Wolfgang Kiener

Business Development Manager

Threat Detection -

Cyberangriffe frühzeitig

erkennen und eindämmen!

13.06.2018

Umsatz 2017

2

955

1.077

963

895

25

24

24

11

10

6

1.972 Mio. €

Deutschland/international (in Millionen €) Nach Geschäftsbereichen (in %)

1.972

1.918

2017

2016

■ Produkte

■ Industrie Service

■ Mobilität

■ Academy & Life Care

■ Systeme

■ ICT & Business SolutionDEUTSCHLAND INTERNATIONAL

Konsolidierte Daten (gemäß IFRS) Unkonsolidierte Daten

Corporate Präsentation 2018

Von der strategischen Beratung über Konzeption und Prozessoptimierung bis

zu Implementierung, Betrieb oder Zertifizierung der Systeme

13.06.2018 Corporate Präsentation 20183

ICT & Business Solutions

ICT & Business Solutions

Corporate Präsentation 2018

SCHWERPUNKTBRANCHEN

Telekommunikation

Finanzdienstleistungen

Energie

Handel

Gesundheit

Fertigung

Mobilität, Logistik, Automobil

Luft- und Raumfahrt

WISSENSWERTES

Seit 2014 sind wir am deutschen Markt

der führende unabhängige Anbieter von

IT- und Internetsicherheitsleistungen und

gehören weltweit zu den führenden

Akteuren

Wir beraten Netzwerkbetreiber bei der

Planung, beim Aufbau und bei der Pflege

ihrer Telekommunikationsinfrastrukturen

kompetent

technologieorientiert

kosteneffizient

Eckdaten

600 Spezialisten139 Mio. € Umsatz

GESCHÄFTSFELDER

IT-Services & Cyber Security

Telco Solutions & Consulting

des Gesamtumsatzes6%

13.06.20184

Stand 2017: Unkonsolidierte Daten

TÜV Rheinland i-sec. Informations- und IT-Sicherheit.

Führender unabhängiger Dienstleister

für Informationssicherheit in Deutschland

Beratungs- und Lösungskompetenz in ganzheitlicher

Informationssicherheit – von der Steuerungsebene

bis ins Rechenzentrum inkl. betriebsunterstützender Leistungen

Exzellente Technologie-Expertise, umfassendes Branchen-Know-

how, Partnerschaften mit Marktführern

International zählen wir im Verbund mit unseren Schwester-

gesellschaften OpenSky und 2MC zu den wichtigsten

unabhängigen Anbietern

Zertifiziert nach ISO 27001 und ISO 9001

13.06.2018 ICT & Business Solutions5

TÜV Rheinland i-sec GmbH. Fakten und Zahlen.

Projekteinsatz an 25.000 Tagen in 2016.!

Standorte

Deutschland

Köln (HQ)

München

Gelnhausen

Saarbrücken

Hannover

Hamburg

Fachliches

Kompetenzteam

15 × Sales

20 × Security Engineering

60 × Management Beratung

45 × Professional Service

und Betrieb

Kernbranchen und

Sitz unserer Kunden

Finanzen

Automobil

Energiewirtschaft

Chemie/Pharma

Telekommunikation

Int. Mischkonzerne

Transport/Logistik

Öffentlicher Dienst

Handel

13.06.2018 ICT & Business Solutions6

Cloud Security

Enterprise Cloud Adoption

Hybrid Infrastructure

Identity & Access Management IoT Security

Network Security Industrial Security

Application Security Security Analytics & Detection

Endpoint Security Incident Response

Data Protection

Service Lines:

Governance & Strategy Business Continuity Management

Risk & Compliance Management Data Privacy

Information Security Management Systems

Digital Enterprise. Protected.

13.06.2018 TÜV Rheinland7

Ein umfassendes, globales Serviceportfolio zum Schutz digitaler Unternehmen.

Consulting

Services

Testing

Services

Managed

Services

Portfolio Kategorien:

Mastering Risk &

Compliance

Advanced Cyber

Defenses

Secure Cloud

Adoption

Consulting

Services

Testing

Services

Managed

Services

Service Typen:

Governance & Strategy Business Continuity Management

Risk & Compliance Management Data Privacy

Information Security Management Systems

Cloud Security

Enterprise Cloud Adoption

Hybrid Infrastructure

Identity & Access Management IoT Security

Network Security Industrial Security

Application Security Security Analytics & Detection

Endpoint Security Incident Response

Data Protection

Referent

WOLFGANG KIENER

Business Development Manager

TÜV Rheinland - Cybersecurity

Wolfgang.Kiener@i-sec.tuv.com

14.06.2018 Managed Threat Detection8

Status Quo: Threat Detection and Response

14.06.2018 Managed Threat Detection9

CYBER-

DEFENSE

GAP

DEFENDERS LOSING THE INNOVATION BATTLE1

Average total cost of a data

breach

Average cost per stolen

recordCost increase per record

100%

75%

50%

25%

0%

67% 56% 55% 61% 67% 62% 67% 89% 62% 76% 62% 84%

2005 2007 2009 2011 2013 2015

% w

he

re “

da

ys o

r le

ss”

ATTACKER

DEFENDERS

$4,31 Mio. $225 25%

2016: On average, it took respondents 242 days to spot a breach caused

by a malicious attacker, and further 99 days to contain it.

COST AND TIME FOR REMEDIATION IS HIGH AND RISING 2

MTTI MTTC

20

206 206

582

7

69 70

175

Minimum Mean Mediana Maximum

1 Verizon DBIR 2016 | 2 Ponemon Institute 2015

Reducing time to detect and contain incidents

Opportunities for improvement

Big Data

Analytics

Real-time security

insights across the

large and growing

data of the modern

enterprise

Emerging

Technologies

Machine learning

and behavior anomaly

detection beyond

traditional event

correlation

Enhanced Use of

Threat Intelligence

Integration of threat

intelligence correlation

across data sources

Visibility into

IoT & OT

Behavior based

analytics for Internet-

of-Things and

Operational

Technology

!

Risk-Aligned

Threat Detection

Focus detection on

top risks, accelerate

investigation and

response, and report

on capabilities and

operational metrics

14.06.2018 Managed Threat Detection10

Digitalisation is Progressing. Unstoppable.

Risks develop exponential as well.

14.06.2018 Managed Threat Detection11

Technical Development Know-How

The Great Train

Robbery, 1963

£ 2,631,684 $ 951,000,000

Bangladesh Bank/

Swift Heist, 2016

Risk Gap

INDUSTRY 4.0

Automation

Scalability and Interconnectivity

AI and Machine Learning

Agility

CYBER RISK 4.0

Attack automation

AI and Machine Learning

Attackers are agile

Complexity increases attack surface

Vulnerabilities are hardly to avoid

Cyber Risk = Business Risk

Risk-aligned threat detection approach

1 Identify top risks

Top Cyber Risks

4 Develop Analytics

Industry Risk Profiles

Enterprise Risk Register

2 Define related attack scenarios 3 Map threat activities

5 Monitor, Investigate & Respond 6 Capture Metrics & Inform GRC

14.06.2018 Managed Threat Detection12

Controls

ReductionImpact

Risk Prioritization

Many ways to prioritize risk – this example uses a scoring method and considers controls and residual risk

LikelihoodResidual

Risk

Inherent

Risk

ConfidentialityRisk

Statement1

2.5Integrity 4

Availability 1

Safety 4

Treat Means 4

3.0Treat Motive 1

Threat

Opportunity 4

7.5 4.7 2.8

ConfidentialityRisk

Statement4

1.8Integrity 1

Availability 1

Safety 1

Treat Means 4

4.0Treat Motive 4

Threat

Opportunity 4

7.2 5.1 2.1

14.06.2018 Managed Threat Detection14

Define threat activities by attack phase for the selected attack scenario

Models available to assist

Cyber Kill Chain CIS Community Attack Model MITRE ATT&CK Cyber Threat Framework

Preparation

Engagement

Presence

Effect/Consequence

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Execution

Collection

Exfiltration

Command & Control

Initial Recon

Acquire/Develop Tools

Delivery

Initial Compromise

Misuse/Escalate Privileges

Internal Recon

Lateral Movement

Establish Persistence

Execute Mission

Objectives

Reconnaissance

Weaponization

Delivery

Exploitation

Installation

Command & Control

Actions on Objectives

14.06.2018 Managed Threat Detection15

Unfetter – NSA tool that utilizes ATT&CK

14.06.2018 Managed Threat Detection16

Develop and documenting threat analytics

Threat activity

Analytic name

Analytic description

Key risk indicator

Data sources

Required data

Analytics (platform specific)

Threat detection guidance

Notes

Map to risk statements

Author

Date

EXAMPLE: THREAT ACTIVITY – LOGIN WITH COMPROMISED CREDENTIALS (EXPLOIT PHASE)

14.06.2018 Managed Threat Detection18

Risk-Aligned Threat Detection

14.06.2018 Managed Threat Detection19

Information Security

IT-Security

Cyber

Security

Require-

ments

Risks

Log Data

Metrics

GRC

SOC

Metrics &

Reporting

Security Relevant

Informationen

Incident

Management

Reports

Trends

BCM

Risk Management

Sensors

Security Intelligence

Flow Data

Compliance

ISMS

Trend/

History!

!

! Relevant Deviations

Conclusion

Benefits of risk-aligned threat detection

Better focus on threat activity that matters most to the organization

Reduced time to detect and contain incidents

Improved risk management program

Opportunities to automate investigation and response activities

More context and clarity about detected threat events

14.06.2018 Managed Threat Detection20

TÜV Rheinland. Who are we?

14.06.2018 Managed Threat Detection21

$2.3 Billion

Privately Held

144 Years Old

500 Locations

69 Countries

19,320 people

The digital transformation will be defined by the use of “cyber-physical” systems.!

Protecting society since 1872

Industry 1.0

Mechanical

Production

Industry 2.0

Mass Production

& Electricity

Industry 3.0

Electronic &

IT Systems

Industry 4.0

Cyber-physical Systems,

Social, Mobile, Analytics, Cloud

TÜV Rheinland ICT & Business Solutions. Cybersecurity.

14.06.2018 Managed Threat Detection22

400 Security Experts

€ 68 Mio. € Revenue 2016

HQ´sCologne / Boston / London

Core Industries

Finance, Automotive

Chemie & Pharma, Energy, Telecommunication

Regions

Germany, USA, UK, Golf Region, APAC as Growth Case

Vielen Dank!

Wolfgang Kiener

Business Development Manager – Cybersecurity

www.tuv.com/informationssicherheit