Maitham H. Al-Lawati, General Manager – Risk & Compliance, Oman Data Park (ODP) talks about the benefits of managed security services and ODP’s Security Operation Centre (SOC) in an interview with Dossier. Excerpts of the interview
What are the IT security related challenges faced by the corporate sector?
With new technologies becoming popular offering new solutions to the corporates, the business operations are becoming more complex day-by-day. The new opportunities also come along with a new set of challenges. The IT teams in large companies in many cases or smaller companies with hardly any inhouse IT resource are not capable to meet the challenges of compliance requirements or mitigate the security threats. These corporates have difficulty in improving compliance efficiency and establishing the compliance reporting requirements. They face the challenge of not being able to keep up to date with the latest security threats as they emerge. Another issue is of multiple security technologies and services from different providers, which leads to an internal administrative burden. They face the difficulty in scaling the security infrastructure to keep pace with the expansion of the business. Lack of adequate resources to mitigate the risks faced by the business is one of the most common challenges for the companies.
Many companies try to manage the security on their own and end up paying a lot higher compared to opting for a managed security service provider. Many times these companies suffer from targeted attacks which may go undiscovered for months leading to a huge business loss or damage to the reputation. The world is moving towards outsourcing managed security service providers (MSSPs) to mitigate all these challenges.
What are the benefits of engaging a managed security services provider?
By opting for a reliable managed security services provider, a company is ensured that experts are watching over security systems in real time and on an ongoing basis, 24×7. It also leads to reduced costs and the burden on internal IT. The service provider manages the client’s IT infrastructure while the client is free to focus on its core business objectives. Provide your executives with the confidence that security is being managed effectively. It improves the company’s security posture through more control, and increased confidentiality, integrity and availability of core business systems.
What role Oman Data Park plays as the managed security service provider?
We are the premier managed security service provider in Oman. Our team of experts manage and secure the network and applications of our clients. We have a state-of-the-art Security Operation Centre (SOC) which provides a comprehensive suite of service including managed network security, web application firewall, application security assessments, vulnerability assessment, security event & incident management, secure remote access, brand intelligence & anti phishing, DDOS protection, email security, DMARC, etc. Our SOC team works 24/7/365 to ensure our clients could operate their business with complete peace of mind.
For our managed security services, we have over 300 clients from various sectors including financial services, energy, manufacturing, government entities, etc. Though most of them are from Oman, we have many overseas clients also including those based in the GCC region and even North America. In Oman, we are the only managed security service provider which protects as well as detects.
Our key proposition is that we provide all these services in a very cost-effective manner.
Can you tell us in detail about your security devices management services?
ODP’s security devices management services deliver top notch technical support and management services along with robust security monitoring. Our security devices services can support a small or medium sized business as well as extend to an enterprise that is technologically complex. Our offerings are at different price levels provide customizable options for support, UTM firewall or blade features governed Service Level Agreements (SLAs).
What are the benefits of your vulnerability assessment management services?
While most security technologies play a defensive role and are reactive in nature, regular and consistent vulnerability scanning should be a proactive and vital part of a vulnerability risk management programme. Oman Data Park has designed its vulnerability management services to proactively identify where vulnerabilities may exist on the client’s network from either an internal or external perspective.
If we look at the service benefits provided to our clients, we identify the real and exploitable vulnerabilities. We satisfy regulatory compliance requirements and supplement the client’s team with dedicated vulnerability management experts. The asset remains protected 24X7 and we take action against vulnerabilities. We create a total network security and compliance solution by combining with other managed security services.
What is the scope of your web application security assessment service?
Our web application security assessment service provides audits and tests to the client’s web applications while providing actionable recommendations to protect their environment. So we identify business logical flaws before attackers do. We deliver all web application security findings to the client to implement risk management procedures or information security experts can assist in performing the implementations.
Tell us about your other managed security services.
Through our active directory intelligence service, in real time, the client has the assurance that critical resources in the network like the domain controllers are audited, monitored & reported with the entire information on AD objects – users, groups, GPO, computer, OU, DNS, AD Schema & configuration changes.
Our managed endpoint protection services deliver enhanced prevention against threats by combining endpoint protection solutions with 24×7 remote monitoring and onsite management by security experts. Organizations benefit from increased protection, improved regulatory compliance and improved productivity. These services deliver a consistent global service based on proactive, proven best practices, world-class technology infrastructure and security while adhering to strict service level agreements (SLA). We also provide secure remote access services.
Moving on, malware is a major worry area for the companies. With today’s sophisticated malware, you have to protect endpoints before, during and after attacks. Our advanced endpoints malware protection service is an intelligent, enterprise-class advanced malware analysis & protection solution that uses a telemetry model for big data, continuous analysis, & advanced analytics to detect, track, analyze, control & block advanced malware outbreaks across all endpoints such as Windows & Macs.
Another key service offered by us is penetration & security testing. It proactively evaluates the system’s security and discover possible weaknesses & newly discovered threats if any before an attacker exploits it.
Our SSL certificate service is designed to meet whatever needs our client may have for their business websites. Regardless of the server type, number of servers, or number of domains that needs to be secured, we will always have what is right for the business. We offer a variety of SSL certificate types from a variety of vendors.
The web application firewall service delivers the highest level of website protection against malware, website defacements, hackers and website blacklisting. Our website malware protection service filters out malicious requests that would target a website, whilst allowing clean traffic only to reach the website. A malicious website would infect every user who visits it with malware, in addition the website can be blacklisted which could damage an organization’s reputation.
The DDoS protection service detect and mitigate threats such as DDoS, botnets, slowloris, sockstress, application attacks, SYN floods, malformed SSL attacks. It stops application-layer DDoS attacks and disrupts botnet communications at the enterprise or data center edge. It can also stop volumetric DDoS attacks.
Our anti-spam service works by continuously detecting unsolicited and unwanted emails and preventing them from reaching the email inbox.
The cloud based information security awareness service ensures that every employee in the organization has the proper knowledge of the fundamentals of information security, gain the appropriate tips and guidelines to apply their knowledge in their daily tasks at work and recognize information security risks.
We are seeing a growing trend of phishing attacks and social media misuse. We also offer anti phishing and social media brand intelligence services to our clients. Whether it is a fake news on facebook or a duplicate twitter account creation of a reputed company, our service is geared up to protect the interests of our client.
We get the fake identities or posts removed for our clients. These issues plague the financial sector the most and we are proud to say that we have served our financial services clients like banks on such matters in very effective manner.
Oman Data Park also offers managed DMARC services. What is their relevance?
As per market estimated, 100 billion spam messages are sent globally per day. 2.1 million phishing messages per day are sent. 73% of data breaches begin with a fraudulent email. Phishing emails have a 70% open rate. 50% of users who open phishing emails will open the URL or attachment. So the fraud emails to customers or business partners are quite rampant and to make it worse, it is very difficult to identify fraudulent emails.
Our DMARC services handles such issues. We eliminate email spoofing, restore trust in email by blocking fraudulent messages and removing websites supporting malicious campaigns. We intercept and reject fraudulent email before it is received by employees, customers, and business partners. We also monitor who is sending spoofed email, where it is received, as well as the contained phishing URLs and malware. So we can decrease fraudulent email delivery by over 99%.
For more information, visit www.omandatapark.com