Cyber attacks are coming. Amplify your security and risk management protect your data, customers, and future

Similar documents
Secure the value chain. Risk management in the omnichannel consumer and retail environment

Securing Digital Transformation

White Paper. View cyber and mission-critical data in one dashboard

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

MITIGATE CYBER ATTACK RISK

Managed Endpoint Defense

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Continuous protection to reduce risk and maintain production availability

The State of Cybersecurity and Digital Trust 2016

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Angela McKay Director, Government Security Policy and Strategy Microsoft

THALES DATA THREAT REPORT

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Turning Risk into Advantage

Accelerating the Business Value of Virtualization

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Run the business. Not the risks.

Optimisation drives digital transformation

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Sustainable Security Operations

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Securing Your Digital Transformation

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

At Hewlett Packard Enterprise, an HR Transformation

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

Symantec Data Center Transformation

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

FOR FINANCIAL SERVICES ORGANIZATIONS

THE POWER OF TECH-SAVVY BOARDS:

Are we breached? Deloitte's Cyber Threat Hunting

Evolution For Enterprises In A Cloud World

The Little Fuchsia Book of HPE Data Center Solutions

AKAMAI CLOUD SECURITY SOLUTIONS

Converged Cloud and Digital Transformation: A Strategy for Business Success

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Cyber Security in Smart Commercial Buildings 2017 to 2021

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Traditional Security Solutions Have Reached Their Limit

DDoS MITIGATION BEST PRACTICES

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

I D C T E C H N O L O G Y S P O T L I G H T

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Cloud Computing: Making the Right Choice for Your Organization

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

RUAG Cyber Security Understand Cyber. Protect Values.

NEXT GENERATION SECURITY OPERATIONS CENTER

RSA INCIDENT RESPONSE SERVICES

HOSTED SECURITY SERVICES

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Symantec Security Monitoring Services

Government IT Modernization and the Adoption of Hybrid Cloud

G7 Bar Associations and Councils

RSA NetWitness Suite Respond in Minutes, Not Months

deep (i) the most advanced solution for managed security services

HP Fortify Software Security Center

THE ACCENTURE CYBER DEFENSE SOLUTION

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Best Practices in Securing a Multicloud World

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Leading our discussion today

Protecting your next investment: The importance of cybersecurity due diligence

Putting security first for critical online brand assets. cscdigitalbrand.services

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Evolve Your Security Operations Strategy To Account For Cloud

Security in a Converging IT/OT World

The Center for Internet Security

M&A Cyber Security Due Diligence

An ICS Whitepaper Choosing the Right Security Assessment

A Practical Guide to Efficient Security Response

SOLUTION BRIEF Virtual CISO

Cybersecurity. Securely enabling transformation and change

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Overcoming IT Challenges in the Education Segment Leveraging Cloud and On-Premise Resources for Maximum Impact

Cylance Axiom Alliances Program

Cisco Start. IT solutions designed to propel your business

Services solutions for Managed Service Providers (MSPs)

Hybrid IT for SMBs. HPE addressing SMB and channel partner Hybrid IT demands ANALYST ANURAG AGRAWAL REPORT : HPE. October 2018

Cisco Connected Factory Accelerator Bundles

DIGITAL TRUST Making digital work by making digital secure

CYBER RESILIENCE & INCIDENT RESPONSE

OVERVIEW MANAGED INFRASTRUCTURE SERVICES WHY INFRASTRUCTURE MANAGEMENT? KEY CHALLENGES HOW MANAGED INFRA SERVICES ADDRESS THE ABOVE CHALLENGES?

Bad Idea: Creating a U.S. Department of Cybersecurity

GLOBAL PKI TRENDS STUDY

Transcription:

Cyber attacks are coming Amplify your security and risk management protect your data, customers, and future

Table of contents Clear vulnerabilities Time for MSS Innovations at the SOC level Benefits of the MSS model Managed security in action Security risk management as a business driver A secure bank transformation It s a question of when, not if 1 www.surveymonkey.com/r/ ProtectSOC 2 4 6 Enterprise-class cyber security and risk management is complex and requires specific tools and processes, and a significant level of organizational maturity. Yet many organizations are constrained in the skills and resources they can dedicate to this critical task. Have you ever considered letting someone else deal with this issue for you? Clear vulnerabilities The world, and particularly the business world, is evolving faster than ever before. At the strategic business level, organizations must meet more demanding user expectations, reduce risk, and control costs all while keeping the operational lights on and leveraging innovation to drive growth and performance. This accelerating pace makes it more difficult to evaluate technologies to secure a digital transformation, meet disruptive competition, and protect enterprise data and assets from a growing universe of cyber threats. At the information technology level, many organizations struggle to marshal the talent, resources, and budgets needed to create a reliable security environment. And obsolete IT may actually impede meaningful innovation and hinder creating a secure digital business. In its third annual State of Security Operations Report, DXC Technology highlighted key aspects of the current enterprise security environment: 1 Security is insufficient in most large organizations. As business faces increasingly volatile threat environments, security operations centers (SOCs) play a crucial role in protecting the digital enterprise. Yet in this report, DXC found that 8 percent of surveyed organizations fell below recommended maturity levels. 24x7x6 monitoring is a top priority. Today, however, the average SOC lacks basic security monitoring capabilities. In 201, 24 percent of assessed organizations only met minimum requirements for security monitoring. Access to security resources is limited. To address personnel shortages and a lack of expertise, enterprises implement hybrid staffing and security infrastructure models that leverage managed security services to support or augment in-house resources, while still delivering on detection capabilities. 2

In 201, the mean one-year loss to cybercrime at 22 organizations was $7.7 million. 2 The key take-away from that report: Organizations clearly cannot manage security themselves. They are turning to managed security services (MSS) models to replace or supplement those capabilities. Time for MSS Considering the substantial risk and cost of security failures, now is not the time for a go it alone approach. There are simply too many threats that are moving too fast. And the downside outcomes in time, money, and irreparable damage to brands and reputation are simply too great. To fully realize the promise of the digital business, you simply must have a more reliable and comprehensive way to protect your enterprise. That is why growing numbers of organizations are exploring the managed security service alternative. 146 The median amount of time attackers spent inside organizations before detection. What should you look for in a managed security services relationship? At the most basic level, an MSS provider should protect enterprise data, applications, IT infrastructure, and intellectual property and those capabilities should be integrated and supported by a unified cyber- reference architecture. It should do those things in a way that frees your organization to pursue its core strategic mission. The managed services model establishes a holistic, integrated view that can amplify security controls and effectiveness. Is your organization prepared for a cyber attack? Eighty-six percent are not. 4 In fact: Less than six percent of business and IT leaders surveyed believe their organization is extremely well prepared for security breaches involving serious information loss. Fully 99.9 percent of the exploited vulnerabilities were compromised more than a year after the Common Vulnerabilities and Exposure industry standard was established. 6 Eighty percent of all targeted attacks exploit privileged accounts during the attack process. 7 Fifty-three percent of breach victims are notified by an external entity. 8 2 Global Cost of Cybercrime Study, The Ponemon Institute, sponsored by DXC, 201 M-Trends Report 2016, FireEye Inc. 4 DXC 2016 Cyber Risk Report Cyber security Challenges, Risks, Trends and Impacts Survey, MIT Technology Review, in partnership with DXC Security Services and FireEye Inc., 2016 6 Verizon DBIR Report, 201 7 CyberArk Security Report, 201 8 M-Trends 2016 Report, Mandiant Innovations at the SOC level Managed security services can also be a faster and more cost-efficient way to introduce innovation into your security operations center. Whether an organization out-tasks all security activities, or selects a hybrid approach, a fully-capable managed services provider should offer access to stateof-the-art capabilities. Those innovations can include intelligent analytics-driven capabilities, including use of Big Data analytics to detect emerging and currently unknown threats. Other methods might include use-case assessments, user behavior analytics and monitoring, and improvements in visualization and the user interface. Security orchestration can now measurably compress response and mitigation times. Autonomous remediation, which today is used mainly for lower-level tasks, will increasingly be used with some analyst intervention to handle more substantial events in the enterprise security setting.

Lack of skills, resources, and threat visibility make existing security investments ineffective. Perhaps the greatest MSS impact will come from the eventual refinement of softwaredefined networking (SDN) and network functions virtualization (NFV), which enable providers to provision and manage security and responses much like any other network service. Benefits of the MSS model 24x7x6 real-time monitoring turns random events into actionable intelligence around the clock so your resources can focus on critical activities. Access to advanced toolsets, specialized skills, strategic expertise, and other security resources enhance your defensive capabilities beyond that of a standalone enterprise. Detection and recovery make up percent of internal activity costs, followed closely by containment and investigation all processes that are often managed by security operations. 9 Robust protection at a lower cost Subscription-based fees transform capital expenditures (CAPEX) spending into predictable operating expenses (OPEX). Flexible security Options and bundled service packages let you deploy the exact protections you need. Continual innovation and advancement of Managed Security Services exceeds the benefits of an internal security program to collectively augment everyone s defenses. Proactive security posture minimizes your risk of being one of the 1.9 companies successfully breached per week by actively hunting and countering emerging threats. A global view shows the threat landscape across industries, organizations, and geographies so you can prioritize resources and save costs based on 60-degree visibility. Avoid compliance risks and fines by adopting regulatory and legislative compliant managed services backed by global and local expertise. Faster security response gives an edge on global adversaries, with more rapid threat detection and real-time event notifications. 9 Ponemon 201 Cost of Cyber Crime Report, http://www.hp.com/go/ ponemon 4

HPE s (now DXC) ability to deliver the cyber security project on time and within the budget was an important plus. They were able to meet what was a challenging program schedule. Christoph Strizik, head of IT risk and information security, Origin Energy Managed security in action Origin Energy is Australia s leading integrated energy company, serving 4.2 million customers in Australia and New Zealand with power generation, energy wholesaling and retailing, and gas exploration and production. As a forward-looking organization, Origin Energy leverages a number of advanced technologies from smart meters and mobile communications that give customers greater visibility into their energy usage to the digitizing of key assets in the company s upstream operations. Not surprisingly, as data becomes more crucial to its everyday activities, top managers sought to ensure the security of the company s IT assets. DXC responded by supporting a Security Transformation Program designed to give Origin Energy greater visibility and protection across all of its business units. Specific DXC solutions included DXC Managed Security Services, Information and Event Management, Managed Network Security, and Endpoint Security Services. Security risk management as a business driver In a recent survey, only 28 percent of organizations said they monitored their internal applications for security- related events, and 4 percent reported monitoring their external-facing applications. 10 How do you protect one of the world s largest consumer beverage companies from data breaches and other security threats? If you are FEMSA, a leading independent Coca-Cola bottling group that runs the biggest chain of convenience stores in Mexico, you turn to DXC for managed security services. FEMSA needed a security posture that would identify and mitigate technical security risks. It wanted a solution that would drive growth by enabling faster, safer integration of acquired companies. The company sought to reduce costs, improve web responses, and enhance customer satisfaction. They turned to DXC to deploy a combined services model to address applications, infrastructure, and endpoint security in a managed, proactive environment. FEMSA saw customer satisfaction scores increase to 92 percent, reduced costs, and improved maintenance and governance. The company is now prepared to prevent, detect, and react in case of a security breach or incident. So they can focus on growth, innovation, and transformation. A secure bank transformation Security is always important but protecting customers and key assets is absolutely crucial during periods of restructuring and transformation. When Hypo Alpe Adria Bank undertook a major reprivatization effort, and the move to a core banking technology platform, company leaders did not want to make the journey alone. This growth-oriented financial services firm wanted one-stop capabilities for application service requests. It sought secure, ITIL-based banking with robust governance and maintenance, which had to meet new and more stringent local and international banking regulations. 10 www.surveymonkey.com/r/ ProtectSOC DXC, their partner, deployed a shared IT services environment to address applications, network, server, and security management requirements. The DXC approach provided robust support for local banking subsidiaries. Consumption-

With HPE (now DXC), we found a service provider with an international reputation and capabilities whose local presence ideally positions them to work in close cooperation with client banks and to carry forward the competency that we have built. Rainer Sichert, chief operations and market officer, Hypo Alpe Adria-Bank International AG Learn more at www.dxc.technology/ security based pricing enabled Hypo Alpe Adria to transform CAPEX into more flexible OPEX. Managed services took the IT burden off the bank, enabling leadership to focus on a major business digital transformation. It s a question of when, not if Dangerous, well-funded opponents work diligently to penetrate and damage your organization. Most enterprises are breached on a regular basis. Many don t even know bad actors are already inside their extended business ecosystem. The question is no longer if but when will it happen; how hard will it be to fix; and how much a security incident will cost you in time, money, and lost brand equity. Given the speed and sophistication of those adversaries, you really should be asking: Are we prepared to face these threats alone? Can we afford to build and operate our own world-class security risk management? The logical answers fall somewhere between possibly and maybe. But a real alternative has emerged. A best-in-class managed security services partner can offer cutting-edge, cost-effective, innovative services and amplify your scale, reach, and security effectiveness. Flexible in nature, with a variety of consumption models from full on-site integration to SaaS, they offer a credible alternative that exceeds the collective sum of parts. Proven outcomes and predictable costs allow you to focus your security and risk management resources where they are needed most. For a growing number of growth- and innovation- oriented organizations, it s a rational alternative to interleave managed security services from a trusted partner. One that gives you best-practices security while simplifying regulatory compliance. Protecting your enterprise so you can focus on your business. The attacks are coming. Get ready. About DXC DXC Technology (NYSE: DXC) is the world s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70 countries. The company s technology independence, global talent and extensive partner alliance combine to deliver powerful next-generation IT services and solutions. DXC Technology is recognized among the best corporate citizens globally. For more information, visit www.dxc.technology. www.dxc.technoloy 2017 DXC Technology Company. All rights reserved. DXC_4AA6-7400ENW. September 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback