Combating a new generation of cybercriminal with in-depth security monitoring

Similar documents
Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Testing the Security of your Applications

THE EVOLUTION OF SIEM

Testing the Security of your Applications

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Threat Protection with Dell SecureWorks Security Services

Address C-level Cybersecurity issues to enable and secure Digital transformation

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Comprehensive Advanced Threat Defense

2012 Bit9 Cyber Security Research Report

The Benefits of an Integrated Approach to Security in the Cloud

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

WHITE PAPER: THREAT INTELLIGENCE RANKING

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

The SIEM Evaluator s Guide

Overcoming Five Critical Cybersecurity Gaps

Cybersecurity Strategic Consulting

Unified Security, ATP and more

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

End-user Security Analytics Strengthens Protection with ArcSight

Detect & Investigate Threats. OVERVIEW

Fraud Solution for Financial Services

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Continuous Network Monitoring

RSA Security Analytics

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

IBM QRadar Security Intelligence April 2013

Symantec Cyber Security Services: DeepSight Intelligence

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Redefining SIEM to Real Time Security Intelligence

QRadar SIEM and Zscaler Nanolog Streaming Service

Advanced Threats: The New World Order

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Increase insight. Reduce risk. Feel confident.

An Analytics-based Approach to Cybersecurity

Integrating MSS, SEP and NGFW to catch targeted APTs

Managed Security Services. Leverage our experienced security operations team to improve your cyber security posture

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

The Future of the Advanced SOC

High End Information Security Services

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

MassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management

The webinar will begin shortly

CyberArk Privileged Threat Analytics. Solution Brief

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

White. Paper. Rethinking Endpoint Security. February 2015

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

CYBER SECURITY, A GROWING CIO PRIORITY

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

CYBER SECURITY INFORMATION SHARING & COLLABORATION

7 Things All CFOs Should Know About Cyber Security

Discover & Investigate Advanced Threats. OVERVIEW

INTRODUCING isheriff CLOUD SECURITY

Symantec Advanced Threat Protection: Network

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

The Next Generation Security Operations Center

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

SANS Top 20 Critical Controls for Effective Cyber Defense

Cisco Advanced Malware Protection for Endpoints

How to Choose the Right Security Information and Event Management (SIEM) Solution

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Bio-inspired cyber security for your enterprise

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Practical Threat Intelligence. with Bromium LAVA

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Getting Ahead of Advanced Threats

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Endpoint Threat Detection without the Pain

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Cisco Cyber Threat Defense - Visibility and Network Prevention

Into the cybersecurity breach

IBM Security X-Force Threat Intelligence

Eight Essential Elements for Effective Threat Intelligence Management May 2015

QRadar SIEM and FireEye MPS Integration

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Caretower s SIEM Managed Security Services

EnCase Analytics Product Overview

WHITE PAPER WHAT HAPPENED?

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Cisco Advanced Malware Protection for Endpoints

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Transcription:

Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center

The Challenge Don t leave your systems unmonitored. It takes an average 229 days to detect a system security breach 1. That s a long time for a cybercriminal, competitor, or even disgruntled employee to have unauthorized access to your business systems and critical information assets. Even an organization that s well protected with the right tools and the right processes in place leaves itself open to attack if it is not monitoring systems; detecting potential security incidents; and able to make changes to its operations quickly to counter any threat detected. This is because today s hackers and hacktivists are both determined and patient. They will wait, watch, and seize their moment. Advanced attacks are a real and present threat. More than half (56%) of organizations have been hacked 2, and 2014 saw a 120% increase in reported security breaches 3. The risk posed by a cyber attack to both reputation and revenue is clear. Some 46% of people globally report leaving or avoiding companies that have had security issues. 1 FireEye, 2013 2 HP, 2013 3 Factiva, Major News and Business Publications database; Thomson Financial, Investext database; databases of various security agencies 2 Combating a new generation of cybercriminal with in-depth security monitoring

Capgemini Cybersecurity Services The Security Operation Center (SOC) Gain complete visibility of your IT and security system with our Security Operation Center (SOC). It enables you to detect, analyze and respond to cyberattacks. A SOC is the centralized incident-response team reporting through the Chief Security Officer/Chief Information Security Officer (CSO/CISO). The SOC is comprised of three elements: Incident prevention: Threat intelligence Vulnerability management Incident detection and analysis: detect and analyze even the most advanced attacks before they damage the business Incident response: take targeted action against the most serious incidents.. A SOC is the centralized incident-response team reporting through the Chief Security Officer/Chief Information Security Officer (CSO/CISO). It consists of people, process and technology. The SOC orchestrates the multiples roles, processes and technology to enable efficient incident detection and response. 1 2 Threat Intelligence Vulnerability management Incidents prevention Security monitoring Incidents detection Security response Response & reporting 3 3

A more determined adversary means more data is needed to identify cyberattacks. More complex IT environments make it possible for even a simple cyberattack to hide in plain sight. Such is the complexity of today s digital world that security professionals are struggling to keep up. That s why the early, 1 st generation SOC is no longer up to the task. It met and continues to meet the basic need for a low cost solution enabling regulatory compliance and log monitoring. Insights never seen before Security Analytics Data Store Threshold Alerts Netflow IT/ Security Equipments Logs APTs 4 Detection Networks Network Packets Endpoints Analysis Payload Analysis (Sandbox) 4 Advanced Persistent Threats 4 Combating a new generation of cybercriminal with in-depth security monitoring

Capgemini Cybersecurity Services Local threat intelligence Data resides on the enterprise network Provides visibility of unusual traffic pattern or a series of events within the internal network External threat intelligence Provides a big database of TTPs (Tools, Tactics, Procedures) observed on a wide network of sensors Provides expertise in understanding threat actors and TTPs and putting puzzle pieces together But this isn t enough! Compliance is not security. More data is needed to identify cyberattacks. The 2 nd generation SOC enables you to combat advanced threats by bringing together security information and event management (SIEM), network security monitoring, endpoints monitoring, payload analysis and offline big data analytics. To manage the huge amount of data available in a 2 nd generation SOC, our analysts use a unified workflow to: Focus on their most critical tasks and complete end-to-end incident management in minutes, not hours; Do more with same amount of people by spending their time on the incidents that have the biggest risk to the organization and completing them as fast as possible; Use a single tool to perform actions currently only possible within a disparate set of interfaces. A new generation of detection and response That s not all. We are now able to offer our clients a new, 3 rd generation SOC the 1 st Advanced Data Analysis SOC. This improves still further both the capacity to detect the most sophisticated Advanced Persistent Threats and the incident response. Our 1 st Advanced Data Analysis SOC adds four services to those already offered within the 2 nd generation SOC: 1. More focused detection rules We integrate our team of analysts with the client organization, enabling us to define more focused, accurate detection rules corresponding to the client s IT environment. We have defined a methodology enabling efficient cooperation without diluting responsibilities. This methodology ensures that our customers can achieve exactly the right balance of accountability and responsibility with their managed security service provider. 2. Deeper understanding of the context Threat intelligence The SOC collects and analyzes cyber threat intelligence to gain insight into adversaries and their motivations, intentions, and methods. 5

This knowledge is disseminated to help security and business staff at all levels protect critical enterprise assets. Understanding the applications included in the attack perimeter See Data You Didn t See Before Understand Data As Quickly As Possible 3. More efficient response Creating a strong link with the IT Service Management (ITSM) To Define Efficient Remediation Actions Creating a security dashboard highlighting both technical and business risks. 4. Security analytics The 1 st Advanced Data Analysis SOC has three key focus areas for its security analytics: User: provides visibility of user behavior to detect malicious or negligent users, or identify external attacks that compromise user accounts across the enterprise; Applications : this combines analytics with our cloud-based application security testing offer. The SOC processes an organization s growing collection of historical application security scan results to reduce the number of issues that require an auditor s review. This enables our clients to focus resources on fewer, higher priority tasks. DNS Malware : identifies malware-infected hosts, such as servers, desktops and mobile devices, so that they can be contained before gaining access to the network. We analyze a high volume of DNS records to detect new, unknown malware. This saves valuable IT time and resources, enabling clients to prioritize and remediate based on the highest risk devices. Our 3 rd generation SOC proposition embraces 1 st and 2 nd generation SOCs, as well as the 1 st Advanced Data Analysis SOC. It is tailored according to a client s individual needs. We can deliver security monitoring services though a dedicated customer SOC or through a multi-tenant platform from Europe or India. Assurance and trust with 1 st Advanced Data Analysis monitoring capabilities A SOC is a set of processes, technologies and a team: a team of trusted security analysts trained to be efficient and on top of its game. In addition to security analysts, we have an elite R&D team: able to analyze and reverse engineer the most complex malware; able to support you in in the event of severe cyberattacks; able to perform deep security tests on security products (for example data sources: sandbox, IPS, etc.) to identify their weaknesses (zero days) or backdoors. 6 Combating a new generation of cybercriminal with in-depth security monitoring

Capgemini Cybersecurity Services In summary The 1 st Advanced Data Analysis SOC brings a new approach to security that addresses critical challenges: Despite increasing investments in security, breaches are still occurring at an alarming rate. Traditional security protection is far from sufficient to secure your enterprise s most valuable assets; Traditional SIEMS have not evolved sufficiently to meet the security challenge and combat sophisticated cyberattacks. Log-centric SIEMs cannot defend against attacks. While they connect the dots between security incidents to give security analysts some level of visibility of what is going on across the enterprise, the logs lack the detail needed to understand what is truly happening in the IT system. In fact, 99% of successful attacks were undiscovered by logs (source: Verizon breach report 2014). New Approach to security : Real-Time and Offline Analysis of Multiple Data Sources Enhanced by a Good Understanding of the Context Capgemini keeping your systems, applications and data protected day and night. Find out more at www.capgemini.com/soc 7

Capgemini Cybersecurity Services About Capgemini With 180,000 people in over 40 countries, Capgemini is one of the world s foremost providers of consulting, technology and outsourcing services. The Group reported 2014 global revenues of EUR 10.573 billion. Together with its clients, Capgemini creates and delivers business, technology and digital solutions that fit their needs, enabling them to achieve innovation and competitiveness. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience TM, and draws on Rightshore, its worldwide delivery model. For more information, please visit: www.capgemini.com/cybersecurity The information contained in this document is proprietary. 2016 Capgemini. All rights reserved. Rightshore is a registered trademark belonging to Capgemini. MCOS_GI_AP_20151231

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information