BT Ethical Hacking Quick Start

Proactive protection of your brand, reputation, and valuable electronic assets, around the clock

Global security threats are creatingmajor organisational challenges

The global threat environment facing most organisations todayis creating a serious challenge for boards of directors on bothsides of the Atlantic.

targeting organisations of all sizes, including household name

customer trust, and damage to brand and reputation, which isvery hard to recover. Hitting the headlines every day, we seestories of:

Credit and payment card fraud

Highly skilled and resourced criminal gangs

Financially motivated targeted attacks to steal customer data & intellectual property

Denial of service attacks

Fake web sites

Social media hacks

Data theft and identity fraud

Defence in depthand 24x7 monitoring

underpins BT’s approach to delivering security

services toour customers

BT “Ethical Hacking Centre of Excellence”

• Highly qualified security professionals• All with minimum 5 years experience • Industry leading tools, and partners

BT Global ServicesSecurity Services received

highest rating of the world’s leading IT securityservices vendors in

Datamonitor’s Black Bookof Outsourcing reportJan 2010 (2011 report

pending)

Household name brands fallingvictim to targeted attacks – youmay need stronger securityHave you considered the potential reputational and financialimpact of a successful attack on your organisation?How prepared are you to make sure that these threats do not cripple your organisation at a time when you need to be most resilient and competitive? You may need to strengthenyour security posture now, with a number of essentialcounter measures and actions, including:

• Enhanced levels of data protection and encryption

• Enhanced ability to detect software intrusions and unauthorised access

• Ability to monitor your global networked IT infrastructure 24x7

• Ability to detect and prevent attacks on your network in near real time

Identify any weak points andvulnerabilities now!BT would like to harness the experience we have acquiredin protecting our own global infrastructure by offering ourcustomers similar levels of protection.

Identifying any weak spots and vulnerabilities in yourexisting security posture is the essential starting pointto ensuring that you do not fall victim to the kind of attackswe have discussed. We then propose the most cost effectivemitigation strategies that are completely aligned to yourbusiness and risk management strategies.

The BT Ethical Hacking Quick Start:The offer to our customers Deploying the resources of our Ethical Hacking Centre ofExcellence BT will:

• Provide a rapid assessment of existing security posture

• Identify weak spots and vulnerabilities and mitigation to help manage your organization and business risks

• Offer the experience and knowledge of skilled security professionals, as well as unique tools, to help visualise and risk model your network infrastructure, so that you have 24x7 global protection of your electronic business assets.

Simple Customer Journey: QuickDeliverables, Fixed CostsWith the Ethical Hacking Quick Start we have developed asimple and cost effective journey for our customers – ourpriority is completing an early set of deliverables, in the framework of a project with predictable costs andtime scales.

We have structured the Ethical Hacking Quick Start journeywith our customers as follows:

Step 1: Health Check Questionnaire

We begin by completing a simple checklist on the currentstatus of your organisation’s security and business continuity.This helps establish the most appropriate starting point and focus for the Quick Start service. We then ask you tocomplete our in depth questionnaires where appropriatefor the module that you select.

Step 2: Assessment Workshop (Approximately 1 to 3 Days)

This will be a remote or on-site engagement based on thequestionnaire response in step 1 and involving senior managers and process owners from within the customer organisation – pinpoints the main security and businesscontinuity areas of your organisation that require attentionfrom amongst the following main areas of your business:

• Data/Networks

• IT Infrastructure

• Applications

What you get: The output will include a managementreport detailing workshop findings, conclusions,recommendations and an outline action plan.

Step 3: Detailed Assessment Modules(Approximately 1 to 4 weeks)

Based on the output of the Workshop in step 2 (oralternatively delivered independently at your request), arange of more detailed assessment modules covering your full range of infrastructure and applications, where your existing and planned arrangements will be benchmarkedagainst a range of relevant standards, industry best practiceand BT’s unique experience. Example key modules include:

• Network mapping

• Penetration & Application Testing

• Vulnerability assessment

• Risk modelling

Network Mapping

A quick way to help confirm your internet presence,providing a map of your devices that are visible online,identifying previously unknown devices on the network.We also assesses your network’s segregation to makesure external boundaries are protecting the networkas intended.

Vulnerability Assessment

A detailed scan of all external internet facing connectionsto identify any vulnerabilities and recommended fixes.We can also attempt to exploit the vulnerabilities togain access to the system, so that we can produce acomprehensive report detailing any vulnerabilities.

Penetration & Application Testing

Using the skills of our experienced ethical hackers and theknowledge which we have gained in testing across the Globe will provide a detailed analysis of any vulnerability found.This provides a comprehensive validation to understandif these weakness can be exploited by an adversary andwhich ones pose a critical threat to the organisation.

Risk Modelling Assessment

Simulated attacks on your network similar to what might beexpected in your industry sector, to appreciate the mostcost-effective remediation strategies, and understand thebusiness impact of threats.

What you get – actionable programme

These detailed assessment modules will enable us to producean actionable programme for you based on how yourorganisation is benchmarked against industry best practicein the key categories we will have assessed. You will receivea final report detailing assessments findings, conclusions,recommendations and an outline action plan and road map.A final management presentation will also be delivered. Thisreport is treated very seriously and is subject to BT’s strictquality control approach:

• Quality – reviewed to ensure that the project consultant has adhered to the BT process for testing and reporting

• Consistency – a review will determine whether the agreed client deliverable has been generated

• Accuracy – a full technical review will be performed to ensure accurate vulnerability and remediation recommendations are outlined on the report.

People

Process

Technology

Security Consultancy

Security Monitoring & Reporting

Securing Networks

1300 Security professionals globallyEthical hacking centre of excellenceUnique ‘quickstart’ consultancy packages

BT Assure Threat MonitoringBT Assure Log RetentionBT Assure Vulnerability Scanning

BT Assure Web SecurityBT Assure MessageScan BT Assure Intrusion Prevention & DetectionBT Assure Managed FirewallBT Assure Distributed Denial of Service Mitigation

Get

ting

the

basic

s rig

ht

Wor

ld c

lass

op

erat

iona

l m

anag

emen

t O

ur e

xper

tise

Offices worldwideThe services described in this publication are subject to availability

are provided subject to British Telecommunications plc’s respective standard conditions of contract. Nothing in this publication forms any part of any contract.

British Telecommunications plc 2011.

Registered in England No: 1800000

The OutcomeThe BT Ethical Hacking Quick Start provides you with a clear understanding of your current security posture set against thechallenges of the current global security threat environment. It highlights a range of effective solutions to underpin your organisation’s key objectives for thriving in the 21st century.

BT can help our customers protect their business with ourglobal security capability

To find out more about the BT Ethical Hacking Quick Start, please contact

your account manager.