Like what you see so far?

Sign up for our newsletter and get great content delivered straight to your inbox.

Client Story

High Profile Canadian Pension Fund Implements Cohesive Approach to IT Security Operations

A leading Canadian pension fund outsourced its Security Information & Event Management but was unhappy with the results. Coupled with staff shortages, they made the decision to reevaluate their security posture, turning to us for guidance

High-profile, Canadian pension fund

Toronto

Finance

Objective

Implement a security strategy that provides access to experienced security consultants and 24 x 7 x 365 event monitoring.

  • Billions of dollars in net assets under management
  • Sensitive personal data that must be protected
  • Managed SIEM
  • 24 x 7 x 365 SOC to manage SIEM environment
  • Virtual Security Office: lead security consultants on-site at customer location

Our Approach

To say that IT security is not easy is an understatement. As the years go by, systems become more complex and hackers more ingenious.

“Security is something that is very difficult to manage in-house,” said Brad Riddell, our Director of Security. “When our team sees an indicator of compromise, chances are that we have seen that indicator many times – you want to be working with experts that are immersed in this because the stakes are pretty high if you get it wrong.”

This company’s IT leaders had a conversation with us about reducing their business risk, focusing on how they could best allocate their IT budget to achieve great results. It was decided that a combination of onsite professional services and our Managed Security Information & Event Management (SIEM) solution would provide them access to a wide range of skill sets, critical monitoring, and reporting services.

Starting out with 3-month short-term contract, they were able to test out our Virtual Security Office (VSO) service, which is a professional services engagement that complements the managed SIEM service. VSO places a senior level security architect on-site at the client’s premises on a full-time basis. “This level of engagement allows us to become very familiar with our client’s IT environment and to troubleshoot security issues, making ongoing recommendations and improvements to the security strategy,” said Riddell. As issues are assessed and analyzed, our security architect can pull in the appropriate resources to solve problems, providing the client with a very wide range of skill sets on demand.

“The biggest problem with managed services today is that the technicians in the security operations centre (SOC) are not familiar with the customer’s environment, so when indicators of compromise arise, the client and SOC are not on the same page. Our VSO program solves this issue – the SOC team can contact the onsite Scalar security architect directly and often times issues can be resolved quickly without troubling the client,” said Riddell.

When our team sees an indicator of compromise, chances are that we have seen that indicator many times – you want to be working with experts that are immersed in this because the stakes are pretty high if you get it wrong.
Brad Riddell

Brad Riddell
Director of Security, Scalar

Protecting sensitive data means better futures for people like Gary, who rely on the fund.

Solution

SIEM is a technology that aggregates information about the client’s security, monitoring for intrusions, misuse, or inappropriate access to systems. In this case, we manage the customer-owned SIEM system, which resides on the customer’s premises. The systems feed information back to the security operations centre through a VPN tunnel. Approximately 50 systems report back to the SOC, generating log files. Through automation and analysis, millions of data points are reviewed and analyzed to identify even the most complex and advanced security threats.

The service provides device monitoring (firewalls, servers, desktops, etc) and device management which includes the patching of the SIEM infrastructure. It also includes customized dashboards that provide real-time insight into the security environment.

After evaluating the service, the client signed a 3-year engagement, which provides 24 x 7 x 365 security operations and an ongoing presence at the client’s site through the virtual security office. “This has been a very well rounded customer experience – we started out managing traditional IT services for this client and now have moved into a strategic role, helping them manage their security risk,” said Riddell.

This has been a very well rounded customer experience – we started out managing traditional IT services for this client and now have moved into a strategic role, helping them manage their security risk
Brad Riddell

Brad Riddell
Director of Security, Scalar

Need Help?

Speak To An Expert

1-866-364-5588

How can we help?

We love talking about this stuff so if there's something on your mind and you're not sure how to go about executing it, set up a conversation with one of us.