The Modern SOC and NOC

Transcription

1 The Modern SOC and NOC Network Operations Centers in Turkey December 2017

2 IT Services are Shifting Away From Asset to Business Process Support Preventive notifications Reactive break-fix Predictive analytics Consultative Support ROI and TCO solution metrics Automated diagnosis and resolution BUSINESS PROCESS SUPPORT Expanded online and self-help support ASSET-BASED SUPPORT pg 1

3 Organizations in Turkey Embracing Digital Transformation As of 2017, 80% of organizations have implemented formal digital transformation initiatives, representing a 10% increase over the previous year. 13% 7% 9% Yes, currently undergoing 19% 20% 15% 55% 61% Yes, about to start No, but we are planning our digital transformation efforts No, and have no digital transformation plans N = 63 N = 70 Source: IDC s Turkey CIO Summit, 2017 pg 2

4 Leading Technologies Supporting Digital Transformation To achieve successful digital transformation, organizations need to concentrate on the touch points through which most customer engagement occurs. Q. How important are the following specific digital technologies in supporting the organization s digital transformation strategy? Security must be an integral part of the digital transformation process, as projects structured in silos are highly likely to fail. Once internally established or outsourced, a security operations center (SOC) should be leveraged to add further value to business operations. Indeed, 91% of CIOs in Turkey rank security as a high or moderate priority and consider it to be an enabler of digital transformation. Source: IDC s Turkey CIO Summit, 2017 Cyber security and privacy technologies 69 Mobile technologies Data aggregation and analytics tools Cloud computing 40 Socially enabled business processes Internet-of-Things technologies Cognitive Technologies Virtual and/or augmented reality Robotics Wearable computing D Printing High importance Moderate importance Low importance pg 3

5 Importance of Security in Business Initiatives Security and data protection is the top business priority in Q: Please rate these business initiatives in terms of how essential they are to your company's agenda for the next 12 months. Scale: 1 (not important) to 5 (most important). Security and data protection is confirmed as the top business priority for 2017, with higher ratings than last year. Awareness of GDPR requirements is growing, and as security concerns remain overriding, the protection of proprietary information and customer data is crucial in order to safeguard a company s reputation for reliability and solidity. Source: IDC European Vertical Markets Survey, November 2016 (n = 1,872, all sample) and IDC European Vertical Markets Survey, October 2015 (n = 1,697, all sample) Notes: " New talent acquisition " and " Partnerships & cross-industry collaborations " are this year survey new business priorities pg 4

6 The Modern Security and Network Operations Center Present and Future Security Investments by Vertical Security is top priority across all industries. Q: Please rate these business initiatives in terms of how essential they are to your company's agenda for the next 12 months. Scale: 1 (not important) to 5 (most important) TOTAL Source: IDC European Vertical Markets Survey, November 2016 (n = 1,872, all sample) Notes: Business priorities shown in this slide are only the common options asked across all verticals; this may differ from the industry specific list shown in the following slides. pg 5

7 Seems Conventional but Still Valid Maintaining security is the biggest technology-related challenge for CIOs in Turkey. Q. What are your biggest technology-related challenges and priorities? Maintaining security Integration of disparate systems, technologies and operational outputs Providing access to an increasingly mobile workforce Ensuring availability of systems & applications Ensuring IT performance Managing the applications portfolio Improving utilization of IT assets (e.g. datacenters) Managing connectivity (external & internal) As a new wave of IoT devices becomes connected, constantly evolving cyberthreats directed toward compromising IT assets are finding their way into OT environments. Increasingly sophisticated cyberattacks pose a markedly different, and potentially larger and more hazardous risk in the OT world. Addressing security in connected OT environments poses a unique set of challenges. Source: IDC s Turkey CIO Summit, 2017 pg 6

8 Industrial Control Systems (ICS) and Critical Infrastructure Security Cybercrime in Turkey is on the rise, with local and international threat actors growing in number and maturing in capability. As businesses continue to go digital and adopt enabling technologies such as cloud, mobility, and the Internet of Things (IoT), they face enormous cybersecurity challenges, as these new technologies bring a range of new attack vectors to the organization. The industry is starting to recognize the importance of an effective SOC in managing digital transformation risks, as it plays a central role in protecting organizations against the fast-evolving cyberthreat landscape. Turkish organizations are also exposed to increasing levels of cybercrime, in line with global and regional trends. That is why the importance of the cyberthreat intelligence is increasing and becoming a core part of SOCs. pg 7

9 Skills Shortage Alongside the lack of employee adherence to policy, the shortage of skilled personnel in the IT security domain is the biggest challenge for Turkish organizations. Q. What are your top challenges to managing security in your company? IT departments need to ensure that all employees participate in security management, ideally supported by the incorporation of advanced security policies into overall IT strategies. Among the various obstacles, poor employee adherence to security policies remains a pressing challenge. To overcome this problem, companies are launching awareness sessions for employees and are simulating attacks to monitor responses to suspicious activities on various IT systems such as gamification or game theory to simulate the speed and complexity of an actual cyberbreach. Source: IDC MEA&Turkey CIO Summit 2017 Shortage of skilled IT security personnel Lack of employee adherence to policy Lack of sufficient IT security budgets Lack of mature security policies Keeping up to date with the emerging threats Compliance with industry or sector regulations Lack of overall security strategy for the organization Lack of executive management support Lack of, or out-of -date security policy Compliance with government regulations Lack of quality security services providers 27% 22% 20% 18% 16% 12% 12% 11% 39% 46% 54% pg 8

10 Tough Call Keeping The Skills In House CASB Privileged Access Management DR BCP Federated Identity Cloud Security Recovery SOC Identity Management Prevention SIEM Breach Notification Containment Identity & Access Management Eradication Detection Vulnerability Management Data Protection Access Control Training Security Operation Incident Response Forensics Network Design Security Engineering Peer Groups Protection Investigation Certification Data Leakage Secure Application Development Security Architecture Career Development Self Study Active Defense Conferences Training (new skills) Cryptography NIST User Education Secure System Build ISO/IEC Awareness (reinforcement) Baseline Configuration Cybersecurity Domains External Contextual COBIT Framework and Standard SANS/CSC Threat Intelligence IOCs Physical Security Internal Vulnerability scan Risk Assessment Source Code Scan Blackbox Intel. Sharing Governance Audit Whitebox Laws and Regulations Company's Written Supervisory Procedures (WSPs) Policy Assets Inventory 3rd Party Risk Procedure 4th Party Risk Penetration test Data-Centric Risk Assessment Risk Informed Standard Redteam Guideline Blueteam Data-Flow Map Social Engineering Industry Specific Federal Application Infrastructure Compliance & Enforcement State Executive Management Involvement Reports and Scorecards KPIs/KRIs CIOs may want to improve the skills of their own IT security personnel by providing training, and prevent possible issues arising from regulations and data privacy by keeping the know-how in house. It is challenging to do so, however, as there are hundreds of different types of talent relating to the various cybersecurity domains. pg 9

11 MSSPs Fill These Gaps As large organizations in the country seek effective strategies for reducing risk, SOCs are becoming focal points for effective security practices and risk management. By sourcing up-to-date expertise in specific security disciplines on either a project or an ongoing basis through managed security service providers (MSSPs) organizations are able to take advantage of best practices while reducing costs and solving talent issues. The services offered by MSSPs cover the full security spectrum, including vulnerability management, network device management, compliance assessment and reporting, penetration testing, hardening, custom development, operational security management, security architecture and engineering, digital forensics, and outsourced SOCs. pg 10

12 Functions of an Effective SOC A SOC should deliver holistic integrated systems across the entire organization and act as the center of excellence for policies, procedures, and compliance. The role of the SOC varies from one organization to another, depending on the maturity and complexity of the organization: Security Incident and Event Management (SIEM) And Centralized Monitoring of Log and Alert Data Incident Response Threat Intelligence Vulnerability Life-Cycle Management Anti-Denial of Service Endpoint and Device Management and Security Situational awareness of Endpoint Security Policies Network and Perimeter Security Policy Unified Identity and Access Management Monitoring and Reporting of Compliance and Governance Metrics Close Alignment with Disaster Recovery and Business Continuity Practices pg 11

13 The Role of the Outsourced SOC Outsourcing the SOC can alleviate many internal challenges. Operating a SOC is frequently cost and resource prohibitive for organizations. The initial capital outlay includes spending on infrastructure, redundant facilities, and human resources (including security specialists, shift workers, and supervisors). Operational costs are also high, training and staff replacements in all fields of ICT are challenges, and the sophistication and combined use of attack vectors is hard to prevent, particularly in the security domain. Consultation and integration represent additional recurring costs. A SOC's capabilitiesmust keep up with both the evolving threat landscape and the company s changing infrastructure and strategies. pg 12

14 The Changing Role of NOC The function of the Network Operations Center (NOC) goes beyond managing network infrastructure to ensuring the resilience of the organization s critical, revenue-generating business services. In a world increasingly marked by the imperative of digital transformation and the ascendancy of multicloud strategies, organizations depend more than ever on their network infrastructure to provide an agile, flexible, and scalable foundation for the realization of digital business. As the network is a key enabler for businesses in the digital age, companies are looking for a single viable solution to improve network performance and security, as well as to ease the deployment of new applications and technologies. Multicloud Agile Network Infrastructure Flexible Digital Transformation Scalable pg 13

15 Network Challenges Thanks to the constant monitoring by expert engineers, NOCs can help businesses resolve, or even prevent, the following challenges (among others). Network Downtime Poor Performance Lack of Diagnosis Lack of Root Cause Analysis Security Threats Alert Noise Lack of Expertise Excessive Time Spent Compliance pg 14

16 NOC Options NOC service models come in a variety of shapes and sizes, each of which provides different approaches to network management and support. Reactive NOC Primarily utilizes a break-fix model by manually monitoring your network and responding to incidents as they appear Proactive NOC Not only manually monitors your network, but also leverages automated software monitoring and Root Cause Analytics (RCA) to identify and analyze trends in your data. Proactive NOC with SOC Manually monitors your network, leverages automated software monitoring and RCA to analyze data trends, and utilizes a SOC to manage access control, intrusions, and threat intelligence. pg 15

17 How to select SOC and NOC Partner A capable strategic partner increases benefits from SOC. Capability: TThe provider's skills, professional staff certifications, number of personnel, and ratio of senior engineers to customers (particularly during "off" shifts and staff churn at the MSSP) should all be transparent. Local Presence: The MSSP s local capabilities should be considered carefully. Relationships: What functions will be subcontracted, and to whom, is always critical. Certification and Standards: What industry standards does the MSSP o er? (ISO 27001, datacenter operation, customer support, financial systems compliance, etc.) Flexibility: The MSSP should be strategically aligned with an organization's digital transformation goals and any technology stack. pg 16

18 The Modern Security and Network Operations Center Present and Future Key Takeaways Keep tabs on the Key Trends Driving the Threat Landscape: Large organizations should evolve their security strategies in response to market forces. Build Out SOC and NOC Capabilities: Large organizations should prioritize establish and maintaining a modern SOC and NOC. Leverage the SOC and NOC as a Pillar of Digital Transformation: Large organizations should ensure that new systems and any infrastructural changes, are reflected in the capabilities of the SOC and NOC. Form Strategic Partnerships: Organizations without strong and mature in-house information security and network capabilities should consider fully or partially outsourcing key functions, including the operation of the SOC and NOC. pg 17