

Workspaces let the Financial Network structure its response while CafeX’s powerful integrations enabled it to act on incoming information to deliver a more targeted and rapid response. No matter how an incident develops and changes the people, tasks or tools you need to respond, the Financial Networks shows how CafeX can bring them together.

Get started with Challo today
Schedule a Call