Ward Solutions’ fourth-gen security operations centre
13 February 2019 | 0
Identifying a security threat is only one step in a chain of actions necessary to mitigate a risk and keep an organisation safe.
When those threats are coming in volume and variety, sometimes with previously unseen variations or vectors, even the best resourced organisations can sink beneath the tide.
To address this challenge, Ward Solutions has developed its managed detect and respond service, delivered from a fourth-generation security operations centre (SOC), providing a 24 x 7, continuous threat monitoring, hunting, detection and response capability.
Built on a platform of IBM QRadar Security Intelligence technologies, the managed security incident and event management (SIEM) service blends artificial intelligence (AI), machine learning (ML), signatures, behaviour and anomaly detection capabilities, as well as vulnerability and threat intelligence information, that allows analysts to hunt, investigate and respond to known and unknown cyber security threats in real time. The service can incorporate a range of technologies, such as SIEM, advanced network analysis, endpoint detect and respond and vulnerability management, to provide a total security intelligence solution.
This approach, says Ward, allows early detection of complex threats through real-time normalisation, classification, correlation and analysis of data. This in turn, provides timely and accurate alerts for appropriate, rapid response and defensive actions. Security incident handling and escalation allows for deeper forensics investigation and remediation of threats. Threat Intelligence data from the IBM X-Force Exchange can be tailored to specific environments.
The as-a-service delivery model has the usual benefits of scaling to meet needs, or respond to specific threats, as well as ensuring cost effectiveness and economy. The service also allows for rapid upgrades where need, while supporting compliance efforts, such as the General Data Protection Regulation (GDPR) too.
Established late last year, the SOC is now operating at full strength, gathering comparative data with which to build a comprehensive picture of threats faced by Irish organisations.
“Organisations are facing more security challenges today than at any time in the past, traditional defences are not working, new technologies introduce new risks, and conventional security practices are unsustainable,” said Paul Hogan, chief technology officer, Ward Solutions. “This allied with increasingly sophisticated attack methods, constantly changing infrastructures and the struggle to attain and retain security professionals has resulted in IT security teams facing an uphill battle to identify, detect and respond to the threats they are subject to on a daily basis.”
The combined strengths of the QRadar platform and the 24 x 7 SOC mean that users can achieve comprehensive visibility of the threat landscape, with many manual tasks eliminated. Automation of certain protection and mitigation tasks means more can be done, faster, without human intervention. With real-time threat detection that can cope with emerging or new threats provides a unique level of protection, according to Ward.