Month: March 2021

cyber risk management

VPLS Expands Bare Metal and Cloud Platform into A New Singapore Data Center, Reinforces Presence in Southeast Asia

Blog Post, News / By
Return to the VPLS Blog

VPLS Expands Its Bare Metal & Cloud Platform into A New Singapore Data Center, Reinforces Presence in Southeast Asia

Published

Written by

Filed under

We are excited to  announce the addition of a second Singapore data center location. The facility, known as SIN2, is located at 20 Ayer Rajah Crescent in Ayer Rajah Industrial Park in Singapore.

Home to the Asia-Pacific Network Operation Center (NOC), the SIN2 datacenter provides access to one of the world’s three GRX peering points, making it one of the most network-dense data centers in the region.

The SIN2 data center offers increased bandwidth capabilities to customers in Thailand, Indonesia, Hong Kong, and China, as well as the rest of Southeast Asia and Hawaii.

Queenstown, Singapore Data Center Highlights

  • 181,716 sq. ft. near downtown Singapore
  • Multi-stage security, including biometric sensors and proximity card readers
  • N+1 redundant critical load generator standby power
  • Access to 150+ carriers from the GRX Peering Point
MORE SIN2 SPECIFICATIONS

Read More from this Author

If you enjoyed this article, you'll probably like:

network security services

Do We Need Our Own SOC?

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

Credit: This blog post is a reimagination of the chapter with a similar name in MITRE’s Ten Strategies of a World-Class Cybersecurity Operations Center. Their document is an invaluable resource and highly recommended reading, but as it was published in 2014, both the cyber threats that organizations are up against, as well as the defense tools available, have evolved. This article reimagines their advice to be more applicable in today’s cybersecurity landscape.

What is a SOC?

Before an organization can answer the question of “Do we need our own SOC?”, it first needs to understand what a SOC is.

A SOC, or Security Operations Center, is a group of security analysts organized to detect, analyze, respond to, report on, and prevent cybersecurity incidents. Sometimes going by other names, such as Computer Security Incident Response Team (CSIRT), this group is the organization’s focal point for security operations and computer network defense (CND).

SOCs vary in maturity levels and therefore the capabilities they can bring to an organization.

However, these are some of the core capabilities that are normally provided by any SOC:

  • Real-time monitoring, detection, and analysis of potential cyber incidents
  • Incident response, including containment, eradication, and recovery
  • Prevention of incidents through proactive activities, such as vulnerability scanning and remediation

With that said, many organizations may feel they are already doing these activities without a SOC.

It is common for businesses with an immature cybersecurity program to perform the above using an ad-hoc, decentralized SOC composed of members of its IT staff. If this is how your organization operates, it is imperative to ask the question: do we need our own SOC?

Do we need our own SOC?

Not every organization needs its own SOC. With MSSPs offering affordable 24×7 SOC-as-a-service options, outsourcing can be a great option instead of building an in-house SOC or forgoing a SOC altogether. The chart below shows the typical type of SOCs that we see among organizations based on their size and the amount of inherent risk factors to their business model.

cyber risk management
To aid in determining where you stand on this chart, and to ultimately answer the question at hand, MITRE developed a worksheet that you can use to quantitatively guide the decision process. VPLS’s modified version of their worksheet assigns your organization a score. The more points you accumulate, the more it’s recommended to have either an outsourced or in-house SOC.

Evaluating your score

Below is a quick summary of how to evaluate your total score. Note that the score ranges and recommendations below are just guidelines, not hard and fast rules.

1 - 3 total points

VPLS Recommends

The organization can probably make do with an ad-hoc, decentralized approach to a SOC using members of the in-house IT staff, but an outsourced SOC is still recommended.

4 - 14 total points

VPLS Recommends

The organization probably doesn’t warrant its own SOC, but a SOC is necessary, so an outsourced SOC is recommended.

15+ total points

VPLS Recommends

An outsourced SOC may still work, but the organization should strongly consider its own SOC, especially if points are much higher than 15.

We notice organizations who fall between 1 and 3 points will typically try to perform SOC services using existing members of the IT staff due to budget constraints.

One word of caution here is that in this SOC model, there is significant risk that the incidents will go unnoticed by your team, especially when you consider incidents that happen after business hours. Even if they are noticed, there is still risk that those incidents won’t be dealt with in the most efficient, effective, or comprehensive manner.

Action items

There is no one-size-fits-all answer to “Do we need our own SOC?”. However, now that you have some tools to guide the decision process for your own unique organization, we ask that you:
  • Assess your organization quantitatively using the worksheet
  • Assess your organization qualitatively
  • Compare the results – does your score match your perception?

VPLS provides a wide variety of cybersecurity services, including 24×7 SOC-as-a-service and professional services. If you would like to discuss all things SOC with VPLS, including our recommendation based on your SOC worksheet score results, then please contact us. Our staff of certified security experts are always ready and available to help.

John Headley

Read More from this Author

If you enjoyed this article, you'll probably like:

managed security service provider

An Engineer’s Perspective on Managed Firewalls

Blog Post / By
Return to the VPLS Blog

Published

Written by

Filed under

Most of the articles you’ll read today on the pros and cons of MSP-managed firewalls focus on these two buzzwords: CapEx and OpEx.

Choosing upfront or recurring expenses is certainly an important decision for the business, but as an engineer who installs both managed and non-managed firewalls for our customers, I wanted to share some technical aspects of the decision that should be considered as well.

Are Your Employees Trained?

Organizations that want to migrate to or install a new non-managed firewall should consider if their employee(s) that will be managing this firewall will know how to use it, and this extends beyond simply making a new policy or blocking a website. To make the most of the new firewall, and to ensure the business is protected, the firewall admins should know how to:

  • Ensure any changes are made with configuration and security best practices
  • Utilize advanced features of the firewall, such as single sign-on
  • Incorporate and use other security devices and software to improve network security, visibility, and management (for example, devices in the Fortinet Security Fabric)
  • Troubleshoot all components when an issue arises for quick issue resolution

If this list looks like a tall order for your employees now, then how long will it take them to get up to speed? The Fortinet NSE4 certification, for example, is 5 days of training material, not including engineer practice time. Do your employees have this time to dedicate to learning how to use the FortiGate?

Vulnerability Mitigation and Patching

After investing the time to learn how to use the firewall, will your admins have the time to be able to stay on top of firewall patches and vulnerabilities?

Firewall vendors regularly release updated firmware versions. These updates can include bug fixes, new features, vulnerability mitigations, and can sometimes even introduce new bugs of their own. Your admins will need to adopt a process to keep an eye out for these updates and vulnerability announcements and assess the security risk for your business.

cyber risk management

Not if, but when the time comes that a firmware upgrade is necessary, your staff should perform their due diligence to ensure the new firmware is fully tested in a lab environment before being rolled out to production to avoid any surprises.

24x7 Monitoring and Incident Response

A “set it and forget it” approach to a firewall does not work in today’s cybersecurity landscape. If your organization is going to manage the firewall yourselves, then your employees should be performing many of the same functions as a security operations center (SOC), including continuous monitoring and incident response. Can these admins monitor the firewall logs for indicators of comprise (IOC) and indicators of attack (IOA) and perform incident response 24×7?

SOC dashboard screenshot

If 24×7 is out of the question and you settle for 8×5 monitoring and incident response, your employees still only have so much time in a day. Will adding these responsibilities stretch them too thin and/or compromise the quality of work?

MSP-Managed Firewalls - An Easy Button

Organizations who do not have staff with enough time to dedicate to security, or those lacking staff with necessary security expertise, will find handling all the responsibilities that come with a firewall to be challenging. In this situation, outsourcing these responsibilities to an MSP/MSSP really is an easy button, allowing your business to focus on what it does best instead of trying to quickly master cybersecurity.

If you would like to discuss how VPLS can take ownership and manage the complexities of your firewall, which is such an important cybersecurity investment for your business, then please reach out to us; we’d love to help.

John Headley

Read More from this Author

If you enjoyed this article, you'll probably like:

Scroll to Top