Protecting organisations from the ever evolving Cyber Threat
Who we are
.At a glance 16+ Up to 190B 2B+ Dell SecureWorks is one of the most promising MSSPs in the GCC region MSS Market Report on GCC, Frost & Sullivan 2015 Years of threat intelligence data 700 Incident Response engagements last year Events processed daily 1,500+ Consulting engagements performed annually Threat Indicators 2000+ Employees BAHRAIN KSA KUWAIT OMAN QATAR UAE ~100K Malware samples analyzed every day ~7M Attacker DB 4,300 Clients Across the Globe 4
SecureWorks Global Reach Offices CTOC (NA) CTOC (Edinburgh) CTOC (Kawasaki) Data Center Center of Excellence Counter Threat Unit 5
SecureWorks Positioned 1 st This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from SecureWorks. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 6
What we do
Cornerstone of effectiveness Threat Intelligence 8
Context and countermeasures CTU Intel Services SRC Incident Response Managed Security Applying Threat Intelligence Threat signatures What does it mean? How to resist? What is the next action? Analysis filters / rules SOC escalations Network indicators TIMS Threat Intelligence Management System - Knowledge management - Link analysis across structured and unstructured data - Workflow and collaboration - Global threat campaign visualization Host indicators Tradecraft analysis Attack methods Peer threat trends Targeted threat alerts Threat & vuln feeds Feedback loop Attacker database 9
Comprehensive Portfolio of Services Managed Security Security and Risk Consulting Threat Intelligence Incident Response 24/7 security monitoring Testing & assessments Targeted Threat Intelligence CIRP Development Security device mgmt. - IPS/IDS - Firewalls - Next Generation Firewalls - Web Application Firewalls Log Management Advanced Endpoint Threat Detection Advance Malware Protection and Detection Vulnerability management Web application scanning Mobile & cloud security Compliance and certification Program development & governance Network and web application testing Expert residency Physical Security Assessments Wireless security testing Social engineering Threat, vulnerability & advisory feeds Emerging threat bulletins Microsoft update analysis Weekly intelligence summary Cybersecurity news roundup Live intelligence briefings CTU support Attacker database feed CIRP Review CIRP Training Tabletop exercises Incident handling Digital forensics investigation Incident management Malware analysis Eradication & recovery Postmortem analysis Documentation 10
How we deliver MSS Customer Portal Seamless integration Real time visibility Proxy Servers WAF IDS/IPS Applications Holistic View Single Pane of Glass Powerful Reporting Single Sign on to Qualys Counter Threat Appliance Firewall/VPN Customer Network Log Retention Understands the threats and vulnerabilities in your environment Native APIs SOC Security experts know when a vulnerability is present, strengthening their analysis Internet CTU Intelligence Counter Threat Unit SM Applied research Across global customer base Latest countermeasures Protection from emerging threats Counter Threat Platform Counter Threat Platform TM SOC facilities Purpose-built for MSS 500+ FTE development years Superior scalability Billions of events per day Security Operations Centers Seven 24x7 SOCs Real-time automated failover Certified security experts SANS GIAC GCIA certified Security Analysts 11
What has changed Advanced Threats
Advanced and evasive threats are growing exponentially and getting harder to detect 2x 65% >1/2 46% 33% Unique Attacks Evading Detection Living off the Land Accidental Discovery 2 Years to Discover Every day in 2014, attackers launched twice as many unique attacks on your systems with malicious code than was seen in 2013. 1 65% of respondents in a recent Ponemon Institute survey say attacks evade existing preventive security controls. 2 In over half of the targeted threat response engagements last year, cyber criminals breached companies computer sys-tems by using little or no malware in their attacks.. 3 46% say breaches are discovered by accident. 2 33% of organizations discover breaches two or more years after the incident. 2 13
Its happening in the region 14
Technology alone cant solve the problem Over-reliance on technology??? Intelligence: Lack of threat intelligence to build context of the alert and facilitate accurate diagnosis of the threat People: Lack of specialized skill sets to interpret detailed reporting, analyze systems and applications and assess real business impact Process: Analysis takes days or weeks to complete amidst other alerts and priorities Observations from Incident Response Companies with advanced malware protection technologies are still not able to decipher reporting. Companies with advanced malware protection technologies are still getting breached by evasive malware. 15
Actionable Intelligence is critical lack of actionable intelligence reduces ability to see the big picture. Security event information can tell you: Intelligence helps you go beyond to answer: How? How did the adversary get in and where did they spread to? Who? Who may be behind it and what else should we look for? What? What malware did they use and what does it do? Why? Why were we targeted? What is the actor s end game? When? When did this happen and what s gone on since then? Accurate diagnosis and remediation 16
What is changing Cloud
Cloud: A Shared Responsibility SaaS Software as a Service Cloud Service Provider (CSP) owns application CSP client owns data and access rights Cloud Service Provider (CSP) has responsibility for security PaaS Platform as a Service CSP owns network and platform CSP client owns application and data IaaS Infrastructure as a Service CSP owns network and hypervisors CSP client owns above the hypervisor You have responsibility for security 18 Classification: //SecureWorks/Confidential - Limited External Distribution:
Our Cloud Architecture 19
SecureWorks Securing AWS Native Logs now Plus, we are the only major MSSP monitoring the 3rd Party appliances today! 20
SecureWorks Coming Soon. 21