Objective
With increased cyberattacks on critical infrastructure and resulting heightened security requirements our water authority customer needed to access security tools that could detect malicious attacks and was struggling to improve its security profile.
Facing heightened requirements as mandated by Australian regulators, providers of critical services in energy, transportation, banking, finance, healthcare, water supply and digital infrastructure sectors need to better safeguard people and essential resources by enhancing IT security.
Solutions
Our State-based water authority customer engaged Secure ISS to provide a 24/7 Managed Detection & Response service based on an IBM QRadar SIEM solution to help meet their growing cybersecurity demands.
Speed of Deployment
Immediate protection and return on investment.
Round-the-clock Visibility
To identify threats and vulnerabilities.
Automation
Increased capability for integration, use cases and automation.
Complications
Cyberattacks that target essential public services — like power and water supplies — are growing with alarming frequency. If IT security departments lack the tools, time and security expertise required to effectively manage threats, incidents can go undetected and pose serious risks to a community.
Every day, cybercriminals infiltrate networks around the world with increasingly sophisticated methods — in fact, accessing a network with compromised credentials was the top tactic used by hackers in data breaches over the last year, and 53 percent of organisations have experienced an insider threat in the last 12 months. As more than 99 percent of attacks leave traces on the network, every company requires superior security tools that can detect, analyse and respond to threats in real time.
Our Water Authority customer chose Secure ISS as a Managed SIEM service provider because of our superior tools for incident detection and response to advanced and unknown threats. Using out-of-the-box capabilities in the IBM QRadar SIEM solution for integration and automation, Secure ISS deployed and tuned a SOC solution within three weeks with further tuning enhancements ongoing. With a staff of highly trained security experts our customer benefited from around-the-clock monitoring of their environment and guidance to continually elevate their security postures.
The Secure ISS solution delivers built-in network traffic analysis competencies in QRadar to help customers analyse network data in real-time to quickly detect and respond to malware attacks, insider threats and phishing campaigns. The IBM QRadar User Behaviour Analytics (UBA) solution provides customers with greater visibility into their IT environments. The UBA tool uses machine-learning to analyse user behaviour, track suspicious activity and detect potential incidents — for example, insider threats such as users accessing the network from a previously unused location, or a user performing job functions outside of his or her role.
The roadmap includes incorporating AI technologies such as machine learning, cognitive and natural language processing to enable analysts to respond to threats with greater confidence, consistency and speed. The IBM QRadar Advisor with Watson solution uses automation for routine SOC tasks and provides actionable feedback to analysts to help reduce incident investigation time from days and weeks to minutes or hours.
Results
Superior security intelligence, from day one by using the Secure ISS Managed Detection & Response service our Water authority customer gained the ability to rapidly deploy and tune a SOC solution. This was a cost-efficient outcome taking advantage of the capabilities for integration and automation in the IBM QRadar SIEM offering to help clean up their environment and continually build advanced means for detection and response.