Bank BRI mitigates cybercrime and financial risk with Elastic Security


Bank BRI is one of the largest banks in Indonesia and Southeast Asia, providing end-to-end financial solutions to more than 130 million customers. As part of its core mission, the bank has a particular focus on empowering microbusinesses and advancing the financial inclusiveness of the countries it serves.

With such a wide range of customers and partners, Bank BRI has created an extensive network across the region. Its long history within the financial sector also means that it has an array of IT assets and tools across the bank, which consist of legacy systems, cutting-edge solutions, and everything in between. In addition, the company’s tremendous size and heterogeneity have created many unique challenges, including difficulty obtaining complete visibility into all of the bank’s systems.

As Bank BRI continues to innovate and grow, its attack surface also expands, making the bank more susceptible to cybercrime. With a lack of visibility and growing amounts of data, this became an increasingly apparent problem — especially coupled with rising risk across the Southeast Asia (ASEAN) region stemming from the rapid adoption of digital banking. The team thus set out to find new tools to protect its complex network against new and emerging criminal activity.

Risk and security as a pillar of Bank BRI's mission

With the rapid growth and mass adoption of digital banking, especially in the wake of COVID-19 pandemic, there was a massive increase in data that Bank BRI needed to monitor. One of the major data use cases was that of security operations; Bank BRI needed a solution that could meet its needs with the surge of logs coming in, such as massive processing needs, ultra-responsive and flexible searching, long retention periods, etc. Without these capabilites, security activities such as log auditing, investigation, and security monitoring would be complex, slow, and burdensome to the bank's operations. The team knew that they needed to make a change to continuously monitor their vast networks, react quickly to incidents, and reduce overall cyber risk.


Real-time visibility, integration, and automation are major key factors for the Security Operation Team.

Tri Danarto, Security Operation Department Head, Bank BRI

The Security Operations Center (SOC) team’s primary objective is to protect Bank BRI assets and minimize the risks of cyber-related incidents. Integral to enabling the safety of their systems and customers is having reliable, real-time visibility into all of their assets and to monitor every anomaly in the environment.

Zeroing in on next-generation cyber security tools

In anticipation of the ever-growing data processing needs of the company’s security operations, the team needed to identify a security monitoring platform that would become a fundamental tool of the SOC. They wanted a vehicle that would be able to ingest and store all of the data (in the form of security logs) and make that information easily accessible and searchable so that they could quickly detect, understand, and contain threats.

With Elastic Security, the centralized nature of the solution meant that the SOC team could enrich, aggregate, and correlate data easily. The ability to greatly extend data retention periods also improved the level and quality of information the SOC team needed for its security operations.


Elastic products are very capable, efficient, and reliable in ingesting massive amounts of data, and it has the needed flexibility to ingest every data we throw at it from our environment. Its features and capabilities on top of our data make it the perfect fit for our operational needs.

Tri Danarto, Security Operation Department Head, Bank BRI

Elastic Security’s purpose-built features, which include easy-to-use visualizations, security alerts, and machine learning (ML) capabilities, enabled the team to envision new ways to further improve their security processes. This helps with security monitoring and incident response and extends to other areas such as the fraud investigation process, enabling the bank to protect its customers' assets better. The dashboards were also helpful in conveying the value of security to company executives. This allowed the team to articulate better the risks of cyber threats to upper management and the importance of investments they put into tools like Elastic Security.

Elastic’s reliability in processing security logs has significantly reduced overhead, simplified processes, and improved the SOC capabilities. Elastic Security allows the team to cut through the noise and see systems and beyond, ensuring the protection of their network and customers. Additionally, Elastic Security Labs' deep repository of ready-to-use security content, ML models, and hundreds of rules, enabled quick implementation.


Elastic also has a huge community and third-party support, making it easy for us to build on top of the platform to bring specific and customized solutions we need.

Tri Danarto, Security Operation Department Head, Bank BRI

The ability of Elastic to support on-premises, hybrid cloud, and multi-cloud ecosystems enables Bank BRI to continue to maintain its security posture in line with its transformation journey. Most of Bank BRI's infrastructure is on-premises, with a network stretching across Indonesia in various forms, from branch offices to mobile ship offices. The bank is strategically shifting more workloads to the cloud, but a sizable part of its system will still be run on-premises in accordance with the local regulations. Elastic gives the bank a solid base for the future and a long-term plan to confidently design and execute its security operations.

Additional resources: