Simplify, Streamline and Empower Security with ISecOps Matthew O Brien Senior Global Product Manager Cybersecurity DXC.technology 1
What is Integrated Security Operations (ISecOps)? Intelligence Driven, automated security incident and vulnerability management Integrated Security Operations and Incident Response Incident and Management Platform PEOPLE PROCESS TECHNOLOGY SERVICES 2
Security teams are under pressure IT departments feel the squeeze but budgets are under pressure and security is now a board-level issue The innovative adversary is increasingly sophisticated and, on average, goes undetected for 99 days 1 Security operations need maturity, speed & scale to move beyond real-time threat monitoring Next generation threats such as ransomware or file-less, memory-based malware makes it difficult to stay secure Regulatory pressures grow for industry and geography compliance requirements such as GDPR Widening skills gap makes it hard to attract, train, and retain security professionals, yet the demand for security talent is expected to increase by 53% in 2017 2 Device, cloud explosion is causing significant increases in the enterprise threat surface People are weakest link and require awareness and training to protect against the 80% of attacks that target user access 3 Sources:1: Mandiant M-Trends 2017 Report; 2: US Bureau of Labor Statistics, 3: CyberArk Security Report 2015 3
The Core Problem: Security Responders Are Overwhelmed What info do I need? Security Runbook knowledge Security Alert SIEM APT EPS VUL Security Analyst What systems have the info that I need? What lookups do I need to run to derive 2 nd level enrichment? Have I seen this type of threat before? Multiple disparate solutions Manual scripting and operational tasks No historical threat intel tied to incidents or s Slower Security Response Is it a threat attempting to go undetected? No context across asset, service type or user group 4
Our Solution isecops ISecOps as a Service Efficient Security Response Streamline Remediation Managed Security Services Visualize Your Security Posture Security Incident Management Management Threat Intelligence Workflow Automation & Orchestration IT Integration ISecOps Is a fully integrated platform for delivering enterprise security response services providing enhanced vulnerability management, operational Interlock, improved visibility and reduced time to manage and respond to security threats. 5
Security Operations Overview ISecOps Portal End Users Service Desk Threat Libraries Security Incident Response (SIR) and Management Monitoring Security Incident Response (SIR) Threat Intelligence User Portal and Security Self Service Executive Dashboard & Reporting SIEM EDR Firewalls IDS/IPS Endpoint Protection Scan scanning Management isecops Analysts HIGH VALUE s CMDB LOW VALUE s Basic Inventory DXC ITAM Project 6
Solution Demo Highlights 7
Value Outcomes Before After Outcome Multiple Tools Multiple Processes Integrated solution, clearly defined and automated workflow. Clear task assignment and responsibilities Improved Incident & Management Workflow Manual processes No automation Integrated tools, workflow automation and auto assignment. Faster response time to security threats Increased Automation Disparate sources of data No single view Centralized reporting across the enterprise. Visibility at the business unit and regional levels, aggregating to a global view Improved Visibility Teams focused on multiple items with uncertain priorities. Time spent on medial tasks Teams focuses on business outcome and priorities. Time is spent on more interesting security related activities Increased Employee Satisfaction Disparate systems of information. Multiple controls and intelligence Sources Integrated threat intelligence, vulnerability data, and security incident data in the one location Improved Integration of information 8
Want to see more? 9