ISS is a company with a strong heritage and a long history, starting more than 115 years ago with the foundation of a small security company with 20 night watchmen named Copenhagen-Frederiksberg Night Watch (Kjøbenhavn-Frederiksberg Nattevagt).
The founding principles of ISS were to professionalise services and through e.g. training and uniforms to invest in service employees This was a ground breaking approach at the time and is still part of the ISS legacy – instilling pride and purpose in our employees and looking to provide the highest levels of service performance
With this approact, ISS has since grown to become one of the world’s leading facility services companies, adding a comprehensive portfolio of facility services.
We self‐deliver single-, multi-, and integrated facility services (IFS) and our business model is based on creating value for our customers by enabling them to focus on their core business.
This approach has made us a truly global player with a leading market position.
We leverage our global presence in order to meet the growing demand from multinational corporations for the delivery of Integrated Facility Services (IFS) across borders.
For every 15,000 people in the world, there is one ISS employee
We operate across four regions with Continental Europe as the largest, 38% of revenue. Northern Europe 34% Asia & Pacific 18% Americas 10%
We are well-positioned in emerging markets where we generated 25% of Group revenue in 2016 and 7% organic growth (constituting Asia, Eastern Europe, Latin America, Israel, South Africa and Turkey)
In summary – 2017 has been a solid year for ISS. While financial performance within the year has been somewhat mixed our strong commercial progress in 2017 stand as further evidence of our successful strategy.
Let me extend a warm thank you to all of our stakeholders for their support during the year;
…and most of all our employees for their tremendous effort and contribution.
With this I would like to hand the floor over to Group CEO, Jeff Gravenhorst.
SplunkLive! Stockholm 2019 - Customer presentation: ISS
SplunkLive! Stockholm 2019
Founded in 1901, ISS is one of the world’s
leading facility services companies
We are a global provider of workplace
management and facility services.
We service and maintain customers’
facilities, helping to create workplaces that
are pleasant, safe and nurturing for their
employees and visitors.
Activities in 74 countries
130+ different languages spoken
Among the world’s 10 largest
Our Global Platform
Our Service Offering
• Daily Office Cleaning
• Janitorial Services
• Washroom Services
• Dust Control
• Industrial Cleaning
• Street Cleaning
• Clean Room Services
• Green Cleaning
• Reception Services
• Office Logistics
• Call Centre
• Mail-room Services
• Shipping & Receiving
• Reprographics & Xerox
• Document Handling
• Transportation (logistics)
• Warehouse Services
• Operations & Maintenance
• Pest Control
• Project Management
• Moves and Changes
• M & E
• Energy Management
• Company Restaurants
• Canteen Services
• Executive Dining
• Coffee / Beverage Service
• Fruit Deliveries
• Conference Room
• Access Control
• Concierge Services
• Mobile Patrols
• Alarm Response Services
• Emergency First
• Risk Consulting
• Guard Services
Cleaning Services Support Services Catering Services Security ServicesTechnical Services
Our Strategy Key Accounts
We want to build the large and global key-
The current business strategy is to cultivate large,
global accounts and grow these.
We will endeavor to get more like these either by
bidding or growing small local accounts with large
Global Information Security
How we support the strategy:
• Create visibility
• Enable compliance
• Secure the IT environment
• Drive Information Security Projects
• Advise and support business units
• And a lot more
Who is Global Information Security
All started Nov 2018 to Jan 2019
We replaced a team of one man
We are terribly busy
Additionally ISS has 20+ persons around
the world working with IS
(part-time for many)
Splunk Cloud (150GB)
Many Universal forwarders
Many syslog sources
Many Apps and add-ons
• Splunk is the leading vendor in providing centralized security information and event management (SIEM),
• According to Gartner Group (leading market analyst company) Splunk are the leading vendor 6 years in a row, and got the
highest scores across several areas in their MQ companion report.
• Splunk is used by 90% of the fortune 100 companies in the US and several of our global key accounts (see following
• A benefit with Splunk, is that it is well known in the market, therefor there are many people with Splunk skills already, some of
our existing internal IT resources even have the necessary skills, thereby elimination the need for a large upfront training cost.
• Splunk is the largest neutral and open security platform provider, with over 850 integrations for other IT and IT security vendors.
Thereby not locking ourselves in with just one main security vendor, which can be a risk in the modern cyber security world.
• Splunk can be used on-premises, in AWS/Azure/Google or in their own cloud. Their cloud is even ISO 27001 and SOC 2 compliant,
plus offers 100% uptime SLA, data availability in the relevant regions, where ISS are present.
• Splunk provides us with a platform that can support our security and compliance journey, not only supporting visibility for the
short term, but also advanced detection for out- and insider threats + potential automation for the long term, which in the end
will help us to reduce costs and improve our overall security and compliance + confirm that the Splunk platform is the right choice
for both the short and long term.
• Splunk is a data platform, that that can be utilized across the company for optimizing both IT security, compliance, IT operations,
data analytics and IOT, thereby providing us with a low TCO and high ROI.
Support visibility in the organization
Provide the basis for SoC work
Provide compliance (Customer requirements as well as frameworks)
Central log monitoring and alerting (from a very diverse environment)
ES module for security visibility and correlation
• Splunk Core and Enterprise Security (SIEM)
• Based in Splunk Cloud, which has a 100% up-time SLA, multiple datacenters within the EU,
SOC 2 and ISO 27000 compliant
• Data is encrypted both in transit and at rest
• Data is then stored for 90 days, retention time can be longer at a cost
• Data can also be exported to long term storage of our choice
• 100% uptime
• Splunk support instal l apps and add-ons
No operations hassels
Results so far - 5 months in
Found five security hotspots in the company
Reduced the number of brute force attempts on the estate
Able to report on compliance in a number of areas
Started Threat intel detection (Not hunting yet)
Support dashboards for incident response playbooks
Micro SoC established
Gaining support from the business units
Wrote several addons, and working on ticket integration
Actively using Splunk to support IR
Security Future and recommendations
Ingest more logs to establish more
coverage of current use cases
Establish SoC (buy as a Service)
Establish Use Cases (Hopefully we can
get some from vendor)
Establish Play books (Hopefully vendor
has some framework we can use)
Automate (SOAR) (Either from vendor or
establish our own to integrate with vendor)
Think about what you want out of it before
Limit logs to relevant entries (use routing)
Splunk IT Operations - future
This is dependent on the operations people having success, but I see the
following quick wins:
• Support customer facing systems
• Reduce Time to Fix/Repair
• Provide visibility into causes
• Improve processes based on causes and Fixes