Earthwave, a managed security services provider, is pioneering a much faster way for large companies and service providers to create a security operations center that meets a high standard for security.
It's called SOC-in-a-Box, a product Earthwave began offering after helping companies on a piecemeal basis build security operations centers, said Carlo Minassian, who founded the Sydney-based company 12 years ago and is its CEO.
Financial services, telecommunication operators and government agencies all need extensive monitoring of their networks as hackers seek to steal data and disrupt operations.
That monitoring requires installing a security information and event management (SIEM) product, which tries to pick out anomalies in network traffic. It also requires physically building a SOC, meeting a variety of industry and government standards as well as hiring the right people to run it.
Perhaps not surprisingly, many projects failed or ran way over budget, Minassian said. "We saw this consistently happening especially in the last four or five years. As the SIEM market is heating up, more and more people are buying it, and we are seeing more and more failed projects."
Earthwave decided to start offering a SOC as a complete package. Companies typically can spend three to five years building, certifying and staffing a SOC on their own built from scratch, but Earthwave has cut that time down to a year, Minassian said. Clients can use whatever technology they want, with Earthwave making sure it works right, or even contract with Earthwave to run it.
Earthwave builds to specifications such as Information Technology Infrastructure Library (ITIL), ISO/IEC 27001, the payment card industry's PCI/DSS, the Australia Security Intelligence Organisation's T4 physical security standard and Australia's Defence Signals Directorate's "Highly Protected" classification, among others. Since Earthwave has already obtained the various certifications, its customers know their SOCs will pass as well, Minassian said.
Two SOCs run by Earthwave for its customers have bulletproof glass, wire meshing in concrete slabs and special cabinets for servers to prevent unauthorized access. Separate air conditioning ducts separate from the main building serve the SOC to prevent intruders from gaining access. Armed guards will respond to an incident in the centers in under 15 minutes.
On the software side, Earthwave uses ArcSight, now owned by HP, for security event monitoring. Earthwave's developers have built a customized portal that collates information from the various security products employed by its clients.
It also has developed its own intellectual property built around ArcSight in the form of 400 information "feeds" which detect certain defined security risks. One scenario a feed would detect is if a person is physically at work but is logging onto a sensitive company system from somewhere else, Minassian said.
Sign up for CIO Asia eNewsletters.