By Peter Theobald | October 22, 2018
Network Security is becoming an increasingly complex subject. The sheer number of devices and technologies that are required to secure an enterprise is mind-boggling. Expertise on all these platforms is not easily available, and once hired is even more difficult to retrain and retain. Another issue is that security incidents do not happen only during business hours, therefore 24×7 monitoring is required, which comes with its own set of HR and logistical challenges. Even if all of this is taken care of, each security device operates in its own silo, with its own reports and logs – often cryptic. There is no co-relation between security alerts on multiple devices. Consequently, we might miss the forest for the trees. Addressing this problem requires the implementation of an expensive and often complex SIEM (Security and Incident Management) Software, that adds one more layer of complexity to the whole system.
For all these reasons, many enterprises are moving to “outsourcing” the management of their security infrastructure. The advantages are compelling. You get immediate access to a pool of experienced and trained resources, who will monitor your systems 24×7. Very little (if any) infrastructure needs to be deployed on premise and you do not need to hire any security experts on your payroll. The SIEM software is often provided by the service provider, so no headaches on that count either.
This remote management of the enterprise security infrastructure is done from a “Security Operations Centre” or SOC. This secure facility can monitor environments of multiple customers, thus sharing the cost of the expensive and hard to get technical resources required for this activity. The SOC typically provides several levels or grades of service that can be availed of as per the customer requirement. Data privacy and governance concerns can also be addressed by localizing the storage of the data and movement of only sanitized data to the remote SOC, that too after appropriate permissions have been obtained.
At the basic level, the SOC can provide device monitoring and device management, coupled with standard reporting and alerting in case of critical events. Device configuration backups and updates/upgrades are typically also covered. At an intermediate level, log management and co-relation gets added, along with access to a centralized dashboard. Vulnerability Management and integration of third party threat feeds is also an option with detailed reports and escalation management via telephone. At the premium level, risk and governance is the main value add. Compliance to standards and incident management services are often included. At this level you typically get a comprehensive and holistic overview of your enterprise security posture.
Hitachi Systems Micro Clinic is shortly launching its own dedicated SOC to serve the security needs of customers. This SOC is based on the platform internally developed by the Hitachi Managed Security Services team and is running successfully for the past several years at our SOCs in Canada and Switzerland servicing multi-national customers.
Know More about the benefits of a Managed Security Service Provider by writing to us at firstname.lastname@example.org