Date post: | 23-Dec-2015 |
Category: |
Documents |
Upload: | meryl-cobb |
View: | 212 times |
Download: | 0 times |
BT Managed Security Solutions Service Overview for Financials: The Most Beautiful Target
Measure, Monitor, Protect, Advise
James McCarthy
La estructura organizativa de BT
• +100.000 employees• Revenues 09/10: +31.200 M$• The biggest R&D Center in ITC in Europe –
Adastral ParkGrupo BT
BT Global Services
Global Banking and Financial Markets
• Gartner Leader Quadrant – Worldwide Managed and Professional Network Service Providers
• 37.000 professionals providing consultancy services, managed services and supporting our customers in +170 countries
• Revenues 09/10: +12.700 M$
• Dedicated Solutions and Managed Services to the Finance and Insurance Sector
BT Latam
• One of the most profitable regions and with the highest growth potential
Our Operations in the Region
Some of our customers in the region
pasión
por nuestrosclientes
5
The Most Beautiful Target…Why?
1. Lots of Captive Users2. A Trusted Partner / Brand For
Those Users3. Hundreds of Thousands of
Transactions – Typically in Small Monetary Increments
6
The Most Beautiful Target…and How BT Protects You…
…Panda Security’s anti-malware laboratory, has discovered that hackers are creating 57,000 new websites each week that exploit approximately 375 high-profile brand names worldwide…
1. eBay – 23.21 percent 2. Western Union – 21.15 percent 3. Visa – 9.51 percent 4. United Services Automobile Association – 6.85 percent 5. HSBC – 5.98 6. Amazon – 2.42 percent 7. Bank of America – 2.29 percent 8. PayPal – 1.77 percent 9. Internal Revenue Service – 1.69 percent 10. Bendigo Bank – 1.38 percent
Findings By Customer:
7
The Most Beautiful Target…Breach Numbers are Growing…
From PrivacyRights.ORG Limited Search - Breaches currently displayed:Breach Types: HACKOrganization Types: BSFYears: 2010235,373 Records in our database from.10 Breaches made public fitting this criteria(All US Financials)
8
Introducing BT’s Managed Security Solutions For Financials
Enabling security and compliance efficiently and
cost effectively across your enterprise
Common methodology
Consulting services
Design Integration,
implementation Managed
services
Business objectives Reduce downtime, costs
Information assurance
Board confidence in Information
Risk structures & processes
Secure network and IT
infrastructure
Secure applications and
information
Enhance compliance and
governance
Secure Communications
Management
Identity Management
Operational Risk Management
Information Management
Propositions
Secure Networking
Business Continuity
BT’s proposition areas
BT Knowledge, Experience, Thought Leadership
• BT has concentrated its resources into one dedicated global practice, one of the biggest security teams in the world– 400+ full time client facing practitioners
– A further 800+ working on security including R&D and internal team
• Decades long heritage in designing, building, managing secure global networks
• Rigorous, mandatory internal security evaluation process
• Global accreditations & certifications– Practitioners validated by Cisco, ITIL and Juniper Networks
– SAS70 and ISO 9001 certified MSS provider
– Accredited to CERT & FIRST, CLEF
– FIPS 140-2; one of only 8 globally
– Active participants in IETF, ISO17799
• World leading R&D facility Adestral Park in Suffolk, England– 100 registered patents– 160 security papers published
– 30% of people with second degrees
BT’s Managed Security Solutions powered by Counterpane and the EHCOE
• Authority on enterprise security
– Pioneered outsourced security monitoring – Established in 1999
– Founder and CTO, best-selling author: Bruce Schneier
• Leading visionary in Gartner’s Magic Quadrant for MSS and EH
• Global view: 650 customer networks; Sentries installed in 38 countries; monitored data spanning 150 countries
• Seven fully redundant security operations centers
• Eleven year proven track record protecting major, high-value networks
11
Mission: Develop and implement fully-integrated managed security services that assure customers’ business continuity, improved compliance, and protection from financial loss.
12
BT Security Services CustomersFortune 500 leaders in every major industry around the globe
Business Problems Solved by Managed Security Services
• Streamline policy enforcement– Detect early warning signs of inappropriate activity– Protect against rogue employees and contractors
• Identify unauthorized activity– Real time detection of botnet- and malware-infected hosts– Regularly updated blacklists of known botnet controllers and malware
distribution sites
• Facilitate data collection for regular audits and compliance reporting– Centralized access to all security-relevant and activity logs– Easy access to archive and flexible data-mining options
• Leverage existing investments in expensive devices– Ensure IDS/IPS/firewall devices have current signatures & patches– Configure them in accordance with industry best practice
• Provide cost-effective access to senior security expertise– On demand access to world-class security analysis & personnel– Focus on strategic decision-making while tactical issues are handled
13
14
ProcessProcess Technology
People
Process Technology
We deliver crucial security information about complex threats with expert assistance on how to respond.
We do so using three main elements:
…of these, people are the most important!
Managed Security Solutions
15
Workload Reduction Enables Customers to Focus on Core Business Objectives
One of the things I’ve gotten the most mileage out of is the monthly CIO report…I use that [to show] my executives all the traffic that’s coming through… You start with millions of items and work your way down into about 50 to 60 of [incidents] a month. It’s a great way to explain the value we’re getting out of the managed security services.”
Tom Dunbar, CSO, XL Capital
30 Million
186,000
1200
5
Messages Received
Alerts Processed
Tickets Analyzed
Customer Contacts 1 Phone Call
4 E-mails
“Typical” Services Company Example (Monthly CIO Report)
16
View Across BT Counterpanes Financial Services Companies
Across our Financial Services Clients their Security Posture Index is rated as “Above Average” which indicates a high level of sensitivity towards information that is provided to them by our BT SOCs.
17
Web Application Testing – the Most Beautiful Target
• Components can consist of:– Java applets that operate within Web browser– Standalone Java applets – Standalone executable applications
• Testing determines:
– How security is integrated into the client software components– How the client software interacts with the remote server application – If any unnecessary information is entrusted in the client software– If the client software can be manipulated to provide unauthorized access to server
application
• Testing includes:– Attempt to collect as much information as possible about the client application and
server communication– Attempt to manipulate the client software without inside knowledge
Client-side Application Testing Ethical Hacking Assessment
17
18
Code Review – The Most Beautiful Path
• Reviews application code for deficiencies in the areas of security, reliability and operations.
• The review identifies strengths and weaknesses of the application software modules.
• Detection of the following types of computer abuse are attempted:– Trojan Horses - Salami techniques - Trapdoors – Logic bombs
• The EHCOE requires the following documentation in order to perform the source code review:– Source code comments and documentation– Method of invocation for each program– Options and configuration file documentation– Method of compilation for each program –
Source Code Review Ethical Hacking Assessment
18
19
What Sets BT Managed Security Solutions Apart?
IDSsFirewalls/VPNsRoutersAuthenticationAccess Control DatabasesWeb ServersNetwork OSDesktopsOthers
• United States Patent: Patent No. US 7,159,237 B2, Method and System for Dynamic Network Intrusion Monitoring, Detection and Response (Jan. 2, 2007)
• Network visibility: More than one million event rules for a broad range of network devices
• Advanced correlation technology: Multi-device, vertical market, cross-customer base
• 24/7 vigilance by certified security engineers: SANS Certification and DOJ Background investigations required for employment
20
What Sets BT Managed Security Solutions Apart?
• Consultative approach: Dedicated team assigned to the account, Monthly touch points, Quarterly reviews, pre-sales and post-sales support, ongoing available support
• Compliance audit reporting: VISA CISP/PCI, SOX, FISMA, GLBA, CA 1386,
• Service Level Agreements: Swift activation and improved compliance with 100% guaranteed access to activity data
.
21
Security Operations Centers
Physically hardened facilities• Three-factor access control• Multiple forms of surveillance• Fully-redundant power and network
100% uptime since January 2000• Full-redundancy in each center• Continuous tagging and time stamping• CPE has auto-rollover to SOCs
Geographically diverse• Facilities in major technology centers• Robust facilities built on Critical Infrastructure backbones
Audits and accreditations• Including: SAS70, ISO27001, BS7799• Analysts are GIAC certified
22
Benefits of a BT Managed Security Services for the Financial Industry
• Trusted Partner of the Financial Services Space– Current Testing Partner for the Majority of Very Large Financials
• Resilient architecture- Hardened, active/active SOCs – no downtime
• Vendor neutrality- Provides flexibility and avoids unnecessary capital outlays
• Defense in depth- Support for more types of systems, including applications,
databases AS/400, RACf, etc.
• Comprehensive and integrated solution- Reduces risk and cost - Simplifies management and monitoring of diverse technology- Advanced correlation technology (Multiple tools and flexible configuration)
Consultative Approach
• Longevity and commitment- More than 10 years of continuous growth
23BT Professional Services 23