The McAfee Focus 16 event is one of the biggest security events in the world, bringing together more than 3,500 security experts, vendors, and customers in Las Vegas, Nevada. McAfee is a key partner of ours, so when we were invited to talk about the work we do with our customers through our SOC (as the only speakers from Australia) we were happy to oblige. Here is a quick recap of the topics we covered in our presentation.
Kinetic IT has a long record of delivering security to government, police and corporate customers as part of the onsite IT-managed services we provide for our customers.
Shortcomings in typical IT environments
We found that the available solutions were missing the mark with some real shortcomings in their approach. For example:
- Incorrect Focus: Vendors were selling prevention products that were of limited effectiveness and didn’t improve their detection and response capability when new threats arose.
- Too Resource Intensive: Each technology or solution a customer bought increased the number of IT security professionals they required.
- Lack of Alignment: Off-the-shelf solutions were treating all customers the same, regardless of size, business risk or onsite strategy with a one-size-fits-all approach.
We recognised that “more of the same” was not going to be enough, so we took a different approach and partnered with McAfee Security to establish our SOC, with a pretty unique approach.
Adaptable and efficient service design
By focusing on our customers’ particular risk profiles, architecture, policies and processes we designed a service that is both adaptable to their risks and also based on efficient and repeatable design.
Risks
With clarity around the customer’s business risks, we can easily work back to which use cases will provide the most value.
Architecture
Customer architecture diagrams and general principles help us with configuration. Knowing the difference in syntax between an administrator’s account versus a normal account can significantly reduce false positives and get us to the real value a lot sooner.
Policies
The customer’s security policies help to shape the monitoring. For example, if a customer uses Dropbox as their corporate cloud storage then it’s far easier to monitor other services for potential unauthorised data exchanges.
Process
Most of our customers have existing processes, and by understanding these, we’re able to seamlessly integrate within the four-week onboarding period via emails all the way to Service Desk toolset integration.
Seeing Value
One of the key elements that Intel Security wanted to share with their customers was how successful the Kinetic IT approach has been. A few of the many examples we were able to share include:
Ransomware
Complete reduction in successful ransomware incidents, even when missed by the leading email security appliances.
Automation
The ability to automate responses to common threats thus freeing the onsite team to focus on higher value tasks and removing the ‘noise’.
Value
The ability to maximise the value of our customer’s existing security investments and ensure rapid return on any new investment.
Visibility
Driving security awareness through true visibility of our customer’s environment.
If you are interested in hearing more about our approach or understanding how Kinetic IT can ease your security burden please contact us.
