Defending against modern cyber threats

Similar documents
Intelligence Driven Security

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

The Value of Vulnerability Management*

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

BlackStratus for Managed Service Providers

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

nfx One for Managed Service Providers

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Solutions overview. Inspiring talent management. Solutions insight. Inspiring talent management

Risk Analytics for Cyber Security

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Caretower s SIEM Managed Security Services

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Delivering value to the business with IAM

Unified Security, ATP and more

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Information & Asset Protection with SIEM and DLP

Security Information & Event Management (SIEM)

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Software Defined Hybrid IT. Execute your 2020 plan

Firewall Administration and Management

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Continuous Network Monitoring

Total Protection for Compliance: Unified IT Policy Auditing

Managed Security Service Providers vs. SIEM Product Solutions

Payment Card Industry Data Security Standard

Accenture Cyber Security Transformation. October 2015

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

Information Technology Policy

"Service Lifecycle Management strategies for CIOs"

A NEW APPROACH TO CYBER SECURITY

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

Extreme Networks Security Analytics G2 Vulnerability Manager

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

IBM Security Intelligence Strategy

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

How To Create An Insight Analysis For Cyber Security

Italy. EY s Global Information Security Survey 2013

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Securing your IT infrastructure with SOC/NOC collaboration

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

A Primer on Cyber Threat Intelligence

Critical Controls for Cyber Security.

Metrics that Matter Security Risk Analytics

Rethinking Your Finance Functions

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

IBM Cloud Managed Infrastructure Services for New Zealand Government

Big Data, Big Risk, Big Rewards. Hussein Syed

Safeguarding the cloud with IBM Dynamic Cloud Security

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

WHITEPAPER. Why Dependency Mapping is Critical for the Modern Data Center

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Agio Remote Monitoring and Management

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

CYBER SECURITY Audit, Test & Compliance

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Cyber Security: Confronting the Threat

Obtaining Enterprise Cybersituational

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

Guardian365. Managed IT Support Services Suite

NNIT Cybersecurity. A new threat landscape requires a new approach

Extreme Networks Security Analytics G2 Risk Manager

CYBER SECURITY TRAINING SAFE AND SECURE

SANS Top 20 Critical Controls for Effective Cyber Defense

Cyber Security: from threat to opportunity

Cyber Security for NERC CIP Version 5 Compliance

Sytorus Information Security Assessment Overview

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Cybersecurity in the States 2012: Priorities, Issues and Trends

HP NonStop Server Security and HP ArcSight SIEM

I.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

BT Assure Rethink the Risk

North American Electric Reliability Corporation (NERC) Cyber Security Standard

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

How To Protect Your It Infrastructure

Strengthen security with intelligent identity and access management

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Addressing Cyber Risk Building robust cyber governance

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Transcription:

Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

Agenda 1. The seriousness of today s situation 2. Key principles for successful implementation 2

What keeps CIO s awake at 3 am?

Impact of IT Trends on security Market pressures are putting incredible pressure on executives to protect their organisations while allowing for maximum business agility whilst doing so at an appropriate cost Consumerisation Open Collaboration Globalisation Threat Professionalisation Managing Compliance Trends Infiltration of consumer technology in the enterprise Extending the perimeter to partners and customers Interaction without borders Growing security threat from organised crime Proliferation of regulatory and compliance mandates Security Implications Ensuring security without limiting new modes of work and interaction Ensuring that critical assets are still protected Managing increased complexity from country and industry specific regulations Managing increased cost of prevention Staying compliant without hampering business agility Cost Pressures Growing need to reduce cost whilst increasing business value of IT Managing increased number and sophistication of threats with less 4

The Cyber Security Challenge What is my threat profile? How does the changing IT landscape impact my threat profile? What is the baseline compliance or security? How to measure success compliance, the (believed) absence of breaches, metrics? How to respond to Board queries about cyber preparedness? What are the most critical investments today? What needs to change in six months? 5

An integrated approach is required to manage the changing threat landscape We envision a security-aware enterprise that continuously analyses and monitors the environment in real time, adapting defenses in response to a changing threat environment. Enabling Capability Characteristics Process-Automated Responses Analytics-Driven Security Enablement of Virtual Resources 6

Optimising Security Operations Security operations tend to focus on monitoring low-level events and troubleshooting networks. Invariably the emphasis is on compliance which is a narrow scope and makes it impossible to lean forward on emerging threats. Performance Is about the right staffing, the right metrics and the right planning and coordination with other parts of the organisation e.g. budget, acquisition and enterprise architecture. Enhanced Operational Support Extract Value From Technology Is about integration of new technology components and appropriately providing ongoing maintenance and support including the people and processes. Is about analytics and workflow and a move away from a compliance attitude and into higher performance outcomes that seek to get the most out of solutions. Enterprise Risk Is about vulnerabilities, global threats and compliance. It s knowing what is a priority and acting with purpose while recognising what is drain on resources. 7

Next Generation Security Operations: A Journey Organisations should plan for a journey. The security strategy should include plans to deliberately move up the maturity curve over time Compliance Compliance and Sustainment Compliance Sustainment and Continuous Monitoring 0 Initial 1 - Managed 2 - Defined 3 - Quantitatively Managed Processes are unpredictable, poorly Controlled, and reactive. Little to no security infrastructure and tools. Processes are tailored for the organisation, but reactive. Dedicated teams are established. Security infrastructure exists, but may not be leveraged as per best practices or business requirements. Processes are tailored for the organisation and include proactive practices. Security infrastructure is aligned with operational objectives and management of tools is governed. Integration between security tools and monitoring capabilities is well defined Processes are measured and controlled. Processes are directed by workflow capabilities. Security is integrated with Solutions Engineering and Delivery across the organisation. The focus is on extracting actionable intelligence from security infrastructure. Organisations have an plan for sourcing and on-boarding advanced capabilities Use Cases / Effectiveness Profile Adaptive and Reflex-Like 4 - Optimizing Security Services is directed when and where they are needed. Response to threats requires less IT time as automation and consolidated human interfaces drive efficiencies. The organisation becomes highly adaptive to changing conditions of evolving threats and new business demands or opportunities. Security operations and resources are available as a service. Virtual teams can quickly scale on demand. 8

Enabling Capability Characteristics The Three Do s The strategic security objectives will change with each organisation; however, the three to-do s remain the same. See More Do More Surge to meet Demand Key security principle: incidents and accidents always involve a chain of events, a series of underlying causes Enriched and actionable intelligence to minimise errors and optimise decisions Fusion and abstract presentation of information at all levels of C2 Privacy-enhancements to limit collection and retention of sensitive information Activities defined and governed as automated processes, human-in-theloop tasks or sense and respond autonomously Single control pane with programmatic and visually intuitive interfaces Knowledge bases to detect, defer, defend and prevent attacks e.g. deliberately leave a network port open to deceive an adversary A diversity of expertise sourced to counter sophisticated threats Taps high-powered computing to analyse large volumes of data or surge bandwidth Hardware, software and processes can grow and shrink to manage costs and scale to meet mission requirements

Communications Environment / Message Bus Configuration System Asset System Performance System Geographical Information System Cross-Domain Correlation System See More : Bringing it all together under a single pane of glass Helpdesk Personnel IS Analyst NOC Engineer IOC Portal System Systems Engineer SOC Operator Client Personnel Vendor/3 rd Party Human Computer Interactions User defined dashboards Portal System Intelligent Rules Builder Service Desk System Incident Service Desk System Problem Request Change Knowledgebase IAM DLP NMS SIEM PSIM SMS AMS Data and Platforms IOC Portal System Routers Switches Firewalls Servers Desktops Telecom Power Data Services Applications Cloud Services Web Services 3 rd party Feeds 10

See More: Analytics-Driven Security You have to look at the thousands of things that lead up to the accident in the first place. The approach is to climb-up the analytics curve and recognise brand new attacks that have no signature. To chase something one has little knowledge of requires advanced pattern and behavior detection capabilities. Objectives: Fuse structured and unstructured information from beyond the firewall; Use statistical analysis to make predictions and adjust priorities; Leverage cyber intelligence as a core competency. 11

Do More: Process-Automated Responses Automation, when applied smartly, can reduce manpower needs or reduce the workload that is made available to staff and decision makers. Key decisions are rapidly propagated across all elements of the enterprise regardless of provider. Objectives: Align stakeholders in the decision making process; Reduce the number of steps to perform a step in the work-flow of a response ; Reduces the noise of unimportant events that is presented to operators and analysts; Adapt responses to risk tolerance of the enterprise. 12

Surge to meet the demand: Enablement of Virtual Resources The concept of virtualisation extends to people, technology and processes. Virtual staffing makes it easier to recruit and retain top talent as they are not limited to staff available in geographic region. Sourcing of infrastructure and applications as-a-service reduces cost and gives the illusion of infinite capability. Objectives: Staffing the best security professionals from across the enterprise On-demand use of the latest tools, tactics and techniques Manage operations as a service with the ability to surge to absorb sudden events 13

Key principles for successful implementation 1. Start with the key threat scenarios 2. Build agility in the process framework 3. Build a learning organisation 4. Actively manage the change 5. Build a hard-nosed culture of security 6. Branding is key 14

1. Start with the key threat scenarios Prioritisation: initially focus on the critical security issues based on the threat profile of the organisation. This translates into a focus on the critical infrastructure of the organisation. Leverage tools and technologies which could help organisations respond to those threat scenario. Build a model to proactively change the threat scenarios based on the changing threat landscape, stay ahead of the curve. Engage with Risk teams, Business owners, audit and process owners. 15

2. Build agility in the process framework Build an agile process model which enables the team to respond to incidents in real time and take proactive actions. Implement structured support processes for the ongoing management of the technology platform. Ensure the incident management process links all the stakeholders like Incident managers, application support team and third parties into a seamless model for responding to unauthorised activities. 16

3. Build a learning organisation Changing threat landscape needs an organisation which can quickly learn and adopt to the changing scenario. A Knowledge management system for capturing, reviewing and storing historical information for better analysis and identification. This is not only a technology issue, a significant change is required within the organisation, as Business stakeholder needs to be embedded. Build a virtualised team across the organisation to quickly respond to an unauthorised activity. 17

4. Actively manage the change. Key stakeholders across Business and IT need to be part of the journey. Monitoring needs senior management support as the output could lead to legal, HR or other disciplinary actions. Monitoring has data piracy impact and hence its important to engage with Legal, staff council and workers council at the onset. Business Process owners and Application owners needs to be onboarded as security issues could be occurring due to Process gaps or incorrectly configured application landscape. Engage with third parties supporting your Business IT landscape, Joint Ventures who have access to Business applications and internal IT staff. Alignment across Business increases awareness and faster response to security incidents; thereby protecting organisation. 18

5. Build a hard-nose culture of security Clearly, explicitly define who is responsible for cyber security. Ensure a holistic approach to information management and protection. Consider your organisation a steward, not an owner of personal data. Implement strong data protection policies. Data protection policies matter* 19

6. Branding is key - do not call a SOC a SOC The focus of operations is on service restoration and not on data confidentiality and integrity. Security Operations name creates a misnomer within the organisation about its function and services it delivers. The right branding, attracts and helps to retain the right talent within the organisation. Cyber defence team ensures the businesses view it as a team of highly skilled professional which increases business engagement. 20

End-State State Vision: A Synergised Security Operations Capability A common interface and operating environment for security products, consolidated cross-product reporting, policy configuration and single sign-on access. Security Policies & Standards Event Monitoring & Analysis Core Security Operations Configuration System Hardening & Compliance Security Risk Vulnerability & Reporting Patch Technology & Architecture Data Backup & Recovery Incident Response Investigation & Forensics See More Do More Performance Enhancement Surge to Meet Demand 21

Contact us Anthony Robinson UKI Security Lead +44 7909 563 407 anthony.robinson@accenture.com 22

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information