Case study

TELUS leverages HP ArcSight

and TippingPoint
Managed security service provider builds intelligent
analysis on tightly integrated HP solution
Industry
Managed security services
Objective
Provide managed security services, both onpremise and cloud, that can effectively address
the evolving and increasingly complex threat
landscape facing customers across a broad range
of vertical industries
Approach
Deploy HP TippingPoint and HP ArcSight
technologies, leveraging the strong synergy
between the solutions, and build advanced services
on the ArcSight platform to address targeted threats
IT matters
Provides an extensible platform on which to
build advanced threat protection services such
as intelligent analysis, forensics capabilities, and
malware analysis
Supports complex feature sets, allowing TELUS
Security Solutions to tailor solutions precisely in
order to meet customer requirements
Delivers effective protection against cyber threats
across the enterprise, from the companys internal
network to managed security services customers
Business matters
Enables managed security services customers to
focus on their core business rather than on security
Expands market opportunities for managed SIEM
services through flexible deployment options,
including a cost-effective cloud offering
Gives customers confidence and peace of mind
with market-leading technologies and strong HP
partner relationship

Correlating the data that we receive from the TippingPoint

IPS into ArcSight, along with information we get from
the customer environment and other sources, provides
excellent data for analytical response to targeted threats.
Hernan Barros, Director of Product Management, TELUS Security Solutions

Security experts
As cyber threats become increasingly complex, more and more
companies are turning to managed security service providers
(MSSPs) for help in this critical area. It makes sense: MSSPs
leverage their tools and expertise to deal effectively with the
shifting threat landscape, and companies focus on business
innovation in their own core competency. TELUS Security
Solutionspart of TELUS, a national telecommunications
provider in Canadaoffers a comprehensive portfolio of
managed security services, including a powerful security
information and event management (SIEM) service based on
the market-leading HP ArcSight platform.

Case study | TELUS Security Solutions

Things are different than they were five or

ten years ago, says Hernan Barros, director
of product management for TELUS Security
Solutions. Its no longer just someone
playing around and trying to hack into a
particular environment for fun. Threats are
now complex, they are targeted, and they
are meant for financial gain or to cause real
damage to organizations. These are the types
of threats that keep CIOs up at night. Managed
security services act as a business enabler,
because they allow customers to concentrate
on what they do best instead of worrying
about security.
Barros notes that HP ArcSightand the
complementary intrusion prevention system
(IPS) HP TippingPointplay a critical role
across the TELUS enterprise. Most importantly,
they are pivotal in helping protect the
customer-facing part of the business through
the companys managed security services.
Managed services
Our managed security services business is
where we get the most creative, says Barros.
We are huge TippingPoint and ArcSight
users. According to Barros, TELUS Security
Solutions was the first managed security
service in Canada to leverage TippingPoint;
the company has multiple extremely complex
deployments of the IPS in government
entities, as well as financials, oil and gas,
and other verticals.
On the HP ArcSight side, TELUS Security
Solutions has launched two versions of the
managed SIEM service: an on-premise offering,
in which the ArcSight solution is managed
on the customers behalf, and a cloud-based
ArcSight service. HP ArcSight is also the
foundation for the companys innovative
intelligent analysis service. In addition to
basic SIEM capabilities, we created a subset
of tools to address targeted threats, Barros
explains. Using these tools we scour the
Internet, collect client profile information,
review logs from various security devices, and
pass everything through ArcSight. This makes
it possible for us to map out threats in real
time, as well as prevent threats that might
occur in the future. The service also identifies
ways in which customers can change their
environment to mitigate future threats.

There is strong synergy between HP

TippingPoint and HP ArcSight. One of the
most critical elements in addressing targeted
threats is the IPS log data, says Barros.
TippingPoint and ArcSight are extremely well
integrated. The ArcSight interface has been
configured such that we can easily understand
the information coming from our TippingPoint
devices. Its a very powerful combination:
Correlating the data that we receive from
the TippingPoint IPS into ArcSight, along
with information we get from the customer
environment and other sources, provides
excellent data for analytical response to
targeted threats.
The best solution
TELUS Security Solutions has been using
HP TippingPoint for approximately five
years, and Barros says the purchase decision
was easy. Our customers were unhappy
with the incumbent solution in terms of
speed, reliability, extent of signature base,
and reduction of false positives, he says.
TippingPoint was one of the first intrusion
prevention systemsas opposed to intrusion
detection systemsthat really worked as
advertised. Basically it stops the attack and
alerts us, as opposed to detecting it and
letting us know; then we decide whether
or not we want to stop it. TippingPoint was
one of the first solutions to do that in a
consistent manner.
The decision to buy ArcSight was just as
easy. ArcSight was, and continues to be, the
best product in its class, Barros continues.
We jumped on that as a solution to replace
the existing product, which was no longer
satisfactory; the previous provider had
essentially stopped developing the service
in terms of parser support, flexibility, and
power of correlation. Another key factor in the
ArcSight purchase decision was the need for a
multitenant solution, whether for on-premise,
cloud, or virtualized environments. ArcSight
satisfied this requirement very well.

Case study | TELUS Security Solutions

Complex feature set

Ian Beckford, senior product manager at TELUS
Security Solutions, oversees the companys
managed SIEM services. He values the complex
feature set support available with HP ArcSight,
and also the extensibility and manageability of
the solution. The usability of ArcSight reduces
the operational cost of our support team
considerably, he says. In addition, the cloud
offering actually lowers the entry cost into the
SIEM market for a lot of smaller companies.
This means that our sales team can not only
approach enterprise customers, they can also
go to small and medium businesses and offer
a managed SIEM service at a competitive rate.
According to Beckford, ArcSights flexible
deployment options make the solution
especially valuable in an MSSP environment.
Thats the real key to it, he says. No two
TELUS Security Solutions customers are the
same, and the technologies available within
ArcSight can meet the needs of any type or
size of customer. Whats more, the use case
development and sizing tools in ArcSight help
our sales engineers design the correct solution
for our customers. The tools and experience
that HP brings to the table allow us to go
to market much quicker and provide more
tailored solutions.
In production
The TippingPoint rollout was straightforward.
Says Barros, The great part about
TippingPoint is that the signature base, which
is turned on from the start, is based on best
practices; as a result, the tuning we had to
do in order to have it work properly without
creating false positives was very limited.
TippingPoint did a great job of getting us
started, just by having the right policy on the
box at the outset. The amount of tuning was
basically cut in half.

TELUS Security Solutions did not have a cloud

SIEM service in the past, so they were able to
build that offering from scratch with ArcSight.
This product gave us a lot of flexibility
in terms of supporting new products and
services, says Barros. It also gave us the
ability to handle a much greater load, and to
log much more data for specific customers
than we could in the past.
Excellent results
According to Barros, one of the biggest
impacts of the TippingPoint deployment was
the ability to quickly deploy a very complex
solution into the companys largest customer;
this engagement contributed to the five-year
renewal of a key contract, solidifying the
revenue base of TELUS Security Solutions.
It also gave us the ability to focus our
operations, sales, and marketing teams on one
best-of-breed product, reducing the noise
from multiple other types of services available
in the market, says Barros. That really gets
to the benefit: Now we have become experts
in TippingPoint, which is the best IPS product
available. The ability to deploy TippingPoint
successfully on multiple occasions has really
put us on the map as an MSSP.
The business benefits of the companys HP
ArcSight deployment are no less impressive.
ArcSight gives us a tremendous advantage for
what is, in my opinion, the future of managed
security services, Barros continues. ArcSight
has given us a solid platform on which to build
all future services, from intelligent analysis to
forensics capabilities to malware analysis. Its
all about addressing targeted threats, which
represent the biggest issue facing security
today. ArcSight has provided us with the
backbone for our biggest differentiator in the
market, and it is where we are focusing our
future development.

Case study | TELUS Security Solutions

Customer solution
at a glance
Solution
HP ArcSight
HP TippingPoint
HP services
Training and technical support

Helping hand
While ArcSight and TippingPoint take center
stage, Barros is quick to point out the value
that TELUS Security Solutions gets from HP
Services and the HP account team. HP has
been integral in providing presales support,
sales assistance, and professional services,
he says. This is particularly true for ArcSight.
In order to build out our cloud service, we
leveraged the HP ArcSight professional
services team to set up the security operations
center. They also trained the security
SOC members, as well as our presales,
architecture, implementation, and consulting
teams. The HP team did, and continues to do,
an outstanding job.
Its a strong partnership. Our relationship
with HP is very successful, Barros concludes.
HP provides best-in-class products and also
deep expertise in the security arena. These
are people who really put their money where
their mouth is, supporting us and helping us
grow to become a leading MSSP in Canada. It is
a relationship that is built on trust, and also on
present and future success.

Learn more at
hpenterprisesecurity.com

Sign up for updates

hp.com/go/getupdated

Share with colleagues

Rate this document

Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only
warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

4AA4-9476ENW, September 2013