peace of mind in a digitized world - fujitsu global - fujitsu ecs for denmark event v0_5.pdffujitsu...
TRANSCRIPT
Copyright 2019 FUJITSU LIMITED
Global SecurityStrategies
Peace of mind in a digitized world
Intelligence LedSecurity
John Swanson
Agenda
01
02
03
04
05
Cyber Security Context in a Digital World
Fujitsu Global Security
Intelligence Led Security
Development Focus
Summary
Copyright 2019 FUJITSU LIMITED1
Copyright 2019 FUJITSU LIMITED
Cyber Security Context in a Digital World
‘What are the challenges and opportunities for next generation security’
IoT - by 2020
there will be over
20B devices to
secure Gartner
Data is
everywhere –
protection of
brand and
revenue
Cloud Adoption –
83% of Enterprise
Workloads in the
Cloud by 2020 Forbes
Global cyber
skills shortage –
1.8M shortfall by
2022(ICS)2
Organisations
strive to increase
Digital maturity
Engaging
Customers, greater
innovation,
opportunities from
data insights etc…
Over 10B data
records lost since
2013Breach Live Index
Increasing
compliance /
regulatory
demands
Cyberattacks are
the third-largest
threat facing the
worldWorld Economic Forum
Estimated cost of
Cybercrime -
$600B in 2017Center for Strategic and
International Studies
Copyright 2019 FUJITSU LIMITED3
Why it’s important?
Business impacts Standards and
Regulations
Breach of personal data can
result in fines of up to €20M or
4% of global turnover
Copyright 2019 FUJITSU LIMITED4
Digital transformation disrupts industries and businesses
... And increases the threat of cyber attacks
Transformation is key – as is underlying security
For faster, more responsive, better quality services in tune
with their needs
Changing customer expectations
Competition intensifying –and whole industries facing disruption
from new players
Changing market dynamics
Need to balance increasing uncertainty with burden of compliance
Changing standards & regulatory forces
Rapid adoption of new technologies like IoT Hybrid IT and multi-cloud environments
increase attack surface
Digital transformation strengthened the focus on data protection and compliance
requirements
Copyright 2019 FUJITSU LIMITED5
Copyright 2019 FUJITSU LIMITED
Fujitsu Global Security
7
Context - Fujitsu’s Management Direction
Cyber security is fundamental for Fujitsu’s overall business. One of 4 focus areas alongside AI / Cloud / IoT
Copyright 2019 FUJITSU LIMITED
CustomerBig
Data
Data
ValueProposition
AI
Cloud
IoT
Security
Knowledge Integration
8
Global Security Organization Structure
Global Business Unit formed in November 2016 to drive the security business for Fujitsu
Cyber Security Business is a key pillar of Fujitsu supporting the Business Continuity of customers
Oversight of the global regions Security Services in each region will be consolidated and enhanced continuously
Cyber Security Business Strategy UnitGlobal management structure (Global Matrix Organization)
EMEIA Americas Asia Oceania
Copyright 2019 FUJITSU LIMITED
Global Capability – SOCs
Japan6 sites
AsiaSingapore
OceaniaAustralia
EMEIA FI Helsinki
EMEIA DE Neckarsulm
EMEIA UK Warrington
AmericasUS Dallas
AmericasTrinidad
Plus GDCs
• India• Russia• Portugal• Costa Rica• Philippines
WEMEIAMadrid
Copyright 2019 FUJITSU LIMITED
Copyright 2019 FUJITSU LIMITED
Intelligence Led Security
Fujitsu Global Security Capability
We serve 1,100 customers globally. Fujitsu is ranked No.4
in global Security Revenues
Over 2,000+ Security professionals, 400+ in EMEIA – planning to grow
our specialists to 10,000 in the next two years
13 Global SOC’s and Global Delivery Centres
R&D Capability developing / delivering Fujitsu security products
40+ Year History in design, delivery and Integration of large
scale cyber security services
Highest Strategic Technology Partner Accreditations
Operating across Public and Private sector, and National
Defense Businesses
Copyright 2019 FUJITSU LIMITED11
Cyber Security Technology Landscape
Copyright 2019 FUJITSU LIMITED12
Cyber Security
■ Keep pace with evolving threats through AI and Machine Learning, automation and orchestration
■ Security Service Integration - vendor agnostic defense in depth for increasingly borderless multi-cloud environments
■ Simplify security: platforms and increased visibility
■ Cyber threat intelligence■ Protection of digital identities
Typical Challenges
■ Security by design ■ Focus on operational efficiency, reliability
and security■ Shorten incident response times with Security
Automation and Orchestration (SAO)■ Playbook-based responses to accelerate
response and restoration
ProcessTechnology
■ Change culture, understanding and behavior for cyber security
■ Increase employees’ breadth and depth of security know-how
People
13
Approach - State of Maturity
Are you secure?
How do you know?
How would you prove it?
Do you know where you are
vulnerable?
Have you been breached?
Do you know if you are a target?
Are you confident you’d
respond effectively?
Do you know what state of
maturity matters to your
business?
How are you evolving to meet
business needs and emerging
threats
Where would your business be?
BASED ON: Gartner Program Maturity: ITScore Overview for Security and Risk Management
Copyright 2019 FUJITSU LIMITED14
Intelligence Led Security
Clear awareness of cyber security posture
External intelligence to develop perspective
on external threat context
Routine scanning for vulnerabilities
Comprehensive event visibility & analysis
Robust management of the cyber security platforms
Copyright 2019 FUJITSU LIMITED15
Copyright 2019 FUJITSU LIMITED16
What we do for our
customers
Intelligence Led Security
Security Consulting Services
■ Business & ICT Continuity Health checks (against ISO22301, ISO20000)
■ Business Impact Analysis ■ ICT Continuity Assessment ■ Business & ICT Continuity Strategic Advisory■ Business & ICT Continuity Programmes■ Incident Response & Crisis Management■ Tests & Exercises (Table-top, Full Failover,
Cyber response)■ Red-Teaming Assessment
■ Programme management■ CISO Support ■ Board room advisory ■ SOC Advisory■ Cyber Threat Intelligence ■ Solution design, upgrade and product
integration ■ Security capability development/training ■ Cyber incident table-top exercise■ Identity governance administration and on-
going operations maintenance ■ Team augmentation and transformation
■ Security Programme strategy & TOM dev■ Building and/or design security architectures
that manage identified risks■ Security program review■ Provide an independent validation and review
of proposed security architectures■ Cloud security consulting/strategy■ Identity and access management
architecture definition■ Incident response strategy and plan
■ Security Health checks against standards such as NIST, CIS and ISO27001
■ Threat 360 – outside in/inside out risks ■ Review of existing cyber security policies and
procedures ■ Enhanced Data Protection Services ■ Supplier Security ■ Data Loss Prevention Assessment ■ Security Incident Response Maturity ■ GDPR Maturity Assessment ■ Cloud Security Maturity ■ End-point compromise assessment■ Industrial Control System Security Assessment
Governance, Risk and Compliance
Strategy and Architecture
Continuity and Resilience
Transformation and Integration
Security Consulting
17
Managed Security Services
Comprehensive security, in one place
We offer comprehensive protection across the enterprise. Our Managed Security Services
Identify potential risks
Mitigate any immediate impact
Prevent subsequent attacks from happening
18
Cyber Threat Intelligence & SIEMRule creation based on research and identification of new attack vectors
Emerging threats such as zero days or incidents that require the attention
Phishing campaign monitoring & alerting of campaigns evading traditional email security platforms
Breach / Incident response including log file analysis
Enhanced customer infrastructure and technology stack monitoring
Malware alert investigations including reverse engineering and proactive blocking & alerting
Intelligence
Context
Cyber Threat Intelligence
Copyright 2019 FUJITSU LIMITED19
Identity Management as a Service (IDaaS)
Employees
Partners / Subcontractors
Customers
Consumers / Citizens
3rd Parties
ICT Services
InternalApplications
BusinessApplications
Cloud Services
OtherServices
Enabling Functions
Authentication
Federation
Single Sign-On
Identity Management
Self-Service
Identity and Access Management
Copyright 2019 FUJITSU LIMITED20
Enterprise CSIRT Template
Copyright 2019 FUJITSU LIMITED21
Consolidated set of securityservices
Foundation in the Cyber Threat Intelligence Teams within the SOCs
Same Team responsible for the Cyber Threat Response work
Made up of Core and Optional components
Aligns to phases of the cyber kill chain
Enables proactivity through selection of appropriate modules
Copyright 2019 FUJITSU LIMITED
Development Focus
Copyright 2019 FUJITSU LIMITED23
Development focus
Security Automation and Orchestration
Platform based Security - simplification
Cyber Threat Intelligence, Threat Analytics and Threat Hunting
Enhance Advanced Threat Detection capabilities and deception
Increased use of AI based security analytics platforms
Enabling Customers on their journey to Cloud and to get optimal effect from their security controls
Summary
Continually evolving to meet Customer Digital Transformation needs and the evolving threat landscape
Extension of our customers’ business
Global Security Integrator, Security Services provider and MSSP
Customers across all Sectors including highly regulated environments
Global 24/7 SOCs and Client specific SOCs
2000+ dedicated security professionals globally - plans to grow to 10,000 by 2021
Strong links with Academia, National Cyber Security Agencies and Law Enforcement
Copyright 2019 FUJITSU LIMITED
“Insanity is doing the same thing over
and over again, but expecting different
results” – Albert Einstein
25
Copyright 2017 FUJITSU LIMITED