Open source to power Telstra security operations centres

The open source Apache Metron project will help underpin managed security services delivered from two Telstra security operations centres set to be launched later this year.

Telstra will launch SOCs in Sydney and Melbourne in June.

The telco’s director of security solutions, Neil Campbell, said the new SOCs and Telstra’s new platform are part of “reimagining” how managed security services are delivered, particularly in the context of the vast quantities of data enterprises find themselves grappling with thanks to developments such as the Internet of Things.

Telstra has already begun contributing code back to the Metron project. The telco has been working to build Metron “into a full industrial-scale managed security services platform,” Campbell said.

Using open source offers “the ability to be master of your own destiny when it comes to features and timelines,” he added, allowing the telco to be flexible in order to meet its clients’ requirements as well as adapt to an evolving market.

Another reason for using open source is that “by contributing to the open source community we put the tools in the hands of users who might otherwise not be able to afford an enterprise-grade SIEM platform or for their own reasons would never outsource and are looking for some flexibility in-house,” Campbell said.

There is a cost benefit for the telco: “It allows us to take out a significant underlying cost that contributes to any managed security service, which means we’ll be able to provide that service to more businesses who have previously not been able to afford an enterprise-grade managed security service.”

“The reason that’s important is because we believe that cyber security is a team sport, but that we as a society have not been playing enough as a team in order to try to combat the problem at a grassroots level,” Campbell added.

The two SOCs will be based in the CBDs of Melbourne and Sydney.

“Part of the reason for that is to give our clients access to the teams in those security operations centres and to really showcase what we believe is best practice in operating a SOC… We also want to make sure that we have access to the largest pool of talent in Australia from an analyst perspective.”

Real estate costs as well as the difficulty in finding space for redundant data centre power and cooling typically force SOCs to be located away from CBDs, Campbell said. Telstra is dealing with the need for redundancy by having the two centres operate in parallel, so that if there is a power grid outage in one city, for example, the SOC in the other city can pick up the load.

Campbell said that Telstra planned to release a range of products of services based on the idea of “democratising security technology” — “putting it in the hands of more and more people so that we can move towards a society where we – and I know this is a grand term – can help to inoculate the country against some of the more pervasive threats.”

“We also believe it’s exactly the right time to do this because the government is very active and vocal in this space,” he added.

April 21 will mark the first anniversary of the federal government’s national cyber security strategy, he noted.

In Australia there is “not just policy but activity,” Campbell said, citing as an example the launch in Brisbane of the first Joint Cyber Security Centre. Telstra is a founding member of the centre.

“We believe strongly in that as an initiative to bring the business community as well as government together… We believe that it’s a team sport and you fight more strongly and get a better result if you band together and do things like share threat data [and] make your services available to each other.”

C-level engagement

Among Australian businesses, Campbell said there are indications of growing awareness about the importance of cyber security. Telstra today launched a white paper based on research by Frost & Sullivan on attitudes towards cyber security within Australia and Asia.

“We’ve seen a significant increase in C-level executives taking accountability for security within their organisations,” Campbell said. “And by significant increase I mean the level of engagement of C-level people has actually doubled over the past year.”

Although a 2016 survey conducted by Frost & Sullivan for the white paper indicated that many respondents still view IT departments as responsible for security breaches, there was a steep increase in the proportion of people who also saw C-level executives as responsible.

“There has been a significant shift in responses towards the C-level executives as a group being held responsible for security incidents from 19 per cent in 2015 to 61 per cent in 2016 and away from the IT department being held responsible for security incidents with a decrease in responses from 62 per cent in 2015 to 34 per cent in 2016,” the whitepaper states.