Accenture Cyber Security Transformation October 2015
Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting practice. His role is to lead Accenture's Cyber Defense domain in the Nordics. He has over 10 years of experience in delivering security solutions to different customer segments from strategic to technical perspectives. He has been a responsible and a delivery lead in multiple security transformation programs as well as large scale identity and access management (IAM) and security analytics delivery projects. 2
Accenture Security and our Nordic practice Nordic Security Prac/ce Nordic Security Team: 140+ Globally: 3000+ (500+ from GDN) Service areas: Assess and Architect Digital IdenCty Cyber Defense Managed Security Emerging Technology Security 3
Today s Topic Q: How to transform Cyber Security? 4
The Cyber Security Challenge Organizations struggle to manage threats to their business Scaling Defenses is a struggle Compliance is simply not enough A reactive security incident management is overwhelming Threats from downstream supply chain are difficult to manage 5
Our Approach Q: How to transform Cyber Security? Focus on what matters most Reduce the frequency and impact of threats Demonstrate measurable business value 6
Our Approach Q: How to transform Cyber Security? Focus on what matters most Reduce the frequency and impact of threats Demonstrate measurable business value 7
Opportunity Areas for Transforming Cyber Security High performing organizations maximize the value of their Cyber Security investment by developing strong Cyber Security capabilities that are well-aligned with business needs. Focus areas: Well Aligned Assessing and standardizing existing capabilities Decommissioning redundant systems FRAGMENTED Redundant processes and technologies implemented throughout the organization Custom solutions often baked in to infrastructure OPTIMIZED Rationalized cyber security services optimized for business needs High levels of integration of capabilities across the organization Focus areas: Evaluating emerging technologies Strategy & release planning Evaluating cost containment tactics Focus areas: Business Alignment Program mobilization and capability planning Building out Cyber Security core services UNSTRUCTURED Lack of focus and priority by business and IT leadership Limited Cyber Security capabilities based on inadequate solutions MISALIGNED Over-engineered solutions Poorly defined and/or complex IR processes Heavy infrastructure, and limited application focus Focus areas: Process reengineering Functionality enhancements Communications, training, and awareness Loosely Aligned Immature Cyber Security Capability Mature 8
Defining Cyber Security Operating Model Overview A Cyber Security Operating Model describes the capabilities and processes needed for an effective Cyber Security program Vulnerability Management Vulnerability Identification Vulnerability Prioritization and Reporting Remediation Tracking Foundational Prepare, Detect, and Respond Operational Monitoring Security Monitoring Compliance Monitoring Event Triage Prioritization and Reporting Log Management Security Incident Management Identification and Triage Response Forensic Analysis Recovery Communication Threat Intelligence Threat Modeling Intelligence Gathering Threat Analysis Intelligence Exchange Supporting Functions Contextual Prioritize and Predict Advanced Security Analytics Data Collection and Enrichment Operational Normalization Data Visualization Algorithmic Data Modeling Data Quality Management Adaptive Automate Active Defense Automation Containment Confusion Disruption Govern Integrate Manage Improve Log Management Events Data Collection and Enrichment Data Quality Management Vulnerability Identification Vulnerability Context Security Monitoring Compliance Monitoring Operationalize Analytics Advanced Security Analytics Vulnerability Management Operational Normalization Algorithmic Data Modeling Data Visualization Vulnerability Prioritization and Reporting Threat Intelligence Operational Monitoring Event Triage Threat Intelligence Cyber Security Governance Threat Modeling Remediation Tracking Prioritization and Reporting Intelligence Gathering Triggers Alerts Focused Monitoring Requests Threat Intelligence Intelligence Gathering Intelligence Exchange Threat Analysis Service Performance Management Continuous Improvement Identification and Triage Threat Intelligence Response Automation Vulnerability Context Security Incident Management Forensic Analysis Communication Incidents Active Defense Recovery Containment Confusion Disruption 9
Our View: Many clients are at contextual awareness point in their Cyber Security journey A typical Cyber Security journey will help organizations gain control, reduce threats, and then drive additional value to the business. Most Organizations today should be already at the contextual awareness point of this journey. Foundational Capabilities Objective Establish capabilities to enable detection and response to known attack vectors Contextual Awareness Objective Develop deep contextualization of security events, uncover advanced threats early Adaptive Threat Management Objective Deploy a flexible control model to proactively deter attacks by increasing the attacker s cost CAPABILITIES CAPABILITIES CAPABILITIES Define core metrics for program success Form security operations center (SOC) and incident response (IR) teams Develop incident response processes and procedures Collect system logs and network traffic Develop vulnerability management and threat intelligence capabilities Secure business application development Supplement SOC with breach hunters looking to identify early- stage attacks Deploy a big data advanced analytics platform Supplement SOC with data science capabilities Optimize SOC based upon performance metrics Orchestrate and automate responses Share threat intelligence information 10
Our Approach Q: How to transform Cyber Security? Focus on what matters most Reduce the frequency and impact of threats Demonstrate measurable business value 11
Understanding of previous decisions and their effects Scientific method approach to operational awareness Ability to respond more effectively improve real-time operational capabilities Value Data-driven & tested decision-making Continual process improvement opportunity Solution Analytical Security (how, why, what else, what might?) Technical Enablers Big Data Capabilities Cheap, scalable, schema-less storage Computing power for processing across data types Distributed computing power Security Analytics Capability Model Business Driver Current security offerings focus on the what happened or what s going on now questions of security. Security practitioners need to be able to answer the how, why, what else, and what might questions. 12
Our Approach Q: How to transform Cyber Security? Focus on what matters most Reduce the frequency and impact of threats Demonstrate measurable business value 13
The Business Value Model provides the ability to communicate technical capability and performance in business language The Business Value Model demonstrates how information security enables, supports and aligns with business goals and objectives and provides two-way traceability from business requirements to technical controls and back Cyber Security Business Value Model Business Strategy Opportunities and Threats Business Processes Compliance Drivers Business Requirements Business Drivers for Security Business Attributes Taxonomy Threat & Risk Models Metrics Cyber Security Operational Management 14
Case Study: A Large Financial Services Company in the Nordics 15
Case Study: Security transformation program for a large financial services company Security transformation program has helped our client to define security baseline, adopt constant development mindset, seek effectiveness/cost savings from security related systems and processes that support business strategy. Nov 15 Priorities Strategy and assessment Security business value Aug 2014 Apr 2014 Jun 2014 Centralized SIEM/log management IDM assessment IDM transformation & development IDM capabilities and gaps Sep 2014 Security capability assessment & business case Dec 2014 Nov 2014 Assessment results: Baseline Developme nt areas Sec capabilities as-is and to-be Industry related threats Mar 15 SIEM/Log Log management 1 st 2 nd go live management go live (extensions) Apr 15 Security transformation program kickoff (H1/15) Jun 15 Security transformation program first deliverables IVM/AVM pilot Employee security awareness Asset management Jun 15 Dedicated program for sec transformation Long term constant development Log management 3 rd go live (extensions) Jul 15 Security transformation program (H2/15): Business case renewal Extended enterprise IAM Oct 15 Security transformation program: Results Security transformation program: Application security Security as a Service extension Cloud strategy alignment with sec considerations Strategic sec investments Design and implement Operate IDM quick wins Remediate Key Audit items SIEM/log mgmt capabilities improvement Assess Threats for compliance and Vulnerabilities Implement technical controls to secure business New SOC features Final Log Opportunity source extensions to lower (pilot) the overall cost Implement Security capabilities IDM: effectiveness, to Enable cost the savings, identity management process enhancement, user satisfaction business SIEM/Log management : strategic integration roadmap, improved audit compliance, SOC/SIEM capabilities and models 16
Next Steps 17
Next Steps We can help organizations understand their existing Cyber Security capabilities and evaluate their change initiatives to develop a value-driven transformation roadmap and help driving that journey Cyber Security Capability Maturity Model Understand Maturity & Ensure Full Leverage Cyber Security Project Business Case Assessment Business Value Quick Win Project B Project C Strategic Project A Project D Maximize Cost-to-Serve & Business Value A value driven transformation roadmap provides a comprehensive list of prioritized change initiatives that enable an organization to deliver incremental value Quick Win Misaligned Investment 18
Thank you! 19
Accenture Cyber Defense Services Accenture Cyber Defense services enable our clients to detect, respond, and recover from cyber security attacks. We provide a full lifecycle of services built around a proven operating model and solution architecture. Capability Model Service Delivery Journey Cyber Defense Prepare Transform Run Threat Intelligence Cyber Security Capability Maturity Assessment Cyber Defense Rapid Deployment Kit Managed Cyber Defense Vulnerability Management Indicator of Compromise Discovery Service Cyber Defense Process Engineering and Technology Deployment Operational Monitoring Penetration Testing Cyber Incident Response Advanced Security Analytics Vulnerability Assessment Security Incident Response Technology Architecture Health Check 20