When Hawaiian Telcom launched Managed Network and Security Services in 2010, the IT staff at the Honolulu-based telecommunications company quickly realized it needed a security management platform that could support the implementation effectively in monitoring and maintaining network security for its business customers.
Hawaiian Telcom employs more than 1,300 technology, communications and customer service professionals, with 16 dedicated to managed services and 24 making up the IT staff.
"As security emerged as an area of concern for our business customers, our costs began to increase due to the variety of security solutions required to meet their needs," says Matt Freeman, senior manager, managed security services at Hawaiian Telcom.
As his team assessed the department's inventory, they realized that using a variety of security tools to provide these services to customers within a multi-tenant environment would become unwieldy for the security service team to manage. "Our goal was to find a more comprehensive platform that offered unified security capabilities to streamline management and reduce costs," Freeman says.
Freeman (left) began the process of reviewing and deciding on the solutions necessary to address this problem. After a look at several options from a number of vendors, he and his team determined that AlienVault's USM platform could accelerate detection and response capabilities, reduce operating costs and improve efficiencies for the security team.
"We had more control over each deployment and did not end up with just a black box that collects and stores logs," he says. "AlienVault's USM tied three core components into a single system: network/host IDS, vulnerability scanning and log management.
Hawaiian Telcom deployed using the AlienVault MSSP federated deployment model, meaning that each network it protects has a standalone AlienVault system dedicated to its security. "Network events are correlated onsite and only alarms are forwarded to us," Freeman says. Deployment is typically fast and easy, resulting in cost savings through reduced labor, he adds.
AlienVault's USM platform wraps all critical security capabilities into a single platform that is easy to use and backed by dedicated customer support, Freeman says. "Our services are kept up-to-date based on the work of AlienVault Labs, which actively tracks millions of threats and delivers the latest intelligence directly into our USM platform approximately every 30 minutes."
How it works
"AlienVault Unified Security Management is an all-in-one platform that gives customers full security information and event management (SIEM) capabilities and other essential security tools – such as continuous threat monitoring, asset discovery, behavioral monitoring, vulnerability assessment, managed firewalls and intrusion detection," says Jake Mosher, senior product marketing manager at AlienVault.
The goal, says Mosher, is to provide customers with a unified threat detection and compliance management solution that is easy to use and affordable. "We've built all essential security capabilities into one Unified Security Management platform, which is powered by up-to-the-minute threat intelligence from AlienVault Labs and our Open Threat Exchange – the world's first truly open threat intelligence community that enables collaborative defense with actionable community-powered threat data," Mosher says.
The tool enables customers to protect sensitive data that is affected by HIPAA, PCI and other regulations. As an example, Freeman says AlienVault USM's log management capabilities lets customers see exactly who is logging into their systems, what they were doing and how they got in, which meets PCI requirements.
The solution typically is deployed into customer networks based on where it can gain the most visibility, says Freeman. "Some customers have multiple sensors, loggers and servers while other customers have a single all-in-one AlienVault solution."
Each deployment is different, depending on the needs of customers. Freeman says Hawaiian Telcom works with AlienVault to develop the right solution for each one. "We enhanced the AlienVault logging solution to accept and normalize logs from a variety of data sources, which allows us to create custom solutions to provide visibility into systems that were not previously visible to the SIEM."
The Honolulu-based telecommunications company provides integrated communications, broadband, data center and entertainment solutions for business and residential customers statewide, as well as broader digital applications for residential, business or government customers.
It provides the fiber that feeds 4G wireless networks to digital television, VoIP Hosted Voice to virtual colocation, and provides new office towers with fiber for greater connectivity.
As well, it lays undersea cables across the Pacific to Asia and offers 1Gbps broadband service.
Adopting AlienVault as its primary toolset allowed Freeman's team to evolve its security program and focus on delivering security services to customers, he says. Previously, a significant amount of time was devoted to maintaining different systems. "Today, we have the capacity to focus on growing our Managed Network and Security Services business and helping our customers to understand and prepare for security threats," he says.
Once his team helps a business enhance its security policies and reviews its network's weaknesses, the team can deploy AlienVault USM to address logging, scanning and monitoring needs.
When asked what new threats are most prevalent, Freeman points to ransomware. It's is a constant threat, he says. "Preventative appliances are not always sufficient to stop attacks from disrupting business operations," he admits. "One careless employee can accidently bypass all the perimeter defenses and create an internal threat. Internal monitoring of the network for unusual traffic is a great way that AlienVault's managed IDS adds value without adding cost," he says.
He illustrates his point by providing a recent example of the technology in action: Hawaiian Telcom's Managed Network and Security Services team saw unusual activity show up on the USM dashboard and identified it to the affected customer as potential malware. His team dug into it and quickly found that the entry point was email-based and was affecting work stations at five different locations across multiple Hawaiian Islands.
"We immediately contacted the customer and initiated their incident response plan, blocking outbound traffic at the switch level and helping the customer trigger their cleanup procedures. They were able to minimize the damage because USM's SIEM alarm and intrusion detection system responded so quickly."
His team also used AlienVault at its Capture the Flag cyberskills challenge at Hawaiian Telcom University 2016, Hawaii's premier technology event attended by nearly 500 business and technology professionals. The challenge, which was developed in-house by the telecom's managed security engineers, ran the contestants who were primarily IT professionals and students, through all the phases of a cyberattack: recon of the network, testing defenses, exploiting vulnerabilities and getting away with the goods. The goal for this challenge, says Freeman, was to spark interest in cybersecurity careers and to expose local business professionals to the growing risks and encourage them to take precautions early.
"Our team monitored the challenge network with AlienVault USM so event attendees could see in real-time how attacks against their networks can be identified and stopped," he says.
As far as keeping the technology current, the AlienVault Labs team develops threat intelligence updates that are pushed out approximately every 30 minutes and fed directly into the company's USM platform, which, in turn, updates its threat detection capabilities, says Mosher (left), adding that these updates provide USM customers with the most current information about emerging security threats, accelerating their ability to detect and respond to potential issues.
"As Hawaii's technology leader, Hawaiian Telcom is proud to partner with AlienVault to provide best-in-class managed network security services to our business customers of all sizes, from all industries," says Freeman.