29 октября 2014

Top Quality Security

For organizations whose business is highly dependent on IT services, a disruption in the availability of services or a breach of the confidentiality and integrity of information processed is fraught with significant financial losses. For these companies, a crucial factor is the speed with which information security incidents are identified and handled. The solution to this problem requires a comprehensive and continuous monitoring of the state of the organization’s information security. Recently, the number of offers for services involving comprehensive monitoring and detection of information security incidents, namely, setting up a Security Operations Center (SOC), has notably increased in the marketplace.

As part of SOC service provided by AMT Group, a team of experts continuously monitors and analyzes information security events in the customer’s infrastructure. Experts report the detected information security incidents and help respond to them. Incident detection is provided by the monitoring system deployed on the customer’s site and integrated with the existing IT infrastructure. Setup and maintenance of all components of the system are carried out by AMT Group specialists. The level of involvement of customer’s experts in the monitoring process is minimal: they get ready-made information for decision-making to respond to incidents, which greatly facilitates their work and saves their time.

Monitoring is conducted at the level of operating systems, DBMS and application software of the customer (including in-house software). Furthermore, critical network segments and events can be monitored using the customer’s information protection facilities and a periodic vulnerability analysis can be run. Expert analysis of these data allows for identifying information security incidents of any complexity, including network anomalies and violations of information security regulations and standards in effect in the organization.

The specific approach used to respond to an incident depends on the customer’s needs and involvement of its specialists. In some cases, customer’s specialists receive notifications and recommendations by email or phone and eliminate the consequences of the incident themselves. In other cases, a SOC expert visits the customer’s site and personally takes actions to analyze and resolve the incident. The degree of involvement in a response to a given incident depends on the level of access to infrastructure components available to SOC experts.

System implementation takes up to two months, and basic setup and installation up to two weeks. The system has a rich set of rules and settings created throughout the period AMT Group has provided services. However, not all the existing rules are applicable to the customer’s infrastructure, because a lot depends on the industry and current security policies. After installation, it takes half a month to fine tune the system for specific customer. This includes developing sets of correlation rules to detect incidents taking into account specific characteristics of the infrastructure, addressing false alarms and generating an exceptions base. New rules and exceptions are added throughout the term of the service contract. All changes occurring in the infrastructure or at the organizational level are reflected in the system settings in one form or another.

A SLA is an important part of any service. A SLA specifies key service parameters such as the monitoring mode and the time and parameters of response to detected incidents and also stipulates the service provider’s liability to the customer.

Implementation of a SOC as a service allows a significant reduction of the total cost of ownership: the company does not need to buy hardware and software, maintain a dedicated staff and spend resources for their training. At the same time, the required information security level is achieved and maintained, risks are kept under control, and information security processes operate as efficiently as possible through the high-level competencies of SOC experts who are experienced in building complex information security systems for companies operating in various industries.