Post on 29-Mar-2018
transcript
Accenture Cyber Security Transformation October 2015
2 Copyright © 2015 Accenture All rights reserved.
Today’s Presenter
Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting practice. His role is to lead Accenture's Cyber Defense domain in the Nordics. He has over 10 years of experience in delivering security solutions to different customer segments from strategic to technical perspectives. He has been a responsible and a delivery lead in multiple security transformation programs as well as large scale identity and access management (IAM) and security analytics delivery projects.
3 Copyright © 2015 Accenture All rights reserved.
Accenture Security and our Nordic practice
Nordic Security Prac/ce • Nordic Security Team: 140+ • Globally: 3000+ (500+ from GDN) • Service areas:
• Assess and Architect • Digital IdenCty • Cyber Defense • Managed Security • Emerging Technology Security
3
4 Copyright © 2015 Accenture All rights reserved. 4 Copyright © 2015 Accenture All rights reserved.
Today’s Topic
Q: How to transform Cyber Security?
5 Copyright © 2015 Accenture All rights reserved.
The Cyber Security Challenge Organizations struggle to manage threats to their business
Compliance is simply not enough
A reactive security incident management is overwhelming
Threats from downstream supply chain are difficult
to manage
Scaling Defenses is a struggle
6 Copyright © 2015 Accenture All rights reserved. 6 Copyright © 2015 Accenture All rights reserved.
Our Approach
Focus on what matters most Reduce the frequency and impact of threats
Demonstrate measurable business value
Q: How to transform Cyber Security?
7 Copyright © 2015 Accenture All rights reserved. 7 Copyright © 2015 Accenture All rights reserved.
Our Approach
Focus on what matters most Reduce the frequency and impact of threats
Demonstrate measurable business value
Q: How to transform Cyber Security?
8 Copyright © 2015 Accenture All rights reserved.
Opportunity Areas for Transforming Cyber Security
High performing organizations maximize the value of their Cyber Security investment by developing strong Cyber Security capabilities that are well-aligned with business needs.
OPTIMIZED • Rationalized cyber security services
optimized for business needs • High levels of integration of capabilities
across the organization
UNSTRUCTURED • Lack of focus and priority by business and
IT leadership • Limited Cyber Security capabilities based
on inadequate solutions
MISALIGNED • Over-engineered solutions • Poorly defined and/or complex IR processes • Heavy infrastructure, and limited application
focus
Immature Mature
Loosely Aligned
Well Aligned
Cyber Security Capability
Business Alignment
Focus areas: • Assessing and standardizing
existing capabilities • Decommissioning redundant
systems
Focus areas: • Evaluating emerging
technologies • Strategy & release planning • Evaluating cost
containment tactics
Focus areas: • Process reengineering • Functionality
enhancements • Communications, training,
and awareness
Focus areas: • Program mobilization and
capability planning • Building out Cyber Security core
services
FRAGMENTED • Redundant processes and technologies
implemented throughout the organization • Custom solutions often “baked in” to
infrastructure
9 Copyright © 2015 Accenture All rights reserved.
Defining Cyber Security Operating Model Overview A Cyber Security Operating Model describes the capabilities and processes needed for an effective Cyber Security program
Incidents
Alerts
Focused Monitoring Requests
Vulnerability Context
Cyber Security Governance
Service Performance Management
Data Collection and Enrichment
Data Visualization
Operational Normalization
Algorithmic Data Modeling
Data Quality Management
Vulnerability Identification
Remediation Tracking
Vulnerability Prioritization and Reporting
Threat Modeling
Threat Analysis
Intelligence Exchange
Intelligence Gathering
Security Monitoring
Event Triage Prioritization and Reporting
Compliance Monitoring
Log Management
Vulnerability Context
Threat Intelligence Operationalize
Analytics Events
Continuous Improvement
Containment
Confusion
Disruption
Automation
Identification and Triage
Communication
Forensic Analysis
Recovery Response
Intelligence Gathering
Threat Intelligence
Triggers
Threat Intelligence
Advanced Security Analytics
Threat Intelligence
Active Defense
Security Incident Management
Operational Monitoring
Vulnerability Management
Supporting Functions
Govern Integrate Manage Improve
Advanced Security Analytics
Operational Normalization
Data Quality Management
Data Collection and Enrichment
Algorithmic Data Modeling
Data Visualization
Threat Intelligence
Threat Modeling
Threat Analysis
Intelligence Exchange
Intelligence Gathering
Prioritize and Predict
Contextual Foundational
Operational Monitoring
Security Monitoring
Event Triage
Prioritization and Reporting
Compliance Monitoring
Log Management
Security Incident Management
Identification and Triage
Forensic Analysis
Communication
Response
Recovery
Prepare, Detect, and Respond
Vulnerability Management
Vulnerability Identification
Remediation Tracking
Vulnerability Prioritization and Reporting
Active Defense
Containment
Confusion
Disruption
Automation
Automate
Adaptive
10 Copyright © 2015 Accenture All rights reserved.
Our View: Many clients are at contextual awareness point in their Cyber Security journey
A typical Cyber Security journey will help organizations gain control, reduce threats, and then drive additional value to the business. Most Organizations today should be already at the contextual awareness point of this journey.
Adaptive Threat Management Contextual Awareness
Objective
Establish capabilities to enable detection and response to known attack vectors
Objective
Develop deep contextualization of security events, uncover advanced threats early
Objective
Deploy a flexible control model to proactively deter attacks by increasing the attacker’s cost
Foundational Capabilities
CAPABILITIES CAPABILITIES CAPABILITIES
• Define core metrics for program success • Form security operations center (SOC) and
incident response (IR) teams • Develop incident response processes and
procedures • Collect system logs and network traffic
• Develop vulnerability management and threat intelligence capabilities
• Secure business application development • Supplement SOC with breach hunters looking
to identify early- stage attacks • Deploy a big data advanced analytics platform
• Supplement SOC with data science capabilities
• Optimize SOC based upon performance metrics
• Orchestrate and automate responses • Share threat intelligence information
11 Copyright © 2015 Accenture All rights reserved. 11 Copyright © 2015 Accenture All rights reserved.
Our Approach
Focus on what matters most Reduce the frequency and impact of threats
Demonstrate measurable business value
Q: How to transform Cyber Security?
Big Data Capabilities • Cheap, scalable, schema-less storage • Computing power for processing across data
types • Distributed computing power
Security Analytics Capability Model
Data-driven & tested decision-making
Continual process improvement opportunity
Scientific method approach to operational awareness
Ability to respond more effectively – improve real-time operational capabilities
Understanding of previous decisions and their effects
Current security offerings focus on the “what happened” or “what’s going on now” questions of security. Security practitioners need to be able to answer the “how”, “why”, “what else”, and “what might” questions.
Analytical Security (how, why, what else, what might?)
12 Copyright © 2015 Accenture All rights reserved.
Value
Solution
Technical Enablers
Business Driver
13 Copyright © 2015 Accenture All rights reserved. 13 Copyright © 2015 Accenture All rights reserved.
Our Approach
Focus on what matters most Reduce the frequency and impact of threats
Demonstrate measurable business value
Q: How to transform Cyber Security?
14 Copyright © 2015 Accenture All rights reserved.
The Business Value Model provides the ability to communicate technical capability and performance in business language The Business Value Model demonstrates how information security enables, supports and aligns with business goals and objectives and provides two-way traceability from business requirements to technical controls and back
Cyber Security Operational Management
Cyber Security Business Value Model Business Strategy Opportunities
and Threats Business Processes
Compliance Drivers
Business Requirements
Business Drivers for Security
Business Attributes Taxonomy Threat & Risk Models
Metrics
15 Copyright © 2015 Accenture All rights reserved. 15 Copyright © 2015 Accenture All rights reserved.
Case Study: A Large Financial Services Company in the Nordics
16 Copyright © 2015 Accenture All rights reserved.
Remediate Key Audit items Assess Threats and Vulnerabilities Implement technical controls to secure business
Final Opportunity to lower the overall cost Implement Security capabilities to Enable the business
Secu
rity
busi
ness
val
ue
Apr 2014 Jun 2014
Aug 2014
Sep 2014 Nov 2014
IDM transformation & development
Centralized SIEM/log management
Security capability assessment & business case
Assessment results: • Baseline • Developme
nt areas
Mar 15
Case Study: Security transformation program for a large financial services company Security transformation program has helped our client to define security baseline, adopt constant development mindset, seek effectiveness/cost savings from security related systems and processes that support business strategy.
IDM assessment
Dec 2014
SIEM/Log manage-ment 1st go live
Log management 2nd go live (extensions)
Apr 15
Security transformation program kick-off (H1/15)
Jun 15
Security transformation program first deliverables • IVM/AVM pilot • Employee
security awareness
• Asset management
Jun 15
Log management 3rd go live (extensions)
Jul 15
Security transformation program (H2/15): • Business case
renewal • Extended
enterprise IAM
Oct 15
Security transformation program: • Results
Nov 15
Security transformation program: • Application
security • Security as
a Service extension
• IDM capabilities and gaps
• IDM quick wins • SIEM/log mgmt capabilities improvement for compliance
Strategy and assessment
Design and implement
Operate
Priorities • Sec capabilities as-is and to-be • Industry related threats
• Dedicated program for sec transformation • Long term constant development
• Cloud strategy alignment with sec considerations • Strategic sec investments
• Log source extensions
• IDM: effectiveness, cost savings, identity management process enhancement, user satisfaction • SIEM/Log management : strategic integration roadmap, improved audit compliance, SOC/SIEM capabilities and models
• New SOC features (pilot)
17 Copyright © 2015 Accenture All rights reserved. 17 Copyright © 2015 Accenture All rights reserved.
Next Steps…
18 Copyright © 2015 Accenture All rights reserved.
Next Steps
Cyber Security Capability Maturity Model
Understand Maturity & Ensure Full Leverage
Bus
ines
s Va
lue
Quick Win
Quick Win
Misaligned
Strategic
Project A Project B
Project C Project D
A value driven transformation roadmap provides a comprehensive list of prioritized change initiatives that enable an organization to deliver incremental value
Maximize Cost-to-Serve & Business Value
Cyber Security Project Business Case Assessment
Investment
We can help organizations understand their existing Cyber Security capabilities and evaluate their change initiatives to develop a value-driven transformation roadmap and help driving that journey
19 Copyright © 2015 Accenture All rights reserved. 19 Copyright © 2015 Accenture All rights reserved.
Thank you!
20 Copyright © 2015 Accenture All rights reserved.
Accenture Cyber Defense Services
Cyber Defense
Threat Intelligence
Vulnerability Management
Operational Monitoring
Advanced Security Analytics
Security Incident Response
Transform Run Prepare
Indicator of Compromise Discovery Service
Cyber Security Capability Maturity Assessment
Penetration Testing
Vulnerability Assessment
Technology Architecture Health Check
Cyber Defense Process Engineering and Technology Deployment
Managed Cyber Defense Cyber Defense Rapid Deployment Kit
Cyber Incident Response
Capability Model Service Delivery Journey
Accenture Cyber Defense services enable our clients to detect, respond, and recover from cyber security attacks. We provide a full lifecycle of services built around a proven operating model and solution architecture.