Managed Security: That’s how a good collaboration works

Mr Heschl, how do you incorporate the issue of IT security in your company?

Two basic concepts are fundamental to our IT security management. Firstly, security is enshrined in the thinking of our internal, operational IT teams. This means that we do not have the problem of needing to implement IT security measures “on top” of changes in our IT landscape, but we collaborate, from the security point of view, and are in constant dialogue with those who manage IT operationally worldwide. Secondly, we are aware that the security of an IT landscape cannot be achieved by technology alone. It would not work without the experts, their excellent handling of highly specialised software and our strong trust and confidence in their abilities.

As regards day-to-day IT security monitoring, you have relied on managed services provided by RadarServices for many years. This means your internal IT security team works together with security analysts from Europe’s largest Security Operations Centre in Vienna every day. Exactly what form does this collaboration take?

We communicate with the analysts in Vienna virtually every day. They pass on all the problems relevant to security that they have detected and prioritise and assess them for us. They also provide instructions to help us solve each individual problem. A major benefit of this is that it saves our in-house resources. They provide a risk & security cockpit which we use as a central information and communication platform, but we can also call them if we need to.

We also get a monthly visit from the RadarServices’ team of analysts. These IT security jour fixes are not only attended by us, but our colleagues from the operational IT team are also involved. We review the status of data collection for monitoring, changes to the IT landscape, patterns and trends. Beside these firsthand exchanges of information with the analysts, we also hold six-monthly meetings with the service managers of RadarServices. This provides a forum in which to discuss potential strategies and improvements.

What was the decisive factor for having a managed service, rather than setting up your own in-house SOC at Red Bull?

Having our own SOC would mean that we would have to find many highly-specialised security analysts to handle the technologies, the processes and the detection itself at our location, employ them longterm and also provide them with the professional challenges they need on an ongoing basis. I think that for a company of our size with key expertise that has nothing to do with IT security, this is neither feasible nor logical over the long term. So working with external specialists was never in doubt. And it remains the right decision to this day.

What considerations were crucial for the choice of your managed security services provider?

We see the ongoing collaboration with our external partner as one part of our security architecture. We have a lot of security mechanisms and tools inhouse, of course, and we are constantly adjusting and improving. But the external SOC still checks that all these measures are effective. They tell us if this is not the case, as well as alerting us, if necessary. Hence, we regard the SOC services as a “second line of defense” from an independent source.

We weighed things up meticulously when choosing an actual SOC provider – where would we merely be buying “off the peg” services, and where, on the other hand, would we get customised services and sufficient attention. The IT security situation at every company is different, and an external provider in the daily “IT security balancing act” also has to understand and live with this in practice. This is how we came to RadarServices.