THE ACCENTURE CYBER DEFENSE SOLUTION

Similar documents
MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

CloudSOC and Security.cloud for Microsoft Office 365

May the (IBM) X-Force Be With You

with Advanced Protection

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

RSA INCIDENT RESPONSE SERVICES

Securing Digital Transformation

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

RSA INCIDENT RESPONSE SERVICES

Securing Your Digital Transformation

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Managed Endpoint Defense

ForeScout Extended Module for Splunk

SIEM: Five Requirements that Solve the Bigger Business Issues

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Building Resilience in a Digital Enterprise

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Power of the Threat Detection Trinity

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

6 KEY SECURITY REQUIREMENTS

ForeScout ControlFabric TM Architecture

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

CipherCloud CASB+ Connector for ServiceNow

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Security by Default: Enabling Transformation Through Cyber Resilience

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SIEM Solutions from McAfee

Proactive Approach to Cyber Security

Are we breached? Deloitte's Cyber Threat Hunting

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

TRUE SECURITY-AS-A-SERVICE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cybersecurity, Trade, and Economic Development

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Office 365 Buyers Guide: Best Practices for Securing Office 365

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

AKAMAI CLOUD SECURITY SOLUTIONS

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

esendpoint Next-gen endpoint threat detection and response

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Social Engineering: We are the target Sponsor Guide

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

PALANTIR CYBERMESH INTRODUCTION

Medigate and Palo Alto Networks Integration

Microsoft Security Management

Security in India: Enabling a New Connected Era

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

DIGITAL TRUST AT THE CORE

Resolving Security s Biggest Productivity Killer

RSA NetWitness Suite Respond in Minutes, Not Months

MANAGED DETECTION AND RESPONSE

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Cisco Advanced Malware Protection. May 2016

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

The State of Cybersecurity and Digital Trust 2016

THE RISE OF GLOBAL THREAT INTELLIGENCE

Security and Compliance for Office 365

SIEMLESS THREAT DETECTION FOR AWS

Symantec Endpoint Protection 14

2018 Edition. Security and Compliance for Office 365

Agile Security Solutions

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

RSA ADVANCED SOC SERVICES

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Neustar Security Solutions Overview

Sage Data Security Services Directory

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

8 Must Have. Features for Risk-Based Vulnerability Management and More

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Best Practices in Securing a Multicloud World

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

TRAPS ADVANCED ENDPOINT PROTECTION

THE CLOUD SECURITY CHALLENGE:

Integrated, Intelligence driven Cyber Threat Hunting

Combatting advanced threats with endpoint security intelligence

Un SOC avanzato per una efficace risposta al cybercrime

CYBER RESILIENCE & INCIDENT RESPONSE

ANATOMY OF AN ATTACK!

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Put an end to cyberthreats

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

Transcription:

THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK.

YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly threatening and costly. They drain $450 billion1 annually from the global economy a number that some project will reach $2 trillion2 by 2019. Highly sophisticated attackers can hide their tracks for weeks, months and even years without being noticed. Organizations need to match that sophistication in their defensive tactics and in their ability to bounce back quickly if a breach does occur. Most companies focus cybersecurity investments on detection and remediation. But that alone is not enough to fight the high volume and advanced level of today s attacks, especially across endpoints and networks. Overwhelming data volumes slow the responses of traditional security information and event management tools. Companies also struggle to manage and track the large number of available data center and cloud cybersecurity technologies. To be successful, three crucial ingredients are needed: visibility across the entire organization, a layered approach to defense, and solutions that are purpose-built from the inside out to provide protection for their industry s specific needs. What s required is an increased ability to see the environment from end-to-end, capturing security events and detecting anomalies as they occur, and a way to quickly generate meaningful insights to respond, strategically and tactically, in near real-time. AN ACCENTURE - SPLUNK CYBER DEFENSE SOLUTION Fortunately, companies now have a new weapon: a highly advanced managed cyber defense solution from Accenture and Splunk. The comprehensive solution employs tools such as machine learning, analytics and automation to provide the advanced search, correlation, threat detection and incident management capabilities needed to more effectively thwart cyber-attacks. To power these tools and processes, Accenture and Splunk collect, analyze and act upon all data that is available to them from structured and unstructured as well as private and public sources. These include logs, clickstreams, sensors, web servers, custom applications, hypervisors, containers, operational technology, social media and cloud services. THE RESULTS ARE RAPID Accenture and Splunk s cyber defense solution helps organizations respond to and remediate sophisticated cyber threats at both speed and at scale. This data-driven security solution employs an array of technologies, combining both Accenture and Splunk s unique and proprietary capabilities. It s a platform that provides a comprehensive approach, including behavioral analytics which enable security teams to quickly detect and respond to threats based on a broader context than is possible with legacy security products. 2

FLEXIBLE AND EFFECTIVE Companies need to consider how to most effectively deploy their security solutions and resources. Accenture and Splunk provide guidance to help clients understand the best approach based on their unique requirements - on premise, in the cloud or in a hybrid cloud environment with additional options for the solutions to be operated in-house, or managed by Accenture as an integrated service. With continuing innovations from Accenture and Splunk, companies can: Reduce the number of point products, which in turn reduces complexity and cost Increase resilience Mitigate risk Prepare for the threats affecting their specific industry, present and future REAL-TIME CYBERSECURITY PROTECTION AT FREEPORT MCMORAN Freeport-McMoRan Inc., a premier international natural resources company, taps into the Accenture cyber defense solution to help secure its hybrid cloud enterprise as a service. Accenture s solution provides a scalable, affordable, fast and standardized managed security service that helps Freeport-McMoRan rapidly understand its security environment to get ahead of threats that target its hybrid cloud. Before Freeport-McMoRan began using the Accenture cyber defense solution, a cyber security stress test contractor discovered that its red team could reside in the company s systems and extract data undetected for several days. A subsequent test demonstrated that the Accenture cyber defense solution enabled Freeport McMoRan to detect an intrusion the same day and prevent any loss or compromise of data. Build end-to-end security to protect their entire value chain Enhance compliance Keep pace with even the most sophisticated attackers 3

CYBER DEFENSE PLATFORM SCHEMATIC Endpoint Protection Palo Alto Networks Traps Tanium Endpoint Platform Anti-virus Endpoint Remote Protection Palo Alto Networks Traps Palo Alto Networks Global Protect Tanium Endpoint Platform Anti-virus Server Logs Virtual Server Protection Palo Alto Networks Traps Tanium Endpoint Platform Anti-virus Server Logs On-site endpoints Remote endpoints Tanium server INTERNET Tanium zone server PANORAMA Tanium server Next-generation firewall covers functionalities of IDK/IPS, anti-virus, malware protection, URL filtering, proxy and DLP that can replace what is currently in line and add latency. Splunk collects data feeds from Palo Alto Networks and Tanium platforms as well as other data sources. Splunk native apps (ES, UBA and response framework TAs from PA and Tanium.) The Accenture cyber defense solution content pack is used as integration points. Internet SaaS Aperture Wildfire Autofocus UBA UBA ES SOC 4

A POWERFUL COLLABORATION BY INDUSTRY LEADERS IN CYBER SECURITY The Accenture cyber defense solution includes members of a broader ecosystem. For example, the solution includes Accenture and Splunk, as well as: Palo Alto Networks, a next-generation security company leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Tanium, which automates and integrates cyber threat intelligence, and delivers precise and granular endpoint threat detection and remediation at network speeds. The combination and integration of these industry leaders powers a host of integrated solutions. Consider one example: mitigating the risks of ransomware. Ransomware typically installs itself after a victim clicks an attachment or link in a phishing email, or when a victim visits a hacked website that runs code that can exploit vulnerabilities in the underlying operating system of the user s device. How does the Accenture cyber defense solution respond? In this scenario, Splunk collects logs from an organization s firewalls and endpoints, correlating and analyzing that data to find suspicious events. Splunk can then launch endpoint scans in Tanium and automatically quarantine infected hosts. Incident responders can download indicators of compromise (IOCs) with Tanium IOC Detect which provides an automated way to run scheduled detection scans against endpoints. In this case, Tanium Connect checks in with the Palo Alto Networks s Next Generation Firewall to see if it has encountered a possible threat. If so, the data will be forwarded to WildFire Palo Alto Networks s cloudbased threat analysis service. Tanium Connect will query WildFire for the IOC it created. After Tanium downloads the new IOC, an analyst can run a detection scan against the endpoints. FULL AUTOMATION AVAILABLE Organizations seeking end-to-end visibility require a new approach, based on data and analytics-driven security. Bringing together network and endpoint technologies with powerful analytics, rapid response and automation allows companies to address the full spectrum of security challenges they face. The Accenture cyber defense solution managed service can be fully automated to detect unknown assets or malware, and then quarantine suspicious hosts on a client s firewall. Ransomware detection is automated on the Palo Alto Networks s Next Generation Firewall and on endpoints with Tanium and Palo Alto s Traps Advanced Endpoint Protection. Splunk correlates firewall and endpoint data to automatically quarantine suspicious hosts. Any of these steps, however, can be converted to require human, manual intervention. 5

RANSOMWARE USE CASE FLOW START A client starts downloading a file Md5 hash is calculated from the file The hash is checked against WF database WF CLIENT Client downloading file BENIGN MALWARE UNKNOWN is informed that hash for the file is not in the WF database Connect checks periodically PA for new threats TANIUM CONNECT WF The file is sent to WF for analysis MALWARE Benign is informed about malware detection is informed about NO malware detection PA returns info about new threat END WildFire NOT detects malware and the client is infected TANIUM CONNECT SOC is alerted in ACDP app The file is not malware. The only result we see would be in WildFire statistics. CLIENT The client is infected Malware starts working The Connect contacts WF for threat IOC WF returns IOC for threat The Connect updates IOC module WF TANIUM CONNECT TANIUM IOC SOC SOC must manually launch IOC detect in Tanium WF Traps detects exploit based on behavior pattern and stops it ESM TRAPS CLIENT Traps NOT stops malware Malware is still working stops malware calling home by Anti-spyware function (IDS) SOC is alerted in ACDP app 6 SOC

Accenture and Splunk Security Services help build cybersecurity from the inside out, managing strategy and risk, cyber defense, digital identity, application security and managed security. For more information, contact: JEFF CHANCEY jeffry.t.chancey@accenture.com JEFF PENN jpenn@splunk.com 7 7

ABOUT ACCENTURE Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions underpinned by the world s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 411,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com. Visit us at www.accenture.com. ABOUT SPLUNK Splunk Inc. is the market-leading platform that powers Operational Intelligence. We pioneer innovative, disruptive solutions that make machine data accessible, usable and valuable to everyone. More than 11,000 customers in over 110 countries use Splunk software and cloud services to make business, government and education more efficient, secure and profitable. Join hundreds of thousands of passionate users by trying Splunk solutions for free: http://www.splunk.com/free-trials. REFERENCES 1. http://www.welivesecurity.com/2016/02/19/averagecost-cybercrime-rises-200-just-five-years/ 2. http://www.forbes.com/sites/stevemorgan/2016/01/17/ cyber-crime-costs-projected-to-reach-2-trillion-by- 2019/#421e63773bb0 Copyright 2017 Accenture All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback