SOC proactively detects data security threats of VTT

Net 1/2016,  2016-04-18

At the end of 2015, Fujitsu revamped the data security solutions for VTT Technical Research Centre of Finland, in cooperation with their in-house experts. CIO Markus Ekman says that in the case of VTT, the data security requirements are particularly high and they come from two directions.

SOC proactively detects data security threats of VTT ”We have international technology companies as our clients, and they set contractual obligations to what we do. On the other hand we also have special government-issued tasks and requirements that we need to fulfil,” Ekman outlines.

”Also the disruption of technology serves as a driving force. The shift from using your own services to cloud services is one of the many things that changes the big picture, when everything is not locked up inside your own walls for safekeeping.”

On device level, revamping VTT’s solutions called for standardizing and consolidating the technology used by the customer. The amount of separate data security devices was reduced considerably, and the new firewall cluster takes care of data security on an even more extended scale than before. For example, the tasks performed by the cluster now include filtering content, controlling applications, anti-bot protection and virus scan.

All the data security devices of VTT are connected to a centralized management and reporting system, so that they can be controlled together as a single unit. At the same time, VTT employed SOC, Fujitsu’s Security Operation Center, which Ekman sees as a complementary service of key importance.

”As the world and our operations transform, the firewalls require constant reconfiguration. SOC is capable of detecting global threats quickly and proactively. With new viruses being caught earlier than before, also remedies against them are found earlier,” Ekman says.

According to Ekman, data security reporting and follow-up form an integral part of continuous day-to-day operations. Fujitsu delivers a comprehensive report once a month, and data security topics are tackled in separate meetings.

”Our next challenge is to analyze the big data and ask ourselves what we can learn from it .You can’t win a fight by relying to old cures only. The cyber era requires the newest technology and a wider network of international knowhow, which at best complete the data security readiness of any individual company so that they can be prepared for all kinds of risks and act proactively,” Ekman points out.

Text: Jarno Salovuori
Translation: Päivi Vuoriaro

Fujitsu’s SOC analyzes data security proactively

Fujitsu offers to the data security devices it maintains a comprehensive log management service (Security Operation Center) for monitoring events and incidents. SOC keeps track of device alerts, takes the necessary action and reports findings to the client.

Data security devices are monitoring the network of an organization 24/7. However, no hardware alone is enough to guarantee sufficient protection for users and information systems, as data security risks are diverse and always transforming. It is inevitable that the event logs of devices abound with alerts, of which only a qualified data security expert can identify the real threats and take the required measures.

Even the most advanced data security technologies and policies need monitoring and maintenance, as well as analysis and responding to the alerts. If maintenance is ignored, the versatile qualities of expensive systems are not used to their full potential. In the worst case scenario, a threat goes undetected and materializes.

SOC – maintenance, monitoring and responding

Centrally monitored data security devices include firewalls, intrusion detection and prevention systems and antivirus solutions. Fujitsu also keeps track of the information about new vulnerability threats that are provided by other sources, and then investigates whether reconfiguring the devices or taking other precautions are in order.

Before starting to use a service, it is vital that we define the data security policies together with the customer and decide upon which events will be monitored and which events require intervention. Typical incidents that require response are harmful outbound traffic from the client’s network, external attacks against the customer’s network and activating new parameters for the devices and following up on their functionality (i.e. detecting the so-called false positives).

Fujitsu is on call to react to the most serious threats around the clock without a separate authorization by the customer. By default, SOC analyses the reports sent by the devices once a day, and in a normal situation the client receives a report of the completed actions either once a week or once a month.

More Information

Published in the Net Magazine 1/2016,  2016-04-18

Facebook  Twitter  Google  LinkedIn