Cybersecurity for Service Providers

Similar documents
Service Provider Security Architecture

Cybersecurity Today Avoid Becoming a News Headline

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Securing Digital Transformation

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Gujarat Forensic Sciences University

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

locuz.com SOC Services

Cybersecurity The Evolving Landscape

AKAMAI CLOUD SECURITY SOLUTIONS

A Risk Management Platform

The Internet of Things. Presenter: John Balk

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Best Practices in Securing a Multicloud World

From Managed Security Services to the next evolution of CyberSoc Services

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Understanding Persistent Connectivity: How IoT and Data Will Impact the Connected Data Center

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Cybersecurity. Securely enabling transformation and change

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

K12 Cybersecurity Roadmap

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity and Examinations

CISO as Change Agent: Getting to Yes

RSA NetWitness Suite Respond in Minutes, Not Months

Enhance Your Cyber Risk Awareness and Readiness. Singtel Business

Security & Phishing

MITIGATE CYBER ATTACK RISK

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Ingram Micro Cyber Security Portfolio

The Internet of Everything is changing Everything

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

Emerging Issues: Cybersecurity. Directors College 2015

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

Security Breaches: How to Prepare and Respond

CYBER SECURITY AIR TRANSPORT IT SUMMIT

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

CloudSOC and Security.cloud for Microsoft Office 365

Building a Resilient Security Posture for Effective Breach Prevention

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

8 Must Have. Features for Risk-Based Vulnerability Management and More

National State Auditors Association Vulnerability Management: An Audit Primer September 20, 2018

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

CYBER SOLUTIONS & THREAT INTELLIGENCE

Nebraska CERT Conference

The Modern SOC and NOC

Are we breached? Deloitte's Cyber Threat Hunting

Information Security In Pakistan. & Software Security As A Quality Aspect. Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA)

6 KEY SECURITY REQUIREMENTS

Express Monitoring 2019

Run the business. Not the risks.

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

CCISO Blueprint v1. EC-Council

DeMystifying Data Breaches and Information Security Compliance

The Windstream Enterprise Advantage for Banking

Cyber Security: It s all about TRUST

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Click to edit Master title style. DIY vs. Managed SIEM

INTELLIGENCE DRIVEN GRC FOR SECURITY

Business continuity management and cyber resiliency

Keys to a more secure data environment

10 FOCUS AREAS FOR BREACH PREVENTION

THE ACCENTURE CYBER DEFENSE SOLUTION

to Enhance Your Cyber Security Needs

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Managed Endpoint Defense

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cloud Customer Architecture for Securing Workloads on Cloud Services

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

Healthcare HIPAA and Cybersecurity Update

CYBER SECURITY AND MITIGATING RISKS

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

MEJORES PRACTICAS EN CIBERSEGURIDAD

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

Security Challenges and

HOSTED SECURITY SERVICES

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Vulnerability Management

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+

Information Security Architecture Gap Assessment and Prioritization

Microsoft Security Management

RiskSense Attack Surface Validation for IoT Systems

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Transcription:

Cybersecurity for Service Providers Alexandro Fernandez, CISSP, CISA, CISM, CEH, ECSA, ISO 27001LA, ISO 27001 LI, ITILv3, COBIT5 Security Advanced Services February 2018

There are two types of companies: those that have been hacked, and those who don't know they have been hacked John Chambers

All Data has Monetary Value Social Security $1 DDoS DDoS as a Service ~$7/hour Medical Record >$50 Credit Card Data $0.25 $60 $ Bank Account Info >$1000 depending on account type and balance Global Cybercrime Market: $450B $1T Mobile Malware $150 Spam $50/500K emails Malware Development $2500 (commercial malware) Exploits $100k-$300K Facebook Account $1 for an account with 15 friends Welcome to the Hackers Economy Source: CNBC

Petabytes per Month It s a Complex World The world has gone mobile Traffic growth, driven by video Changing Customer Expectations 10X Mobile Traffic Growth From 2013-2019 Ubiquitous Access to Apps & Services 120,000 100,000 80,000 60,000 40,000 20,000 0 Other (43%, 25%) Internet Video (57%, 75%) 2013 2014 2015 2016 2017 2018 23% Global CAGR 2013-2018 Rise of cloud computing Machine-to-Machine Emergence of the Internet of Things Soon to Change SP Architectures/ Service Delivery Changing Enterprise Business Models Efficiency & Capacity People Process Data Things

Shift to 5G Will Be Led by New Services Ultra Reliability (Wherever + Whenever) Broadband access in dense areas Broadband access everywhere Higher user mobility Massive Internet of Things Ultra Capacity and Coverage 1G Ultra High-Speed (up to 10 Gbps to cell site) Pervasive Video Extreme real-time communications Average 1 Gbps per device Lifeline communications High Speed Train Ultra-reliable communications Sensor Networks Broadcast-like services Ultra Low Latency (1 ms End-to-End) + Massive Device Connectivity Tactile Internet Natural Disaster E-Health Services Broadcast Services

New Services Mean New Threats 2G 3G LTE 5G

SP Common Security Threats Denial Of Service Ransomware Third Party Security IoT / IoE Segmentation Issues Phishing Theft of service / Fraud Credential Theft and Exposure Malware / Botnets Known Vulnerabilities

Cellular SP Unique Security Threats Services - (e.g. Web, Messaging, Voice, Video vulnerabilities) Core (e.g. compromise of hosts in Packet Switched Routing, Billing and Accounting) Access (e.g. RAN protocol abuse) Devices (e.g. Service bypass for Mobile Devices, Laptops)

Service Providers Facing Unique Security Challenges

Overcome Changing Market Dynamics Need for New Revenue Streams A constant security threat is the new normal Laws & Regulations Security Operation Center Advisory Services Compliance services Incorporate new technology security into your network for efficiencies and cost savings Maintain compliance Challenges Solutions Benefits

Lead the Innovation Race Security implications for new technology like 5G are different than LTE Services are now built in the cloud in minutes vs months Cloud and IoT Security Strategy Mobile Network Breakout Assessment Application Security and Penetration Testing Build security into the foundation of your services and environment Understand where your security gaps are so you can make riskbased decisions Challenges Solutions Benefits

Scale Security for Cost Reduction Silo s organizational structure can lead to poor security hygiene Number of security products and vendors in the SP environment is exponentially larger Service Provider Cybersecurity Maturity Program Assessment Infrastructure Architecture Assessment Reduce overall security costs with strategic investments Improve visibility across your network FW Migration / IDS Tuning Challenges Solutions Benefits

Lack of Security Experts Cybersecurity talent shortage leads to a need for automation of many security tasks No amount of personnel can watch the SP environment Security Advanced Services Breach Incident Response and Retainer DDOS Implementation Free up staff to focus on strategic objectives like growth Improve response readiness to incident breaches Challenges Solutions Benefits

How can we help your organization?

Advanced Security Services for SP Security Program and Strategy SP Segmentation Strategy 5G Readiness Services SP Security Architecture Assessment Software & Application Security Core Network Security Assessment Red Teaming for SP s Incident Response and DDOS Network Assessment & Hardening Theft of Service Network Breakout Assessment End-Point / Subscriber / Customer Security Assessment Protocol & Signaling Assessment Security Operation Center SOC Strategy and Planning SOC Assessment and Benchmarking SOC Implementation SOC for MSSP

Mobile Provider Challenge/Objectives Requirement to provide security across cellular network and supporting applications PCI Compliance Corporate protection of sensitive internal and customer data Unknown agent security posture Required support for incident response Solutions Developed and supported delivery of application penetration testing program Supported design of PCI compliance strategy Performed security program and control gap assessment Performed security assessment across independent agents Provided incident response services Customer Benefit Reduction of network and customer facing application security vulnerabilities Achieved PCI compliance Understanding of network, corporate and agent security risks

Global Technology Provider Challenge/Objectives Multiple vendor assessment programs Ineffective prioritization and remediation for vendor risks Bandwidth challenges had limited the number of assessments Solutions Piloted vendor assessment program including program management Conduct 30+ assessments per year Improved program processes, assessment, executive metrics, and program governance Customer Benefit Greater management transparency to vendor risks Annual assessments and summary metrics across all programs Continuous improvement in program and assessment efficacy

Thank You The new wave of threats requires. a new wave of Cybersecurity

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback