peace of mind in a digitized world - fujitsu global - fujitsu ecs for denmark event v0_5.pdffujitsu...

Copyright 2019 FUJITSU LIMITED

Global SecurityStrategies

Peace of mind in a digitized world

Intelligence LedSecurity

John Swanson

Agenda

01

02

03

04

05

Cyber Security Context in a Digital World

Fujitsu Global Security

Intelligence Led Security

Development Focus

Summary

Copyright 2019 FUJITSU LIMITED1


Cyber Security Context in a Digital World

‘What are the challenges and opportunities for next generation security’

IoT - by 2020

there will be over

20B devices to

secure Gartner

Data is

everywhere –

protection of

brand and

revenue

Cloud Adoption –

83% of Enterprise

Workloads in the

Cloud by 2020 Forbes

Global cyber

skills shortage –

1.8M shortfall by

2022(ICS)2

Organisations

strive to increase

Digital maturity

Engaging

Customers, greater

innovation,

opportunities from

data insights etc…

Over 10B data

records lost since

2013Breach Live Index

Increasing

compliance /

regulatory

demands

Cyberattacks are

the third-largest

threat facing the

worldWorld Economic Forum

Estimated cost of

Cybercrime -

$600B in 2017Center for Strategic and

International Studies


Why it’s important?

Business impacts Standards and

Regulations

Breach of personal data can

result in fines of up to €20M or

4% of global turnover


Digital transformation disrupts industries and businesses

... And increases the threat of cyber attacks

Transformation is key – as is underlying security

For faster, more responsive, better quality services in tune

with their needs

Changing customer expectations

Competition intensifying –and whole industries facing disruption

from new players

Changing market dynamics

Need to balance increasing uncertainty with burden of compliance

Changing standards & regulatory forces

Rapid adoption of new technologies like IoT Hybrid IT and multi-cloud environments

increase attack surface

Digital transformation strengthened the focus on data protection and compliance

requirements



Fujitsu Global Security

7

Context - Fujitsu’s Management Direction

Cyber security is fundamental for Fujitsu’s overall business. One of 4 focus areas alongside AI / Cloud / IoT


CustomerBig

Data

Data

ValueProposition

AI

Cloud

IoT

Security

Knowledge Integration

8

Global Security Organization Structure

Global Business Unit formed in November 2016 to drive the security business for Fujitsu

Cyber Security Business is a key pillar of Fujitsu supporting the Business Continuity of customers

Oversight of the global regions Security Services in each region will be consolidated and enhanced continuously

Cyber Security Business Strategy UnitGlobal management structure (Global Matrix Organization)

EMEIA Americas Asia Oceania


Global Capability – SOCs

Japan6 sites

AsiaSingapore

OceaniaAustralia

EMEIA FI Helsinki

EMEIA DE Neckarsulm

EMEIA UK Warrington

AmericasUS Dallas

AmericasTrinidad

Plus GDCs

• India• Russia• Portugal• Costa Rica• Philippines

WEMEIAMadrid


Fujitsu Global Security Capability

We serve 1,100 customers globally. Fujitsu is ranked No.4

in global Security Revenues

Over 2,000+ Security professionals, 400+ in EMEIA – planning to grow

our specialists to 10,000 in the next two years

13 Global SOC’s and Global Delivery Centres

R&D Capability developing / delivering Fujitsu security products

40+ Year History in design, delivery and Integration of large

scale cyber security services

Highest Strategic Technology Partner Accreditations

Operating across Public and Private sector, and National

Defense Businesses


Cyber Security Technology Landscape


Cyber Security

■ Keep pace with evolving threats through AI and Machine Learning, automation and orchestration

■ Security Service Integration - vendor agnostic defense in depth for increasingly borderless multi-cloud environments

■ Simplify security: platforms and increased visibility

■ Cyber threat intelligence■ Protection of digital identities

Typical Challenges

■ Security by design ■ Focus on operational efficiency, reliability

and security■ Shorten incident response times with Security

Automation and Orchestration (SAO)■ Playbook-based responses to accelerate

response and restoration

ProcessTechnology

■ Change culture, understanding and behavior for cyber security

■ Increase employees’ breadth and depth of security know-how

People

13

Approach - State of Maturity

Are you secure?

How do you know?

How would you prove it?

Do you know where you are

vulnerable?

Have you been breached?

Do you know if you are a target?

Are you confident you’d

respond effectively?

Do you know what state of

maturity matters to your

business?

How are you evolving to meet

business needs and emerging

threats

Where would your business be?

BASED ON: Gartner Program Maturity: ITScore Overview for Security and Risk Management



Clear awareness of cyber security posture

External intelligence to develop perspective

on external threat context

Routine scanning for vulnerabilities

Comprehensive event visibility & analysis

Robust management of the cyber security platforms



What we do for our

customers


Security Consulting Services

■ Business & ICT Continuity Health checks (against ISO22301, ISO20000)

■ Business Impact Analysis ■ ICT Continuity Assessment ■ Business & ICT Continuity Strategic Advisory■ Business & ICT Continuity Programmes■ Incident Response & Crisis Management■ Tests & Exercises (Table-top, Full Failover,

Cyber response)■ Red-Teaming Assessment

■ Programme management■ CISO Support ■ Board room advisory ■ SOC Advisory■ Cyber Threat Intelligence ■ Solution design, upgrade and product

integration ■ Security capability development/training ■ Cyber incident table-top exercise■ Identity governance administration and on-

going operations maintenance ■ Team augmentation and transformation

■ Security Programme strategy & TOM dev■ Building and/or design security architectures

that manage identified risks■ Security program review■ Provide an independent validation and review

of proposed security architectures■ Cloud security consulting/strategy■ Identity and access management

architecture definition■ Incident response strategy and plan

■ Security Health checks against standards such as NIST, CIS and ISO27001

■ Threat 360 – outside in/inside out risks ■ Review of existing cyber security policies and

procedures ■ Enhanced Data Protection Services ■ Supplier Security ■ Data Loss Prevention Assessment ■ Security Incident Response Maturity ■ GDPR Maturity Assessment ■ Cloud Security Maturity ■ End-point compromise assessment■ Industrial Control System Security Assessment

Governance, Risk and Compliance

Strategy and Architecture

Continuity and Resilience

Transformation and Integration

Security Consulting

17

Managed Security Services

Comprehensive security, in one place

We offer comprehensive protection across the enterprise. Our Managed Security Services

Identify potential risks

Mitigate any immediate impact

Prevent subsequent attacks from happening

18

Cyber Threat Intelligence & SIEMRule creation based on research and identification of new attack vectors

Emerging threats such as zero days or incidents that require the attention

Phishing campaign monitoring & alerting of campaigns evading traditional email security platforms

Breach / Incident response including log file analysis

Enhanced customer infrastructure and technology stack monitoring

Malware alert investigations including reverse engineering and proactive blocking & alerting

Intelligence

Context

Cyber Threat Intelligence


Identity Management as a Service (IDaaS)

Employees

Partners / Subcontractors

Customers

Consumers / Citizens

3rd Parties

ICT Services

InternalApplications

BusinessApplications

Cloud Services

OtherServices

Enabling Functions

Authentication

Federation

Single Sign-On

Identity Management

Self-Service

Identity and Access Management


Enterprise CSIRT Template


Consolidated set of securityservices

Foundation in the Cyber Threat Intelligence Teams within the SOCs

Same Team responsible for the Cyber Threat Response work

Made up of Core and Optional components

Aligns to phases of the cyber kill chain

Enables proactivity through selection of appropriate modules


Development Focus


Development focus

Security Automation and Orchestration

Platform based Security - simplification

Cyber Threat Intelligence, Threat Analytics and Threat Hunting

Enhance Advanced Threat Detection capabilities and deception

Increased use of AI based security analytics platforms

Enabling Customers on their journey to Cloud and to get optimal effect from their security controls

Summary

Continually evolving to meet Customer Digital Transformation needs and the evolving threat landscape

Extension of our customers’ business

Global Security Integrator, Security Services provider and MSSP

Customers across all Sectors including highly regulated environments

Global 24/7 SOCs and Client specific SOCs

2000+ dedicated security professionals globally - plans to grow to 10,000 by 2021

Strong links with Academia, National Cyber Security Agencies and Law Enforcement


“Insanity is doing the same thing over

and over again, but expecting different

results” – Albert Einstein

25

peace of mind in a digitized world - fujitsu global - fujitsu ecs for denmark event v0_5.pdffujitsu...

Documents