Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IT Cyber Security Operations

497 views

Published on

Stephen Livingston presenting at The Cyber Academy

Published in: Technology
  • Be the first to comment

  • Be the first to like this

IT Cyber Security Operations

  1. 1. 1 IT Cyber Security Operations
  2. 2. Agenda Who Are We? Introduce The Teams & What We Do Tools & Current Detection Capability What’s Coming Next Questions? 2
  3. 3. Organisation Design IT Cyber Security 3 IT Cyber Security Director Head of IT RISK (6) Head of Cyber Security Programme Senior Manager Platform Mgmt Head of Vulnerability Management & Testing Head of Network Security Head of Platform Security Head of Engineering, Platform Direction & Governance Head of Application Security Head of Cyber Security Operations
  4. 4. Organisation Design Cyber Security Operations 4 Head of Cyber Security Operations CSOC (Managed Service) Senior Manager Security Incident Management Senior Manager Development Technical Support Senior Manager Operational Technical Support Senior Manager Strategy, Governance & Assurance Senior Manager Data Loss Prevention CSOC Transition Manager 24x7 Managed Service 43 FTEs
  5. 5. 5
  6. 6. 6
  7. 7. 7
  8. 8. What Do We Do?  Current CSOC Key Functions  Security Monitoring (Insider Threat)  Network Attack Monitoring  Rogue Device Detection  Cyber Threat Monitoring  SOX Compliance Monitoring  Security Log Retrieval 8  Current Engineering Key Functions  Use Case Development  Rule Configuration  Toolset Enhancement & Development  Perimeter Defence Analysis  Threat Intelligence  Forensics Analysis  Current CSIM Key Functions  Cyber Incident Response Governance  Incident Playbooks  Input to GS&F Investigations  Input to Colleague Conduct Team  Current DLP Key Functions  Use Case Development  Rule Configuration  Toolset Enhancement & Development  DLP Investigations  Education to Colleagues
  9. 9. QRadar – SIEM Platform  Privileged user monitoring  High Risk activity detection  Rogue Device Monitoring (RDD)  Lancope Event Logging  Rare Events. (CBEST Learning)  Compliance Monitoring Tools & Current Detection Capability Splunk – Tactical Security Analytics Platform  Correlation against Tactical Intelligence.  Heuristic behavioural Analysis.(E-mail , Web , Digital , Firewall)  Lateral movement detection / RDD (EPO, DHCP)  Contextual event enrichment. (Whois, Active Directory ,Geo Location) Symantec – Web/Email Detection  Banned file types  Lexical Fails  Images  Banking Details  National Insurance numbers  Spam/Phishing emails Once you lose control of your data, you lose control of your business
  10. 10. What’s Coming Next  View on Cyber threat methods, tools and techniques of actors.  Vigilance of new threats through new threat intelligence.  Threat landscape continues to evolve and CSOC Monitoring will continue to adapt to these changes.  Greater detection of “Insider” Threat  Operational improvements include: • Level 2 Triage across the Cyber Threat • Improved real time monitoring of SOx controls  Cyber Programme Deliverables: • New controls e.g. Network Segregation, NIPs, Application Monitoring • Increased Detection Capability • & Lots more!!! 10
  11. 11. Thank You & Questions

×