1
IT Cyber Security Operations
Agenda
Who Are We?
Introduce The Teams & What We Do
Tools & Current Detection Capability
What’s Coming Next
Questions?
2
Organisation Design IT Cyber Security
3
IT Cyber SecurityDirector
Head of IT RISK (6)
Head of Cyber Security Programme
Senior ManagerPlatform Mgmt
Head of Vulnerability
Management & Testing
Head ofNetwork Security
Head of Platform Security
Head of Engineering,
Platform Direction & Governance
Head of Application Security
Head of Cyber Security
Operations
Organisation Design Cyber Security Operations
4
Head of Cyber Security Operations
CSOC (Managed Service)
Senior ManagerSecurity Incident
Management
Senior ManagerDevelopment
Technical Support
Senior ManagerOperational Technical Support
Senior ManagerStrategy,
Governance & Assurance
Senior ManagerData Loss Prevention
CSOC Transition Manager
24x7 Managed Service43 FTEs
5
6
7
What Do We Do?
Current CSOC Key Functions Security Monitoring (Insider Threat) Network Attack Monitoring Rogue Device Detection Cyber Threat Monitoring SOX Compliance Monitoring Security Log Retrieval
8
Current Engineering Key Functions Use Case Development Rule Configuration Toolset Enhancement & Development Perimeter Defence Analysis Threat Intelligence Forensics Analysis
Current CSIM Key Functions Cyber Incident Response Governance Incident Playbooks Input to GS&F Investigations Input to Colleague Conduct Team
Current DLP Key Functions Use Case Development Rule Configuration Toolset Enhancement & Development DLP Investigations Education to Colleagues
QRadar – SIEM Platform Privileged user monitoring High Risk activity detection Rogue Device Monitoring (RDD) Lancope Event Logging Rare Events. (CBEST Learning) Compliance Monitoring
Tools & Current Detection Capability
Splunk – Tactical Security Analytics Platform Correlation against Tactical Intelligence. Heuristic behavioural Analysis.(E-mail , Web , Digital , Firewall) Lateral movement detection / RDD (EPO, DHCP) Contextual event enrichment. (Whois, Active Directory ,Geo Location)
Symantec – Web/Email Detection Banned file types Lexical Fails Images Banking Details National Insurance numbers Spam/Phishing emails
Once you lose control of your data, you lose control of your business
What’s Coming Next
View on Cyber threat methods, tools and techniques of actors.
Vigilance of new threats through new threat intelligence.
Threat landscape continues to evolve and CSOC Monitoring will continue to adapt to these changes.
Greater detection of “Insider” Threat
Operational improvements include:• Level 2 Triage across the Cyber Threat • Improved real time monitoring of SOx controls
Cyber Programme Deliverables:• New controls e.g. Network Segregation, NIPs, Application Monitoring• Increased Detection Capability• & Lots more!!!
10
Thank You & Questions