case study

CASE STUDY
OPTIMIZE SECURITY
INCIDENT MANAGEMENT
ON BUSINESS-CRITICAL
IT ASSETS
RSA SIEM DEPLOYED FOR A LEADING MOBILE SERVICES OPERATOR
THE COMPANY
The company is a part of one the ten largest mobile phone
operators in the world with over 25 million subscribers,
having added the 24 million + subscribers in just 7 years.
It holds a market share of over 25% in its geography of
operations.
The exponential growth over the last years has been driven
by the introduction of innovative products and services
targeting different market segments, aggressive
improvement of network quality and setting up of dedicated
customer care: an overarching attempt at creating an
extensive distribution network across the region.
THE BUSINESS CHALLENGES
With the addition of newer products and service and
massive expansion in subscriber base in the last couple of
years, the operator’s IT infrastructure has had to grow
equally rapidly; At this accelerated rate of growth,
monitoring the critical IT assets and to analyze their
security and heath is a major concern.
A strong brand that emotionally connects with customers
takes years to establish, but losing trust and loyalty due to
interruption in services can take mere days.
To provide their customers excellent and uninterrupted
service, a centralized solution was required that could
monitor all the business critical devices – a solution
designed to address an evolving IT infrastructure
Copyright © 2013 Grid Infocom Pvt. Ltd. All rights reserved.
landscape, its threats and challenges; a solution tailored to
deliver all-inclusive, beneficial and actionable insight into
the occurrences in the enterprise IT environment.
THE TECHNICAL SITUATION
There are over 1000 devices spread across 5 geographic locations
and are being monitored by approximately 20 different
organizational units.
The identified critical servers consisted of 3 Web Servers, 2
Domain Servers, and 16 Database Servers, 40 Routers, 400+
Switches, 12 Firewalls, 7 Mail Servers, many Custom applications
hosted on Servers and The operators IT infrastructure is still
growing.
In order to manage such an infrastructure, a need for a Centralized
Solution ascended – a solution that could centrally monitor the
health status of their business-critical IT assets, provide real-time
monitoring and alerting against attacks & security breaches.
THE SOLUTION
As part of Grid Infocom’s Enterprise Security &
Compliance portfolio, the approach was to provide a
solution to provide visibility into the health of IT assets to
minimize risks and uphold compliance, and also maintain
service levels by delivering world-class IT service.
In our blueprint, we decided on implementing RSA’s
Security Incident and Event Management (SIEM) solution.
SIEM technology provides real-time analysis of security
alerts generated by network hardware and applications. It
offers log collection, alerting and correlation, incident
management, and reporting and analysis for compliance.
DELIVERY METHODOLOGY
Our solution is based on the DDUO (Design, Deploy, Utilize and Optimize) service delivery model supported by best of breed project management
approach to ensure the highest quality of delivery.
DDUO has been developed over years of experience as a comprehensive service delivery model, delivering timely and cost effective project delivery.
We ensure technical solution is very closely aligned to meet business objectives by conducting key stakeholder mapping with our domain and
technical experts. We also ensure solution adoption by users and sign-off is obtained only after desired project benefits start getting accrued.
DESIGN
UTILIZE
Architecture Proposal and Finalization
In order to achieve real-time alerting with Zero Downtime, the “Log Collection”
solution was proposed that would work in enhanced availability mode
A Distributed Architecture was opted and designed to map the current and future
requirements
Identified all the IT assets that were critical to the business
Coordinated & guided the stakeholders and OUs to identify all the devices that were
critical and directly impacting the business, such as Servers providing VAS services
Approximately 500+ devices were identified in this exercise
The solution monitors all the network traffic from external networks, providing alerts
against attacks and malicious codes
Alerts have been crafted to monitor hardware and software failures
The dashboard provides an overview of the activities on the critical device types
The reports are configured to provide precise data against various activities on the
device types
Custom alerts were also created to monitor internal suspicious activities
The SIEM solution’s log management architecture brings about compliance to ISO
27001 Standards
Quickly capitalized on the initial snapshot
A guided and value-added approach to bring about an accelerated maturity to
the SIEM Solution
Worked in close partnership with the client to identify the types of services running
on each device.
Provided Log enablement advisory services: for instance, “what kind of logging to
enable for the respective devices to start with”
Provided consultancy for “Alerts and Reports” in the initial phase, depending on the
kind of devices and logs that were enabled
OPTIMIZE
Through our association with the client, our consultants coached and guided their staff to
analyze and assess the solution after every 3 months and as per their feedback we
conducted exercises for the following:
Fine tuning of simple and co-related alerts against identified false positives
Modification of existing reports
Involved all the stakeholders to identify the requirement of new devices, alerts and
reports
DEPLOY
Implemented RSA enVision Security Incident and Event Management (SIEM) Solution
as per the design finalized
Proceed with the design approach again if required
Advised on how to enable Logs i.e. which Integration methodology will bind and
address to all the business need identified
Integrated all the critical IT assets that had been identified
Created Custom Reports and Alerts
KEY BENEFITS & IMPACTS
The Security Incident and Event Management solution delivers the visibility, insight and response capabilities that were required to detect and address
the health and threat in the client’s vast IT landscape. Some of the benefits that were derived post deployment:
O1
Fully assimilated Log Management and
SIEM: the client can now centrally
monitor the health status of their
business-critical IT assets with the
ability to accurately correlate, analyze
and generate reports on the information
required; It analyzes both real-time and
historical data and presents information
in views and reports intended to meet
the diverse needs of different
stakeholder in the client’s organization
O2
04
Enterprise-wide Network Visibility (network,
security, host, application and storage devices
across the enterprise): the client is now able to
monitor network traffic from external networks on
their critical business servers. Almost immediately
after solution deployment, the client was
successful in detecting a brute force attack on
their Internet facing router.
Ability to capture high volume data: in-depth log
collection, archiving, and analysis of log data.
With 70% Data-Compression, the client can now
use this to perform forensic analysis on massive
archives for incident investigation and remediation
03
O5
Powerful real-time alerting: With real-time
monitoring, the client now receives alerts against
attacks & security breaches or if their critical
assets are facing compliance issues or they are
not accessible
The client is also using RSA enVision to create a
closed loop process to manage vulnerability
assessment. They receives vital inputs for their
patch management process
ABOUT GRID INFOCOM
Grid Infocom has its corporate office in GURGAON, the National Capital Region of India, with International office in Singapore. Our
suite of solutions helps organizations perk up their existing level of services, achieve their business goals faster, derive greater value
from their IT assets, thereby, transforming IT from “Business Enabler” to “Business Game Changer”. What you get: Performance that
is multiplied - all at an ‘affordable’ cost.
With genuine global experience and leadership, we believe that we can draw on best practices and the best talents to offer our
clients unequaled on-time service delivery at an affordable cost. The Grid Infocom team comprises a broad range of professionally
accredited subject matter experts and a leadership team with many years of global business experience, focused on delivering
competitive advantage to your business.
Copyright © 2013 Grid Infocom Pvt. Ltd. All rights reserved.
CORPORATE OFFICES
GRID INFOCOM PVT. LTD.
Plot No. 59, Sector 18
Gurgaon - 122015. INDIA
Tel.: +91 - 124 4942200
GRID INFOCOM PTE. LTD.
21 Science Park Road,
#03-15 The Aquarius, Science Park II
Singapore 117628. SINGAPORE
Tel.: +65 6493 3997
Email: [email protected]
www.gridinfocom.com