Protiviti Connects Communications Provider to Improved Information Security

125 views

Published on

A national communication services provider engaged Protiviti to enhance its security monitoring, intrusion detection and incident response capabilities. Although the client had deployed various security technologies, including a SIEM solution, it lacked operational capabilities to monitor and respond to security events. Threat intelligence was gathered on an ad-hoc basis, and underutilized. In addition, the organization lacked log management processes required for PCI compliance and proper monitoring of in-scope systems.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
125
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Protiviti Connects Communications Provider to Improved Information Security

  1. 1. Protiviti Connects Communications Provider to Improved Information Security IT Security – T echnology, Media and Communications Client Challenge A national communication services provider engaged Protiviti to enhance its security monitoring, intrusion detection and incident response capabilities. Although the client had deployed various security technologies, including a SIEM solution, it lacked operational capabilities to monitor and respond to security events. Threat intelligence was gathered on an ad-hoc basis, and underutilized. In addition, the organization lacked log management processes required for PCI compliance and proper monitoring of in-scope systems. POWERFUL INSIGHTS Protiviti’s security experts worked with internal and external teams to improve security operations, institute incident response procedures, and enhance PCI DSS compliance at the organization. We assembled a team of experts specializing in intrusion analysis, forensics and PCI compliance, and led the company’s PCI DSS compliance program related to log collection and monitoring. Our team’s expertise was instrumental to the development of a robust security operations program for our client. PROVEN DELIVERY Over the course of our engagement, we delivered the following services to our client: • Staffed security operations functions, including functions for security monitoring, incident response and PCI DSS program development • Enhanced the existing SIEM solution by developing SIEM correlation content and deploying supporting infrastructure to collect and store security and regulatory logs • Developed procedures for security monitoring and incident response • Set up centralized incident tracking to support efficient incident response processes and metrics reporting • Developed key-term searching capabilities for automated collection and processing of open source intelligence to detect possible data leakage and impending attacks • Developed custom-scripted automated capability to collect forensic indicators for use in correlation with network- and host-based event sources • Disseminated threat intelligence to appropriate units within the company to increase operational awareness and aid in security strategy development • Developed use cases and deployed new infrastructure to support PCI DSS Section 10 and ensure that security events were collected, monitored and retained for in-scope PCI systems, applications and databases
  2. 2. As a result of our work, our client was able to deploy its full range of security solutions and maximize its investment through vastly improved detection capabilities, incident management and metrics. Output of the security monitoring solution was further used to enhance the larger security operations at the organization and inform the development of future security strategy. Most important, by improving its detection capabilities for critical assets, the client was able to reduce the risk of security incidents as well as their impact, and maintain PCI DSS compliance on a predictable and consistent basis. How We Help Companies Succeed As the business world becomes more and more connected, it is critical to view information security and privacy as a business issue, not just an IT issue. Security threats, vulnerabilities and privacy exposures challenge every organization today, creating risks that must be understood and managed. Often, organizations do not know what risks they face or how they will manage these risks. Equally important, good security and privacy practices can provide revenue growth opportunities by allowing personalized support to clients. Protiviti provides a wide variety of security and privacy assessment, architecture, transformation and management services to help organizations identify and address security and privacy exposures (e.g., loss of customer data, loss of revenue, or reputation impairment to a customer) before they become problems. We have a demonstrated track record of helping companies react to security incidents, establish security programs, deal with identity and access management, and handle industry-specific data security and privacy issues. Protiviti is the leader in risk management solutions for organizations of all sizes. Contact us for more information and our approach to managing risk. Contacts Michael Walter Managing Director +1.404.926.4301 michael.walter@protiviti.com Mitchell Webb Manager +1.314.656.1718 mitchell.webb@protiviti.com Joseph Binkowsky Manager +1.407.849.3927 joseph.binkowsky@protiviti.com About Protiviti Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE 1000® and FORTUNE Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index. ©2013 Protiviti Inc. An Equal Opportunity Employer. PRO-PKIC-1213-140 Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

×