preparefor the unknownstay in control in an age of evolving cyber threats

Your business technologists. Powering progress

New threats, new security agendaIncreasingly, your business is done in the online world. How can you mitigate risks and protect your company all while achieving compliance? Preparing for the unknown effectively and efficiently requires a different approach to security and, perhaps, a trusted security partner.

It’s hard running a successful business. There are so many things you have to do in order to maintain a competitive position. This includes known issues, from driving down costs and driving up topline growth, through to increasing customer retention and fostering innovation. Of course you know that maintaining information security is essential, so you have some solutions in place. But are you aware of the nature and extent of the cyber threats to your business, both from active and malicious threats and from accidental loss and exposure? Are you prepared to predict, understand and eliminate present and future cyber threats? And can you develop the behaviors and competencies that will enable you to do this in the future?

Atos believes that the overwhelming majority of businesses (and perhaps yours) do not have the key skills to prepare for current or future cyber threats as a core competency. They are not skilled in areas such as patching servers, staying ahead of Advanced Persistent Threats, or investigating the latest antimalware offerings. Many of our customers realize that keeping pace with the latest security innovations and risks is a formidable task that can distract the business from its core skills. Rather than listening to customer concerns, you may find yourself sitting in security vendor presentations, reviewing the impact of the latest breach, or discovering that you have infringed compliance through customer data loss. At worst, you may lose your IPR to another business or nation-state. The result can be loss of reputation, or direct financial penalty.

Prepare for cyber threats in a time of ‘always on’ businessSimple security solutions such as firewalls are not flexible and adaptable enough to protect you against today’s complex threats whether malicious or the result of accidental exposure. Internally, your business has to be able to operate more flexibly; you are ‘always on’. You can’t confine access to corporate resources within your offices or through specific technologies, as workers need constant access to information and services. Increasingly, we’re seeing what analysts term the ‘Consumerization and Deperimeterization of IT’. This enables business agility and workforce satisfaction; but it also creates more – and more complex – exposures to cyberspace and therefore risk.

In this environment you need to be prepared for anything. This requires a more complete solution – delivered by someone with the specialist skills, tools and resources (and proven success) to protect you against today’s threats. In an age of unknowns, you need a trusted guide.

Atos is that trusted guide. Our end-to-end security solution set makes you not only more secure, but also more able to predict and eliminate new incursions without any interruption to your core business. We improve your protection against threats while you and your workforce can focus on what you do best. This brings our customers enormous peace of mind, while ensuring they can continue to do business effectively in a world that demands flexibility.

Our track recordAtos has more than 25 years of experience of providing robust, comprehensive and fit-for-purpose security solutions and services for organizations across all business sectors. We have a proven ability to deliver solutions for companies and organizations with extremely rigorous security requirements. A clear example of where we have demonstrated this ability to predict and deal with cyber threats while ensuring smooth successful operations is our work for the International Olympic Committee.

Games IT Systems, Security Information and Event Management Statistics.

The Atos SIEM platform received over 255 million syslog messages during the Olympics

From these raw messages 4,5 million signi�cant events were identi�ed

SIEM raised internal incidents for 5,324 of these events for SOC assessment

Of these internal incidents 686 were raised to venues as tickets

During the London 2012 Olympic Games 0 security incidents impacted live competition

2 Prepare for the unknown, stay in control in an age of evolving cyber threats

The London Olympic Games – four billion people watching, zero security breachesAs Worldwide IT partner of the International Olympic Committee, we have designed, integrated and managed the multiple IT systems of every Games since 2002.

The Olympics is not only a security challenge but also a Project Management challenge. How many of your projects experience delays? The Olympics is unmovable in terms of start and end date; each event needs to begin at its exact scheduled time. Atos has consistently met every deadline required by the Olympics to ensure the Games operate like clockwork from an IT and security point of view.

At London 2012, with more than four billion people watching on any device, anywhere, anytime, cyberspace threats were at the highest level ever recorded. It was the first ‘social Games’ – with an unprecedented level of social media activity, creating new sources of unknown cyber threats. However, because of our approach, we ensured that no threat, whether known or unknown, affected the smooth running of the Games or threatened critical information.

How we did itWe followed our proven approach from previous Games throughout the project lifecycle, putting in place an IT security architecture that ensured that security was pervasive throughout the Games IT systems. This included our Atos High Performance Security (AHPS) managed SIEM service – which combines the in-depth knowledge of our security experts with a purpose-built 24x7 Security Operations Center. This service, developed as a direct result of our involvement in the Olympic Games, is able to react to threats in real time, 24x7 – and enable forensic analysis. Potential events are analyzed and correlated based upon their business risk profile, and escalated when there is clear evidence that they fall into a high-risk category. This solution, put in place along with consistent security policies and behavioral procedures, minimizes the chances of activities being interrupted by ‘false alarms’. It also creates true ‘situational awareness’ across the entire IT architecture.

Our approach ensured that during London 2012 – the most social, cyber threat-exposed Games to date – no threat was allowed to damage IT or affect the Games.

“ With the support of Atos, the London 2012 Olympic Games IT system was successfully designed, built and operated so that the competition results could be viewed and read by more people than ever before.”

3Prepare for the unknown, stay in control in an age of evolving cyber threats

It’s Complicated. . .From the ‘outside’ running a business may seem simple. You create products and/or services and sell them to customers. But, as shown in the rich picture below, today’s businesses operate in an complex and challenging environment, an environment of mobile workers, regulations, hackers, malware, cloud computing, identity management, supply chain management and cost cutting. Each of these areas presents your business with challenges and opportunities as described below.

4

5

CustomersThis is what your business is all about. In the rich picture, customers occupy only a small part of the picture. Other activities, in a sense, could be seen as a ‘distraction’ from your core goal – retaining and increasing customers. Those ‘distractions’ are not unimportant though – in fact, your entire business may depend upon them. Regulators may find you noncompliant; hackers may steal priceless private data; networks may go down. And there are new demands arising daily. For example, today’s customers demand access from anywhere, at any time, from any device.

They ‘want an app for that.’ Yet at the same time, a security breach can have devastating consequences for your brand image, share price and customer retention. And the more widely you make information available, the more risks you may face. The good news is that your company is not alone. Atos provides security services today to clients all over the world who, like you, face challenging environments.

Globally we provide security services to secure networks, identities, endpoints, and applications. We offer the broadest range of identity management solutions in the industry, including our own biometrics and smartcard solutions and DirX Identity and Access Management Software.

In the UK, over 18 million citizens use our services, in the form of the Government Gateway, to do everything from apply for a driver’s license to file their taxes. The system is powered by Atos’ unique transaction capability, providing secure and 99.99% trouble-free processing for the largest requirements. It handles close to 500,000 tax-related transactions on its busiest days. For another client, Siemens, we manage 800,000 IP addresses and over 40,000 servers. Both of these Atos clients face environments that are likely similar to yours, and if we can support them on this large scale, we are confident we can support you too.

“ …the Government Gateway is a major government asset…and, with over 18 million users, it has become a linchpin in the delivery of public sector eServices to citizens an businesses alike. We have achieved this by focusing on the quality of the service provided to our customers whilst keeping up with ever-changing requirements to ensure the Government Gateway is well positioned for the future and continue to be at the heart of the Transformational Government agenda.” UK Government eDelivery Team

Exploring the key threatsOur rich picture outlines the extraordinary environment that businesses operate in. There are, however, five key areas where your efforts to understand and offset cyber threats may have the greatest impact on your business.

6 Prepare for the unknown, stay in control in an age of evolving cyber threats

Cyber threatsViruses may feel like old news and in comparison to today’s threats, relatively easy to deal with. Today’s hackers are using sophisticated malware that is sold online, perfected over time, difficult to detect, targeted, persistent, and sometimes funded by foreign governments or large organized crime organizations. The value at stake has never been greater – corporate IPR, credit card information, government emails and even weapon system design. No service provider can guarantee complete safety, but Atos has been providing security and SIEM services to some of the world’s highest profile enterprises.

Atos High Performance Security (AHPS) has been developed for client use through our globally renowned IT security services defending the Olympic and Paralympic Games. The Games are a target for hackers globally, yet to date the Olympics have not suffered a single IT security related breach.

AHPS does not rely on antivirus or firewalls alone; instead it makes use of advanced SIEM techniques to monitor behavior and activities to filter out and then focus on suspicious activities. AHPS provides a modern defense to today’s greatest threats – Advanced Persistent Threats (APTs).

As shown right, AHPS allows Atos to filter the noise from millions of potential incidents into a manageable set of ‘trouble tickets’, and resolving those down into zero actual security events.

“ By deploying the Security Information and Event Management (SIEM) solution, Atos was able to effectively and efficiently manage the large number of IT security events that were recorded during the London 2012 Olympic Games to ensure that there was no disruption to the Games IT infrastructure.” Jean-Benoit Gauthier – Director of Technology and Information – IOC

255million 5324 0

Filtered events

‘Trouble tickets’

Security incidents impacted live

competition

Actual figures from the London 2012 Olympic Games

7Prepare for the unknown, stay in control in an age of evolving cyber threats

8 Prepare for the unknown, stay in control in an age of evolving cyber threats

Cloud ComputingThe cloud is here to stay and will exponentially grow. If your company isn’t using it today, that may be because of security concerns. The cloud’s always-on, data-anywhere model of computing and storage introduce numerous new security considerations, and Atos has found that many enterprises have justifiable concerns about guarding their data and information in cloud environments.

To combat the threats and blockers that may arise within the cloud the Atos Cloud Security Assessment service ensures that:

�You have knowledge of what your security and compliance issues are

�You gain insight into the legislative and regulatory requirements relevant to the cloud for your industry sector

�You have transparency on your cost versus business risk balance.

Our goal is help you gain clarity – to provide you with objective reports and dashboards. Your company will then be able to make a fully informed business decisions based on the facts rather than on vendor hype.

The Mobile WorkforceYesterday’s workforce used locked down, hardened desktops and laptops where unapproved software could usually be kept off machines and out of the corporate environment. But today’s workers are not merely mobile but also operate in a ‘wide open’ manner.

They carry their preferred endpoint (instead of, or in addition to, the corporate standard), they visit untested web sites, their preferred operating system is called ‘Ice Cream Sandwich,’ and they download untested apps (which may or may not leak your confidential data out to unapproved servers). They use a variety of popular social media and you may hear them loudly debating the benefits of Android devices vs Apple devices. How is a business to function normally and securely in this new environment?

There are no easy answers, but Atos is providing a full suite of security services to companies who are facing these issues. We work with several different vendors of mobile device security software, including Citrix / Zenprise and Good Technology.

Our security services are constantly adapting to meet today’s latest threats. To this end, we work closely with Intel/McAfee and ‘next generation’ security vendors such as Verdasys and FireEye. Since devices can no longer be locked down, behavior and activities must be carefully monitored and managed to avoid loss of crucial data. Zero day threats must be met with defenses that do not rely upon signatures but instead safely test software to examine its behavior.

Information from the various security devices across the company must be integrated and harmonized, such as we do with AHPS, in order to fully understand what is happening within an IT landscape. And, as always, employee behavior and corporate activity needs to be guided by a corporate security policy that is broadcast and understood by all relevant parties.

Governance and ComplianceFor the reasons just cited, compliance, regulation and governance have never been more important. Because the working environment itself is no longer as ‘hardened’ as it used to be, governance must receive renewed attention.

Governance and compliance can affect virtually every aspect of your company, including your brand, your reputation, and even your company’s very existence. We are increasingly seeing noncompliance and privacy violations resulting in hefty fines and media scrutiny.

Atos helps companies understand and achieve compliance. Our compliance specialists are experienced in Security Policies and Accreditation, Identity Management, PCI DSS, ISO27001, HIPAA compliance and certification, Business Continuity and Security awareness training.

In terms of consulting, managed services and systems integration, our clients include government agencies all over the world and as such, we have documented expertise in analyzing and deploying IT services that meet internationally recognized standards. We’re experienced in delivering compliance solutions in every sector from Governments to Retail, Oil and Financial Services and partner with EMC / RSA on distinctive parts of this offering.

Each sector may have its own unique regulatory requirements and Atos specialists can help you determine how best to meet the regulations within your particular sector – without exceeding your budget.

9Prepare for the unknown, stay in control in an age of evolving cyber threats

Why Atos?Cyber security and compliance management are core business to Atos. Our experience in all markets and understanding of industry-specific business processes and operating models enables us to deliver the solution you need in a cost-effective way. We enable you to do more, while risking less.

A key player in cyber security practice All of Atos’ security experts continually refresh their knowledge and best practices through active participation in national and international forums. As an organization we are a corporate founder member of the Institute of Information Security Professionals. We are also a member of many of the independent organizations created to unite vendors, providers and regulators to set standards and work on regulations, including:

� International Cyber Security Protection Association (ICSPA) – fighting cybercrime and driving training

�European Cyber Security Protection Association – helping industry protect itself

�Security and Defence Agenda – focusing attention on security policy challenges

�European Security Round Table (ESRT) – discussing European security issues

�The Cloud Security Alliance (CSA)

�And, of course, our extensive client list across industry sectors proves we can deliver.

Prepare for the unknown – todayToday’s world contains potential cyber threats that you may not even see. To deal with them you need more than a security solution, look for a security partner that you can trust and rely on.

To find out how Atos could be the partner you need, contact us now at security@atos.net

Why not attend one of our assessment or innovation workshops - where you can learn how we have helped other organizations to tackle new kinds of exposure, and hear more about the latest best practice in cyber security?

Or apply for one of our free consultations, such as the Atos Security Scan. In these sessions we can assess the current state of your security position and determine whether it is fit for purpose given current and emerging threats.

The time to act is nowWhatever you do, don’t wait until your organization has been targeted by a cyber attack before you take steps to enhance your protection. New attacks are being unleashed every day, and new threats are emerging with alarming regularity.

Atos is prepared to understand and help you address the known and unknown threats in the cyber sphere. Why not let us apply our approach to your business?

No other solution on the market today matches ours in its completeness or cost-effectiveness. With Atos as your trusted partner, your organization can continue to push the boundaries, innovating and outpacing the competition – assured that its security is in the best possible hands. Whatever the future holds, your business is safe with us.

10 Prepare for the unknown, stay in control in an age of evolving cyber threats

11Prepare for the unknown, stay in control in an age of evolving cyber threats

For more information, contact: security@atos.net

atos.net Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos Worldgrid are registered trademarks of Atos SE. October 2013 © 2013 Atos.

About AtosAtos SE (Societas Europaea) is an international information technology services company with annual 2012 revenue of EUR 8.8 billion and 76,400 employees in 47 countries. Serving a global client base, it delivers Hi-Tech Transactional Services, Consulting & Technology Services, Systems Integration and Managed Services. With its deep technology expertise and industry knowledge, it works with clients across the following market sectors: Manufacturing, Retail & Services; Public sector, Healthcare & Transports; Financial Services; Telecoms, Media & Technology; Energy & Utilities.

Atos is focused on business technology that powers progress and helps organizations to create their firm of the future. It is the Worldwide Information Technology Partner for the Olympic and Paralympic Games and is quoted on the NYSE Euronext Paris market. Atos operates under the brands Atos, Atos Consulting & Technology Services, Atos Worldline and Atos Worldgrid.

For more information, visit: atos.net/security