Provides a real-time view of security-related activity on systems and networks, enabling clients to stay ahead of cyber criminals
Offers multi-tenancy, multi-customer support so that different clients can be monitored from the same console
The company needed a powerful, scalable, fully interoperable correlation engine as the foundation for a business that provides advanced intelligence services for complex enterprise environments.
Although they have invested in the latest technology, organizations still cannot detect cyber threats during the early stages of the attack lifecycle. The average time to detect and react to cyber breaches today is 240 days. So, businesses need to radically change their mindset and focus on identifying breaches early in the attack lifecycle and responding with the most efficient response strategy. And to do so, they need to analyze extremely valuable security-related data and metadata that remain unused, fragmented, isolated, and mostly static.
Collecting and analyzing data is crucial for a business-driven cybersecurity model that integrates people, process, and technologies into a comprehensive security program. Enterprises need to protect their constantly changing infrastructure against a constantly moving threat. This is where Obrela comes in. “We make sure our customers can focus on what they do best, their core business, by leveraging our expertise and ArcSight to address their information security needs,” says Patsis. “Security is our core business.”
Cyber criminals and advanced persistent threats are continuously evolving and becoming increasingly better at circumventing security. It is no longer enough to use technologies that only detect known threats. Enterprises must have the capabilities to hunt for unknown threats in order to detect advanced attacks. Combining real-time correlation with analytics enables SIEM users to tackle today’s advanced persistent attacks by detecting both known unknown threats.
GEORGE PATSIS – CEO
Obrela Security Industries
Imagine you are hosting an intimate dinner party in the dark. Suddenly the lights come on, and you’re astonished (and alarmed) to see a large number of dubious-looking strangers sitting at your table along with the invited guests
ArcSight ESM’s open architecture enables Obrela to connect its existing data stores, analytics platforms, and other security technologies directly into the SOC, enabling them to decrease response times and confidently offer highly reliable service agreements.
This sort of unpleasant surprise – which in the security space, translates into sudden awareness of many more internal and external threats than you knew about – is what Obrela Security Industries helps protect its clients from, with the help of the Micro Focus® Security ArcSight security information and event management (SIEM) solution.
Headquartered in London, UK, Obrela Security Industries (O.S.I.) is an enterprise information security service provider, offering an umbrella of security services, products, and intelligence for complex enterprise environments and major domestic and Global 500 corporations, including a major European stock exchange and a multinational financial services company. Obrela’s mission is to ensure that its clients’ information assets remain safe and available for business; in fact, the company’s motto is: “We keep your business in business.”
O.S.I. supports large, medium, and small enterprises in the areas of financial services, telecommunications, and government. The ArcSight powerful correlation and analytics engine is a critical element in the advanced intelligence services portfolio that Obrela provides to these clients.
GEORGE PATSIS – CEO
Obrela Security Industries
Why would a managed security services provider (MSSP) choose a SIEM solution over another solution as the foundation for its business? For Patsis, the answer is simple: “A SIEM solution can tell you what is happening on your network, on your systems, and in your business on a real-time basis. It is your basic, but powerful tool for security.”
This is not necessarily intuitive. “Interestingly, we find that many of our customers have invested all their money into security systems of a defensive nature,” Patsis continues. “Of course, this layer of defense is important; but it is mathematically certain that, at some point in time, the technology of defensive controls will fail. When that happens, will it be possible to understand and visualize the threat early enough, so it can be contained before it gets out of control? A SIEM solution helps us to understand and assess the security state of the enterprise on a real-time basis.”
ArcSight has been the SIEM solution of choice for Obrela since the beginning. “We evaluated almost every available product in the market to see how it could fit in a multitenancy, multi-customer, highly complex multivendor environment, and at the same time have the simplest, most efficient, most effective way to operate the system horizontally,” recalls Patsis. “Our evaluation was very much in favor of ArcSight.”
One of Obrela’s primary selection criteria was interoperability. “We believe ArcSight makes the most interoperable solution on the market. Of course, interoperability is crucial for us: When we go to a customer and want to monitor their infrastructure, we can’t afford to have problems in understanding what a device says or what an application is doing. We have provided this service to many customers and have never had an issue,” says Patsis.
Other key factors included scalability, ease of integration, and raw power. “It is a seamless integration,” continues Patsis. “We don’t need to install anything on customers’ devices or infrastructure, so that helps us complete the integration very quickly. The scalability of the product is excellent; as we grow, we can add hardware and processing power in a predictable manner.”
“The power of ArcSight ESM is unmatched and it decreases our response times drastically,” declares Patsis. ArcSight saves O.S.I’s security analysts’ precious time by correlating logs quickly and firing on known rules and conditions. “This means quicker response times and leaves our security professionals more time to hunt for unknown threats.”