Customer stories

CHT Security logoCHT Security

ArcSight supports continued innovation and enhanced customer service while ensuring regulation compliance in a move to cloud computing

CHT Security logo

Outcomes

  • Full scalability, ready to manage 10,000+ events per second
  • Multi-tenancy support by design, providing safe delegated access
  • Ease of log data collection and intuitive user interface for fast analysis
  • Enhanced customer service through integration with existing ecosystem
  • Full regulatory compliance

Challenge

Provide a sophisticated security event monitoring and attack detection service to clients amid ever-changing regulations and evolving attack vectors.

Details

Sophisticated cyberattacks and ever-changing regulations

CHT Security is actively involved in the Smart City Taiwan project, working closely with the government to build a safe and reliable smart city. With the rapid adoption of new technologies, many businesses are now moving to more complex hybrid and multi-cloud environments, expanding the enterprise attack surface. Under the pressure of ever-changing regulations and industry requirements, IT and security operations teams have found monitoring and managing the entire IT environment more challenging. Enterprises increasingly seek trustworthy cybersecurity service providers to outsource security operations and improve overall security posture. CHT Security covers managed network security services, professional cybersecurity and consultation services, cybersecurity products, and cybersecurity project development.

As a MSSP, CHT Security works with many clients who move away from traditional IT infrastructures to cloud or hybrid cloud computing. Managed delegated data access and multi-tenancy management are necessary to enable secure access when different clients leverage the same cloud infrastructure. Jerry Wang, Vice President of CHT Security, explains further: “Because many of our clients are government agencies, we deal with stringent regulatory compliance requirements. But even in the private sector, with increasingly sophisticated cyberattacks and the high volumes of sensitive data that are at risk of leakage, there is an expectation that throughout the supply chain of service providers, everyone complies with strict cybersecurity rules. Considering the growing data processing needs that we see in most of our clients, providing a scalable system is essential to our success.”

We are so pleased that our decision to use ArcSight many years ago continues to pay dividends for us today and into the future. ArcSight enables us to innovate and provide the best service to our customers.

Jerry Wang
Vice President, CHT Security

ArcSight ESM—scalability, multi-tenancy support, integration, and friendly UI

With some CHT Security clients exceeding 10,000 events per second, the importance of scalability cannot be overstated. The organization made a decision to use Cybersecurity ArcSight Enterprise Security Manager (ESM) many years ago. ArcSight ESM is a powerful SIEM that delivers real-time threat detection with adaptable SIEM correlation analytics. As ArcSight ESM supports multi-tenancy by design, it is an ideal solution for CHT Security’s MSSP business model.

One of the main advantages for CHT Security is ArcSight’s ability to integrate with existing ecosystems. “Hackers now tend to use a diverse set of attack vectors for which we find traditional rule-based detections to be inadequate,” says Wang. “However, we integrated ArcSight ESM with our latest detection mechanisms, from our network detection and response (NDR) and endpoint detection and response (EDR) solutions. This allowed us to design a set of multidimensional cross-device correlation rules to monitor complicated and ever-changing attack vectors.”

CHT Security provides a security risk management (SRM) service to its clients. This includes a comprehensive dashboard, web portal, threat intelligence, and industry-specific correlation rule sets. The team also assists clients with exclusive threat intelligence through a professional forensic team to analyze events. ArcSight seamlessly supports this effort, as Wang comments: “ArcSight ESM comes with an intuitive and logical user interface that minimizes training requirements for new employees. In general, ArcSight ESM accelerates our data log collection, processing, and management procedures. Because ArcSight includes a wide range of device log formats, everything we need is available out-of-the-box without the need for additional development resources.”

ArcSight ESM comes with an intuitive and logical user interface that minimizes training requirements for new employees. In general, ArcSight ESM accelerates our data log collection, processing, and management procedures.

Jerry Wang
Vice President, CHT Security

Award-winning security offering with ArcSight ESM at its center

The open nature of ArcSight ESM makes it very complementary to CHT Security’s own services. The team easily incorporated its own big data processing module to further enhance services offered to its clients. ArcSight ESM also provides the flexibility to develop customized solutions for clients, based on required functionalities. In practice, ArcSight ESM manages efficient log data collection that is then processed using in-house-developed big data processing algorithms. CHT Security specialists deploy industry-specific correlation rules using ArcSight’s intuitive user interface. Any detected security events are then verified by security specialists and routed through the ticket management system, where clients receive customized security alerts and incident responses.

The organization uses its own security orchestration, automation, and response (SOAR) capabilities, but these are tightly integrated with ArcSight ESM to collect security threat data and provide automatic cross-device responses to security events with minimal human assistance. This means that CHT Security can expand monitoring from the traditional IT field to the operational technology (OT) environment. “ArcSight ESM offers intuitive visualization for event analysis. This is particularly helpful to our staff when trying to gain a quick insight into cyber events,” says Wang. “We are so pleased that our decision to use ArcSight many years ago continues to pay dividends for us today and into the future. ArcSight enables us to innovate and provide the best service to our clients.”

Let’s give a final word to Frost & Sullivan, who awarded CHT Security the 2022 Taiwan Company of the Year award in the cybersecurity service industry. This is what Vivien Pua, Frost & Sullivan’s Senior Industry Analyst, said: “CHT Security leads the cybersecurity service market with its holistic and extensive security service offerings that are strengthened by its established reputation, commitment to innovation, and continuous efforts in expanding its partnerships with technology vendors to better support customers.”

About CHT Security

CHT Security logo

CHT Security is a subsidiary of Taiwan’s premier telecommunications company, Chunghwa Telecom Group, and is one of the most reputable ICT companies in Taiwan. It delivers cybersecurity services and is the leading managed security service provider (MSSP). More than 250 employees deliver comprehensive cybersecurity solutions to over 300,000 households, 20,000 small and medium enterprises, as well as 200 large enterprises and government institutions.