Case Study – 24×7 Security Operations & Management
Our client is an award winning Australian Financial Services Client with an Australian and International presence with a focus on consumer lending and asset servicing. This client has offices in Australia, New Zealand, Asia and Europe.
Whilst they are a non-bank lender, our Client’s business is still subject to numerous compliance obligations as well as financial and reputational risks. The Client also has a strong commitment to the community and is ranked as Australia’s number one alternative lender.
Growing a business in uncertain and difficult times required them to approach the management of their risks and obligations with an entrepreneurial spirit. This has seen them develop a strategic roadmap that shifted them away from traditional security generalists towards more boutique, focused service providers.
As with most forms of growth, this was not without its challenges and restrictions, and with the availability of skilled security resources in short supply, they investigated innovative strategies to address this.
Client objectives and challenges
Protecting their corporate, customer and employee information
Unlike other more tangible assets, information can flow like water and also be duplicated and accessed by anyone who has access to it. The increased need to communicate with and provide services to clients and partners both in Australia and Internationally required more resources than most internal teams can provide. This need prompted them to consider augmentation and support models that would be collaborative, enhancing instead of replacing their capability.
The need for specialised and focused security services
As an organisation with a number of diligent business partners and service providers, in addition to addressing the challenge of internal security capacity, came the need to obtain less general and more specific security expertise. Obtaining specialised services also addressed the potential for conflicts of interest within service providers who were only partly responsible for security.
Increasingly complex and difficult business and technology environment
As the client developed new services, onboarded new partners and integrated new technology, the need for consolidated, unified and well managed logging and monitoring grew. Their response was to establish security visibility through new and uplifted security capabilities.
Responding to security incidents
Due to the increase in cyber attacks, the reliance on technology to support business functions and sophistication of cyber adversaries, the frequency and complexity of attacks against People, Processes and Technology has grown almost exponentially. This ever-present threat has required a vigilant round-the-clock and experienced incident response capability.
Pressure to contain costs and still demonstrate strong performance
As with all modern businesses, there is a need to balance risk management with agility and performance. This has led to the adoption of lower cost, higher value and more innovative security solutions and services.
Obtaining and retaining security knowledge and expertise
In addition to acquiring full-time and partner security expertise, our client has adopted an ongoing commitment to developing a cyber savvy workforce. This has seen a combination of internal and external insights and education as well as an ongoing facilitated assessment of their workforce resilience to cyber attack. Through this and their partnering, they have expanded the reach of the cybersecurity team and improved the effectiveness of many other controls.
Orro supported the client in establishing a collaborative 24×7 Security Operations and Management capability initially within Australia. This was supported by Orro’s Security Operations Centre and, based on the outcomes achieved, a scaled version of the same service was subsequently adopted by their global parent.
Our services involve the collaborative orchestration of People, Processes and Technologies on a global basis to support the timely detection, response & recovery from attempted or actual cyber attacks.
Based on this highly integrated and collaborative approach, we provide immediate response including taking authorised mitigation and containment actions that utilise our own, as well as our partners’ and the Client’s security technologies and capabilities.
In addition to the response service, Orro provides proactive security assurance and threat hunting as well as other capabilities to prevent security incidents.
Orro’s focus was to support the client in establishing and operating a 24×7 security incident detection and response capability that leveraged internal and external skills and capability. This included a number of client managed products such as Data Analytics, Web and Email Content Inspection, AV, WAF, Desktop Threat Protection and others.
Our role in this environment was to provide security monitoring, investigation, control validation and incident response.
Our services supported faster, more consistent and wider coverage for incident detection and response. Through numerous investigations Orro has successfully defended the client systems, services and information from a variety of attacks.
Our client now considers Orro to be an important extension to their own cybersecurity team. This has led to direct one on one consultation with the Client’s management team to help create and maintain internal security awareness, support and advocacy.
On behalf of our Client, Orro enabled:
- faster, proactive and more effective identification and resolution of security incidents.
- demonstration of the Client’s control effectiveness and risk management outcomes.
- increased engineering and management visibility across the threat landscape.
- proactive security initiatives such as Threat Hunting, helping to achieve a greater security maturity.
- improved internal stakeholder security awareness and satisfaction around security services.
- effective and measurable compliance to internal and external security requirements.
- reduced reliance on, and higher value outcomes from internal cybersecurity resources through automation, outsourcing and collaboration.
- a global and local security perspective based on vetted, targeted threat intelligence.
- operational support to security management and the ability to augment internal personnel when required.
- increased confidence around cybersecurity in all levels of management up to and including the Board.
- a Gartner recognised managed security service provider.
- ISO27001 Certified and the scope of our certification includes all processes and procedures.
- a true 24x7x365 Cyber Security Services Provider.
- Australian based with follow the sun services.
- flexible, creative and robust without the overheads of international suppliers.
- experienced, security cleared and qualified.
- focused on Security; our Clients are part of a trusted community that shapes everything we do.
- our services from our Cyber SOCs located in Sydney, Melbourne and London.
- deep & broad security expertise across a range of industries.
- incremental and modular service delivery to flex up and flex down as Client needs evolve.
- One Team working collaboratively with our Clients who have access to all our capabilities.
Asia/Pacific Context: ‘Magic Quadrant for Managed Security Services, Worldwide’ Published: 27 April 2018 ID: G00345198
Analyst(s): Sid Deshpande, Craig Lawson, Rajpreet Kaur
Founded in 1999, [Orro] is a pure-play security company that provides managed security, consulting and assurance services. Its client base is predominantly in Australia today, and it specializes in general-purpose MSS, along with offering consulting services that support customers’ security operations requirements. [Orro] offers management capability for a wide range of network security and threat management functions. It also supports more granular service deliverables than many larger providers by being able to provide out-tasking and overflow support on top of the more standardized MSS SLA-based management and monitoring of security products. [Orro] is able to compete with larger competitors because of its flexible service delivery options and its ability to customize service delivery for a wide range of customer requirements. [Orro] operates out of four locations (Australia [Brisbane, Melbourne and Sydney] and London, the U.K.), with two SOCs in Sydney and Melbourne.