1 / 23

FORWARD, FURTHER, FASTER

FORWARD, FURTHER, FASTER. TOGETHER INTO A FUTURE OF HEIGHTENED ACHIEVEMENT. SECURITY CHALLENGES. SECURITY CHALLENGES. “Having tools and processes that heighten remediation capabilities, such as a fully functional security operations process, can significantly reduce data breach cost.”.

thomastorres
Download Presentation

FORWARD, FURTHER, FASTER

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FORWARD, FURTHER, FASTER TOGETHER INTO A FUTURE OF HEIGHTENED ACHIEVEMENT

  2. SECURITY CHALLENGES SECURITY CHALLENGES

  3. “Having tools and processes that heighten remediation capabilities, such as a fully functional security operations process, can significantly reduce data breach cost.” Time to Detection 2 Hours 206 Days 66 Days TIME TO BREACH TIME TO CONTAINMENT TIME TO DETECTION Average Breach Cost Increases by 75% if not contained within 30 days Source: 2017 Ponemon Institute Cost of a Data Breach Study

  4. Technology Complexities “The Fog of War” ORGANIZATIONS FACE A WIDE ARRAY OF SOLUTIONS ACROSS MULTIPLE VENDORS 85+ SECURITY TOOLS 45+ VENDORS FROM

  5. Personnel Changes • Demand for qualified cybersecurity professionals continues to outpace supply • Security skills gap leaves 1 in 4 organizations exposed for 6 months or longer • High turnover of qualified security personnel • Higher pay down the road • Small staff vs. varying skillsets • Avg. security staff size • Audit-minded vs. technology-minded staff

  6. Rising Cost of SOC • Expense of building and operating a SOC • At least 12 people, SIEM Costs, Operating costs, etc. ~($70,000) Hardware & Infrastructure Experienced Resources ~($30,000) Threat Intelligence Feeds SIEM Licensing and Maint. ~($280,000) ~($320,000) Other Capital Costs Training and Process Development Threat Intelligence Feeds SIEM Licensing & Maintenance Fees ~($1,780,000) Initial Start Up Costs ~($300,000) Hardware & Infrastructure Resource Costs (12 resources) ~($780,000) Other Capital Costs Training and Process Development

  7. WHY UDT SECURE?

  8. UDTSecure Value Proposition SOLVE PERSONNEL CHALLENGES SIMPLIFY TECH COMPLEXITIES OFFSET RISING COSTS OF SOC REDUCE TIME TO DETECTION On the front line of evolving threats so you don’t have to Provide highly trained security professionals as extension of your team Reduce noise from multiple technologies to present actionable events Deliver 24x7x365 security operations effectively and efficiently Free your security and technology resources to drive strategic initiatives Protect your intellectual property and preserve the privacy of your data Provide executives with information to help drive corporate strategy Provide real-time event correlation without ongoing SIEM investment Provide 24x7x365 coverage of security activity on your network Provide security intelligence and impact of threats on the organization Provide security & risk metrics to satisfy regulatory compliance Provide best practice processes for event, change, incident mgmt.

  9. UDTSecure Service Offerings UDTSecure managed security offerings provides managed solutions at all phases of the NIST Cybersecurity Framework

  10. UDTSecure Service Offerings – The Tool Box CISO as a Service • Cyber Forensics Risk & Vulnerability • Incident Response Plans SOC as a Service • Managed Resumption • Compliance Assessments* Security Device Mgmt. • Incident Response Testing EndPoint Threat Detection Cyber Liability Review Threat Intelligence • Firewall Monitoring • Dark Web Monitoring • Incident Run/Playbooks • App. Security Testing* Log Collection & Storage* • Infrastructure Monitoring Managed Response/Kill Red Team Exercises O365 Security as Service Event Correlation • Managed IR Services Secure Config Services SIEM as a Service Compliance & Reporting • PCI Gap Analysis/Audits* Managed Access • Security Training Managed Phishing Services Managed Vulnerability Consulting Service Third Party Risk Mgmt. Managed Security Service

  11. UDTSecure SOC – Three Pillars to Success OUR PEOPLE OUR PROCESS OUR TECHNOLOGY Technology built to improve effectiveness and efficiency SIEM Architecture for event consolidation and analysis Threat Intelligence and correlation for advanced analytics Ticketing system for incident workflows Log Archival for long-term event storage Web portal for interactive customer experience Experienced staff operating 24x7x365 Multiple certifications across security disciplines Strategic partnerships to feed top talent Continuous training in latest technologies Higher than industry average retention rates Capacity planning to support customer demand Custom rules of engagement per client Performance measured against SLA’s Process and procedures built on ITIL best practices Continual process review and improvement Metrics to measure performance and quality

  12. OUR PEOPLE

  13. UDTSecure Team Our security professionals average 10+ years of security experience and are proven subject matter experts holding multiple industry certifications.

  14. UDTSecure SOC The UDT Security Operations Center (SOC) • 24x7x365 facility in Miramar, FL • SOC 2 Type II Facility • Staffed with our highly skilled security analyst • Defined processes to manage threats and reduce security risk UDTSecure SOC’s major responsibilities are: • Monitor, analyze, correlate & escalate intrusion events • Develop appropriate responses; protect, detect, respond • Conduct Incident Management and Forensic Investigation • Apply threat intelligence to identify new threat vectors • Assist in crisis operations UDTSecure SOC’s Mission: • Protect customer’s mission-critical data and assets • Prepare for and respond to client cyber emergencies • Help provide continuity and efficient recovery of client infrastructure • Fortify our client’s infrastructure through continuous security

  15. OUR PROCESS

  16. Delivery of Services Firewalls Servers EndPoints EndPoint Security IDS/IPS Firewalls SIEMS IDS/IPS Devices are monitored and/or managed by directly accessing your onsite security technologies Reporting

  17. Data Sources

  18. SIEM Workflow i • Ingest raw events into Security Intelligence Platform • Layer threat intelligence and correlation data • Alert of suspicious activity SIEM i • Monitors SIEM alerts • Performs basic investigation and mitigation • Opens tickets and initial ticket triage Tier 1 i • Deeper research • Analytics and investigations • Mitigation/recommends changes Tier 2 i • Advanced Investigations Threat Hunting • Actionable items Tier 3 i Customer • Receives actionable alerts

  19. Key Onboarding Phases Quarterly service reviews with SOC Analyst, service adjustments and maintenance of account Provide continuous security operations Tune device feeds, custom correlations, behavioral learning Setup UDT appliance to collect logs from devices and provision service accounts on all devices identified Work with customer to develop a custom communication plan, incident workflow and rules of engagement Assess customer environment to identify client use cases, security feeds and technology in use

  20. OUR TECHNOLOGY

  21. UDTSecure SOC Operating Layers SOC Data Sources EndPoint Logs (Transactional) Core Network Devices Servers Active Directory Firewalls IDS/IPS Applications Web/Cloud Services Databases Threat Intelligence Dark Web SOC Technology Layer SOC Platform Components -Security Device Data -User Event Data -Event Patterns -Correlation -Vuln Feeds -Custom Rule -Raw Data Parsing SIEM Ticketing & Workflow Portal Integration Tools (e.g. Web Srvcs) Reporting / Dashboard Log/Event Archival Admin Support Services Tuning, Integration Rule Admin Threat Response Adv. Event Analysis Escalations Incident Mgmt. CSIRT Management Custom IR Process Aligning with Corp Process Threat Monitoring Threat Analysis Impact Analysis Threat Triage Investigations Incident Triage SOC Operations Layer Special Projects Security Intelligence Incident Hunting Threat and Dark Web Intelligence Security Analytics & Incident Reporting SOC Service Delivery Management Service Level Management Operational Efficiency Service Reporting Escalation Customer Intelligence Briefings Quarterly Service Reviews SOC Governance Analytics & Dashboards SOC Governance Layer

  22. UDTSecure SIEM UDTSecure Portal

More Related