Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Similar documents
INTELLIGENCE DRIVEN GRC FOR SECURITY

CYBER RESILIENCE & INCIDENT RESPONSE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Readiness, Response & Resilence:

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Accelerate Your Enterprise Private Cloud Initiative

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

MITIGATE CYBER ATTACK RISK

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

locuz.com SOC Services

Are we breached? Deloitte's Cyber Threat Hunting

The Resilient Incident Response Platform

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

Cybersecurity. Securely enabling transformation and change

Reinvent Your 2013 Security Management Strategy

Building a Resilient Security Posture for Effective Breach Prevention

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SIEMLESS THREAT DETECTION FOR AWS

PALANTIR CYBERMESH INTRODUCTION

Cyber Resilience - Protecting your Business 1

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Securing Your Digital Transformation

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

The Windstream Enterprise Advantage for Banking

FOR FINANCIAL SERVICES ORGANIZATIONS

RSA NetWitness Suite Respond in Minutes, Not Months

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

VMware Cloud Operations Management Technology Consulting Services

RSA IT Security Risk Management

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBER INSURANCE: MANAGING THE RISK

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Defensible and Beyond

External Supplier Control Obligations. Cyber Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

RiskSense Attack Surface Validation for IoT Systems

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

BHConsulting. Your trusted cybersecurity partner

New Zealand Government IBM Infrastructure as a Service

Copyright 2016 EMC Corporation. All rights reserved.

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Security. Made Smarter.

Protect Your Organization from Cyber Attacks

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Fidelis Overview. 15 August 2016 ISC2 Cyber Defense Forum

Application Security at Scale

TSC Business Continuity & Disaster Recovery Session

Supporting the Cloud Transformation of Agencies across the Public Sector

HP Fortify Software Security Center

Security in India: Enabling a New Connected Era

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

EXIN BCS SIAM Foundation. Sample Exam. Edition

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

NEXT GENERATION SECURITY OPERATIONS CENTER

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute

Quality Assurance and IT Risk Management

Security Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017

Protect Your End-of-Life Windows Server 2003 Operating System

HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017

Vulnerability Assessments and Penetration Testing

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Optimisation drives digital transformation

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

What It Takes to be a CISO in 2017

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Cylance Axiom Alliances Program

Cyber Security Incident Response Fighting Fire with Fire

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

WEBMETHODS AGILITY FOR THE DIGITAL ENTERPRISE WEBMETHODS. What you can expect from webmethods

Managed Endpoint Defense

A Practical Guide to Efficient Security Response

BHConsulting. Your trusted cybersecurity partner

Healthcare IT Modernization and the Adoption of Hybrid Cloud

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

Toughen Your Security Posture: Cyber Consulting that Keeps You On Track.

Protect Your End-of-Life Windows Server 2003 Operating System

The New Era of Cognitive Security

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

DIGITAL TRUST Making digital work by making digital secure

21ST century enterprise. HCL Technologies Presents. Roadmap for Data Center Transformation

Transcription:

Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1

Agenda Introductions The AMP Security Operations Story Lessons Learned 2

Speaker Introduction NAME: Mike Byrne TITLE: Consultant FUNCTION: Enterprise Cyber Security COMPANY: AMP EXPERIENCE: 18 Years experience in the technology industry, 15 years in Cyber Security and Risk Management. EXPERTISE: Architecture, Governance, Operations, Management Consulting, and Program Management. ACHIEVEMENTS: Delivered ServiceNow Security Operations in 6 weeks, including Security service catalogue. CURRENT PROJECTS: Driving continuous improvement of Cyber at AMP. 3

My Company Name: AMP Industry: Financial Services Market Focus: Financial services company in Australia and New Zealand with superannuation and investment products, insurance, financial advice and banking products Company s Primary Products/solutions: Banking Investment management Financial planning and advice Insurance and superannuation Company-wide Initiatives Grow internationally Create a customer-centred culture Regulatory Compliance & risk management Become more efficient by changing the way we work and use technology 4

Objectives and What You Will Learn Objectives Provide insight to the AMP ServiceNow Security Operations deployment What you will learn Why we implemented ServiceNow Security Operations Understand the environment and challenges facing AMP Learn about how AMP deployed ServiceNow Security Operations in 6 weeks Key outcomes and lessons you may apply for your initiatives/projects 5

Context Setting the stage Industry trends Attacks - more frequent, more sophisticated Information - growing rapidly, across multiple channels and physical boundaries Focus Shift to prevent and protect, not detect and remediate Competitive pressures Brand and Trust Digital transformations Cloud first initiatives Legacy processes Push for analytics & standardisation Desire for more Data driven decisions Program drivers and goals Single system of record Integrate to automate then orchestrate Improve visibility, reduce risk exposure and increase efficiency 6

Goals and Challenges PREVENT IMPROVE DETECT RESPOND Immature processes End-to-end Vulnerability Management Managing Security Incidents Inconsistent Resolution with no visibility of impact STRATEGY AND GOVERNANCE TRANSFORMATION CYBER DEFENSE DIGITAL RESPONSE SERVICES Pre-Breach Attributes: Comprehensive in breadth (Target Operating Model) Benefits driven from strategy through execution Information driven approach Attributes: Security transformation Informed by technology strategy Long-term engagement delivery Business-outcome focused Attributes: Technical assessments Security Operations & Monitoring Incident response Security analytics Attributes: Post Breach Digital evidence preservation and cyber investigations services Post-Breach analysis and mitigation 7

Enhanced Time to Detect and Respond Solution at a Glance Actionable Intelligence - Solving the right problems at the right time Basic Incident Ticketing Incident Response Definition Integration with core security systems Process and Accountability Defined Value-based Prioritisation Visibility and Reporting Prioritisation by Impact KPIs, Reporting and SLAs Noise Reduction Enhanced data enrichment tied to incidents Context-driven detection Automate data gathering tasks Threat intelligence integrated with Incident Response Time to Detect per event reduced Automated Response Actions for Proactive Measures and Countermeasures Integrated Change Request and History Compress the time to contain and remediate incidents Enable visibility for changes and task fulfillment across teams Easily handle common attacks to improve response closure Circles of Trust for Peer Intel Sharing Dynamic Workflow to Educate and Enable Teams Security Information Network for intel and attack method updates Automated querying of internal and supplier environments Educational expert systems and best practice sharing Security Operations Maturity 1 Basic Operations 2 Visibility and Performance 3 - Context and Enrichment 4 - Automated Remediation 5 Actionable Intelligence 8

Solution Strategy or Approach or Methodology Detecting modern day vulnerabilities and threats is vital, however the struggle to implement efficient and effective collaboration between security and IT is critical Process & Workflow Tooling Refinement and Automation Service Level & Insight Role of ServiceNow Reviewed and analysed existing processes against ServiceNow Security Operations suite functionality and identified gaps Designed and implemented ServiceNow Security Operations vulnerability response, security incident response and threat intelligence applications Linked ITSM incident process to security incident response enabling a central repository for all incidents with automation to create a Security incident from ITSM based on Category eliminating dual entry Security Incidents and Vulnerabilities pose risk and usually require IT Change. Enabled threat intelligence capability to obtain immediate information around indicators of compromise ServiceNow played an important role in bridging the gaps between IT & Security, with its exceptional workflow management, ability to define standard requests and assign Service Levels to workflow. Reduce silo behaviors by taking a comprehensive approach that targets the identified gaps with proven methods and a good practice, tailored solution identify and take key business units on the journey with you. Key elements of the approach: Defining a mutually agreed Operating Model between Security & IT that covers responsibilities, processes and agreed service levels; Work towards an integrated and aligned landscape of tooling and automation, reducing overlap; Establish a single workflow automation tool across Security & IT for all processes; Effective Change Management to align the business and Cyber Security. Integrations with leading security tools ensure timely detection, enrichment of data and better Prioritisation. 9

Solution Timeline 2017 Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Hyper Care System Design Kickoff Exec Review Release Coding Code Improvement Integration Testing 10

Value Outcomes A decrease of 60% Response Time 3 6X FASTER Vulnerability Response Time Months to Minutes Response Security Incident Response Time 11

Lessons Learned 1. Cleary define metrics and outcomes from the start 2. Don t assume CI information is of good quality 3. Better integration and features with Qualys 4. Break the business in slowly with only critical and high vulnerabilities first. 12

Our Next Steps Evolve our Threat Intelligence Disrupting the cyber criminal ecosystem Continued Orchestration Risk reduction and threat prevention by context and priority Published Cyber Services More Cyber Services on service catalogue 13

Top Takeaways 1 2 3 Contextualisation Solving right problems at the right time Visibility Informed Action Automation Faster everything... 14

Thank You Mike Byrne Enterprise Cyber Security Consultant AMP 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback