MENA Digital Security Operations Center (DSOC)

Unleash the power of DSOC to

secure your digital ecosystem

(IT, OT and IoT)

Powered by EY’s award winning

cyber analytics platform

Wh

at’s

insi

de

2 | Unleash the power of DSOC to secure your IT, OT and IoT environment

03 | Benefits and risks of digital transformation

04 | Introducing MENA DSOC

08 | EY differentiators

Unleash the power of DSOC to secure your IT, OT and IoT environment | 3

In today’s transforming business world, organizations are

becoming increasingly reliant on digital technologies to run

their operations and services. Digital technologies such

as Internet of Things (IoT) or Machine-to-Machine (M2M),

blockchain, mobility, cloud computing, big data and analytics

among others bring in huge benefits to organizations.

In addition, the convergence with legacy systems,

especially the adoption of Industrial IoT (IIoT), to provide

competitive or operational advantage is high on the priority

of most organizations. This convergence of IT, operational

technology (OT) and IoT is accelerating a set of unique and

unmitigated risks; as a result, cyber monitoring, as sense

capability, is becoming increasingly important.

Digital risks might become the major road

block in your digital journey

Today, organizations across various industries openly

acknowledge cyber-attacks as one of the most prominent

digital risks they face. Traditional security techniques are no

longer relevant as organizations endeavor to make their

systems smart and automatic, which essentially means

convergence of systems, more connected nodes and data

sharing. Subsequently, organizations are becoming

increasingly vulnerable to cyber attacks due to their

increased digital footprint beyond traditional boundaries.

EY Global Information Security Survey 2016

of responders have had a recent

significant cybersecurity incident.57%To counter this trend, organizations need to be innovative.

The approach to cyber protection must evolve from

trying to prevent all threats into that of building strong

sense and resist capabilities. Gartner predicts that, by

2020, 60% of enterprise information security budgets will

be allocated for rapid detection and response approaches,

up from less than 30% in 2016.

Convergence

of IT, OT and

IoT systems

Digital

innovation

outpacing

cybersecurity

measures

Network

ubiquity

Increased

sophistication

of cyber

attacks

Increased

attack surface

area through

connected

devices

Rapid

adoption of

digital

technologies

Drivers of

digital risk

The rapid adoption of digital increases your exposure

to cyber attacks

Benefits and risksof digital transformation

4 | Unleash the power of DSOC to secure your IT, OT and IoT environment

Leverage MENA Digital Security

Operations Center (DSOC) to address

cyber threat points in your digital

ecosystem

Organizations around the world have previously focused on

monitoring the IT environment. EY believes it is important

to empower the sense capability and provide a holistic

digital view by monitoring IT, OT and IoT systems.

EY’s MENA DSOC is a 24/7 cybersecurity monitoring

service. It provides the capabilities of a traditional SOC

through using advanced analytics and helps organizations

address advanced cyber attacks arising from emerging

digital technologies and converged digital ecosystems.

EY achieves this by using the exclusive Cyber Analytics

platform built on a large-volume data-processing

architecture.

The Cyber Analytics platform leverages the network

anomaly detection technology, PathScan. The R&D 100

Conference 2016 was recently awarded to EY and Los

Alamos National Laboratory (LANL) for the development of

this world-leading solution. It combines batch and real-time

processing, enabling anomaly detection capabilities based

on mathematical and statistical modeling. DSOC therefore

facilitates proactive breach hunting by converging data

science with security operations, thereby supporting

organizations to trigger early indicators of compromise.

A key advantage of deploying EY’s DSOC and Cyber

Analytics platform is using data science to accelerate

deployment and detect advanced attacks. This is achieved

through using patented data science to identify key stages

of the kill chain including reconnaissance, lateral

movement and data staging.

MENA DSOC analysts are able to monitor actively an attack

throughout its lifespan and provide valuable insights for

focused countermeasures and remediation.

Introducing MENA DigitalSecurity Operations Center (DSOC)

Client EY

Clients getsolutions to their

most difficultproblems fromthe world's toplaboratories.

EY values arigorous,

independent andcollaborative R&Dfunction alignedto the needs of

the market.

LANL is atits best when

partners expect large,disruptive, high-impactsolutions to technically

complex andmultidisciplinary

challenges

Integrated service: Los Alamos R&D, customized by EY for your business

Innovative approach

Targeted innovation needStrategic relationships with researchers

Unleash the power of DSOC to secure your IT, OT and IoT environment | 5

EY has developed the DSOC that leverages an exclusive partnership with Los

Alamos National Laboratory (LANL) to address the following challenges:

Domain Issue EY DSCO solution

Security

monitoring

Lack of threat-focused, proactive monitoring

• Detect lateral

movement,

reconnaissance

and data staging

• Holistic

ecosystem

coverage

Cyber monitoring team is not focused on detection and threat analysis

Monitoring rules inadequately tuned, with too many false positives

Monitoring teams overwhelmed with events

No aggregated source of log data to enable efficient security monitoring, including

event correlation

Incomplete coverage (e.g., some versus all egress points are monitored)

Incident

response

Inconsistent incident handling across the enterprise (e.g., IR teams operating

in silos)• Allows focused

incident

response

• Provides

forensic replay

for

accelerated

response

Lack of procedures and training for first-responder actions

No defined incident response process

Log data not available to conduct efficient and/or complete investigation

Lack of forensic capabilities to conduct thorough, efficient investigation

Lack of external communication plans, including those with vendors, customers

and the general public

Threat

intelligence

Companies have so much data to manage that it becomes hard to find the “needle

in the haystack” (ie. The real attack)• Data science allows

independent, threat

focused approach

• Allows threat

hunting and

tracking of threat

actors in the

environment

External threat feeds of indicators of compromise are rarely tuned to the business

Alerts for threat conditions consider external trends, not the existing

capabilities to deter

Attacker techniques change and will outdate the intelligence you have on them

Information ages and may quickly become irrelevant

0 1 1 0 0 0 1 1 1 0 0 1 1 0

0 1 1 1 1 1 0 0 0 0 1 0

0 0 1 0 1 0 1 0 0 1 1

1 0 1 0 1 1 0 0 1

0 0 0 1 0 1 0 0

1 1 1 0 0 0 0 0

6 | Unleash the power of DSOC to secure your IT, OT and IoT environment

A detect and respond capability that lets you sense and resist advanced cyber attacks

across your ecosystem

Challenges posed by digital convergence and building a new in-house SOC can be eliminated by adopting an outsourced

DSOC model which is based on an on-site data architecture with remote monitoring.

Organizations could reap many benefits by choosing EY’s DSOC over in-house deployments. EY’s DSOC can augment the

capabilities of an organization by working with the existing cyber security personnel, proving them 24x7 coverage.

MENA DSOC service has redefined security operations to meet the next generation of emerging cyber threats across the

entire digital ecosystem. EY’s DSOC delivers maximum value to your business by complementing the technical components

with scalable and managed “people” and “process” functions. The DSOC service will help you to achieve highly mature

security monitoring capabilities in just a few weeks with complete digital ecosystem visibility.

Benefits of MENA DSOC

• Patented Data Science — enables detection of reconnaissance, lateral movement and staging activity

• Accelerated deployment — installed and configured in a matter of weeks

• Award winning and world-leading Cyber Analytics platform

• Reduced cost and less resource requirements

• Scalable and flexible

• Increased compliance with legal requirements and industry standards

• State-of-the-art infrastructures with best of breed technologies

• Access to open source and commercial threat intelligence data

• Variety of skill-sets across the DSOC ensures employees are engaged and always developing themselves, resulting in

less turnover or churn

• Effectiveness (24/7) and performance (faster response)

0 0 1 0 1

1 1 0 1 1

0 1 1 0 0

1 1 0 0 1

0 0 0 1 0

0 1 0 0 1

Operational Technology (OT)

Internet ofThings (IoT)

InformationTechnology (IT)

1 1 0 1 1 0 0 0 0 1 0 1 1 1 1

1 1 1 1 0 0 1 0 1 0 0 0 0 0 0

EY DSOC

Unleash the power of DSOC to secure your IT, OT and IoT environment | 7

DSOC delivery model

EY’s DSOC encompasses the entire digital ecosystem, providing a detect and respond capability across traditional IT systems,

core OT systems and the IoT. The delivery model consists of the following core elements:

Platform — A Hadoop big data platform is used by EY to host the PathScan analytics, which is maintained by EY

to provide agnostic integration between technologies. It is an easily extensible environment, customized to suit a

client's growing needs in their environment

Cybersecurity incident response — EY DSOC has highly trained Cybersecurity analysts that use Cyber Analytics to

provide 24X7X365 monitoring, triage and incident response. The DSOC will also play a part in breach response,

saving time, cost and money — something that is absolutely vital during major incidents.

Threat intelligence and threat management platform — With Cyber Analytics EY further invests in customized

threat intelligence through a dedicated team in the DSOC. The Threat Management team use Cyber Analytics to

hunt for deliberately planned attacks and to identify and eradicate hidden threat actors, along with tailored

deception tools.

DNS

CISO/Security Manger

EY Cyber Analytics platform

EY Account Security Advisor

Metadata

Databases Antivirus Servers IDS/IPS Firewalls NetFlow

Enterprise Service Management

EYDSOC

24x7x365

VPN

Client premises

Client premises

• SRT — incident response

• Requests for information

• Provide reports

• Incident response

• Requests for information• Ticketing of Incident Alerts

SIEM

Advanced Cyber Analytics — leverages the award-winning PathScan technology, a network anomaly detection technology that seeks to identify network reconnaissance, lateral movement and data staging. EY has integrated PathScan into a technology service that is at the core of providing advanced threat detection.

EY differentiators How we accomplish this Value

EY Cyber

Analytics

platform

• EY has an exclusive and collaborative arrangement

with Los Alamos National Laboratory (LANL) with

world-leading cyber analytics

• EY deploys this global award winning technology

to client ecosystems to provide complete coverage

in order to detect the most advanced attacks in a

cost efficient manner with ease of integration into

environments

• Monitoring is based on the following attack

variants:

• Lateral

• Reconnaissance (via horizontal and vertical

scanning)

• Data staging

• Enabler to deliver optimized major incident response

and forensics

• Detects attacks through self learning

statistical models that no SIEM or other

cyber monitoring technology in the market

can do today

• Employs machine learning and cyber data

science

• Ease of integration through NetFlow and

DNS without agents

Service

management

function via

an EY Account

Service Advisor

• A dedicated Account Security Advisor who will

have a deeper understanding of your business

function and environment

• Technology integration and service

transition

• Executive meetings for effective validation

of incidents

• Oversight of SLOs and act as a single point

of escalation for all service related issues

Accelerated

operationalization

• Pre-packaged platform accelerates deployment

• Machine learning capabilities enables

accelerated operational functionality

• Agent-less solution

• Reduced project transition costs

• Operational readiness

• Short deployment time and limited change

to environment

8 | Unleash the power of DSOC to secure your IT, OT and IoT environment

EY differentiators

Holistic coverage • The DSOC encompasses a holistic ecosystem by

focusing on the convergence of technology

from all sources, such as traditional IT systems,

core operational technology (OT) systems and

Internet of Things (IoT)

• Forensic analysis using replay capabilities

• Enhanced investigation of attack chain

Puts focus on the

most critical

assets

• Ability to detect undiscovered threats through

monitoring anomalies

• Unique patented technology which is tried and

tested having protected the most sensitive US

government networks.

• Custom weighting to reflect unique business risks

• Ability to focus on actual threats as time

is not spent investigating false positives

• Ability to trace the attack to understand

the path the attacker is taking and the

assets they are after

Extensible

and scalable

architecture

• Proven and tested big data architecture

• Agnostic hardware platform

• Commercial off the shelf storage allows stability

• Comprehensive data ingestion and long term

storage capabilities

• Leverages existing client hardware

configurations

• Leverages existing storage capability

• Big data clusters allows improved reliability

• Predictable cost profile

Dedicated OT and

IoT experts

• Deep understanding of OT and IoT technologies

and protocols

• Centers of excellence and regional SMEs in OT

and IoT

• Ability to discover OT and IoT dedicated attacks

Unleash the power of DSOC to secure your IT, OT and IoT environment | 9

EY differentiators How we accomplish this Value

10 | Unleash the power of DSOC to secure your IT, OT and IoT environment

Global security monitoring

EY has invested in many Centers

of Excellence around the world,

including:

• Security Operations Centers

• IoT/OT Center of Excellence

• Advanced Security Centers

• Digital Analytic Centers

• Los Alamos National Laboratory

• EY has been recognized in the industry as an information security thought leader in the latest Forrester Wave™ Information

Security Consulting Services and recently awarded winner in R&D top 100 global awards for Cyber Analytics. We provide

holistic security advisory services for our clients consistent with leading industry standards and guidelines.

• We provide more than knowledge; through our methods, substantial asset base and team of 7,000 global

cybersecurity professionals, we provide true cybersecurity leadership.

“We bring together the best of our Global cybersecurity specialists to help our clients thrive and solve the challenges of the transformative age.”

Insights

Actively defending against cyber attacks is the only way to get ahead of cyber criminals and gain the trust of your

customers. Insights on cyber security is an ongoing series of thought leadership reports focused on IT, OT, IoT and

other business risks, and the many related challenges and opportunities. These timely and topical publications are

designed to help you understand the issues and provide you with valuable insights about our perspective.

To learn more about EY’s efforts to anticipate and manage the ever present threat of cyber attacks, please visit us

on http://www.ey.com/gl/en/services/advisory/ey-cybersecurity

Cybersecurity and the

Internet of Things

www.ey.com/IoT

Managed SOCEY’s Advanced Security

Center; world class

cybersecurity

working for you

http://www.ey.com/SOC

Using Cyber Analytics

to help you get on top of

cybercrime

www.ey.com/3SOC

Path to cyber resilience:

Sense, resist, react. has

launched!

www.ey.com/GISS

ASC

EY’s SOC

EY’s DSOC

Los AlamosNational Laboratory

Our specialties include:

• Holistic ecosystem coverage

• Speed of deployment — 8 weeks to operation

• Cyber Artificial Intelligence

• Focus on the most important environment anomalies

Unleash the power of DSOC to secure your IT, OT and IoT environment | 11

MENA DSOC Contacts

Clinton Firth

Cybersecurity Leader, MENA

clinton.firth@ae.ey.com

+971 50 213 7094

Regional contacts

Saudi ArabiaGlen ThomasGlen.Thomas@ae.ey.com+966 59 447 8654

UAESam Foroutanisam.foroutani@ae.ey.com+971 50 625 2263

QatarOmar Sherinomar.sherin@qa.ey.com+974 666 10746

OmanMohamed Nayazmohamed.nayaz@om.ey.com+968 99429679

EgyptAkram Reda akram.Reda@eg.ey.com+202 272 60260

Kuwait/BahrainSourabh Sharmasourabh.sharma@kw.ey.com+965 9400 2430

Jordan/LebanonSalam Shouman salam.Shouman@jo.ey.com+962 6 580 0777

EY | Assurance | Tax | Transactions | Advisory

About EY

EY is a global leader in assurance, tax, transaction and advisory

services. The insights and quality services we deliver help build trust

and confidence in the capital markets and in economies the world

over. We develop outstanding leaders who team to deliver on our

promises to all of our stakeholders. In so doing, we play a critical

role in building a better working world for our people, for our clients

and for our communities.

EY refers to the global organization, and may refer to one or more,

of the member firms of Ernst & Young Global Limited, each of which

is a separate legal entity. Ernst & Young Global Limited, a UK

company limited by guarantee, does not provide services to clients.

For more information about our organization, please visit ey.com.

The MENA practice of EY has been operating in the region since

1923. For over 90 years, we have grown to over 6,000 people

united across 20 offices and 15 countries, sharing the same values

and an unwavering commitment to quality. As an organization,

we continue to develop outstanding leaders who deliver exceptional

services to our clients and who contribute to our communities.

We are proud of our accomplishments over the years, reaffirming

our position as the largest and most established professional

services organization in the region.

© 2017 EYGM Limited.

All Rights Reserved.

EYG no. 05953-172GBLED None

This material has been prepared for general informational purposes only and is not

intended to be relied upon as accounting, tax or other professional advice. Please refer

to your advisors for specific advice.

ey.com/mena