MENA Digital Security Operations Center (DSOC) - EY · laboratories . EYvalues a rigorous, ... cost...
Transcript of MENA Digital Security Operations Center (DSOC) - EY · laboratories . EYvalues a rigorous, ... cost...
MENA Digital Security Operations Center (DSOC)
Unleash the power of DSOC to
secure your digital ecosystem
(IT, OT and IoT)
Powered by EY’s award winning
cyber analytics platform
Wh
at’s
insi
de
2 | Unleash the power of DSOC to secure your IT, OT and IoT environment
03 | Benefits and risks of digital transformation
04 | Introducing MENA DSOC
08 | EY differentiators
Unleash the power of DSOC to secure your IT, OT and IoT environment | 3
In today’s transforming business world, organizations are
becoming increasingly reliant on digital technologies to run
their operations and services. Digital technologies such
as Internet of Things (IoT) or Machine-to-Machine (M2M),
blockchain, mobility, cloud computing, big data and analytics
among others bring in huge benefits to organizations.
In addition, the convergence with legacy systems,
especially the adoption of Industrial IoT (IIoT), to provide
competitive or operational advantage is high on the priority
of most organizations. This convergence of IT, operational
technology (OT) and IoT is accelerating a set of unique and
unmitigated risks; as a result, cyber monitoring, as sense
capability, is becoming increasingly important.
Digital risks might become the major road
block in your digital journey
Today, organizations across various industries openly
acknowledge cyber-attacks as one of the most prominent
digital risks they face. Traditional security techniques are no
longer relevant as organizations endeavor to make their
systems smart and automatic, which essentially means
convergence of systems, more connected nodes and data
sharing. Subsequently, organizations are becoming
increasingly vulnerable to cyber attacks due to their
increased digital footprint beyond traditional boundaries.
EY Global Information Security Survey 2016
of responders have had a recent
significant cybersecurity incident.57%To counter this trend, organizations need to be innovative.
The approach to cyber protection must evolve from
trying to prevent all threats into that of building strong
sense and resist capabilities. Gartner predicts that, by
2020, 60% of enterprise information security budgets will
be allocated for rapid detection and response approaches,
up from less than 30% in 2016.
Convergence
of IT, OT and
IoT systems
Digital
innovation
outpacing
cybersecurity
measures
Network
ubiquity
Increased
sophistication
of cyber
attacks
Increased
attack surface
area through
connected
devices
Rapid
adoption of
digital
technologies
Drivers of
digital risk
The rapid adoption of digital increases your exposure
to cyber attacks
Benefits and risksof digital transformation
4 | Unleash the power of DSOC to secure your IT, OT and IoT environment
Leverage MENA Digital Security
Operations Center (DSOC) to address
cyber threat points in your digital
ecosystem
Organizations around the world have previously focused on
monitoring the IT environment. EY believes it is important
to empower the sense capability and provide a holistic
digital view by monitoring IT, OT and IoT systems.
EY’s MENA DSOC is a 24/7 cybersecurity monitoring
service. It provides the capabilities of a traditional SOC
through using advanced analytics and helps organizations
address advanced cyber attacks arising from emerging
digital technologies and converged digital ecosystems.
EY achieves this by using the exclusive Cyber Analytics
platform built on a large-volume data-processing
architecture.
The Cyber Analytics platform leverages the network
anomaly detection technology, PathScan. The R&D 100
Conference 2016 was recently awarded to EY and Los
Alamos National Laboratory (LANL) for the development of
this world-leading solution. It combines batch and real-time
processing, enabling anomaly detection capabilities based
on mathematical and statistical modeling. DSOC therefore
facilitates proactive breach hunting by converging data
science with security operations, thereby supporting
organizations to trigger early indicators of compromise.
A key advantage of deploying EY’s DSOC and Cyber
Analytics platform is using data science to accelerate
deployment and detect advanced attacks. This is achieved
through using patented data science to identify key stages
of the kill chain including reconnaissance, lateral
movement and data staging.
MENA DSOC analysts are able to monitor actively an attack
throughout its lifespan and provide valuable insights for
focused countermeasures and remediation.
Introducing MENA DigitalSecurity Operations Center (DSOC)
Client EY
Clients getsolutions to their
most difficultproblems fromthe world's toplaboratories.
EY values arigorous,
independent andcollaborative R&Dfunction alignedto the needs of
the market.
LANL is atits best when
partners expect large,disruptive, high-impactsolutions to technically
complex andmultidisciplinary
challenges
Integrated service: Los Alamos R&D, customized by EY for your business
Innovative approach
Targeted innovation needStrategic relationships with researchers
Unleash the power of DSOC to secure your IT, OT and IoT environment | 5
EY has developed the DSOC that leverages an exclusive partnership with Los
Alamos National Laboratory (LANL) to address the following challenges:
Domain Issue EY DSCO solution
Security
monitoring
Lack of threat-focused, proactive monitoring
• Detect lateral
movement,
reconnaissance
and data staging
• Holistic
ecosystem
coverage
Cyber monitoring team is not focused on detection and threat analysis
Monitoring rules inadequately tuned, with too many false positives
Monitoring teams overwhelmed with events
No aggregated source of log data to enable efficient security monitoring, including
event correlation
Incomplete coverage (e.g., some versus all egress points are monitored)
Incident
response
Inconsistent incident handling across the enterprise (e.g., IR teams operating
in silos)• Allows focused
incident
response
• Provides
forensic replay
for
accelerated
response
Lack of procedures and training for first-responder actions
No defined incident response process
Log data not available to conduct efficient and/or complete investigation
Lack of forensic capabilities to conduct thorough, efficient investigation
Lack of external communication plans, including those with vendors, customers
and the general public
Threat
intelligence
Companies have so much data to manage that it becomes hard to find the “needle
in the haystack” (ie. The real attack)• Data science allows
independent, threat
focused approach
• Allows threat
hunting and
tracking of threat
actors in the
environment
External threat feeds of indicators of compromise are rarely tuned to the business
Alerts for threat conditions consider external trends, not the existing
capabilities to deter
Attacker techniques change and will outdate the intelligence you have on them
Information ages and may quickly become irrelevant
0 1 1 0 0 0 1 1 1 0 0 1 1 0
0 1 1 1 1 1 0 0 0 0 1 0
0 0 1 0 1 0 1 0 0 1 1
1 0 1 0 1 1 0 0 1
0 0 0 1 0 1 0 0
1 1 1 0 0 0 0 0
6 | Unleash the power of DSOC to secure your IT, OT and IoT environment
A detect and respond capability that lets you sense and resist advanced cyber attacks
across your ecosystem
Challenges posed by digital convergence and building a new in-house SOC can be eliminated by adopting an outsourced
DSOC model which is based on an on-site data architecture with remote monitoring.
Organizations could reap many benefits by choosing EY’s DSOC over in-house deployments. EY’s DSOC can augment the
capabilities of an organization by working with the existing cyber security personnel, proving them 24x7 coverage.
MENA DSOC service has redefined security operations to meet the next generation of emerging cyber threats across the
entire digital ecosystem. EY’s DSOC delivers maximum value to your business by complementing the technical components
with scalable and managed “people” and “process” functions. The DSOC service will help you to achieve highly mature
security monitoring capabilities in just a few weeks with complete digital ecosystem visibility.
Benefits of MENA DSOC
• Patented Data Science — enables detection of reconnaissance, lateral movement and staging activity
• Accelerated deployment — installed and configured in a matter of weeks
• Award winning and world-leading Cyber Analytics platform
• Reduced cost and less resource requirements
• Scalable and flexible
• Increased compliance with legal requirements and industry standards
• State-of-the-art infrastructures with best of breed technologies
• Access to open source and commercial threat intelligence data
• Variety of skill-sets across the DSOC ensures employees are engaged and always developing themselves, resulting in
less turnover or churn
• Effectiveness (24/7) and performance (faster response)
0 0 1 0 1
1 1 0 1 1
0 1 1 0 0
1 1 0 0 1
0 0 0 1 0
0 1 0 0 1
Operational Technology (OT)
Internet ofThings (IoT)
InformationTechnology (IT)
1 1 0 1 1 0 0 0 0 1 0 1 1 1 1
1 1 1 1 0 0 1 0 1 0 0 0 0 0 0
EY DSOC
Unleash the power of DSOC to secure your IT, OT and IoT environment | 7
DSOC delivery model
EY’s DSOC encompasses the entire digital ecosystem, providing a detect and respond capability across traditional IT systems,
core OT systems and the IoT. The delivery model consists of the following core elements:
Platform — A Hadoop big data platform is used by EY to host the PathScan analytics, which is maintained by EY
to provide agnostic integration between technologies. It is an easily extensible environment, customized to suit a
client's growing needs in their environment
Cybersecurity incident response — EY DSOC has highly trained Cybersecurity analysts that use Cyber Analytics to
provide 24X7X365 monitoring, triage and incident response. The DSOC will also play a part in breach response,
saving time, cost and money — something that is absolutely vital during major incidents.
Threat intelligence and threat management platform — With Cyber Analytics EY further invests in customized
threat intelligence through a dedicated team in the DSOC. The Threat Management team use Cyber Analytics to
hunt for deliberately planned attacks and to identify and eradicate hidden threat actors, along with tailored
deception tools.
DNS
CISO/Security Manger
EY Cyber Analytics platform
EY Account Security Advisor
Metadata
Databases Antivirus Servers IDS/IPS Firewalls NetFlow
Enterprise Service Management
EYDSOC
24x7x365
VPN
Client premises
Client premises
• SRT — incident response
• Requests for information
• Provide reports
• Incident response
• Requests for information• Ticketing of Incident Alerts
SIEM
Advanced Cyber Analytics — leverages the award-winning PathScan technology, a network anomaly detection technology that seeks to identify network reconnaissance, lateral movement and data staging. EY has integrated PathScan into a technology service that is at the core of providing advanced threat detection.
EY differentiators How we accomplish this Value
EY Cyber
Analytics
platform
• EY has an exclusive and collaborative arrangement
with Los Alamos National Laboratory (LANL) with
world-leading cyber analytics
• EY deploys this global award winning technology
to client ecosystems to provide complete coverage
in order to detect the most advanced attacks in a
cost efficient manner with ease of integration into
environments
• Monitoring is based on the following attack
variants:
• Lateral
• Reconnaissance (via horizontal and vertical
scanning)
• Data staging
• Enabler to deliver optimized major incident response
and forensics
• Detects attacks through self learning
statistical models that no SIEM or other
cyber monitoring technology in the market
can do today
• Employs machine learning and cyber data
science
• Ease of integration through NetFlow and
DNS without agents
Service
management
function via
an EY Account
Service Advisor
• A dedicated Account Security Advisor who will
have a deeper understanding of your business
function and environment
• Technology integration and service
transition
• Executive meetings for effective validation
of incidents
• Oversight of SLOs and act as a single point
of escalation for all service related issues
Accelerated
operationalization
• Pre-packaged platform accelerates deployment
• Machine learning capabilities enables
accelerated operational functionality
• Agent-less solution
• Reduced project transition costs
• Operational readiness
• Short deployment time and limited change
to environment
8 | Unleash the power of DSOC to secure your IT, OT and IoT environment
EY differentiators
Holistic coverage • The DSOC encompasses a holistic ecosystem by
focusing on the convergence of technology
from all sources, such as traditional IT systems,
core operational technology (OT) systems and
Internet of Things (IoT)
• Forensic analysis using replay capabilities
• Enhanced investigation of attack chain
Puts focus on the
most critical
assets
• Ability to detect undiscovered threats through
monitoring anomalies
• Unique patented technology which is tried and
tested having protected the most sensitive US
government networks.
• Custom weighting to reflect unique business risks
• Ability to focus on actual threats as time
is not spent investigating false positives
• Ability to trace the attack to understand
the path the attacker is taking and the
assets they are after
Extensible
and scalable
architecture
• Proven and tested big data architecture
• Agnostic hardware platform
• Commercial off the shelf storage allows stability
• Comprehensive data ingestion and long term
storage capabilities
• Leverages existing client hardware
configurations
• Leverages existing storage capability
• Big data clusters allows improved reliability
• Predictable cost profile
Dedicated OT and
IoT experts
• Deep understanding of OT and IoT technologies
and protocols
• Centers of excellence and regional SMEs in OT
and IoT
• Ability to discover OT and IoT dedicated attacks
Unleash the power of DSOC to secure your IT, OT and IoT environment | 9
EY differentiators How we accomplish this Value
10 | Unleash the power of DSOC to secure your IT, OT and IoT environment
Global security monitoring
EY has invested in many Centers
of Excellence around the world,
including:
• Security Operations Centers
• IoT/OT Center of Excellence
• Advanced Security Centers
• Digital Analytic Centers
• Los Alamos National Laboratory
• EY has been recognized in the industry as an information security thought leader in the latest Forrester Wave™ Information
Security Consulting Services and recently awarded winner in R&D top 100 global awards for Cyber Analytics. We provide
holistic security advisory services for our clients consistent with leading industry standards and guidelines.
• We provide more than knowledge; through our methods, substantial asset base and team of 7,000 global
cybersecurity professionals, we provide true cybersecurity leadership.
“We bring together the best of our Global cybersecurity specialists to help our clients thrive and solve the challenges of the transformative age.”
Insights
Actively defending against cyber attacks is the only way to get ahead of cyber criminals and gain the trust of your
customers. Insights on cyber security is an ongoing series of thought leadership reports focused on IT, OT, IoT and
other business risks, and the many related challenges and opportunities. These timely and topical publications are
designed to help you understand the issues and provide you with valuable insights about our perspective.
To learn more about EY’s efforts to anticipate and manage the ever present threat of cyber attacks, please visit us
on http://www.ey.com/gl/en/services/advisory/ey-cybersecurity
Cybersecurity and the
Internet of Things
www.ey.com/IoT
Managed SOCEY’s Advanced Security
Center; world class
cybersecurity
working for you
http://www.ey.com/SOC
Using Cyber Analytics
to help you get on top of
cybercrime
www.ey.com/3SOC
Path to cyber resilience:
Sense, resist, react. has
launched!
www.ey.com/GISS
ASC
EY’s SOC
EY’s DSOC
Los AlamosNational Laboratory
Our specialties include:
• Holistic ecosystem coverage
• Speed of deployment — 8 weeks to operation
• Cyber Artificial Intelligence
• Focus on the most important environment anomalies
Unleash the power of DSOC to secure your IT, OT and IoT environment | 11
MENA DSOC Contacts
Clinton Firth
Cybersecurity Leader, MENA
+971 50 213 7094
Regional contacts
Saudi ArabiaGlen [email protected]+966 59 447 8654
UAESam [email protected]+971 50 625 2263
QatarOmar [email protected]+974 666 10746
OmanMohamed [email protected]+968 99429679
EgyptAkram Reda [email protected]+202 272 60260
Kuwait/BahrainSourabh [email protected]+965 9400 2430
Jordan/LebanonSalam Shouman [email protected]+962 6 580 0777
EY | Assurance | Tax | Transactions | Advisory
About EY
EY is a global leader in assurance, tax, transaction and advisory
services. The insights and quality services we deliver help build trust
and confidence in the capital markets and in economies the world
over. We develop outstanding leaders who team to deliver on our
promises to all of our stakeholders. In so doing, we play a critical
role in building a better working world for our people, for our clients
and for our communities.
EY refers to the global organization, and may refer to one or more,
of the member firms of Ernst & Young Global Limited, each of which
is a separate legal entity. Ernst & Young Global Limited, a UK
company limited by guarantee, does not provide services to clients.
For more information about our organization, please visit ey.com.
The MENA practice of EY has been operating in the region since
1923. For over 90 years, we have grown to over 6,000 people
united across 20 offices and 15 countries, sharing the same values
and an unwavering commitment to quality. As an organization,
we continue to develop outstanding leaders who deliver exceptional
services to our clients and who contribute to our communities.
We are proud of our accomplishments over the years, reaffirming
our position as the largest and most established professional
services organization in the region.
© 2017 EYGM Limited.
All Rights Reserved.
EYG no. 05953-172GBLED None
This material has been prepared for general informational purposes only and is not
intended to be relied upon as accounting, tax or other professional advice. Please refer
to your advisors for specific advice.
ey.com/mena