Security Process Outsourcing (SPO)



Why outsourcing your security operation?

  • High initial investment to assemble your own structure:
    • Structure a 24x7 SOC environment with the proper redundancies;
    • Purchase hardware and software;
    • Implement a communication system;
    • Develop processes and procedures, from user service to operation contingency;
  • Complex maintenance and management:
    • Assemble and manage different 24x7 shifts;
    • Retain talents and keep the team motivated;
    • Maintain and evolve processes and procedures;
    • High difficulty in charging internal SLA;
  • High operation cost:
    • Hire several professionals to make up 24x7 shifts;
    • Keep the structure up and running 24x7;
    • Constantly customize ticket systems and SLA control systems;
    • Customize and enhance event correlation systems, sensors and reports;
    • Constant Investment in R&D;
  • Gains with CIPHER outsourcing:
    • Over 7 years of experience in MSS by using SOC;
    • Effective charging of SLA on an agreement basis, with clear indicators;
    • ISO 20000 and ISO 27001 certified environment;
    • Ticket and SLA management structure, fully-assembled communication and event correlation systems, use of leading-edge technology;
    • Highly qualified and certified team;
    • Support by CIPHER Intelligence;
    • Know-how and specialization;
    • Low fixed monthly cost;
    • Tax gain: OPEX x CAPEX.


Best practices for SPO

In order to enhance your security, transparency and attaining your compliance goals, it is worth keeping an unbound view and avoiding conflicts of interests. Therefore, your SPO or MSS should not be performed by the same company contracted to make BPO, datacenter, telecommunication or network asset management. The main standards in the marketplace and the best security practices advise the use of distinct companies so that threats, risks or failures do not go unnoticed. Security services should be provided by specialized companies, considering their severity and complexity.


CIPHER SPO services

Information Security Management: assist in the definition of the security strategy, ongoing adequacy to standards and regulations (ISO 27001, COBIT, Sarbanes-Oxley, PCI DSS), keeping the compliance rates and requirements, response to demands from audit departments, support to other company’s areas or partners, periodical update of processes and policies.

Managed Security Solutions: support, maintenance and operation of security assets, Software as a Service, "In the Cloud" Security, for: Firewall, IPS, IDS, Anti-virus, Anti-spam, UTM, Content Filter, Identity and Access Manager, DLP, SIEM, Log Manager, NAC, among others.

Monitoring and Incident Response: real time monitoring of attempted intrusions, incident treatment and recovery, event management, notification of threats, log analysis and management.

Vulnerability and Patch Management: discovery, analysis and ongoing correction of vulnerabilities, vulnerability management lifecycle, patch-management, ongoing update of security baselines.

Periodical Security Assessments: risk analyses and periodical intrusion tests on networks, servers, databases and applications, periodic review of network topology and security policies, periodic review of application source code.

Report and Indicator Generation: creation of reports for risk management, publication of reports for ticket control and SLA management, generation of reports on attempted intrusion and incident response, security system statistics, indicators for compliance requirements, submission of reports to all the other requesting areas.


Differentials of CIPHER SPO

CIPHER SPO is operated 24x7 by its Security Operations Center (SOC), with all the required redundancies and contingencies to successfully meet the SLAs. CIPHER is the only ISO 20000 and ISO 27001 certified security company, ensuring its clients the compliance of their processes to ITIL and the security of their information.

Through its ticket and SLA management system ITIL v3 compliant, CIPHER’s clients are capable of following up services, their indicators and generating reports in real time. All functions, including the opening of tickets, may be performed through its 24x7 call center, with user authentication and local landlines in the main cities, or through its multilingual web-based self-service interface.

The advanced laboratory - CIPHER Intelligence – for discovery and analysis of world threats will provide all the support for the state-of-art methods and security technologies to be applied to its environment, attaining the highest level of servicing and protection, being always at the forefront of the marketplace.

In addition to a 24x7 redundant and multilingual SOC, with the best event correlation system, CIPHER relies on in-person servicing operational structures in the main regions of America and Europe.


Secured by CIPHER Seal

Using CIPHER SPO all web systems that are in the SPO’s scope are given the renowned Secured by CIPHER seal.

Turn security into a business differential. Show your clients that your e-commerce is truly safe and increase sales, minimizing risk.