Evaluation of existing Security Information and Event Management products concerning the characteristics need to improve the corporate ability to implement and maintain information security incident response.
Operating in the IT industry niche, primarily focusing on telco, cloud computing, and software services, Vodafone remains highly susceptible to cyberattacks. In 2022, the company had to deal with accusations and claims that cyberattacks had threatened its services; claims and accusations that the company reported as false (Alshahab et al., 2021). Nevertheless, the organization’s vulnerability to cyberattacks due to its expansive state and services has pressured the company to embrace diverse tactics to enhance its cybersecurity. Vodafone has specific rules on how data is shared, stored, and logged, as the company understands that the process of data sharing and storage is critical to the company’s security. Access by unauthorized personnel could place the entire company in jeopardy; therefore, the company does not hold onto data for longer than necessary; once data has achieved its purpose, it is removed from the company’s database. The company has a range of data management practices to ensure data protection. For instance, networking history can be logged in for 30 days before it is anonymized and deleted. Data regarding serial Numbers and broadband line ID can be stored for 180 days, after which it can be anonymized and deleted. Deletion of data is critical as it decreases the chances of data idly lying around, increasing its susceptibility to misuse. Using NetPerfrom, an innovative and analytic solution, Vodafone can collect important data related to customer insights from around the world. The data collected using this tool allows the company to identify weak spots and develop sustainable solutions. With tens of millions of customers who have activated the NetPerfrom solution on the MyVodafone app, the company has control over customer data collection and how it is collected, stored, or destroyed when its purpose is completed.
Vodafone has also heightened its readiness and preparedness for cyberattacks by developing and implementing the incident Response and Intelligence Service (IRIS) (Duckworth, 2022). IRIS is a subscription-based solution for which company clients pay a timely fee to enhance their software and security and reduce their vulnerability to attacks. The solution is specifically designed for disaster prevention and recovery. It includes 60 hours of emergency support each year; during and crisis, the solution can analyze, contain and help recover from a cyberattack. Therefore, after an attack or detection, the company’s clients, including other businesses, can easily recover and go on with their daily operations. The solution also includes skilled consultants who provide regular consultations and advice to clients and are always responsive in case of an emergency security incident.
The organization is powered by the latest and most advanced technologies, which can be attributed to increased digitalization and automation. Some of its products include Artificial Intelligence (AI), including Machine Learning (ML) and Deep Learning (DL) tools to increase its ability to protect customer data and enhance its security system. For instance, the company has partnered with IBM Watson to develop the Chatbot TOBI, an AI that increases the ability of the company to handle its thousands of customers (Singh, Casson & Chan, 2021). This AI allows Vodafone UK to handle over 900,000 customers monthly, providing competent care and responding to their needs. Although AI has increased the speed of customer interactions, it has also elevated cybersecurity, protecting customer data in better ways than ever before. Through AI technologies, the company can detect malicious activities promptly, which allows for a quick response, thus minimizing the chances of severe damage.
The company has also partnered with RealNetworks to develop a service capable of detecting and identifying scam calls. The partnership has allowed for the development of an AI-based anti-spam solution dubbed CallProtect which can detect and filter scam text messages and voice calls. This is in response to the rise in smishing and vishing attacks in the UK and globally (Singh, Casson & Chan, 2021). The solution can be used by Vodafone as well as its client companies. Installation of the software results in an automatic blockage of sites, viruses, and numbers that appear harmless. Incoming calls and texts are matched against a database for verification purposes, with the user being alerted whether it is a positive or negative match. These incident response strategies have been instrumental in increasing the preparedness and responsiveness of Vodafone against cyberattacks.
A quarterly report also allows the company to assess its security status for sustainable solutions to be developed and implemented. These reports include the company’s and its clients’ security status, relevant events, and recommendations. The report is also accompanied by Tabletop Exercises, which include triage assessments to evaluate the company’s readiness against potential attacks. Therefore, the company is always prepared to detect and respond to cyberattacks which have been crucial in improving the security of the company.
Identification of SIEM deployment setbacks, including deployment complexity, interoperability aspects with existing security tools within the organization, lack of expertise, etc
As demonstrated by the SIEM products embraced by Vodafone, it is evident that the company has invested in the latest technology solutions to enhance its security system and minimize cyberattacks. However, the implementation, monitoring, and maintenance of these solutions are associated with various setbacks that prevent them from yielding the maximum expected benefits. Ironically, increased digitization which has been instrumental in implementing these solutions has also been a major setback for the company. Advancements in digital technology serve not only the company’s interest but also the hackers’ (Alshahab et al., 2021). With new, improved, and sophisticated technologies, hackers can enhance and perfect their attacks, especially on IT companies such as Vodafone, which rely on cloud computing and IoT, making them highly susceptible to these attacks. In February 2022, Vodafone UK was allegedly a target for a cybersecurity attack, particularly vishing, smishing, and phishing attacks (Kovaks, 2022). While the company did not clear up these rumors, it is apparent that even with increased advancements of SIEM capabilities in the company, attackers are sharpening their skills using these digital advancements to increase their rates of success of the attacks they conduct, thus becoming a major setback for the organization’s progress.
To meet the security needs of the company and its customers, Vodafone must regularly update its SIEM. It is only possible to solve emerging security issues with traditional SIEM as cyberattacks evolve into new trends, but so do they require new ways of combating them/. In the midst of it is a rapidly evolving digital technology platform that the company has to keep up with. An effective SIEM solution accurately captures all security events in the company’s entire network, including the switch, the server, the database, and all applications, among several others. A disparate network device may be incompatible with the SIEM solution (Catescu, 2018). Therefore, Vodafone faces a major challenge keeping up with new cybercrime trends to identify and adopt new ways of fighting them. However, the emerging SIEM solutions lead to more costs for the company, including their integration into the company systems, upgrading and updating other system elements to be compatible with the SIEM solutions, and the cost of providing constant training to employees to understand and be able to use them. Therefore, the company always has to get actionable security insights to ensure that the compatibility of its SIEM solutions in its network helps the solution achieve the desired objectives.
The lack of proof that a security breach has occurred is also a major setback in implementing SIEM capabilities in Vodafone. As mentioned above, cyber attackers have also embraced digital technology and applied their experiences to issues and successful attacks. An advanced and informed attacker understands that to limit their transmission’s impact on network bandwidth, event logs must be sent in groups and batches. This results in hackers accessing the company’s OS and the underlying logging system (Mokalled et al., 2019). Therefore, it becomes difficult for Vodafone to identify evidence of a security breach. No event can be generated in the monitoring system if the attacker surpasses the authentication process without being detected. These advancements in technology are a major setback for SIEM capabilities for Vodafone. The company should develop or purchase capabilities that meet its specific needs and the needs of its clients.
Additionally, Vodafone UK has to consider the hefty costs and price tags associated with implementing SIEM solutions. Investing in SIEM capabilities requires a significant investment in the development of the technology and related costs such as the annual license fees, training of employees, and storage costs (Mokalled et al., 2019). However, when the SIEM solution is weighed against the cost of having no SIEM capabilities, investing in SIEM is cost-effective for the company’s future.
As a telecommunications and cloud provider company dealing with diverse companies in and outside the UK, Vodafone serves many customers, which could be a major setback in implementing its SIEM capabilities. Implementing SIEM solutions depends on the rules of analyzing all recorded and stored data. For instance, as mentioned above, the company’s AI serves over 900,000 customers per session, demonstrating the massive size of the company’s client base. The result of these AI and other SIEM capabilities is the generation of many alerts within a day, making it difficult for the company to identify or differentiate which is a major threat that should be prioritized and which is not (Catescu, 2018). As a result, it becomes a complicated process to identify potential attacks using the volume of irrelevant logs. Therefore, the company should develop precise rules and perimeter to prioritize which potential attacks and incidences should be responded to first.
Endpoint detection and response tools, next-gen SIEM Capabilities, and automated incident response with Strategy Orchestration and Automation Response (SOAR)
Vodafone prioritizes endpoints such as laptops, PCs, and phones since they are the greatest security vulnerability to the company. This approach is based on the fact that each connected device can provide a potential entry point for cyber attackers. Moreover, in an era of remote working, it is important to ensure that employees do not allow unauthorized people to access sensitive company data outside the workplace. The company emphasizes employees using upgraded devices, including having the most recently updated operating system (OS), an antivirus, or antimalware. The company has therefore implemented Endpoint Detection and Response (EDR) technology to detect security issues quickly and respond to them in real-time. The EDR technology used by the company and also proposed to its clients entails continuous data collection of endpoints and analyzing it to produce a continuous report of the status of the endpoints. The technology also addresses how potential threats infect and move across a network, increasing the ability of the company to respond to them. In addition, the company has developed a cloud-based service called the VDM cloud, which provides users with seamless and secure usage. The technology is designed to ensure that only authorized people have access to specific information, making it easy to control who has access to information and also easy to track in case of an attack.
To keep up with the digital trends, Vodafone shifted from conventional SIEM capabilities to Next-Gen SIEM, which has increased the ability to detect, anticipate and respond to threat attacks. They were upgrading the SIEM capabilities critical to the company’s steps in improving cybersecurity since threats and attacks are evolving with increased digitalization necessitating modern and more advanced response systems. These solutions based their detection on an anomaly-based machine learning algorithm that can assess any environment and create rules and baselines suitable for this environment. An example is the Vi Cloud Managed Services, powered by Cloud4C, which allows access to data centers from different localities. The solution is customizable to align with the network and needs of each environment. It provides users with an end-to-end transfer to a private cloud environment during threatening situations. Another feature of the solution is its compliance-ready framework that allows users to transfer existing data and workloads from the familiar environment to a private cloud environment while complying with data sovereignty laws. The tool is often applied during the recovery process from a cyber security attack.
The above Next-Gen SIEM has been instrumental in helping Vodafone manage false positive alerts, especially since the company deals with many potential alerts. Vodafone is often overwhelmed with cyber threat alerts which occur daily. Therefore it is normal for employees to label them as false alerts and fail to pay attention to them. Using a sophisticated ML data algorithm and a skilled workforce, the SIEM can filter out the positive alerts from the false alerts and provide a real-time alert allowing a quick and timely incidence response. The company also acquired DEFEND, a cybersecurity solution that can provide diverse security offerings (Kochański, Korczak & Skoczkowski, 2020). The move was inspired by the realization that there is a growing market and demand for user-centric cyber solutions due to the growing cybersecurity threat. By investing in new technologies, the company increases its capacity to fight cyberattacks, thus inspiring consumer confidence. The wide range of Next-Gen SIEM solutions adopted by the company ensures that it is ready and capable of detecting and responding to threats, thus increasing the cybersecurity resilience of the company.
Regarding orchestration and automation, Vodafone uses VMware technology. Vodafone must virtualize and containerize all parts of its system network as a service provider. For this to happen, the company needs a consistent cloud-native platform that can be relied on in managing workloads (Vallejo, 2018). Therefore the company has selected VMware, which provides a single automation and orchestration platform for all its workload in Europe, starting with 5G standalone. Vodafone’s five-year plan is to develop a network platform to roll out 5G standalone (5G SA) and other digital features, such as voice over the internet. Modernizing and expansion require the company to have a single platform to ensure a streamlined delivery process that is unified and simplified. Using VMware, the company will not only automate and orchestrate this new venture but also ensure that the security across its single multivendor platform is not compromised by cyber attackers, even in the expansion process (Mukherjee, Shu & Wang, 2018). Demonstrably, Vodafone has heavily invested in its SIEM capabilities, including acquiring and developing modern software solutions that have been instrumental in improving the company’s security and elevating its cybersecurity resilience against future threats.
References
Alashhab, Z. R., Anbar, M., Singh, M. M., Leau, Y. B., Al-Sai, Z. A., & Alhayja’a, S. A. (2021). Impact of coronavirus pandemic crisis on technologies and cloud computing applications. Journal of Electronic Science and Technology, 19(1), 100059.
Catescu, G. (2018). Detecting insider threats using Security Information and Event Management (SIEM). University of Applied Sciences Technikum Wien. Available at: shorturl. at/dtzOT.
Duckworth, A. (2022). Technology and Pandemics: The Post-2000 Olympic Games. In International Security and the Olympic Games, 1972–2020 (pp. 173-196). Cham: Springer International Publishing.
Kochański, M., Korczak, K., & Skoczkowski, T. (2020). Technology innovation system analysis of electricity smart metering in the European Union. Energies, 13(4), 916.
Kovacs, E. (2022). Vodafone Investigating Source Code Theft Claim. SecurityWeek
Mokalled, H., Catelli, R., Casola, V., Debertol, D., Meda, E., & Zunino, R. (2019). The guidelines to adopt an applicable SIEM solution. Journal of Information Security, 11(1), 46-70.
Mukherjee, M., Shu, L., & Wang, D. (2018). Survey of fog computing: Fundamental, network applications, and research challenges. IEEE Communications Surveys & Tutorials, 20(3), 1826-1857.
Singh, G., Casson, R., & Chan, W. (2021). The potential impact of 5G telecommunication technology on ophthalmology. Eye, 35(7), 1859-1868.
Vallejo Puigvert, A. (2018). Design, deployment and SW validation to virtualize a mobile data core network to use 5G technology in Vodafone (Doctoral dissertation, ETSIS_Telecomunicacion).