Imagine you are hosting an intimate dinner party in the dark. Suddenly the lights come on, and you’re astonished (and alarmed) to see a large number of dubious-looking strangers sitting at your table along with the invited guests
ArcSight ESM’s open architecture enables Obrela to connect its existing data stores, analytics platforms, and other security technologies directly into the SOC, enabling them to decrease response times and confidently offer highly reliable service agreements.
This sort of unpleasant surprise – which in the security space, translates into sudden awareness of many more internal and external threats than you knew about – is what Obrela Security Industries helps protect its clients from, with the help of the Micro Focus® Security ArcSight security information and event management (SIEM) solution.
Headquartered in London, UK, Obrela Security Industries (O.S.I.) is an enterprise information security service provider, offering an umbrella of security services, products, and intelligence for complex enterprise environments and major domestic and Global 500 corporations, including a major European stock exchange and a multinational financial services company. Obrela’s mission is to ensure that its clients’ information assets remain safe and available for business; in fact, the company’s motto is: “We keep your business in business.”
O.S.I. supports large, medium, and small enterprises in the areas of financial services, telecommunications, and government. The ArcSight powerful correlation and analytics engine is a critical element in the advanced intelligence services portfolio that Obrela provides to these clients.
Why would a managed security services provider (MSSP) choose a SIEM solution over another solution as the foundation for its business? For Patsis, the answer is simple: “A SIEM solution can tell you what is happening on your network, on your systems, and in your business on a real-time basis. It is your basic, but powerful tool for security.”
This is not necessarily intuitive. “Interestingly, we find that many of our customers have invested all their money into security systems of a defensive nature,” Patsis continues. “Of course, this layer of defense is important; but it is mathematically certain that, at some point in time, the technology of defensive controls will fail. When that happens, will it be possible to understand and visualize the threat early enough, so it can be contained before it gets out of control? A SIEM solution helps us to understand and assess the security state of the enterprise on a real-time basis.”
ArcSight has been the SIEM solution of choice for Obrela since the beginning. “We evaluated almost every available product in the market to see how it could fit in a multitenancy, multi-customer, highly complex multivendor environment, and at the same time have the simplest, most efficient, most effective way to operate the system horizontally,” recalls Patsis. “Our evaluation was very much in favor of ArcSight.”
One of Obrela’s primary selection criteria was interoperability. “We believe ArcSight makes the most interoperable solution on the market. Of course, interoperability is crucial for us: When we go to a customer and want to monitor their infrastructure, we can’t afford to have problems in understanding what a device says or what an application is doing. We have provided this service to many customers and have never had an issue,” says Patsis.
Other key factors included scalability, ease of integration, and raw power. “It is a seamless integration,” continues Patsis. “We don’t need to install anything on customers’ devices or infrastructure, so that helps us complete the integration very quickly. The scalability of the product is excellent; as we grow, we can add hardware and processing power in a predictable manner.”
“The power of ArcSight ESM is unmatched and it decreases our response times drastically,” declares Patsis. ArcSight saves O.S.I’s security analysts’ precious time by correlating logs quickly and firing on known rules and conditions. “This means quicker response times and leaves our security professionals more time to hunt for unknown threats.”