Post on 24-May-2020
Unleash the power of CyberEYe to protect your assets
EY Cyber Threat Intelligence Platform
2 | CyberEYe — EY
In today’s transforming business world, organisations are becoming increasingly reliant on digital technologies to run their operations and services. Digital technologies such as the Internet of Things (IoT)/Machine–to–Machine (M2M), blockchain, mobility, cloud computing, big data and analytics among others bring in huge benefits for organisations.
Today, organisations across multiple industries are undertaking large scale digital transformation projects to enable the business to move at a much faster pace. Volumes of data continue to grow and an expectation that network ubiquity is the norm.
Examples include, projects and programmes delivering the convergence of traditional IT systems with OT (Operational Technology) systems to provide competitive or operational advantage is high on the priority of most organisations but with competitive advantage and opportunity comes new threats and risks that the organisation must be ready for.
A larger digital footprint means the organisation is a bigger target – the traditional perimeter is no longer – organisations need to be aware of their digital exposure. Limit it where they can whilst still enabling the business to continue at that accelerated pace.
Digital transformation draws huge benefits and risks
Drivers ofdigital risk
Increased attack surface area through connected
devices
Digital innovation outpacing
cybersecurity measures
Rapid adoption of digital
technologies
Convergence of IT, OT and IoT systems
Increased sophistication of
cyber attacksNetwork ubiquity
ENISA, Threat Landscape Report, 2017
99%of vulnerabilities exploited are known to security/IT professionals for at least one year.
To counter this trend, organisations need to be innovative. Cyber protection must evolve from just picking up the pieces after cyber attacks and fortifying the IT infrastructure to taking the initiative against cyber opponents, by staying ahead of them and knowing when and where they could hit.
How to address digital risk
• Leverage advanced capabilities to provide visibility of threats
• Establish appropriate digital risks and cybersecurity governance
• Understand organisation’s threat environment and enable active defence
• Leverage cyber threat intelligence
• Establish rapid threat detection and response approaches
• Monitor and secure not only IT systems but also OT and IoT systems, on a 24x7 basis
• Establish recoverable environment capable of handling planned/unplanned events
• Manage the behavioural and cultural change effectively
The rapid adoption of digital increases your exposure to cyber attacks
Unleash the power of CyberEYe to secure your assets | 3
Proliferation of data and the drive to embrace digital means that the IT infrastructure of global organisations is ever increasing.
Data has been billed as the ‘new oil’ – its value to the organisation is invaluable. However, its not just appealing to the organisation to whom that data belongs, but also to Threat Actors who want that data for more unconventional means such as seeking commercial advantage in areas such as industrial espionage to organised criminal gangs wanting payment card information in order for it to be sold on underground black markets. Leveraging technology to track and identify compromised data is one way an organisation can protect itself in this space.
Leverage EY Cyber Threat Intelligence Platform to address cyber threat risks across your digital ecosystem
EY has developed CyberEYe to address your challenges:
Benefits for EY clients• Allows an organisation to take a proactive approach to
remain ahead in the race against cyber hackers
• Get an overview of how your infrastructure is exposed and be able to anticipate potential avenues of attack on your internet facing systems
• Real-time view of findings
• Generates a graph that highlights all the possible attack vectors that were found
• The amount of available information online is gigantic
• A lot of information which should be confidential is publicly accessible to anyone motivated
• CyberEYe scans public information sources to identify client related information
• No aggressive scans are performed on the client’s infrastructure
• It checks the deep/dark web by analysing exchanged information on hacker blogs, mailing lists, etc.
• Able to search for leaked documents in multiple languages
• The resulting information is available on the CyberEYe web platform
• Data Visualization Abilities provide insights on real–world attack scenarios to which EY customers are exposed
• The innovative graph tool allows to explore threat scenarios to understand what and were there are vulnerabilities.
• No need for technical knowledge to browse through the results
• The CyberEYe data collection can be interconnected with other services to enrich them.
• Alerts raised in case of critical cyber findings
• This massive amount of data is unstructured and therefore unusable by its own
• Information gathered is therefore classified and enriched
• This allows to regroup the information and create a complete knowledge graph
• With this data correlation, even seemingly benign data can lead to vulnerabilities and attack paths
• With its deep learning capabilities, CyberEYe can understand and analyse public videos
Information gathering
Data Correlation
Reporting
EY Cyber Threat Intelligence Platform, CyberEYe, gives companies a clear assessment of their current cyber exposure and allows organisations to immediately react to any breaches of sensitive information, protecting the brand and reducing any fall out.
4 | CyberEYe — EY
Digital transformation is leading to a convergence of ecosystems with operational technology systems and traditional IT systems are being interconnected. This combined with the introduction of new IoT devices results an increase in potential threats and a need to keep a clear understanding of your exposure to anticipate events. Businesses are changing, embracing new technologies; if we want to properly predict attacks against ourselves we need to do likewise.
CyberEYe uses its distinct design to approach vulnerability detection, not by looking at the problem from the inside and how you can defend yourself, but rather from the outside to understand how and when a vulnerability occurs
Organisations can reap many benefits by choosing EY Cyber Threat Intelligence platform such as helping an organisation and executives to focus their efforts on strategic business goals and other high value concerns.
Leverage EY Cyber Threat Intelligence Platform to address cyber risks in your digital ecosystem
Benefits of using CyberEYe• Leveraging AI to identify attack vector
• Detect the use of shadow ITR
• EY knowledge database is constantly enriched with crawlers looking for new open source information
• Can increase use efficiency of other security services
• State–of–the–art technologies and knowledge with no deployment delays
CyberEYe meets the next generation of emerging cyber–threats across the entire digital ecosystem with its attack prediction capabilities. It helps to add value to your business by helping it stay ahead of cyber threats.
CyberEYe Solution
Cyber Exposure Snapshot — One–Time
assessment
Daily KPIs on organisation’s exposure
on the Internet via Managed Service
Key Individual exposure surveillance
Operational risks detection and alerting
(physical security, infrastructure
vulnerabilities etc.)
Sensitive data leak detection and alerting
(Consumer data, Intellectual property
etc.)
The Cyber Intelligence Program helps EY clients create value through their day–to–day operation
Reduction of financial risks and
economic loss
More proactive cyber posture and better visibility for
board
Reduction of privacy risk and data
exposure
Improving compliance and response ability
Better cyber awareness and
education
Benefits for EY clients
What it can do for you
How can EY help you?
• Do you understand cyber risks and its adverse impacts on employees, citizens and other stakeholders?
• Can you determine how digital threats can affect your organisation?
• Do you grasp of the hole extent of what assailants know about you?
EY can aid you in improving on these subjects
6 | CyberEYe — EY
CyberEYe uses its smart web crawlers to gather the following type of information available online:
• Infrastructure discovery: published services, technologies and versions in order to detect vulnerabilities that could help anattacker get a control of the information system.
• Sensitive data leakage: any confidential data and/or document that are publicly available on the internet. Also, any compromised credentials in hacked database of online plateforms (Linkedin, Dropbox, etc.) of employees.
• Reputation: any malicious behaviour (botnet, C&C, etc.) for an IP address and/or URL related to the client’s information system.
What CyberEYe does
Deploy to productionIdentify the Crown Jewels
Service methodology
Identify the core assets of the organisation to protect from Internal and external threats
Collect
Led by the EY Cyber Threat Analyst, with participation from client, the objectives are as follows:
• Understand the risks
• Understand the needs and expectations
• Define the objectives
• Identify the core assets to protect (Data, People, Infrastructure etc.)
Acquisition of big amount of data from different qualified sources
Integrate
Correlate
Analyse
Graph Mining
Automation leveraging
Deep Learning
techniques
Daily KPIs on organisation’s exposure on the Internet
Cyber Surveillance on the attacks targeting the organisation’s employees and VIPs
Operational risks detection and alerting (ransomwares, vulnerabilities etc.)
Data Breach detection and alerting (deep: dark webs, online share platforms, social networks etc.)
CyberEYe crawlers*
Commercial Feeds
Open KnowledgeBase
OSINT (Open Source Intelligence)
DarkWeb
EY Business knowledge
CyberEYe
*Crawlers are automated agents thatbrowse the web in search of information
Unleash the power of CyberEYe to secure your assets | 7
CyberEYe’s Interface
CyberEYe can be leveraged to provide a one off, point in time assessment or can be consumed as a subscription based service.
The service will deliver results in near real time with the information made available in a internet based portal.
All data is stored within the EU and has the appropriate safeguards to facilitate its ongoing confidentiality and availability.
1 2
Summary Overview
The information collected is made available in the portal on a near real time basis. A summary page gives a clear overview of the indicators of compromise that have been identified using the preconfigured web crawlers.
3 4
Video Tab
CyberEYe also offers a video analysis and capability that leverages machine learning and artificial intelligence to correlate various sources of intelligence from multiple sources to identify possible attack vectors.
Detailed Page by Page views
CyberEYe allows the end user to drill down on specific intelligence sources to view potential indicators of compromise. This includes leaked credentials, documents that are available on the internet and also exploitable vulnerabilities on the clients internet facing infrastructure.
Real time reporting – helping reduce your Cyber exposure.
8 | CyberEYe — EY
EY differentiators
EY Differentiators How EY accomplishes this Value
Dedicated Cyber and
Risk experts
• Deep understanding of OT and IoTtechnologies and protocols
• Professionals with knowledge of working with EY clients and building their Threat Intelligence programmes
• Centers of excellence and regional SMEs in OT and IoT
• Ability to base the intelligence collection programme on the organisations requirements confirming information becomes intelligence
Global network and multi–
language threat analysis
capability
• Deep–learning algorithms and trained neural networks.
• CyberEYe understands and cross–references multiple languages.
• Data analysis and collection from multiple sources regardless of the language.
Extensible and scalable
• Proven and tested architecture and algorithms
• Commercial of the shelf storage allows stability
• Broad data ingestion and long term storage capabilities
• Leverages EY storage capability
• Bog data clusters allows improved reliability
• Predictable cost profile
Ability to identify, parse and process unstructured
data
• By leveraging our relationship with INRIA, the French Institute for Research, Computer Science and Automation.
• Ability to correlate large volumes of information from various intelligence sources
• EY Neural networks are capable of analysing video feeds and recognize logos and assets
Can be consumed as part of a stand alone service or part of a wider set of managed
services provided by EY
• Ability to detect undiscovered indicators of compromise
• Custom weighting to reflect unique business risks
• Ability to focus on actual threats as time is not spent investigating false positives
• Ability to trace the attack to understand the path the attacker is taking and the potential assets they are after
If you were under cyber attack, would youever know?As many organisations have learned, sometimes the hard way, cyber attacks are no longer a matter of if, but when. Hackers are increasingly relentless. When one tactic fails, they will try another until they breach an organisation’s defenses.
At the same time, technology is increasing an organisation’s vulnerability to attack through increased online presence, broader use of social media, mass adoption of mobile devices, increased usage of cloud services, and the collection and analysis of big data. Our ecosystems of digitally connected entities, people and data increase the likelihood of exposure to cybercrime in both the work and home environment. Even traditionally closed operational technology systems are now being given IP addresses, enabling cyber threats to make their way out of back–office systems and into critical infrastructures such as power generation and transportation systems.
For EY Consulting, a better working world means solving big, complex industry issues and capitalizing on opportunities to provide outcomes that grow, improve and protect EY clients' businesses. EY teams have shaped a global ecosystem of consultants, industry professionals and collaborators with one focus in mind — you.
Anticipating cyber attacks is the only way to be ahead of cyber criminals. With EY focus on you, EY teams ask better questions about your operations, priorities and vulnerabilities. They then work with you to co–create more innovative answers that help you activate, adapt and anticipate cyber crime. Together, EY teams help you deliver better outcomes and long–lasting results, from strategy to execution.
EY believes that when organisations manage cybersecurity better, the world works better.
So, if you were under cyber attack, would you ever know? Ask EY.
The better the question. The better the answer. The better the world works.
Your key contacts
Unleash the power of CyberEYe to secure your assets | 9
Marc Ayadimarc.ayadi@fr.ey.com+33 6 07 70 71 59Paris, France
Olivier Patoleolivier.patole@fr.ey.com+33 7 62 02 18 90Paris, France
Andy Saundersasaunders4@uk.ey.com+44 7392 105 941London, UK
Alex Campbellacampbell2@uk.ey.com+447437434117London, UK
MENA contacts
Clinton FirthCybersecurityLeader, MENAclinton.firth@ae.ey.com+971 50 213 7094Dubai, UAE
Glen ThomasDubai, UAEGlen.Thomas@ae.ey.com +966 59 447 8654Saudi Arabia
Mohamed Nayazmohamed.nayaz@om.ey.com
+968 99429679Muscat, Oman
Tony El Haiby tony.elhaiby@ae.ey.com+971 56 547 6606Abu Dhabi, UAE
EY | Assurance | Tax | Transactions | Advisory
About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
© 2018 EYGM LimitedAll Rights Reserved.
EYG no. 011734-18Gbl
ED none
This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.
ey.com