Real-Time Threat Detection & Reduction of Risk

Andrew Kays – Chief Technology Officer

Who are Redscan?

• 15 years’ managed security experience

• Deliver ‘Red’ and ‘Blue’ Team operations

• One of the UK’s most qualified ethical hacking companies

• UK-based 24/7 Security Operations Centre

Our services include:

• Managed detection and response (MDR)

• Cyber-attack simulation

• Penetration testing

• Vulnerability assessments

• Cyber Essentials certification

Some of our customers…

100% cyber-crime prevention is impossible

Verizon Data Breach Report 2017

• £4.1m - Average cost of a breach

• £158 - Cost per record Ponemon Institute

• 150 days - Average time to detect a breach Carbon Black

Regulators are demanding improvements

Others include: • GPG-13• PCI-DSS• SWIFT CSP

GDPR – May 2018- Breaches must be reported within 72 hours- Affected individuals in ‘high-risk’ cases must also be notified- Fines up to 4% of global annual turnover

TalkTalk - £400,000 fine

ICO: TalkTalk’s failure to implement basic cyber security measures allowed a hacker to penetrate their systems

• 16 year-old boy from his bedroom

• Share price down 11%

• Direct costs of £42m

• Under GDPR this fine could have been £70m

Financial and reputational damage

Thinking like the adversary

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

Sun Tzu, The Art of War

Red Team OperationsSimulated real-world cyber-attacks

Understanding your security posture

Penetration & Vulnerability TestingEvaluate and mitigate exposures

Security AssessmentsCyber-security consultancy

Cyber Security Lifecycle

Market still maturing:

• Low policy/price differentiation between firms – struggling to understand level of risk between firms with a varying degree of systems/processes for cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber- Incidents go unreported (until next year)- Very complex environments

Cyber insurance

• Apportion of blame Cyber insurance policies often include exclusions for incidents that are acts of war. This makes the attribution of cyber attacks extremely critical. Who decides who is behind these attacks?

SIEM Behavioural Monitoring

Intrusion DetectionVulnerability Assessment

FIM, Asset Discovery

MILLIONSLogs ingested per day

HUNDREDSAlerts generated per day

TENSIncidents investigated per day

SINGLEIncident reported per day

TECHNOLOGYMulti-Layered Threat Detection Platform

PROCESSAdvanced Analytics

Global Threat Correlation

PEOPLECertified Security

Experts

Red Team ResearchOSINT, OTX, CISP

Global Honeypot Network

24/7/365 C-SOCRedscan Labs

Red Team and Incident Responders

Actionable IntelligenceRemedial Recommendations

Detailed Reporting

Managed Detection and Response (MDR)

Cyber Security Lifecycle

MDR greatly increases the likelihood of stopping an attack before a breach, and will therefore reduce the risk to the client and the Insurer

How MDR reduces risk in real-time

MDR can detect & intercept this process, and potentially stop the attacker reaching their target

This happens in real-time with SOC Analysts managing the process

• CBEST- CBEST is a framework to deliver controlled, bespoke, intelligence-led

cyber security tests for the banking industry

• Red Teaming- Understand your security posture with a simulated real-world attack,

even wider scope, less constrained

Stress test your systems

• GDPR will drive a lot of positive change

• Insurance is an important part of a client’s cyber security posture

• MDR greatly reduces the client’s risk and the insurer’s

• Systems need to be cyber stress tested

• The financial Industry is an attractive targetHacking a bank is less risky and more lucrative than robbing one physically!

Final thoughts