Service model of security

Author of the publication: Alexander Pukha

Incentives of transition to outsourcing to cybersecurity

Using the managed service, the company transfers fixed costs to variables. Due to use of ready infrastructure of external provider overhead costs of ensuring activity of own divisions are cut down (for example, purchase costs of information security tools, compensation of specialists). The choice of outsourcing model allows to increase return by investments due to use of cheaper external resources (thanks to "scale effect" of the provider servicing several clients).

In addition to expense optimization, the company receives better service due to involvement of the highly qualified specialists of external provider having extensive experience and competences. While own labor resources are released for accomplishment of more priority tasks. A part of risks at the same time is also redistributed towards external provider.

Security as service

AMT Group works more than 20 years at the market of system integration, implementing projects on implementation and support of infrastructure and information systems, cybersecurity management systems in the different industries. Task analysis of clients and the current trends in IT market became a basis for development of a number of services in the Security as a Service model.

Security Operation Center (SOC) of the company represents the complex of processes and software and hardware tools intended for the centralized collecting and information analysis about the events and incidents of cybersecurity arriving from different sources of IT infrastructure, and timely response to them.

Based on own the SOC company provides to clients a different range of services:

• operation of information security tools;
• event management and cybersecurity incidents;
• management of vulnerabilities of components of the corporate information system (CIS);
• protection of Web applications;
• protection against the attacks like "failure in service";
• protection against cyberthreats and attacks;
• protection of a brand;
• to the analyst for strategic planning, identification and rapid response to relevant global risks and security risks.

SOC model

The service "security as service" is implemented based on model: "people-processes-technology". With such order of involvement of these elements and support of their balance further. In AMT Group the efficient staff of engineers and information security analysts, project engineers, technical support engineers works with experience of projects implementation in the field of IT and cybersecurity in the organizations of different scales and the industries. Their specialization is not limited only to services and includes also audit of cybersecurity, development, implementation and maintenance of the cybersecurity systems and various technical solutions of cybersecurity. Qualification of employees is confirmed with certificates on the corresponding products and also the international vendoronezavisimy certifications (CISSP, CISA, CISM).

Processes serve as the buffer between personnel and technologies. Processes set responsibility for accomplishment of separate tasks within rendering service and define a detailed order of their accomplishment. The structure of necessary processes is defined by borders of rendering service, the number of necessary services and the used technologies and can include: event management and cybersecurity incidents, management of vulnerabilities, operation of information security tools.

The structure of the used technologies is defined by the list of necessary services and requirements of the customer. He can turn on: event management system and incidents (SIEM; as a rule, a fundamental system within service), the system of audit and the analysis of vulnerabilities, an analysis system of traffic and detection of network anomalies, the system of protection of web applications, the system of protection against the attacks like "failure in service" and other systems of providing Information Security, including systems which are already implemented and are used by the client.

Rendering of services

Providing service is possible on two models: implementation from "cloud" of AMT Group or investment of funds of data protection in network of the client. Services are available in two modes: 9*5 (in working time of the organization) and 24*7 (continuously).

In addition to examination and experience of own staff of AMT Group data of a number of the external centers of response to computer incidents (CERT) and other profile and industry organizations are used. It allows to increase quality of service and security of clients at the expense of the analysis and use in work of information on the relevant threats of cybersecurity, incidents which took place in the separate industries and the organizations, new methods of the attacks and methods of protection against them.

Architecture of SOC service of AMT Group

In the course of rendering service the customer receives relevant data on a status of information systems and cybersecurity, the revealed risks, events and incidents, detailed recommendations about their processing. Reports which reflect a status and dynamics of level variation of cybersecurity regularly forms for different audiences of workers. So, strategic reports for the CEO and top management, tactical – for CISO, CIO, operating rooms – for administrators of cybersecurity and IT can form. Thus, specialists of the customer obtain already ready information for decision making.

Information on the detected events is stored a progressive tense that gives the chance to make retrospective data analysis. For example, if the employee falls under suspicion, it is possible to study his behavior for the long period (formation of model and identification of anomalies).

Besides, the structure of service can switch on additional tools with functionality of Business Intelligence (BI). They allow to receive additional resources of visualization and analytics, more flexible opportunities for collection of information from different subsystems of cybersecurity and applications with the subsequent its analysis and providing in different cuts and extents of detailing.

Response to incidents is performed in the different modes. At approach of an incident specialists of AMT Group can notify the customer and provide the corresponding recommendations for further independent elimination of effects by it. Or elimination of an incident is performed by the staff of AMT Group (as remotely, and with departure on a customer site).

Advantages of service model

Use of model of the managed cybersecurity services allows clients to receive ready processes of providing Information Security (actually "on a turn-key basis"). At the same time the company will get a number of essential advantages of rather "classical" model.

For example, it is not required to carry out purchase of technical means, hardware platforms and software: all necessary means it is provided within services of AMT Group; the customer gets access to competences and examination of a spetsialistovkompaniya: with them it is possible to consult on any arising questions of providing Information Security.

(And, often, and first-priority) a factor at decision-making service cost is important. For our clients we carried out a number of calculations, including calculations of total cost of ownership (TCO) for service model in comparison with "classical". All calculations speak well for model of the managed services.

Development of cybersecurity services

Interest of the Russian companies in use of the "security as service" model now, undoubtedly, is. Statistics of AMT Group and the increased number of requests for these services demonstrates to it. In the market more and more accurate quality criterions of services are gradually elaborated, their cost, control measures forms, the project portfolio of suppliers extends. Sizes of the market of cybersecurity services grow. But there are also restraining factors. The main is a trust of users to suppliers. Any outsourcing causes concerns, and security outsourcing – especially.

For increase in the trust level of clients of AMT Group implements a number of measures and steps, including the conclusion of nondisclosure agreements of confidential information (NDA, Non-disclosure agreement), the detailed agreements on service maintenance (SLA) regulating all aspects of rendering service including separation of areas of responsibility. Separation of duties within the command rendering service, and double control concerning all significant transactions is performed. In AMT Group it is constructed and certified according to requirements of ISO 27001:2013 (GOST P ISO/IEC 27001-2006) own cybersecurity management systems regarding rendering consulting and services. Clients can receive the information (summary) about project team which will be involved in rendering service.

At the moment the "security as service" model in the market of the Russian Federation is already reality. The popularity of the managed services will steadily grow, the developed culture will gradually change. The economic feasibility will promote transfer of cybersecurity on outsourcing to specialized service providers. The companies which already provide such services in the future will be the winner. Their competences and experience can be a decisive factor when choosing the supplier by the customer.