dxc security integrated security operations...move beyond real -time threat monitoring regulatory...
TRANSCRIPT
© 2018 DXC Technology Company May 22, 2018
DXC SecurityIntegrated Security OperationsEnabling Enterprise Security Response
Matthew O’Brien
Global Offering Director
Security Detection and
Investigation Services
May 22, 2018 2© DXC 2017
IT departments feel the
squeeze but…
budgets are under pressure and
security is now a board-level issue
The innovative adversary
is increasingly sophisticated and, on average, goes undetected for 99 days1
Security operations
need maturity, speed & scale to
move beyond real-time threat
monitoring
Regulatory pressures
grow for industry and geography
compliance requirements such as
GDPR
Sources:1: Mandiant M-Trends 2017 Report; 2: US Bureau of Labor Statistics, 3: CyberArk Security Report 2015
Widening skills gap
makes it hard to attract, train, and
retain security professionals, yet the
demand for security talent is expected
to increase by 53% in 20172
Next generation threats
such as ransomware or file-less,
memory-based malware makes it
difficult to stay secure
Device, cloud explosion
is causing significant increases in
the enterprise threat surface
People are weakest link
and require awareness and training
to protect against the 80% of
attacks that target user access3
Security teams are under pressure
May 22, 2018 3© DXC 2017
Cyber Defense is more than just technology
Incident/Vulnerability
Response
Security Monitoring
Security Management
Breach Preparedness
Incident Response
Crisis Management
L3 Analyst
CERT
Adversarial Hunting
Threat Intelligence
L1, L2 Analyst
Data Storage
Rules, Use Case
SIEM
Infrastructure
“I want to retain capability in-house”“I cant staff this 24x7 globally just in case…”“I want to delineate security incident response by severity”“How do I recruit and retain the best of the best?”“My team’s function is guidance on risk tolerance and policy definition”
“I want to focus my limited resources for L3”“I want to retain and build skills that are integrated into my business”“I need to investigate potential threats to my business.”“I want best in class APT detection but cant use every tool out there”“Where is the intelligence that is actionable for me or my industry?”
“I have a chosen SIEM technology, give me help to operationally manage” “I need custom rules which need constant tuning” “I am happy with pre-defined use cases”“I don’t care who hosts my SIEM” “I want to retain control over my data”“My other security technology is managed by IT”
1
2
3
Governance
Vulnerability Response
May 22, 2018 4© DXC 2017
Enterprise Security Operations Differentiators
Visibility Without Boundaries
Massive scale log ingestion supporting both short term
alerting and long term investigation
Seamless Real-time and Advanced Analytics powered
monitoring and alerting built for security scale
Comprehensive Detection
Guided, analytics powered prioritization, investigation, entity
profiling and workflow with automated orchestration and
response
– Intuitive Investigation & Intelligence w/automated response
May 22, 2018 5© DXC 2017
DXC’s Intelligent Security OperationsIntelligence Driven, automated security incident and vulnerability management
Incident and Vulnerability Management PlatformIntegrated Security Operations and Incident Response
PEOPLE
PROCESS
TECHNOLOGY
SERVICES
May 22, 2018 6© DXC 2017
What is ISecOps?
ISecOps as a Service
WorkflowAutomation &
Orchestration
Threat
Intelligence
Security Incident
Management
Vulnerability
Management
IT
Integration
Efficient
Security Response
Streamline
Remediation
Visualize Your
Security Posture
Managed Security
Services
Enterprise Security Service Management as a Service
Visibility Without
Boundaries
ISecOps – Is a fully integrated platform for
delivering enterprise security response services –
providing enhanced vulnerability management,
operational Interlock, improved visibility and reduced
time to manage and respond to security threats.
May 22, 2018 7© DXC 2017
Enterprise Assets
Security Systems
IT Systems
Integrated Enterprise & Security Systems
Visibility Without
Boundaries
Integrated Change
May 22, 2018 8© DXC 2017
The Core Problem: Security Responders Are Overwhelmed
SIEM
APT
EPS
VUL
What info do I
need?
What systems
have the info
that I need?
What lookups do
I need to run to
derive 2nd level
enrichment?
Have I seen this
type of threat
before?
Is it a threat
attempting to go
undetected?
Security Runbook
knowledge
Multiple disparate
solutions
Manual scripting
and operational
tasks
No historical threat
intel tied to
incidents or CIs
No context across
asset, service type
or user group
Slo
we
r S
ecu
rity
Re
sp
on
se
Security
Alert
Security
Analyst
Comprehensive
Detection
May 22, 2018 9© DXC 2017
Portal Service Desk
Monitoring
Vulnerability Scans
CMDB
HIGH VALUE CI s
LOW VALUE CI s
CI CI CI CI CI
CI
CI
CI
CI
CI
CI
CI
CI
CI
CI
CI
CI
CI
CI
CI
CI
Security
Incident Response
(SIR)
Vulnerability
Management
Threat
Intelligence
SIEM
Endpoint Protection
EDR
Firewalls
IDS/IPS
Threat
Libraries
ISecOps Analysts
End Users
Security Operations Overview
Comprehensive
Detection
May 22, 2018 10© DXC 2017
Intuitive Investigation
& Intelligence
w/automated response
Security Analytics & Automation
Automation
Intelligence
Runbooks
Orchestration
May 22, 2018 11© DXC 2017
Intuitive Investigation
& Intelligence
w/automated response
Security Analytics & Automation
Enabling Enterprise Security Intelligence and
Automation though DXC Bionix™, our digital-
generation services delivery model based on
intelligent automation at scale
Harnessing the full power of the ServiceNow platform
May 22, 2018 12DXC Proprietary and Confidential
Integrate teams
across the
organization
Reduce manual
workloads and
processes
The ability
to easily audit
security
processes
Enterprise
visibility of
security posture
Reduce time
to manage
incidents &
vulnerabilities
How Integrated Security Operations Helps
✓ ✓ ✓ ✓✓
May 22, 2018 13© DXC 2017
Value Outcomes
Multiple Tools
Multiple Processes
Integrated solution, clearly defined and
automated workflow. Clear task assignment
and responsibilities
Improved Incident &
Vulnerability
Management Workflow
Manual processes
No automation
Integrated tools, workflow automation and
auto assignment. Faster response time to
security threatsIncreased Automation
Disparate sources of data
No single view
Centralized reporting across the enterprise.
Visibility at the business unit and regional
levels, aggregating to a global viewImproved Visibility
Teams focused on multiple items
with uncertain priorities. Time
spent on medial tasks
Teams focuses on business outcome and
priorities. Time is spent on more interesting
security related activities
Increased Employee
Satisfaction
Before After Outcome
Disparate systems of information.
Multiple controls and intelligence
Sources
Integrated threat intelligence, vulnerability
data, and security incident data in the one
location
Improved Integration of
information
May 22, 2018 14© DXC 2017
Want to know more?
Connect
Twitter: @DXCSecurity
http://www.dxc.technology/security
Contact
Matthew O’Brien,
Global Offering Director
DXC Security
@MatthewOBrienAU
Set-up
Demo at booth
Executive meeting on-site
Follow up Discovery call
Visit
Booth #1100
© DXC 2017
Thank you.
About DXC TechnologyDXC Technology (DXC: NYSE) is the world’s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on
change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and
public sector clients across 70 countries. The company’s technology independence, global talent and extensive partner network combine to deliver powerful
next-generation IT services and solutions. DXC Technology is recognized among the best corporate citizens globally. For more information, visit www.dxc.com.