5
Consulting services for cybersecurity

Consulting services for cybersecurity - Dimension Data€¦ · Consulting services for cybersecurity. ... The service is designed to capture network traffic and ... or further refine

  • Upload
    lekhue

  • View
    214

  • Download
    0

Embed Size (px)

Citation preview

Consulting services for cybersecurity

Giving you the skills to risk less, yet achieve moreIT security skills are scarce. The 2015 (ISC)2 Global Information Security Workforce Study carried out by Frost & Sullivan found that 62% of organisations say they have too few information security professionals (up from 56% in 2013). They estimate the shortfall in the global information security workforce will reach 1.5 million in 5 years.

It’s hardly surprising. The digitalisation of business – cloud, mobile, and the Internet of Things – is transforming cybersecurity. Perimeters are being pushed off premises, into the cloud, and out to exponentially-multiplying endpoints. Provisioning times are falling to minutes, threats are morphing daily, and responsibility for security is being fragmented across more and more cloud service providers.

How can organisations get on top of these ever-changing risks, and acquire both the skills and the capacity to combat them? Many turn to us for our depth of expertise, our breadth of experience, and our sheer capacity to provide the security skills they need.

Secure every step of the wayAt Dimension Data you, our client, are central to everything we do. We look at cybersecurity from your point of view.

Cybersecurity has a lifecycle starting with risk assessment, moving through strategy formulation, designing a solution, everyday control, and on-going management.

This lifecycle, which we call the Security Wheel, forms the basis of our engagement with you. We have consulting services aligned with every stage in the lifecycle, and you can join at whatever stage is right for you.

Our consulting services help you manage cybersecurity from every angle throughout the lifecycle by:

• Building a robust security strategy, aligned to your business goals

• Identifying and evaluating the threats you face continuously

• Finding the vulnerabilities in your infrastructure, applications, endpoints, and processes

• Strengthening your security architecture

• Recommending how to repair gaps in a cost effective manner

• Making sure you’re compliant with regulations and governance policies.

We work with you to shape your business needs into a robust cybersecurity strategy and roadmap. We can then design, deploy, and project-manage your implementation to deliver technology that meets your business objectives.

We outline below some of our main consulting services available regionally or globally, but we’re very flexible about how we can engage with you. So it’s best simply to talk to us about where you are, the challenges you’re facing, and we’ll see how we can best help you.

Cybersecurity lifecycle – the Security Wheel

Consulting

Management

Strategy

Architecture

ClientControls

Architecture

• Evaluation

• Optimisation

• Design

• Deploy

Strategy

• Business alignment

• Vision and strategy

• Roadmap

Consulting

• Business requirements

• Workshops and interviews

• Risk analysis

• Gap analysis

• Technical analysis

• Recommendations

Controls

• Platform

• Automation

• Configuration

• Integration

• Consumption

• Threat intelligence

Management

• Operations

• Maintenance

• Support

Security architecture services

Network threat and vulnerability services

Security penetration testing services

We use our Security Architecture Assessment model as a flexible way of evaluating your security architecture, from policies to technical controls.

We take a holistic approach, reviewing your security vision and strategy, information security framework, risk management framework, and logical security architecture. We make sure they are all practical, appropriate and economically proportionate.

Delivered through a choice of three service level models, the outcome is a specific set of recommendations that allow you to apply your resources and controls in the most effective way to protect key assets.

Combined with a remediation roadmap, you can use the results to build a budget and resource plan, or simply align to an existing strategy for greater reassurance.

The assessment includes:

• An information gathering phase which may include interactive workshops and/or interviews to assess your current and desired state

• the option to choose from a selection of assessments to help validate your assumptions

• recommendations for improvement

• a cybersecurity roadmap based on business and technology initiatives.

Our network threat and vulnerability services present a snapshot of real-time activity on the network, identifying suspicious behaviour, compromises, or breaches.

We then assist you in remediating the root causes of any problems that we detect.

Depending on your organisation’s key areas of concern, an engagement can focus on:

• traffic analysis on key segments of the network

• web, database, and file application access

• unauthorised and inappropriate use of data assets

• event correlation and normalisation

• identification and analysis of malware patterns on the network

• vulnerability scanning of systems

• violations of existing Internet usage policies.

The service is designed to capture network traffic and gather intelligence over an agreed period of time in order to present a technical risk profile.

Our Network threat and vulnerability services are only available in certain geographical regions – speak to us for details.

Penetration testing is an important element of any cybersecurity assurance programme. We’ll determine the presence of weaknesses that could be exploited by malicious users to compromise your most critical infrastructure – including web applications, networks, and endpoints.

We align to industry best practice and guidelines from sources such as Open Source Security Testing Methodology Manual (OSSTMM), National Institute of Standards and Technology (NIST) and The Open Web Application Security Project (OWASP).

We have experience in many scenarios, and our proven penetration testing methodologies include a focus on the following:

• Internet-facing infrastructure

• internal network segments such as a demilitarised zone, or an office local area network

• desktop and laptop computers – including ‘stolen laptop’ attack scenarios

• Internet-facing and internal web applications

• wireless network infrastructure

• remote access and VPN infrastructure.

Firewall assurance servicesOur firewall assurance services help you optimise the total cost of ownership of your firewall estate in relation to your network infrastructure and security posture. We adopt a full-service approach, from analysis to deployment, to maximise return on investment, reduce migration cost, and improve application security.

They’re flexible services which can be tailored to your needs. We can:

• identify and document the current state of your firewall infrastructure

• deliver strategies to reduce complexity, increase productivity and reduce risk

• develop a services map which details the use of applications and network access to better understand usage and trends

• identify high risk policies that may impact the confidentiality, integrity or availability, and remove any redundant, overlapping, or duplicate rules

• identify and document any opportunities to optimise or further refine your firewall policies or underlying architecture

• compare your compliance metrics against security industry best practices.

Governance, risk, and compliance services Incident response services

Underpinned by Dimension Data’s incident response framework, our incident response services provide a use-case driven model with well-established methodologies, processes and reporting to swiftly detect, respond to, and remediate a given threat. Experienced incident responders provide the coverage you need to ensure a timely response.

We offer a range of incident response services that are scalable, repeatable, comprehensive, and mature:

• first response service

• incident response readiness assessment

• compromise assessment

• incident response program development

• incident response retainer.

Our incident response services are only available in certain geographical regions – speak to us for details.

These consulting services address three core tenets of businesses today: corporate governance, risk management, and regulatory compliance.

We’ll help you set the governance policies and processes that direct and control the organisation. This includes external legal, regulatory, and industry compliance requirements.

We’ll help you determine your risk appetite, based on your organisation’s governance policies and processes.

We’ll make sure you keep documentary evidence of your compliance with internal policy and process, as well as with external regulation.

We help you address all these issues with global services that include:

• information security management system (ISMS) development

• organisational policy development

• IT policy development

• development and gap reviews

• information security management systems standard ISO/IEC 27000

• payment card industry data security standards (PCI DSS).

CS / GLMKSEC0056 / 08/16 © Copyright Dimension Data 2016

Why Dimension Data for security consulting?We’re part of NTT, the largest communications company in the world. All the security practices of the NTT group (formerly Solutionary, NNT Comms Security, and NTTi3) have recently been brought together as NTT Security.

We see 40% of all Internet traffic so we have unparalleled insight into the constantly changing threat landscape – insight which we bring to all our consulting engagements.

Our approach is multi-disciplinary, spanning not only the whole gamut of cybersecurity, but all the other technologies which make digital business possible: networking, data centres, cloud services, and end-user computing.

We operate across all the spheres of modern IT architecture, including on-site IT, cloud services, and hybrid environments, so we appreciate the complexity and challenges involved.

We operate as consulting partners, but can also deliver security as support services, managed services, or outsourced services. This means our advice is not theoretical – it’s informed by practical experience in delivering security services to thousands of global clients daily.

This breadth of experience, combined with our deep skills in threat intelligence, infrastructure security, and the regulatory aspects of security, make us the choice of cybersecurity advisor for many global enterprise clients.

Over recent years, our 700 security consultants have carried out 15,000 engagements among our 6,000 clients in 58 countries. And we enjoy strong integration partnerships with all the major security vendors, including Check Point, Cisco, Blue Coat, Intel Security, and Palo Alto, as well as a number of cutting-edge, specialist partners.

We’re here to deliver for you wherever you are, at every stage of your technology journey.

Whatever the particular challenge you face, we’re sure we have something to offer.

So talk to us about your ambitions as a digital business, and we’ll see how we can help you secure them.

dimensiondata.com/security

Talk to us

Middle East & Africa

Algeria · Angola Botswana · Congo · Burundi

Democratic Republic of the Congo Gabon · Ghana · Kenya

Malawi · Mauritius · Morocco Mozambique · Namibia · Nigeria Oman · Rwanda · Saudi Arabia

South Africa Tanzania · Uganda

United Arab Emirates · Zambia

Asia

China · Hong Kong India · Indonesia · Japan

Korea · Malaysia New Zealand · Philippines

Singapore · Taiwan Thailand · Vietnam

Australia

Australian Capital Territory New South Wales · Queensland

South Australia · Victoria Western Australia

Europe

Austria · Belgium Czech Republic France ·

Germany · HungaryItaly Ireland ·

· Luxembourg Netherlands Poland · Portugal

Slovakia · ·Spain United Kingdom

Switzerland

Americas

Brazil · Canada · Chile Mexico · United States

For contact details in your region please visit dimensiondata.com/globalpresence