Accenture Cyber Security Transformation - DSS …event.dss.lv/sites/all/themes/dss/presentations_2015/session_4/2015...Accenture Cyber Defense services enable our clients to detect,

Accenture Cyber Security Transformation October 2015

2 Copyright © 2015 Accenture All rights reserved.

Today’s Presenter

Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting practice. His role is to lead Accenture's Cyber Defense domain in the Nordics. He has over 10 years of experience in delivering security solutions to different customer segments from strategic to technical perspectives. He has been a responsible and a delivery lead in multiple security transformation programs as well as large scale identity and access management (IAM) and security analytics delivery projects.


Accenture Security and our Nordic practice

Nordic Security Prac/ce • Nordic Security Team: 140+ • Globally: 3000+ (500+ from GDN) •  Service areas:

• Assess and Architect • Digital IdenCty • Cyber Defense • Managed Security •  Emerging Technology Security

3

4 Copyright © 2015 Accenture All rights reserved. 4 Copyright © 2015 Accenture All rights reserved.

Today’s Topic

Q: How to transform Cyber Security?


The Cyber Security Challenge Organizations struggle to manage threats to their business

Compliance is simply not enough

A reactive security incident management is overwhelming

Threats from downstream supply chain are difficult

to manage

Scaling Defenses is a struggle


Our Approach

Focus on what matters most Reduce the frequency and impact of threats

Demonstrate measurable business value



Our Approach





Opportunity Areas for Transforming Cyber Security

High performing organizations maximize the value of their Cyber Security investment by developing strong Cyber Security capabilities that are well-aligned with business needs.

OPTIMIZED •  Rationalized cyber security services

optimized for business needs •  High levels of integration of capabilities

across the organization

UNSTRUCTURED •  Lack of focus and priority by business and

IT leadership •  Limited Cyber Security capabilities based

on inadequate solutions

MISALIGNED •  Over-engineered solutions •  Poorly defined and/or complex IR processes •  Heavy infrastructure, and limited application

focus

Immature Mature

Loosely Aligned

Well Aligned

Cyber Security Capability

Business Alignment

Focus areas: •  Assessing and standardizing

existing capabilities •  Decommissioning redundant

systems

Focus areas: •  Evaluating emerging

technologies •  Strategy & release planning •  Evaluating cost

containment tactics

Focus areas: •  Process reengineering •  Functionality

enhancements •  Communications, training,

and awareness

Focus areas: •  Program mobilization and

capability planning •  Building out Cyber Security core

services

FRAGMENTED •  Redundant processes and technologies

implemented throughout the organization •  Custom solutions often “baked in” to

infrastructure


Defining Cyber Security Operating Model Overview A Cyber Security Operating Model describes the capabilities and processes needed for an effective Cyber Security program

Incidents

Alerts

Focused Monitoring Requests

Vulnerability Context

Cyber Security Governance

Service Performance Management

Data Collection and Enrichment

Data Visualization

Operational Normalization

Algorithmic Data Modeling

Data Quality Management

Vulnerability Identification

Remediation Tracking

Vulnerability Prioritization and Reporting

Threat Modeling

Threat Analysis

Intelligence Exchange

Intelligence Gathering

Security Monitoring

Event Triage Prioritization and Reporting

Compliance Monitoring

Log Management

Vulnerability Context

Threat Intelligence Operationalize

Analytics Events

Continuous Improvement

Containment

Confusion

Disruption

Automation

Identification and Triage

Communication

Forensic Analysis

Recovery Response


Threat Intelligence

Triggers

Threat Intelligence

Advanced Security Analytics

Threat Intelligence

Active Defense

Security Incident Management

Operational Monitoring

Vulnerability Management

Supporting Functions

Govern Integrate Manage Improve


Operational Normalization

Data Quality Management

Data Collection and Enrichment

Algorithmic Data Modeling

Data Visualization

Threat Intelligence

Threat Modeling

Threat Analysis

Intelligence Exchange


Prioritize and Predict

Contextual Foundational


Security Monitoring

Event Triage

Prioritization and Reporting

Compliance Monitoring

Log Management

Security Incident Management

Identification and Triage

Forensic Analysis

Communication

Response

Recovery

Prepare, Detect, and Respond


Vulnerability Identification

Remediation Tracking

Vulnerability Prioritization and Reporting

Active Defense

Containment

Confusion

Disruption

Automation

Automate

Adaptive


Our View: Many clients are at contextual awareness point in their Cyber Security journey

A typical Cyber Security journey will help organizations gain control, reduce threats, and then drive additional value to the business. Most Organizations today should be already at the contextual awareness point of this journey.

Adaptive Threat Management Contextual Awareness

Objective

Establish capabilities to enable detection and response to known attack vectors

Objective

Develop deep contextualization of security events, uncover advanced threats early

Objective

Deploy a flexible control model to proactively deter attacks by increasing the attacker’s cost

Foundational Capabilities

CAPABILITIES CAPABILITIES CAPABILITIES

•  Define core metrics for program success •  Form security operations center (SOC) and

incident response (IR) teams •  Develop incident response processes and

procedures •  Collect system logs and network traffic

•  Develop vulnerability management and threat intelligence capabilities

•  Secure business application development •  Supplement SOC with breach hunters looking

to identify early- stage attacks •  Deploy a big data advanced analytics platform

•  Supplement SOC with data science capabilities

•  Optimize SOC based upon performance metrics

•  Orchestrate and automate responses •  Share threat intelligence information


Our Approach




Big Data Capabilities •  Cheap, scalable, schema-less storage •  Computing power for processing across data

types •  Distributed computing power

Security Analytics Capability Model

Data-driven & tested decision-making

Continual process improvement opportunity

Scientific method approach to operational awareness

Ability to respond more effectively – improve real-time operational capabilities

Understanding of previous decisions and their effects

Current security offerings focus on the “what happened” or “what’s going on now” questions of security. Security practitioners need to be able to answer the “how”, “why”, “what else”, and “what might” questions.

Analytical Security (how, why, what else, what might?)


Value

Solution

Technical Enablers

Business Driver


Our Approach





The Business Value Model provides the ability to communicate technical capability and performance in business language The Business Value Model demonstrates how information security enables, supports and aligns with business goals and objectives and provides two-way traceability from business requirements to technical controls and back

Cyber Security Operational Management

Cyber Security Business Value Model Business Strategy Opportunities

and Threats Business Processes

Compliance Drivers

Business Requirements

Business Drivers for Security

Business Attributes Taxonomy Threat & Risk Models

Metrics


Case Study: A Large Financial Services Company in the Nordics


Remediate Key Audit items Assess Threats and Vulnerabilities Implement technical controls to secure business

Final Opportunity to lower the overall cost Implement Security capabilities to Enable the business

Secu

rity

busi

ness

val

ue

Apr 2014 Jun 2014

Aug 2014

Sep 2014 Nov 2014

IDM transformation & development

Centralized SIEM/log management

Security capability assessment & business case

Assessment results: •  Baseline •  Developme

nt areas

Mar 15

Case Study: Security transformation program for a large financial services company Security transformation program has helped our client to define security baseline, adopt constant development mindset, seek effectiveness/cost savings from security related systems and processes that support business strategy.

IDM assessment

Dec 2014

SIEM/Log manage-ment 1st go live

Log management 2nd go live (extensions)

Apr 15

Security transformation program kick-off (H1/15)

Jun 15

Security transformation program first deliverables •  IVM/AVM pilot •  Employee

security awareness

•  Asset management

Jun 15

Log management 3rd go live (extensions)

Jul 15

Security transformation program (H2/15): •  Business case

renewal •  Extended

enterprise IAM

Oct 15

Security transformation program: •  Results

Nov 15

Security transformation program: •  Application

security •  Security as

a Service extension

•  IDM capabilities and gaps

•  IDM quick wins •  SIEM/log mgmt capabilities improvement for compliance

Strategy and assessment

Design and implement

Operate

Priorities •  Sec capabilities as-is and to-be •  Industry related threats

•  Dedicated program for sec transformation •  Long term constant development

•  Cloud strategy alignment with sec considerations •  Strategic sec investments

•  Log source extensions

•  IDM: effectiveness, cost savings, identity management process enhancement, user satisfaction •  SIEM/Log management : strategic integration roadmap, improved audit compliance, SOC/SIEM capabilities and models

•  New SOC features (pilot)


Next Steps…


Next Steps

Cyber Security Capability Maturity Model

Understand Maturity & Ensure Full Leverage

Bus

ines

s Va

lue

Quick Win

Quick Win

Misaligned

Strategic

Project A Project B

Project C Project D

A value driven transformation roadmap provides a comprehensive list of prioritized change initiatives that enable an organization to deliver incremental value

Maximize Cost-to-Serve & Business Value

Cyber Security Project Business Case Assessment

Investment

We can help organizations understand their existing Cyber Security capabilities and evaluate their change initiatives to develop a value-driven transformation roadmap and help driving that journey


Thank you!


Accenture Cyber Defense Services

Cyber Defense

Threat Intelligence




Security Incident Response

Transform Run Prepare

Indicator of Compromise Discovery Service

Cyber Security Capability Maturity Assessment

Penetration Testing

Vulnerability Assessment

Technology Architecture Health Check

Cyber Defense Process Engineering and Technology Deployment

Managed Cyber Defense Cyber Defense Rapid Deployment Kit

Cyber Incident Response

Capability Model Service Delivery Journey

Accenture Cyber Defense services enable our clients to detect, respond, and recover from cyber security attacks. We provide a full lifecycle of services built around a proven operating model and solution architecture.

Documents

Accenture Cyber Security Transformation - DSS …event.dss.lv/sites/all/themes/dss/presentations_2015/session_4/2015...Accenture Cyber Defense services enable our clients to detect,