The County of Los Angeles, the largest county in the United States, engaged a Managed Security Service Provider (MSSP) to serve as its Security Operations Center (SOC) and provide round-the-clock (24x7x365) expert security monitoring services for their Enterprise Data Centers and Enterprise Network to protect them from security threats and attacks. As the expansion of the MSSP services included several remote security sensors at critical sites around the Client’s geographical area, the Client hired WATI to augment its security incident response processes so as to respond with better efficacy and remediate the security incidents identified by the Active Threat Analytics (ATA) security incident tickets on issues related to security, hacking, network, malware, etc.
Advanced Threat Analytics (ATA) and Security Incident Response Management for County of Los Angeles
Problem
Solution
WATI has longstanding partnership with the County of Los Angeles since 1998, and completed over 120 engagements. WATI provided skilled consultants to staff the County’s SOC as a part of this project.
WATI bridged the communications gap between its Client and Client’s customers technically, culturally and business-wise. WATI assessed the Client’s security landscape and provided them comprehensive security through Vulnerability Assessment and Penetration Testing. WATI’s primary emphasis was to work swiftly on ATA’s tickets assigned from the Client’s Managed Security Service, including reviewing and working on cases all the way through successful closure.
WATI provided in-depth support for information security incidents related to internal violations, hacker attacks, viruses, unauthorized system access, identifying incidents of compromise and their manner of use at the network level.
WATI analyzed and interpreted the system, security and application logs to identify faults and detect unusual behavior, and provided recommendations to improve information security incident response processes pertaining to host and network security as per the Client’s policies and procedures. WATI identified issues and coordinated with the Client’s customers regarding resolution of security incidents. WATI analyzed the threat intelligence information and compared ATA cases with the customer departments that were impacted, and worked with customer departments to enable the telemetry assimilation into the ATA Managed Security Service.
WATI also regularly participated in project review meeting and conference calls and worked with MSSP to scrutinize documents and assimilated information, and assisted in documenting the classification, identification and prioritization of critical systems and data. WATI established and executed on-demand reports requested by Client and management. It also provided knowledge transfer and training to Security Operations Section (SOS) staff and ATA portal users, and weekend support whenever required.
Impact
WATI selected the right resources and employed them effectively, going above and beyond the usual project obligations, to help the Client address some critical issues like taking care of email gateway security, programming, scripting, coding, automation, etc. WATI’s recommendations helped the Client integrate the development team with the security team at the initial stage of development, as against the normal practice of implementing security after full development, establishing the foundation of DevSecOps at the County.
Benefits
The Client was very impressed with WATI for its high degree of professionalism and for having deployed the right team of resources, who could identify the right vulnerabilities in a swift manner. WATI was able to successfully and swiftly close the incident tickets raised by the ATA security incident response team.