High-Profile, Canadian Pension Fund
Location: Toronto, Canada
Industry: Finance
Our objective was to implement a security strategy that provides our client with access to experienced security consultants and 24x7x365 event monitoring.
Our Approach
To say that IT security is not easy is an understatement. As the years go by, systems become more complex and hackers more ingenious.
“Security is something that is very difficult to manage in-house,” said CDW’s Director of Security. “When our team sees an indicator of compromise, chances are that we have seen that indicator many times – you want to be working with experts that are immersed in this because the stakes are pretty high if you get it wrong.”
This company’s IT leaders had a conversation with us about reducing their business risk, focusing on how they could best allocate their IT budget to achieve great results. It was decided that a combination of onsite professional services and our Managed Security Information & Event Management (SIEM) solution would provide them access to a wide range of skill sets, critical monitoring, and reporting services.
Starting out with 3-month short-term contract, they were able to test out our Virtual Security Office (VSO) service, which is a professional services engagement that complements the managed SIEM service. VSO places a senior level security architect on-site at the client’s premises on a full-time basis. “This level of engagement allows us to become very familiar with our client’s IT environment and to troubleshoot security issues, making ongoing recommendations and improvements to the security strategy,” said CDW’s Director. “As issues are assessed and analyzed, our security architect can pull in the appropriate resources to solve problems, providing the client with a very wide range of skill sets on demand.”
“The biggest problem with managed services today is that the technicians in the security operations centre (SOC) are not familiar with the customer’s environment, so when indicators of compromise arise, the client and SOC are not on the same page. Our VSO program solves this issue – the SOC team can contact the onsite CDW security architect directly and often times issues can be resolved quickly without troubling the client,” said CDW’s Director.
Solution
SIEM is a technology that aggregates information about the client’s security, monitoring for intrusions, misuse, or inappropriate access to systems. In this case, we manage the customer owned SIEM system,
which resides on the customer’s premises. The systems feed information back to the security operations centre through a VPN tunnel. Approximately 50 systems report back to the SOC, generating log files. Through automation and analysis, millions of data points are reviewed and analyzed to identify even the most complex and advanced security threats.
The service provides device monitoring (firewalls, servers, desktops, etc) and device management which includes the patching of the SIEM infrastructure. It also includes customized dashboards that provide realtime insight into the security environment.
After evaluating the service, the client signed a 3-year engagement, which provides 24 x 7 x 365 security operations and an ongoing presence at the client’s site through the virtual security office. “This has been a very well rounded customer experience – we started out managing traditional IT services for this client and now have moved into a strategic role, helping them manage their security risk,” said CDW’s Director.
Highlights
- Billions of dollars in net assets under management
- Sensitive personal data that must be protected
Technology Used
- Managed SIEM
- 24X7X36 SOC to manage SIEM environment
- Virtual Security Office: Lead security consultants on-site at customer location