Prescriptive Security Operations Centers Leveraging big data capabilities to build next generation SOC
Cyber Security Industry in constant renewal in 2016 and 2017 1 Tbps Mirai IoT Botnet broke the Internet & Generated Largest DDoS attack in history 3.1 B Reported Leaked records Ransomware is the new DDOS 752% increase $1 billion in losses 985 Major reported data breaches 1 B User Credentials compromised Largest breach in history Editors investing in SECaaS up 25% from 2015 Business Impact Decrease of M&A offer to by 110% CASB Telco SOC 2
Cyber Security Labor shortage epidemic 62% of organizations are currently understaffed* Majority of positions take 3 6 months to fill, and 10% are never filled* 2 million shortfall of qualified professionals by 2020** Not enough gray-matter for a manual solution 3
Atos Prescriptive SOC helps with all the below We need to manage Technology strategically We need to unite and partner We need to build Agile solutions & Operations Make security a differentiator in the new digital era? 4
Prescriptive SOC Principles You cannot find anything where you are not looking Logs Audits Events Alerts Intelligence feeds IoT Data Full packet & DNS captures Detailed audit trails Social Media Fraud information Identity context Darknet Deep & Dark web Use Big Data to find threats then to aggregate and transform into actionable intelligence 5
Gartner Prescriptive SOC model Analytics Human Input Descriptive What happened? Diagnostic Why did it happen? Data Predictive What will happen? Decision Action Prescriptive What should I do? Decision Support Decision Automation Source: Gartner, #G00254653 (September 2013) 6
Prescriptive SOC to step backwards in the attack chain Cyber Kill Chain: Attack Stages Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Action on objective Blindspot Dwell Time Dwell Time ( Discovery Time) still high as cyberattacks become more pervasive and are difficult to detect Average Time to discovery of in 2017: 191 days * Response Time Response Time increasing as investigating, neutralizing & recovering from advanced cyberattacks requires specialized CERT teams Average Time to contain cyberattack in 2017: 66 days * 7
Prescriptive SOC to step backwards in the attack chain Cyber Kill Chain: Attack Stages Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Action on objective Blindspot Blindspot Dwell Time Response Time Automate Aggregation Detect weak signals Automate Incident Containment Orchestrate Response Automate Hunting Feed result to machine learning 8
Prescriptive Security Analytics Diagnosis Dashboard OT IT IoT Data Lake Appliance Bulk of Data flow Consolidated results & Decisions & Actions Extended Contextual Data Data Sets large & complex acquired over time Linked Data to enrich the context Long trends Short trends Models Data Visualization Aggregation Behavioral Analytics hunting Triage & Orchestration Action Intelligence 9
Technical Architecture Atos Prescriptive Security Operations Centers Data Visualization Routine outputs Context, enrichment Enterprise Security Manager Logs, packets IPS Endpoints Servers DXL Subscribers vips Web Gateway TI MISP Data Lake Analytics Logs, packets Logs, packets Routine outputs Partner UBA Active response Endpoint Policy Orchestrator Advanced Detection DXL Intelligence Exchange Atos Security Operations Analytics Platform Architecture 10
Atos your trusted provider of Prescriptive SOC Information Security Control Tower Operations Centralized location for IT security assessment, processing and response Behavioral Analysis Security Incident response Investigation & Forensics Risk scoring Prescriptive Analysis Hunting Services Cyber defense Cyberwarfare Incident response Offensive security Compliance monitoring Information analysis reports Digital forensics Data leak prevention Select and generate data sets Development of new models Model governance Model performance management Data visualizations Collaboration with analysts Research and develop tools Learn and automate pattern recognition Analysis Cyber Data Science Vulnerability Analysis Data Modeling Visualization Infrastructure Support R&D Modeling Information IT / OT logs Network raw data Intelligence Access control VOIP DB SCADA Vulnerability assessment Antivirus GRC CCTV 11
Codex for Security: Intelligence Platform Digital Surveillance Use Case Atos Digital Surveillance provides information to the customer about threat actors activity targeting the customer environment gathered from Clear, Dark, Deep webs or Social Media Networks. Some threats detected are data leaks, brand abuse or hacktivism and measurement of public sentiment is provided too. Business Value Digital Surveillance supports the customer to trigger a proper and faster response when evidence of a breach becomes recognized This can be Brand Misuse, Fake News on enterprises, Dispraise on employees or Executives, IPR and company secrets Use Case A crawler recognizes accounts and passwords being sold in the darknet, IP-Adresses of a botnet, documents with construction or design documentation. The information is correlated with all the information available in the SOC from Cloud or on premise log files SOC-Analysis is immediately initiated. Automated response is triggered. (Block critical infrastructures, application, accounts. Change access mode to data, apps.) 12
Thanks For more information please contact: T+43 (664) 88551355 guenter.koinegg@atos.net
DataLake & Analytics Architecture DataViz Hadoop ecosystem Indexation Collector Twitter connector IaaS & Déploiement Hardware 14