Government Managed Security Services
Challenge
Orro was engaged by a QLD Government Agency to address a key component of their Security Improvement Program being the visibility and response of security incidents. With previous proof-of-concepts around Security Information and Event Management (SIEM) systems and inquiries into Security Operations Centres (SOC), the Department was seeking to improve their security maturity level in line with the ASD Essential 8 and State Government compliance standards.
As is with the consideration of most tools and technology, a big factor was the methods for managing disparate cyber security solutions and a clear strategy to mitigate risks. With the continued proliferation of computer connectivity and the already constrained operational resources, the potential impact of failing to identify and remediate cyber security threats introduced significant risk to the organisation’s operations.
Three options evolved being; build internally, outsource to a SOC or consider a local managed visibility and response service that could assist the Department in a continual improvement process whilst ensuring agility and flexibility. Through a consultative and finally a tender process, the decision was therefore made on the latter, being a Managed SIEM and Threat Intelligence service, together with Vulnerability Management-as-a-Service and Incident Response.
Solution
Through a number of workshops and consultative engagements, Orro stood up a paid pilot over a 4-month period that specially tested a number of use-cases that were aligned contextually to the Department. Not only were they able to experience the service first hand before entering into a contract, the Department ran due diligence across the service creating and testing a number of play books. Success criteria was also built into the pilot to ensure that the service met the business case objectives.
Via our Security Centre, we now provide support either as or for their operational teams through our tools, partners, and expert local resources. The Security Centre is a Brisbane based operation that provides managed SIEM and threat intelligence services along with Vulnerability Management-as-a-Service and an Incident Response capability with SLA’s. Our security operators have direct access to state-of-the-art threat information and intelligence which it applies to the Department’s logging and alert feeds of specific equipment to provide contextual information.
Outcome
This engagement met and exceeded the Department’s expectations with a logical and pro-active approach to security operations. IT assets are now visible and centrally managed to address security threats. Orro’s managed security services provides a view of the cyber threat landscape relevant to the Department’s IT environment, delivering information necessary to measure the true maturity of the investment in people, process, and technology, and to enable them to comprehend their cyber security risks.
The customer name has been withheld due to confidentiality. More information can be provided by contacting Orro directly.
