MENA Digital Security Operations Center (DSOC)

Size: px

Start display at page:

Download "MENA Digital Security Operations Center (DSOC)"

Isaac Cox
5 years ago
Views:

1 MENA Digital Security Operations Center (DSOC) Unleash the power of DSOC to secure your digital ecosystem (IT, OT and IoT) Powered by EY s award winning cyber analytics platform

2 What s inside 03 Benefits and risks of digital transformation 04 Introducing MENA DSOC 08 EY differentiators 2 Unleash the power of DSOC to secure your IT, OT and IoT environment

Benefits and risks of digital transformation In today s transforming business world, organizations are becoming increasingly reliant on digital technologies to run their operations and services.

3 Benefits and risks of digital transformation In today s transforming business world, organizations are becoming increasingly reliant on digital technologies to run their operations and services. Digital technologies such as Internet of Things (IoT) or Machine-to-Machine (M2M), blockchain, mobility, cloud computing, big data and analytics among others bring in huge benefits to organizations. In addition, the convergence with legacy systems, especially the adoption of Industrial IoT (IIoT), to provide competitive or operational advantage is high on the priority of most organizations. This convergence of IT, operational technology (OT) and IoT is accelerating a set of unique and unmitigated risks; as a result, cyber monitoring, as sense capability, is becoming increasingly important. Digital risks might become the major road block in your digital journey Today, organizations across various industries openly acknowledge cyber-attacks as one of the most prominent digital risks they face. Traditional security techniques are no longer relevant as organizations endeavor to make their systems smart and automatic, which essentially means convergence of systems, more connected nodes and data sharing. Subsequently, organizations are becoming increasingly vulnerable to cyber attacks due to their increased digital footprint beyond traditional boundaries. EY Global Information Security Survey % of responders have had a recent significant cybersecurity incident. To counter this trend, organizations need to be innovative. The approach to cyber protection must evolve from trying to prevent all threats into that of building strong sense and resist capabilities. Gartner predicts that, by 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30% in Increased attack surface area through connected devices Rapid adoption of digital technologies Drivers of digital risk Convergence of IT, OT and IoT systems Digital innovation outpacing cybersecurity measures Increased sophistication of cyber attacks Network ubiquity The rapid adoption of digital increases your exposure to cyber attacks Unleash the power of DSOC to secure your IT, OT and IoT environment 3

Introducing MENA Digital Security Operations Center (DSOC) Leverage MENA Digital Security Operations Center (DSOC) to address cyber threat points in your digital ecosystem Organizations around the

EY s MENA DSOC is a 24/7 cybersecurity monitoring service.

4 Introducing MENA Digital Security Operations Center (DSOC) Leverage MENA Digital Security Operations Center (DSOC) to address cyber threat points in your digital ecosystem Organizations around the world have previously focused on monitoring the IT environment. EY believes it is important to empower the sense capability and provide a holistic digital view by monitoring IT, OT and IoT systems. EY s MENA DSOC is a 24/7 cybersecurity monitoring service. It provides the capabilities of a traditional SOC through using advanced analytics and helps organizations address advanced cyber attacks arising from emerging digital technologies and converged digital ecosystems. EY achieves this by using the exclusive Cyber Analytics platform built on a large-volume data-processing architecture. The Cyber Analytics platform leverages the network anomaly detection technology, PathScan. The R&D 100 Conference 2016 was recently awarded to EY and Los Alamos National Laboratory (LANL) for the development of this world-leading solution. It combines batch and real-time processing, enabling anomaly detection capabilities based on mathematical and statistical modeling. DSOC therefore facilitates proactive breach hunting by converging data science with security operations, thereby supporting organizations to trigger early indicators of compromise. A key advantage of deploying EY s DSOC and Cyber Analytics platform is using data science to accelerate deployment and detect advanced attacks. This is achieved through using patented data science to identify key stages of the kill chain including reconnaissance, lateral movement and data staging. MENA DSOC analysts are able to monitor actively an attack throughout its lifespan and provide valuable insights for focused countermeasures and remediation. Clients get solutions to their most difficult problems from the world's top laboratories. EY values a rigorous, independent and collaborative R&D function aligned to the needs of the market. LANL is at its best when partners expect large, disruptive, high-impact solutions to technically complex and multidisciplinary challenges Targeted innovation need Strategic relationships with researchers Client EY Integrated service: Los Alamos R&D, customized by EY for your business Innovative approach 4 Unleash the power of DSOC to secure your IT, OT and IoT environment

EY has developed the DSOC that leverages an exclusive partnership with Los Alamos National Laboratory (LANL) to address the following challenges: Domain Issue EY DSCO solution Security monitoring

5 EY has developed the DSOC that leverages an exclusive partnership with Los Alamos National Laboratory (LANL) to address the following challenges: Domain Issue EY DSCO solution Security monitoring Lack of threat-focused, proactive monitoring Cyber monitoring team is not focused on detection and threat analysis Monitoring rules inadequately tuned, with too many false positives Monitoring teams overwhelmed with events No aggregated source of log data to enable efficient security monitoring, including event correlation Incomplete coverage (e.g., some versus all egress points are monitored) Detect lateral movement, reconnaissance and data staging Holistic ecosystem coverage Incident response Inconsistent incident handling across the enterprise (e.g., IR teams operating in silos) Lack of procedures and training for first-responder actions No defined incident response process Log data not available to conduct efficient and/or complete investigation Lack of forensic capabilities to conduct thorough, efficient investigation Lack of external communication plans, including those with vendors, customers and the general public Allows focused incident response Provides forensic replay for accelerated response Threat intelligence Companies have so much data to manage that it becomes hard to find the needle in the haystack (ie. The real attack) External threat feeds of indicators of compromise are rarely tuned to the business Alerts for threat conditions consider external trends, not the existing capabilities to deter Attacker techniques change and will outdate the intelligence you have on them Information ages and may quickly become irrelevant Data science allows independent, threat focused approach Allows threat hunting and tracking of threat actors in the environment Unleash the power of DSOC to secure your IT, OT and IoT environment 5

6 A detect and respond capability that lets you sense and resist advanced cyber attacks across your ecosystem Challenges posed by digital convergence and building a new in-house SOC can be eliminated by adopting an outsourced DSOC model which is based on an on-site data architecture with remote monitoring. Organizations could reap many benefits by choosing EY s DSOC over in-house deployments. EY s DSOC can augment the capabilities of an organization by working with the existing cyber security personnel, proving them 24x7 coverage. MENA DSOC service has redefined security operations to meet the next generation of emerging cyber threats across the entire digital ecosystem. EY s DSOC delivers maximum value to your business by complementing the technical components with scalable and managed people and process functions. The DSOC service will help you to achieve highly mature security monitoring capabilities in just a few weeks with complete digital ecosystem visibility Information Technology 1 0 0(IT) EY DSOC Operational Technology (OT) Internet of Things (IoT) Benefits of MENA DSOC Patented Data Science enables detection of reconnaissance, lateral movement and staging activity Accelerated deployment installed and configured in a matter of weeks Award winning and world-leading Cyber Analytics platform Reduced cost and less resource requirements Scalable and flexible Increased compliance with legal requirements and industry standards State-of-the-art infrastructures with best of breed technologies Access to open source and commercial threat intelligence data Variety of skill-sets across the DSOC ensures employees are engaged and always developing themselves, resulting in less turnover or churn Effectiveness (24/7) and performance (faster response) 6 Unleash the power of DSOC to secure your IT, OT and IoT environment

7 DSOC delivery model EY s DSOC encompasses the entire digital ecosystem, providing a detect and respond capability across traditional IT systems, core OT systems and the IoT. The delivery model consists of the following core elements: Advanced Cyber Analytics leverages the award-winning PathScan technology, a network anomaly detection technology that seeks to identify network reconnaissance, lateral movement and data staging. EY has integrated PathScan into a technology service that is at the core of providing advanced threat detection. Platform A Hadoop big data platform is used by EY to host the PathScan analytics, which is maintained by EY to provide agnostic integration between technologies. It is an easily extensible environment, customized to suit a client's growing needs in their environment Threat intelligence and threat management platform With Cyber Analytics EY further invests in customized threat intelligence through a dedicated team in the DSOC. The Threat Management team use Cyber Analytics to hunt for deliberately planned attacks and to identify and eradicate hidden threat actors, along with tailored deception tools. Cybersecurity incident response EY DSOC has highly trained Cybersecurity analysts that use Cyber Analytics to provide 24X7X365 monitoring, triage and incident response. The DSOC will also play a part in breach response, saving time, cost and money something that is absolutely vital during major incidents. Client premises CISO/Security Manger SRT incident response Requests for information Provide reports Incident response Requests for information EY Account Security Advisor Enterprise Service Management Ticketing of Incident Alerts EY DSOC 24x7x365 Client premises VPN Metadata EY Cyber Analytics platform SIEM Databases Antivirus Servers IDS/IPS Firewalls NetFlow DNS Unleash the power of DSOC to secure your IT, OT and IoT environment 7

EY differentiators EY differentiators How we accomplish this Value EY Cyber Analytics platform Service management function via an EY Account Service Advisor Accelerated operationalization EY has an

8 EY differentiators EY differentiators How we accomplish this Value EY Cyber Analytics platform Service management function via an EY Account Service Advisor Accelerated operationalization EY has an exclusive and collaborative arrangement with Los Alamos National Laboratory (LANL) with world-leading cyber analytics EY deploys this global award winning technology to client ecosystems to provide complete coverage in order to detect the most advanced attacks in a cost efficient manner with ease of integration into environments Monitoring is based on the following attack variants: Lateral Reconnaissance (via horizontal and vertical scanning) Data staging Enabler to deliver optimized major incident response and forensics A dedicated Account Security Advisor who will have a deeper understanding of your business function and environment Pre-packaged platform accelerates deployment Machine learning capabilities enables accelerated operational functionality Agent-less solution Detects attacks through self learning statistical models that no SIEM or other cyber monitoring technology in the market can do today Employs machine learning and cyber data science Ease of integration through NetFlow and DNS without agents Technology integration and service transition Executive meetings for effective validation of incidents Oversight of SLOs and act as a single point of escalation for all service related issues Reduced project transition costs Operational readiness Short deployment time and limited change to environment 8 Unleash the power of DSOC to secure your IT, OT and IoT environment

EY differentiators How we accomplish this Value Holistic coverage Puts focus on the most critical assets Extensible and scalable architecture Dedicated OT and IoT experts The DSOC encompasses a

9 EY differentiators How we accomplish this Value Holistic coverage Puts focus on the most critical assets Extensible and scalable architecture Dedicated OT and IoT experts The DSOC encompasses a holistic ecosystem by focusing on the convergence of technology from all sources, such as traditional IT systems, core operational technology (OT) systems and Internet of Things (IoT) Forensic analysis using replay capabilities Ability to detect undiscovered threats through monitoring anomalies Unique patented technology which is tried and tested having protected the most sensitive US government networks. Custom weighting to reflect unique business risks Proven and tested big data architecture Agnostic hardware platform Commercial off the shelf storage allows stability Comprehensive data ingestion and long term storage capabilities Deep understanding of OT and IoT technologies and protocols Centers of excellence and regional SMEs in OT and IoT Enhanced investigation of attack chain Ability to focus on actual threats as time is not spent investigating false positives Ability to trace the attack to understand the path the attacker is taking and the assets they are after Leverages existing client hardware configurations Leverages existing storage capability Big data clusters allows improved reliability Predictable cost profile Ability to discover OT and IoT dedicated attacks Unleash the power of DSOC to secure your IT, OT and IoT environment 9

Global security monitoring EY has invested in many Centers of Excellence around the world, including: Security Operations Centers IoT/OT Center of Excellence Advanced Security Centers Digital

Forrester Wave Information Security Consulting Services and recently awarded winner in R&D top 100 global awards for Cyber Analytics.

We provide more than knowledge; through our methods, substantial asset base and team of 7,000 global cybersecurity professionals, we provide true cybersecurity leadership.

Insights Actively defending against cyber attacks is the only way to get ahead of cyber criminals and gain the trust of your customers.

10 Global security monitoring EY has invested in many Centers of Excellence around the world, including: Security Operations Centers IoT/OT Center of Excellence Advanced Security Centers Digital Analytic Centers Los Alamos National Laboratory ASC EY s SOC Los Alamos National Laboratory EY s DSOC EY has been recognized in the industry as an information security thought leader in the latest Forrester Wave Information Security Consulting Services and recently awarded winner in R&D top 100 global awards for Cyber Analytics. We provide holistic security advisory services for our clients consistent with leading industry standards and guidelines. We provide more than knowledge; through our methods, substantial asset base and team of 7,000 global cybersecurity professionals, we provide true cybersecurity leadership. We bring together the best of our Global cybersecurity specialists to help our clients thrive and solve the challenges of the transformative age. Insights Actively defending against cyber attacks is the only way to get ahead of cyber criminals and gain the trust of your customers. Insights on cyber security is an ongoing series of thought leadership reports focused on IT, OT, IoT and other business risks, and the many related challenges and opportunities. These timely and topical publications are designed to help you understand the issues and provide you with valuable insights about our perspective. To learn more about EY s efforts to anticipate and manage the ever present threat of cyber attacks, please visit us on Cybersecurity and the Internet of Things Managed SOC EY s Advanced Security Center; world class cybersecurity working for you Using Cyber Analytics to help you get on top of cybercrime Path to cyber resilience: Sense, resist, react. has launched! Unleash the power of DSOC to secure your IT, OT and IoT environment

11 Our specialties include: Holistic ecosystem coverage Speed of deployment 8 weeks to operation Cyber Artificial Intelligence Focus on the most important environment anomalies Unleash the power of DSOC to secure your IT, OT and IoT environment 11

12 EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. The MENA practice of EY has been operating in the region since For over 90 years, we have grown to over 6,000 people united across 20 offices and 15 countries, sharing the same values and an unwavering commitment to quality. As an organization, we continue to develop outstanding leaders who deliver exceptional services to our clients and who contribute to our communities. We are proud of our accomplishments over the years, reaffirming our position as the largest and most established professional services organization in the region EYGM Limited. All Rights Reserved. EYG no GBL ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com/mena MENA DSOC Contacts Clinton Firth Cybersecurity Leader, MENA clinton.firth@ae.ey.com Regional contacts Saudi Arabia Glen Thomas Glen.Thomas@ae.ey.com UAE Sam Foroutani sam.foroutani@ae.ey.com Qatar Omar Sherin omar.sherin@qa.ey.com Oman Mohamed Nayaz mohamed.nayaz@om.ey.com Egypt Akram Reda akram.reda@eg.ey.com Kuwait/Bahrain Sourabh Sharma sourabh.sharma@kw.ey.com Jordan/Lebanon Salam Shouman salam.shouman@jo.ey.com

If you were under cyber attack would you ever know?

If you were under cyber attack would you ever know? EY and Los Alamos National Laboratory introduce a shift in cybersecurity strategy and bring behavioral analytics inside Asking behavioral questions inside