Orro Managed Detection & Response

The challenge

Even the best security teams globally need to sleep. And, no matter what training and tools you are able to implement, they can quickly degrade without constant maintenance and uplift.

Retaining skilled security people is hard enough on the best of days, so it’s much harder when you ask them to persevere with aging technology and repetitive activities.

Many organisations struggle with the need to manage leave, training, busy (and quiet) periods in security.

The answer

Orro provides flexible service options for managed detection and response that leverage your focused internal expertise and local knowledge with our globally aware intelligence, breadth of expertise and capacity.

Adding an Orro Managed Detection and Response service to your organisation extends the capability of your security team to a well-integrated, fighting fit 24×7 security team, whilst allowing them to provide all-important local context and capability.

Service coverage and inclusions

Security is a global concern and the Internet does not have borders. Whilst Orro’s primary SOCs are based in Australia, our capability is also not limited by geography.

By leveraging our UK team as well as regional and international partners, it enables us to extend services to most locations.

Orro’s MDR service is right-sized to our client needs and includes but is not limited to:

Security threat modelling
Security design and architecture assessment
Security incident planning and preparation
Security change management and detection
Security asset management and monitoring
Security event monitoring
Security incident response
Security incident management and coordination
Security remediation advice and guidance
Tactical security assessment and control assurance
Security investigation services
Digital forensics & secure evidence handling

Our service options and models

Every organisation and security team is different. So too is the focus and approach to managing security operations. Whether security controls are internal, outsourced or in the Cloud, Orro has a service model to help you to reduce risk and realise value from your security investments.

Below are some examples:

Use case 1: blended security operations

During normal business hours you have a well resourced and skilled team of operational security personnel. They are experienced and able to handle all but the most sophisticated threats.

After hours (or during extended absences), Orro provides a seamless extension of the team to provide your business stakeholders confidence that security is being monitored and managed and that you can quickly respond to threats around the clock.

Use case 2: evolution to strategy and governance

Your team is highly experienced and focused on enterprise security. You may have an IT operational outsourcer or cloud service provider that is effective at maintaining stable services but they lack security expertise or security services may be a conflict of interest organisationally.

Orro works alongside many service providers to ensure that security and risks are being managed as expected. This separation of duties enables Orro to act as a client security advocate and reduces friction in service relationships.

Use case 3: security as a service

Your team is small, skilled, nimble but lacks deep security expertise and capacity. There is increasing pressure on the team to understand and address security shortcomings and issues but there is no clear place to start.

Orro can provide security as a service, whether answering queries and providing advice and guidance or monitoring all aspects of network and application security, our attention to detail and diligence is supported by state of the art security technologies and processes.

Use case 4: thinking globally

Your team is local and your business is expanding globally. You are keen to apply a single, consistent global approach to security and avoid the cost and complexity of duplicating roles and capabilities.

Orro can integrate security information and utilise a lite deployment model to enable security telemetry and both a local and global view of security. Our services support our clients no matter what the timezone.

Our service features and benefits

Service Feature

Round-the-clock (24x7x365) response and triage of security events and escalation of security incidents.

Customer Benefit

Greater hours of protection against attacks and reduced workload on internal teams.

Access to pre-defined playbooks, experienced investigators and security consultants.

More efficient, reliable and consistent incident response & better compliance.

A wide variety of commercial and public sources of threat intelligence.

Early warning of threats, providing more time to prepare security defences.

Access to on-demand, around the clock vulnerability scanning, assessment and other services.

Ability to check the status of security in realtime to detect vulnerabilities.

The ability to manually, periodically or automatically populate and maintain CMDB information.

More accurate CMDB to ensure high confidence detection and response.

Alarm prioritisation and escalation in accordance with your requirements, using Orro or your own ticketing system, phone / SMS notifications and email notifications as agreed.

We notify you of security issues and information WHEN and HOW you want.

Provision of direct access for authorised users to the Orro MSS Portal for service level reporting, service documentation, raising of requests and tickets.

Secure, hosted access to service related information and functions.

Operational monitoring and management of the SIEM or other security infrastructure, related service components & dependencies.

Not just the events, eSecure ensures that security services are operational.

Periodic event detection and follow-through verification testing to confirm events are properly detected, logged and alerted as expected.

A SIEM is only as effective as the completeness of the events it sees. We confirm this by following through events.

Ongoing tuning of the environment, alerting, service reporting and escalation processes.

As with any service, these are maintained to ensure they meet expectations ongoing.

Review and proposed filtering and tuning of ‘noisy’ or low-value log sources.

This ensures that our attention (and storage) are focused on high value items.

High priority alarms are actioned within agreed SLAs.

Timely response = reduced risk.

Agreed response, escalation and reporting timeframes as part of service on-boarding.

We agree to these service measures as part of on-boarding to ensure we meet your needs.

Why Orro?

We are:

a Gartner recognised managed security service provider.
ISO27001 Certified and the scope of our certification includes all processes and procedures.
a true 24x7x365 Cyber Security Services Provider.
flexible, creative and robust without the overheads of international suppliers.
experienced, security cleared and qualified.
focused on Security; our Clients are part of a trusted community that shapes everything we do.

We deliver:

our services from our Cyber SOCs located in Sydney, Melbourne and London.
deep & broad security expertise across a range of industries.
incident response based on customised playbooks for each Client’s individual environment.
security investigations with forensic services where required from capture through to law enforcement advisory services.
incremental and modular service delivery to flex up and flex down as Client needs evolve.
One Team working collaboratively with our Clients who have access to all our capabilities.

Gartner Extract:

Asia/Pacific Context: ‘Magic Quadrant for Managed Security Services, Worldwide’ Published: 27 April 2018 ID: G00345198
Analyst(s): Sid Deshpande, Craig Lawson, Rajpreet Kaur

Founded in 1999, [Orro] is a pure-play security company that provides managed security, consulting and assurance services. Its client base is predominantly in Australia today, and it specializes in general-purpose MSS, along with offering consulting services that support customers’ security operations requirements. [Orro] offers management capability for a wide range of network security and threat management functions. It also supports more granular service deliverables than many larger providers by being able to provide out-tasking and overflow support on top of the more standardized MSS SLA-based management and monitoring of security products. [Orro] is able to compete with larger competitors because of its flexible service delivery options and its ability to customize service delivery for a wide range of customer requirements. [Orro] operates out of four locations (Australia [Brisbane, Melbourne and Sydney] and London, the U.K.), with two SOCs in Sydney and Melbourne.