Hewlett-Packard Co. (HP) opened up a new regional Security Operations Centre (SOC) in Mississauga, Ont. today that is certified to deal with confidential government data – even if it’s not doing that quite yet.
HP’s network of SOCs spans the globe. There are 10 hubs in total, comprised of three main hubs – one for each of three major regions, the Americas, Asia-Pacific, Africa-Middle East-Europe – and several regional SOCs, the newest of which is in Missisauga. The centres provide a security information and event management (SIEM) solution to clients, helping them to detect cyber-threats and foil hackers before they’re able to trigger a debilitating data leak.
HP is setting up shop west of Toronto with a specific type of client in mind, says Stewart Cawthray, regional security operations centre leader at HP Canada.
“We built this Canadian SoC to meet all the physical guidelines the federal government has put out,” he says. “We’ve put a lot of extra security to bring it up to the point where we can be accredited as a secret facility by the Government of Canada.”
The feds aren’t a customer yet though, and as far as Cawthry is aware, they’re not looking for a provider at this point. But those security measures – right down to the physical security of the building – will be a benefit to other customers, including enterprises in the financial or healthcare sectors that may require security logs be stored on Canadian soil to keep regulators happy and meet compliance standards.
There are clients outside of this category that still insist on having their data locally stored in Canada, says Dave Ouellette, director of worldwide managed security services at HP.
“It’s being added to provide services from a local presence and retain security logs within the country,” he says. “In the commercial space, there’s a tendency to fall to that side just out of consideration.”
HP uses its security analytics tool ArcSight. The solution aggregates security logs and applies high-level analytics to detect patterns that could indicate an orchestrated security threat. Since HP has many clients connected to its SOCs around the world, it can correlate threat patterns in different parts of the globe and learn how to detect them as early as possible.
“We’re attempting to whittle down millions of events into a few actionable items,” Cawthray says. “The difference between being proactive and reactive is going in and looking at those events, determining what events are happening, what are benign, and what are the incidents that could become worse.”
The new SOC will also provide firewalls, perimeter monitoring, intrusion prevention systems, and end-point security such as antivirus, Cawthray says. Clients establish a secure connection with HP using an encrypted VPN to receive the services, and deploy a local instance of ArcSight SIEM.
The Mississauga centre will be open every day, 24 hours per day and staffed with security experts. It’s already open and operational, and HP is already working with some of its clients to migrate their services to the new centre. Canadian companies that were using a different SOC (likely the Americas hub located in Texas) will now have the option to migrate to home soil.
Even smaller enterprises in Canada could consider services from HP’s new SOC, Cawthray says. Its pricing is based on the number of devices managed and the number of logs being produced, and a price is negotiated with each customer based on their unique situation.
“They don’t need to have less security as a small business,” he says. “They need the same scale of expertise that HP provides to our large companies.”
There’s no other plans for more Canadian SOCs in the near future, Ouellette says. For now, HP is hoping this new ‘secret service-level’ building will give them the edge in a managed security market that is getting more crowded.