To say that IT security is not easy is an understatement. As the years go by, systems become more complex and hackers more ingenious.
“Security is something that is very difficult to manage in-house,” said Brad Riddell, our Director of Security. “When our team sees an indicator of compromise, chances are that we have seen that indicator many times – you want to be working with experts that are immersed in this because the stakes are pretty high if you get it wrong.”
This company’s IT leaders had a conversation with us about reducing their business risk, focusing on how they could best allocate their IT budget to achieve great results. It was decided that a combination of onsite professional services and our Managed Security Information & Event Management (SIEM) solution would provide them access to a wide range of skill sets, critical monitoring, and reporting services.
Starting out with 3-month short-term contract, they were able to test out our Virtual Security Office (VSO) service, which is a professional services engagement that complements the managed SIEM service. VSO places a senior level security architect on-site at the client’s premises on a full-time basis. “This level of engagement allows us to become very familiar with our client’s IT environment and to troubleshoot security issues, making ongoing recommendations and improvements to the security strategy,” said Riddell. As issues are assessed and analyzed, our security architect can pull in the appropriate resources to solve problems, providing the client with a very wide range of skill sets on demand.
“The biggest problem with managed services today is that the technicians in the security operations centre (SOC) are not familiar with the customer’s environment, so when indicators of compromise arise, the client and SOC are not on the same page. Our VSO program solves this issue – the SOC team can contact the onsite Scalar security architect directly and often times issues can be resolved quickly without troubling the client,” said Riddell.
When our team sees an indicator of compromise, chances are that we have seen that indicator many times – you want to be working with experts that are immersed in this because the stakes are pretty high if you get it wrong.
SIEM is a technology that aggregates information about the client’s security, monitoring for intrusions, misuse, or inappropriate access to systems. In this case, we manage the customer-owned SIEM system, which resides on the customer’s premises. The systems feed information back to the security operations centre through a VPN tunnel. Approximately 50 systems report back to the SOC, generating log files. Through automation and analysis, millions of data points are reviewed and analyzed to identify even the most complex and advanced security threats.
The service provides device monitoring (firewalls, servers, desktops, etc) and device management which includes the patching of the SIEM infrastructure. It also includes customized dashboards that provide real-time insight into the security environment.
After evaluating the service, the client signed a 3-year engagement, which provides 24 x 7 x 365 security operations and an ongoing presence at the client’s site through the virtual security office. “This has been a very well rounded customer experience – we started out managing traditional IT services for this client and now have moved into a strategic role, helping them manage their security risk,” said Riddell.
This has been a very well rounded customer experience – we started out managing traditional IT services for this client and now have moved into a strategic role, helping them manage their security risk