A leading IT security provider eliminates 1,700 hours manual work and delivers instant IT risk posture across all customers.
SecureDevice is top tier Danish owned IT-security business. Many of Scandinavia’s top 300 enterprises have chosen to partner with SecureDevice due to their deep network security expertise covering SIEM, firewalls, IDS/IPS, security scans, log handling, DNS security, and protection of servers.
In 2020, Computerworld awarded SecureDevice number one in IT-security.
Security Incident & Event Management (SIEM) as a service
Any company that wants to improve its security posture and better protect itself knows it needs rigorous approaches to detect security incidents. Security Incident & Event Management (SIEM) is a $4.2 billion market that has evolved
to become central focus for many companies’ IT Security setup. The security overviews from SIEM and ability to
respond to the most critical events helps protect sensitive data and provides evidence that helps meet compliance
requirements.
The cost of setting up and subsequently running an in-house Security Operations Centre (SOC) providing 24/7 security
information and event management (SIEM) is however still prohibitive for all but the largest corporations.
This has led to the market for SIEM-as-a-service which provide companies all the benefits needed from a security
information and event management system without any of the headache or capital investment. SecureDevice’s
easycurity SIEM-as-a-service, built on IBM’s market leading SIEM, QRadar provides an attractive proposition for
companies who don’t want the cost of implementing and self-managing an in-house SOC. With the market for SIEM as-a-service projected to increase between 12 percent to 15 percent annually through 2025 SecureDevice are well
positioned to captialise.
”The Decision Focus platform has been a gamechanger for our users.”
“Full transparency across our Risk Landscape across different IT Security systems. Not only have we been able to reduce cost, manual errors and time to deliver Risk Overview Reports – but the templates from Decision Focus will help us drive new, cross category risk analysis, trends and metrics to continuously monitor and increase the security posture for subscribing companies.”
Michael Albek, CEO at SecureDevice
SecureDevice are experts in optimising and tuning SIEM solutions, reviewing security events, proposing recommendations and ensuring that the solution is optimised for their subscriber's IT environment and current threat image.
To keep their subscribers informed of incidents discovered through the SIEM, SecureDevice had traditionally sent a
weekly report summarizing any incidents, detailing how attacks were resolved and providing recommendations for
further fine tuning of the SIEM as false positives were uncovered.
The reports relied on manual extracts from QRadar and a lot of manipulation of data in Excel. Results were pasted into
Word, commentaries added and the reports were saved to .pdf files that were then emailed to the subscriber. The whole process behind creating the reports was extremely time consuming and importantly it took the security consultants away from other value-added activities.
Reporting on findings and providing actionable information is an essential part of the service but SecureDevice were
looking for a smarter and more efficient way. They began to ask themselves:
Decision Focus helped SecureDevice establish an IT Security Portal to handle security reporting for all SecureDevice’s easycurity and on-premise-hosted QRadar subscribers. The whole project was completed within just a 3 weeks due to a combination of a clear, shared vision and a fast implementation methodology.
Using rapid prototyping, a Proof of Concept was established to help evaluate the potential benefit of presenting data from the SIEM in a more visual and engaging way. SecureDevice could quickly see the potential benefit when management overviews were combined with the ability to drill down into the underlying detail.
Alongside the interactive dashboards, SecureDevice wanted to continue with production of the weekly report but automate all the manual activity so the weekly report was automatically produced. Decision Focus were able to demonstrate how the weekly report could be generated dynamically, directly from within the portal following the exact style guidelines that subscribers were used to. The resulting report could be consumed online or saved as PDF to be shared internally.
Since the Decision Focus platform is built on a modern microservices architecture, the REST-services integration to
IBM QRadar was completed quickly. The integration handled the retrieval of offences from multiple QRadar instances on a scheduled basis ensuring that the portal was always up to date with the latest risk posture.
SecureDevice are now offering Decision Focus SaaS as an IT Security Portal to handle automated security reports and tailored Dashboard solutions for a range of Government, Media & Phamaceutical customers. New subscribers are onboarded on a weekly basis.
“Decision Focus has automated the manual, labour intensive weekly reporting we provide to our subscribers. We can now provide our CISOs with a simple, consolidated view of all the security monitoring services we provide.”
Jan Straarup, Security Consultant
One central IT Risk Monitoring Portal enables SecureDevice to track individual IT risk posture for each subscribing company.
Each data set is available for the subscribing company only. Web access to Decision Focus platform delivered on the IBM Cloud.
The current solution has resulted in 572 annual security reports created automatically. In the past, these individual
reports could take hours to draft – all are now created instantly with no delivery time. This gives another valuable
benefit, in form of lower reaction time in order to solve potential critical incidents. Freeing up more time, for highly
skilled security advisors to enable IT risk reduction across a growing set of subscribers.
Using Decision Focus SaaS has also made it possible for SecureDevice to offer their subscribers tailored dashboards
with interactive and better graphical ways of showing data.
Several pain points like time consuming security reports, potential human errors during reporting, outdated reporting
design is now history and SecureDevice can use more time on improving their IT Security solutions.
“The IT Security Portal has been well received and our subscribers are asking us to extend the visibility to other service areas such as patch and configuration compliance, vulnerability management and cyber risk management.”
Michael Albek, CEO at SecureDevice
What’s next? It’s your move...