View
327
Download
0
Category
Preview:
Citation preview
Know what you’reup against with detailed analytics. Managed Security Services-Analytics
PTE16524 1/17
3
Cybersecurity has never been more complicated or more important.
The complexity of managingthese challenges is increasing
awareness andfueling spending.
Security challenges
Vendoroverload
$
Skillsshortage
Regulatorypressure
New digital ecosystems
Disruptive business models
Mobility
Cloud
Cyber crime
4
Managed Security Services overview
• Log monitoring
• Threat detectionand alerting
• Event and incident identification, correlation
Security analytics
• Device availabilityand monitoring
• Device health management
• Device maintenance
• Patching
• Troubleshooting
• Backup and restore
Device management
• Application configuration
• Application change control
Application management
Together our services can help you handle the complexity of modern IT security.
5
Good analytics is a business enabler.
When we say analytics, we don’t just mean after-the-fact data interpretation. We go beyond to provide heuristics and correlation analysis. Our security analytics let you store, interact with, monitor and visualize log files, network flows and IP packets—all in near-real time.
6
Analytics example: Finding the needle
7
Our process and team
Analytics engine
Solutions architect
Intelligence
Verizon Cyber Intelligence Center
Intel feed
Use cases
Tuning
Threat library
Data
Customer business and assets
Security Operations Center (SOC)
Alerts
Response and analytics
Escalation
Reviews
Metrics/ reporting
SecurityServices Advisor
Scoping and design
Pre-sales
8
Monitoring and reporting
9
Comprehensive threat analysis
Our advanced architecture allows for fast incident detection by:• Correlating customer data from multiple sources to identify threat patterns • Correlating cross-customer data• Incorporating SOC analyst feedback• Generating analytics over a large data set• Improving the quality of collected data• Connecting to third-party tools to adapt to a changing threat landscape
PIPConnection
Verizon intake
Data relay
Norm and enrich
Splunk analytics
Verizon Analytics (SEAM)
Big Data platform
Portal
Operations
CustomerLEC
Health and availability
management
Security data pushed and
fetchedConnectionkit
Private IPconnection
Operationsdashboard
Ticketing system
10
Threat management statistics
12,400,753,304 events receivedin August 2015 from customer devices and processed into incidents
3,392,878 incidents generatedfrom these events
52,949 incidents investigatedby Managed Security Services
12,463 incidents escalatedto customers. 72% were manually escalated by our team
One incident investigated about every 50 secondsby the SOC;14.5 minutes was the median time to escalate a new incident to a customer
The value of our threat monitoring and management platform.
11
Pay for what you send: Our tiered pricing model
Data usage monitored by peak per day.
1–10GB 11–50GB 51–100GB 101–200GB 201–500GBNon-recurring charges also apply.
12
Improve your incident detection.
Verizon security analytics help you:
Enhance your situational awareness.
Improve your security posture.
Control costs by relying on our team of experts and our analytics platform rather than hiring and training an in-house team.
See beyond traditional network and edge threats with our continuously
developed threat analytics use cases.
Close the gap between time of compromise and
time to discover.
13
Why should you choose Verizon?
Network• One of the largest global IP
networks in the world• Insight into a large portion of the
world’s internet data1
Tools and assets• Global SOC environment• Tailored operational processes
and expert security knowledge• Billions of events analyzed,
correlated and assessed
2
Framework• The VERIS (Vocabulary for
Event Recording and Incident Sharing) framework3
Cyber risk insights• Over 100k incidents analyzed
in our 2016 Data Breach Investigations Report
• Nearly 70 differentcontributing organizations
• Over a decade of data
4
Cyber risk responseand prevention• Professional Services providing
extensive security intelligence5
Our integrated portfolio delivers the connected world.
Verizon Application Delivery Platforms
Managed Services Platform
Global scale On demand Utility based Integrated
Data Center Services
Cybersecurity Analytics
Network Operations Portals Professional
Services
Network as a Service
IoT ContactCenter
Unified Comms
Secure global network platform
Peop
le a
nd th
ings C
loud services
Secure CloudInterconnect
4G LTE
Ethernet
14
15
Professional services
Consultingservices
Implementation and integration
Operations and lifecycle support
Expertise at each stage of the threat life cycle.
Investigative Response (IR)Improve your reaction time to even the most sophisticated attacks with the help of our Research, Investigations, Solutions and Knowledge (RISK) Team. We can help you identify the source, contain it and verify the extent of losses—all to help limit the impact to your organization and your customers.
Incident Packet Analytics (IPA)Service within Rapid Response Retainer, to be released 1H 2017.
16
Thank you.
17
Appendix
18
Pulling intelligence from raw data
Data can hide valuable insight. With a connection kit or through Private IP connection, Verizon MSS-Analytics can consume multiple types of data.
19
Our security portfolio
Security Lifecycle Consulting• Risk Assessment
• Governance, Riskand Compliance
• Security Strategy and Implementation
• Endpoint andMobile Security
• Identity and Access Management Consulting
• Advanced Intelligence Subscription
• Testing and Certification (ICSA Labs)
Security Monitoringand Operations• Security Device and
Application Management
• Advanced Threat Detection and Response
• Outsourced SIEM Management
• Advanced Threat Hunting and Intelligence
• Certificate, Identityand Access Management Services
Network andGateway Security• Security Gateway
Solutions
• DDoS Mitigation
• Recursive DNS
• Network Traffic Analytics
• Application Management
Incident Response• Cyber Breach and
IT Investigations
• Incident Response Planning
• eDiscovery andLitigation Support
20
Secure Cloud Interconnect and other complementary solutions• Intelligent Cloud Control:
powered by Turbonomic. Maintain high performance by managing select public cloud workloads through a single interface
• Managed Security Services Cloud: Shared firewall platform. Provides granular controls and log analytics on all connections
• SnapLogic: Provides data integration services between multiple cloud service provider applications as well as between cloud-based apps and premises-based apps
Access a suite of solutions to help your enterprise maintain high levels of control, performance, security and efficiency.
VerizonPrivate IP/
Private WAN
VerizonWireless
MSS
Intelligent Cloud
Control
21
Secure Cloud Interconnect value-added security features
Managed Security Features
• MSS Staging (project managed policy and deployment)
• 24x7 SOC Policy Management and Review• 24x7 Device Change Management• Full Security Event Logging / Retained for
12 months• Health monitoring • 24x7 security incident monitoring
and escalation• Security incident correlation with other
MSS Premium services• Security Solutions Advisor support • Security and Compliance dashboard
access
1. Firewall onlyStateful Firewall (SRC,DST, Port)• Custom NAT • User Authentication• Site-Site IPSEC VPN (to CSP IPs)
2. Firewall with IPDS(Launching 2017)• Intrusion Detection• Intrusion Prevention
Service Offerings
22
Designed with the public sector in mind.
• U.S. Federal-dedicated and CONUS/critical national infrastructure-dedicated SOC
– Cleared U.S. security analyst
• Critical infrastructure-grade security boundary and operational processes
• Infrastructure is built to the FISMA High level
– Includes air-gapped capability for a logical and physical separation from commercial
23
Types of service level agreements
Managed Security Services–Premises(Premium Service Level)
Managed Security Services–Analytics
Health report
Critical security upgrades
Device availability report Security incident ticket
Recommended