Cyber Security Professionals perform impressive balancing acts on a daily basis, carefully spinning the plates of time, money and risk to protect vital data and keep the business running. Unfortunately maintaining Cyber Security for a large London Borough has limited entertainment value when the risks are so high and there comes a point when a major change of strategy becomes unavoidable…
Neil Gooding Information Security Manager for LB Bexley explains what drove the authority to adopt a change of approach,
“The tipping point between the old and the new security regimes was the result of coinciding Cyber Essentials and PCI DSS audit reports. From both of these, it became clear that we had gaps in areas such as intrusion detection and log management. We always knew that what we had wasn’t good enough and we had looked around for a new system but budget restrictions, availability of in-house skills and the time needed to set up and run a SoC tool just made it impossible”.
SIEM tool not delivering the security required
Prior to the implementation of Hytec’s Managed Cyber Security Service, LB Bexley relied on a SIEM tool (Security Incident and Event Management) to manage security, this was initially purchased for compliance and used for vulnerability scanning. The SIEM tool was particularly weak around log and event management and difficulties with initial configuration and day to day use meant that it wasn’t producing the data that Bexley needed and wasn’t being updated.
Neil Gooding recalls that the challenge was significant even for someone with considerable skills in cybersecurity,
“We needed something that dealt with the logs in a better way as our tool at the time was just sending raw data and it was difficult to understand what was going on. There was no real visibility and the logs were not helping us. We needed a tool that was going to produce better logs and was also going to alert us to anything that was a high priority.
We were getting flooded with alerts and we were getting to the point where the old product wasn’t getting used. We would dip into it every now and again but we would be staring at a screen with lots of logs that were pretty much meaningless and it was very difficult to drill down into them and find anything that was of any use. So the only benefit from having the SIEM tool was to be able to put a tick in the “have you got a SIEM tool?” box!.”
MSP: A change in mindset delivers the results
LB Bexley always considered that the responsibility for managing cybersecurity should be owned by the authority and as such was never outsourced. Bexley’s service partner manage the entire Council network and now have access to the same “single pane” one-window view of the security posture of the entire estate.
Bexley and their service partner also have the same view of the infrastructure and this has improved reporting and strengthened the working relationship. “Now we have had Hytec in for some time, it has been integrated with our firewalls and our anti-virus product and O365 so there’s lots of information being pulled into it one single area. Our managed service partner is running these so it provides a very valuable toolset for them as well.”
Implementing a Managed Security Service in a Local Authority
The ease of implementation of the new service took Neil Gooding by surprise,
“It was very easy. There was not as much to it as I had expected. We just fired up a couple of virtual servers and Hytec did the configuration work and it was pretty much dealt with, the next thing I knew is that it was on and it was working and we were receiving information and filtered alerts about events that we never knew were happening.” File Integrity Monitoring and developing the service further. LB Bexley is introducing new security protocols facilitated by the Hytec service. Compliance is giving more impetus to some areas than others. File integrity monitoring is the latest service to be implemented, “initially file integrity monitoring looked like a bit of a minefield and I thought that it was going to be really difficult to implement and difficult for our managed service provider but I asked some questions of Hytec and got a response back the same day. It turned out not to be too difficult, Hytec sent me the logs and the output I needed and they made it really easy for me.
About Hytec’s Managed Cyber Security Service
Cyber Security Managers in Local Authorities, Health and Healthcare suppliers have their hands full trying to ensure their organisation doesn’t become yet another headline-grabbing example of a damaging cyber-attack. It’s an uphill battle and judging from the rapidly growing number of victims, it’s a battle many are not winning.
Hytec’s partnership approach to enterprise cybersecurity offers a distinctive service that aims to raise levels of cybersecurity to those appropriate for the local government and health environment. Designed by necessity, the service addresses the very particular set of issues faced by local authorities and other public sector and 3rd sector organisations. Working in security and information governance for over two decades Hytec has established a comprehensive, best in breed Managed Security Service that will significantly enhance the protection of systems/data, help achieve your compliance requirements and ensure appropriate security mechanisms are in place.
Hytec services are:
- Managed Cyber Security Service
- Cyber Essentials Plus
- NHS Data Security and Protection Toolkit
- Information Governance
- Specialist hosting
- Secure Infrastructure Design
- Cybersecurity consulting.