The Paramount of Security Operations Center: Threat Detection and Response

As TIM launched its newest Managed Services offering, the Security Operations Center, held a virtual event on December 9, 2020, in partnership with RSA and Nexusguard. The event was opened by Mr. Sunver Bastes, highlighting that security is of the utmost importance to any corporation with the transitions of working from home, and very much everything is done online. He has also mentioned the importance of helping customers understand what the threats are and how to be agile and pro-active in responding to such circumstances.

The event’s first keynote speaker is Ms. Shiela Vasquez, Account Director from RSA. She has mentioned the challenges and risks of security operations and how to address those concerns. Ms. Shiela then introduced the RSA Netwitness Platform that has the broadest sources of visibility for packets, logs, endpoint, threat intelligence, netflow, cloud, and business context. With RSA Netwitness Architecture, all the information is enriched, with intelligence and context tagging. Then goes through the analysis phase, where you have real-time detection, user behavior analytics, and archiving. The action portion is where incident management, investigation, compliance reporting, orchestration and automation, session reconstruction, and endpoint analysis happens. Finally, Ms. Shiela highlighted that aside from the technology and process, the most vital part of the Managed SOC is the people that are highly skilled to keep security operations running. 

Mr. Mandy Tupaz-Nexusguard’s Senior Manager for Services and Security Operations was the event’s second speaker. In 2019, Nexusguard and TIM started a partnership to host Nexusguard’s Security Operations Center. With the demands of the global clients and partners, the current SOC rose to the occasion. The COVID 19 Pandemic has tested resiliency in the IT umbrella of each organization. Mr. Mandy discussed the step-by-step process of the DDoS Life Cycle. Baselining is where the security team familiarizes and defines the legitimate traffic from attack traffic. It then undergoes detection to minimize false positives and establish monitoring on the network and site level and end up with a definition of threshold to be used to trigger alerts. Next, diversion takes place wherein the good traffic traverses to the mitigation platform and undergoes deployment. Deployment depends on the actual requirement and services of the client. There is a possibility of mixing solutions to have a more efficient way of securing services from DDoS attacks. The attacks are mitigating from the process of scrubbing. Completing the life cycle injection takes place. It is the phase where the clean traffic is injected back and sent over to the clients. 

The last set of speakers, Ms. Mylene Espinola and Ms. Pola Mijares, discussed the Managed SOC Service of TIM. The service went live and operational last September 2020 and became a full-blown 24×7 service. Ms. Mylene shared the business values of SOC that is cost-effective, less downtime and prevention, ensuring customer trust, and industry regulations. TIM, a Systems Integrator and Managed Service Provider, has the ability and flexibility for Cybersecurity specific requirements with advanced technologies and is manned by highly trained and experienced cybersecurity analysts. Ms. Pola explained SOC service offerings with RSA Netwitness Platform and other add-on services as the second half of the discussion. She has also shared details on POC Requirements, SLA, Security Incident Escalation.

Finally, the event was closed by TIM’s Vice President for Data Center Services, Mr. Egie Gutierrez thanking TIM’s technology partners and the event attendees.