Cyber Defense Centers only for large companies?

Transcription

1 Cyber Defense Centers only for large companies? Security Intelligence and Operations July, 2016

2 The Challenges we face 2

3 Managing risk in today s digital enterprise Increasingly sophisticated cyber attacks More sophisticated More frequent More damaging Cost and complexity of regulatory pressures Compliance Privacy Data protection Rapid transformation of enterprise IT Shift to hybrid Mobile connectivity Big data explosion 3

4 Efficient collaboration is Key on both Sides

5 Proactively detect & respond to threats to minimize damage 24*7*365 security monitoring Protect Threat intelligence and advanced threat analytics Proactive incident response Detect and Respond Recover Testing and training of key personnel and crisis planning Business Outcomes Help reduce time-to-breach-resolution with a tight coupling of analytics, correlation, and orchestration Establish situational awareness to find and shut down threats at scale 5

6 The traps we get laid 6

7 Technology focused outcomes Dissatisfaction Unable to demonstrate biz value Time & cost Shelfware Impact to credibility and sponsorship Negative outcomes preventable through long-term operational strategy! Rip & Replace? Growing risk Outsource? Limited visibility 7

8 Business Priorities Fulfilled by 3 Key Components 8

9 Partnership Assess your current capabilities Understand the needs Develop a Roadmap Implement an effective security intelligence solutions suitable for your environment 9

10 The help we can offer 10

11 Capability (Maturity) SIEM Project and Capability Timeline Assess / Design Develop Implement Operate / Mature Transition Metrics & KPIs Analyst Skills Assessment Maturity & Capability Assessment Supervised Monitoring Go Live Testing & Tuning Initial Content Staffing & Training Data Onboarding Baseline Assessment Roadmaps Time 11

12 Attaining The Best Assess and Design Build Operate Transfer SOC Maturity Assessment SIEM & Logger Install Content Refinement Transition Platform Use Case Workshop Device Onboarding Monitoring Transition Use Cases Roles & Responsibility Use Case Authoring Triage & Prioritisation Train Customer on HPE Roles Skills Requirements Training Analytics & Subtle Event Detection Skills Assessment Career Progression Service Level Agreements Metric & KPIs Continuous Innovation SOC Knowledge Management Processes and Procedure Operational Analytical Technical Business 12

13 Assess your current capabilities Business People Process Technology Mission Accountability Sponsorship Relationship Deliverables Vendor engagement Facilities General Training Certifications Experience Skill assessments Career path Leadership General Operational processes Analytical processes Business processes Technology processes General Architecture Data collection Monitoring Correlation 13

14 Options that can align with you needs In House Hybrid Hybrid Hybrid Outsourced SOC Manager Ops Lead 8*5 Monitoring In House 24*7 Monitoring 24*7 Monitoring 24*7 Monitoring Analysts Engineer Content OOH Monitoring Off Site Level 1 (Triage) Off Site Level 1 and 2 (Triage) Off Site Off Site In House SIEM In House SIEM In House SIEM In House / Offsite SIEM Off Site SIEM 14

15 Thank You 15

16 Backup 16

17 Die Herausforderung im Cyberraum Struktur, Zusammenarbeit, Resourcen, Kompetenz

18 Die Herausforderung im Unternehmensraum Eine Klammer um IT-Sicherheitsbelange machen und bündeln Research User Awareness Infiltrate User Awareness, Antivirus, Proxy, Gateway, WAF, Sichere Anwendungsentwicklung Discover y Interne Systemhärtung, AD, DNS, Backup, Segmentierung, IPS Capture Applikationssicherheit, Account Sicherheit, Anomalie Erkennung, Traffic Monitoring Exfiltrate Perimeter, Proxy, IPS, Network Flows, Datentransfer Dienste, Dropbox

19 Die Herausforderung im Unternehmensraum Eine Klammer um IT-Sicherheitsbelange machen und bündeln Research Infiltrate Kräfte bündeln Discover y Business/Service getriebenes Security Monitoring in einem SOC Capture Exfiltrate

20 Optimized Processes result in better ROI Maximise Potential Identify Repeatable Process Effective Skills Information Information Information Recover Expensive Resources Time Critical Detect Respond Reduce Time = Reduce Costs 20

21 SIOC s Concept of Security Cyber Defense 21