orange business services contribution session 2: enterprise strategies against cyber threats
DESCRIPTION
Orange Business Services Contribution Session 2: Enterprise Strategies Against Cyber Threats. Nicolas Furge Security Services Director [email protected]. agenda. Triggering factors to Digital security Our legitimacy The need for an Integrated end to end approach - PowerPoint PPT PresentationTRANSCRIPT
Orange Business Services Contribution
Session 2: Enterprise Strategies Against Cyber Threats
Nicolas Furge
Security Services Director
2
agenda
1. Triggering factors to Digital security
2. Our legitimacy
3. The need for an Integrated end to end approach
4. CyberSOC and Customers experience
5. Cyber Security pillars
Recent and extremely fast development of the cyber space
Pervasive mobility
« everything in the cloud »
social networks,
big data
BYOD
4
Evolution of threats
Users
• device loss
• privacy
• data storage within devices and various Clouds
Devices
• malicious apps
• non encrypted data
• jailbreaked devices
• byod
Infrastructures
• attacks have become more targeted, more stealthy and more sophisticated
• intrusions and data extrusion
• Advanced Persistent Threat
• DDoS
5
It takes less than ONE second for a threat to reach its target, and counter threat time to deploy is increasing year over year!
presentation title
time
take
n to
im
plem
ent
coun
ter-
mea
sure
s (in
hrs
)
Code Red
Melissa
Loveletter
Kournikova
Nimda
GonerKlez
SlammerLovSan
1998 1999 2000 2001 2002 2003 2005 2008 2011 2014
18
15
12
9
6
3
0
time
to
com
prom
ise
10,0
00 s
yste
ms
(in
hrs)
Zeus.D, Loic
6
agenda
1. Triggering factors to Digital security
2. Our legitimacy
3. The need for an Integrated end to end approach
4. CyberSOC and Customers experience
5. Cyber Security pillars
7
Orange has owned and managed the largest voice and data network in the
world
8
security has always been part of Orange DNA
long proven experience in securing IP networks
– 30 years of security history– 15 Orange Labs in the world– 1 global CyberSOC and 8 Security
Operation Centers (SOCs), ISAE* 3402 – 500+ managed customers (companies)– the largest IP network in the world
extensive skills in security management
– More than 1000 security consultants around the world
– More than 10 000 managed devices (customers)
– More than 300.000 users of our strong authentication services
Distributed Denial of Services attempts on Orange French collection network:
+ 300 attacks per week of more than 500 Mb/s
With peak at up to 10 Gb/s !
Average duration30mn to a couple of hours
Orange remedy:anti-DDOS solution in the network
* International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization
9
agenda
1. Triggering factors to Digital security
2. Our legitimacy
3. The need for an Integrated end to end approach
4. CyberSOC and Customers experience
5. Cyber Security pillars
10
A true holistic security requiresan end to end approach
MANAGEMENT & GOVERNANCE LEVELProvide all the risk management reporting and compliance features
USER LEVELProtect user data’s devices and communications in a trusted work environment
INFRASTRUCTURE LEVELProvide a resilient and secure infrastructure foundation
CustomSolutions
Managed Services
Cloud Based
Professional Services
Solutions Delivery Model
Consulting
Implementation
11
Integration of best in class technologies need to be mastered
And a permanent watchdog activity to integrate the most technology advanced start-up security players
12
agenda
1. Triggering factors to Digital security
2. Our legitimacy
3. The need for an Integrated end to end approach
4. CyberSOC and Customers experience
5. Cyber Security pillars
13
the surveillance of security events has become a “must have”
SOCs have evolved from basic security management (ex: firewall rules management, proxy, filtering) to a complex set of security services (event analysis, business impact assessment, remediation, forensics analysis…)
Orange Business Services created the CyberSOC structure on top of its existing's legacy SOCs in order to deploy the new complex security services.
14
issues and challenges
migration of industrial IT to IP brings huge new threats
IT management is fully outsourced, increasing the risk of fraud
Orange solution identified with customer the
most critical data based on business criticity
jointly defined 30 threat scenarios based on business risk analysis
implemented surveillance of the defined critical perimeter
alerts customer in real time and conducts remediation
how cyberdefense supports competitiveness of the business : a real case one of the largest European industrial players in the car industry, 70 000
employees worldwide highly competitive environment, huge pressure on costs differentiates mainly through innovation, ie R&D protection of industrial secret and availability of IT system are vital to the
company
15
large multinationals choose Orange as their trusted partner in the digital world
a major tobacco manufacturing company(8 major brands >400b cigarettes,
>10b$)
A world wide Mining Company
(>50b$, >60 000 employees)
A brewing and distribution player
(190 breweries, 70 countries, 60 000+
employees. )
An industrial chemicals world
wide leader(80 countries, 50 000+
employees)
Airline Catering Services
World wide presence(120 locations)
Multinational financial services
company(100b€, 70 countries, 180 000 emp., 76M
customers)
16
agenda
1. Triggering factors to Digital security
2. Our legitimacy
3. The need for an Integrated end to end approach
4. CyberSOC and Customers experience
5. Cyber Security pillars
17
our recommendation : a four-step journey
Manag
e th
e
trans
form
atio
n Re-
asse
ss th
e
stra
tegy
Elaborate a defense strategyIdentify the sensitive data’s and
systems
Protect Data’s Input and Output
Check for security wholes or breaches
Implement surveillance
1
2
3
4
18
Thank you
presentation title