Kuwait Credit Bank wanted to replace its on-premises cybersecurity system with a scalable option for faster detection and access to critical logs.
To modernize its security posture, the bank unified its security operations under Microsoft Defender XDR, integrating Microsoft Sentinel and Microsoft Purview.
Kuwait Credit Bank cut response time by 95%, improved visibility across users, endpoints, and applications, and began exploring AI-powered automation with Security Copilot.
Kuwait Credit Bank provides a range of essential financial services to Kuwaiti residents, from real estate to social loans to ensure the social security of Kuwaiti families and safeguard the integrity of the societal framework. Kuwait Credit Bank provides a range of essential financial services to Kuwaiti residents, from real estate to social loans, to ensure the social security of Kuwaiti families and safeguard the integrity of the societal framework. Serving a large customer base and managing sensitive personal and financial data, cybersecurity is core to the bank’s mission. Kuwait Credit Bank continuously aligns its operations with evolving business needs by applying best-in-class security practices.
As a custodian of its customers’ sensitive data, Kuwait Credit Bank takes its responsibility seriously to ensure it has the flexibility, speed, and detection capabilities needed to meet the demands of today. “Technology evolves so quickly, and there are always new threats to contend with. To guard against that, we wanted to upgrade our cybersecurity infrastructure,” says Sharifah M. Alkanderi, Information Technology Department Manager at Kuwait Credit Bank.
Kuwait Credit Bank needed to be sure that, in the event of a major incident, retrieving the logs for investigation wouldn’t be delayed. “With on-premises systems, this could happen if your indexer is overloaded,” explains Wafaa J. Kazem, Infrastructure Team member at Kuwait Credit Bank. “We could invest in more hardware, but we might still reach a point where it's not enough.” In critical moments, getting the logs needed for investigation could take days.
In addition, the bank wanted to improve its anomaly detection, which was difficult to execute consistently with the limited processing power of its on-premises system. “This would be a huge time saver, because no matter how good your detection engineers are, anomalies are always hard to spot since you don’t know what you’re looking for in advance,” elaborates Kazem.
Kuwait Credit Bank decided to move its security operations to the cloud to gain a more efficient and scalable option. “We chose Microsoft for its industry-leading cloud technology, AI capabilities, and comprehensive security services,” Kazem shares.
“We chose Microsoft for its industry-leading cloud technology, AI capabilities, and comprehensive security services.”
Wafaa J. Kazem, Infrastructure Team member, Kuwait Credit Bank
The bank also benefited from a Kuwaiti government’s program aimed at strengthening digital infrastructure across public institutions. “The government’s Zero Trust program helped us deploy Microsoft Intune to protect devices and manage conditional access,” Alkanderi explains. “We upgraded from Microsoft 365 E3 to E5, and enabled Microsoft Defender XDR and Microsoft Sentinel to consolidate all security operations into a single cloud platform.”
In addition, having Microsoft Sentinel out-of-the-box playbooks also helped the bank score some quick wins. “Monitoring cloud environments is very different from on-premises. Having those policies readily available in Sentinel made a big difference in how fast we could adapt,” shares Alkanderi.
With security operations now in the cloud, Kuwait Credit Bank saw improvements in threat detection and response. The speed alone marked a major shift. “When we were operating on-premises, retrieving the logs for incident investigation used to take days. Since moving to Microsoft Sentinel, we retrieve the logs in seconds. We are also 95% faster at responding to threats," shares Alkanderi.
“When we were operating on-premises, retrieving the logs for incident investigation used to take days. Since moving to Microsoft Sentinel, we retrieve the logs in seconds. We are also 95% faster at responding to threats.”
Sharifah M. Alkanderi, Information Technology Department Manager, Kuwait Credit Bank
With improved speed and visibility, the team began relying more on automatic anomaly detection. “Whether it’s atypical activity or a suspicious sign-in, Sentinel uses AI to detect it and alert our analysts right away,” Kazem says. The shift also changed how analysts and engineers work. “Now, when detection engineers investigate the logs, they can pull data faster, plot it in a chart and enrich it with additional information from other Microsoft sources,” explains Kazem. Sentinel integrates with Azure Logic Apps, enabling the bank to automate alert enrichment while pulling data from across the Microsoft ecosystem to provide deeper insights at the moment of detection.
The integration between Microsoft Defender XDR, Sentinel, and Purview has given Kuwait Credit Bank unified threat visibility across its environment. “Now, we can monitor key components—data, identities, and endpoints— all within Defender XDR,” says Kazem. Since Microsoft Purview automatically labels sensitive information, Defender XDR can show context-rich alerts when that data is at risk. For the bank, the impact has been clear. “Our detection capabilities improved significantly once we unified everything under Defender XDR,” remarks Kazem.
The flexibility of the platform has also been key. “We can integrate future solutions as needed with Defender XDR,” Alkanderi adds. “Once connected, those solutions follow consistent logic. We can build universal rules that apply to endpoints, users, data, and cloud workloads—and those rules would cascade through the Microsoft ecosystem.”
With its security environment unified and automated, Kuwait Credit Bank is now turning to AI to further improve its security posture. “Like many organizations, we started using Microsoft 365 Copilot in productivity apps like Teams,” recalls Kazem. “Then we saw the benefits, like faster insights and improved collaboration, and began exploring Security Copilot.”
This next phase played a critical role in the bank’s security posture. “In the bank, there are many components that we must protect—hardware, software, and applications. All of these generate their own lengthy logs,” says Kazem. The team expects Copilot to help analysts collect, correlate, and summarize that data quickly, eliminating hours of manual work. “In the future, Copilot will support Level 1 analysts by delivering insights they’d normally spend hours searching for,” Kazem adds.
Kazem believes this shift in workflows will define the bank’s future: “Security operations will change with AI technology like Copilot. It will make our work easier and faster and shape a new vision of how we can move forward.”
Discover more about Kuwait Credit Bank on Facebook, Instagram, LinkedIn, X/Twitter, and YouTube.
Follow Microsoft