Orange Business Services Contribution

Session 2: Enterprise Strategies Against Cyber Threats

Nicolas Furge

Security Services Director

Nicolas.furge@orange.com

2

agenda

1. Triggering factors to Digital security

2. Our legitimacy

3. The need for an Integrated end to end approach

4. CyberSOC and Customers experience

5. Cyber Security pillars

Recent and extremely fast development of the cyber space

Pervasive mobility

« everything in the cloud »

social networks,

big data

BYOD

4

Evolution of threats

Users

• device loss

• privacy

• data storage within devices and various Clouds

Devices

• malicious apps

• non encrypted data

• jailbreaked devices

• byod

Infrastructures

• attacks have become more targeted, more stealthy and more sophisticated

• intrusions and data extrusion

• Advanced Persistent Threat

• DDoS

5

It takes less than ONE second for a threat to reach its target, and counter threat time to deploy is increasing year over year!

presentation title

time

take

n to

im

plem

ent

coun

ter-

mea

sure

s (in

hrs

)

Code Red

Melissa

Loveletter

Kournikova

Nimda

GonerKlez

SlammerLovSan

1998 1999 2000 2001 2002 2003 2005 2008 2011 2014

18

15

12

9

6

3

0

time

to

com

prom

ise

10,0

00 s

yste

ms

(in

hrs)

Zeus.D, Loic

6

agenda

1. Triggering factors to Digital security

2. Our legitimacy

3. The need for an Integrated end to end approach

4. CyberSOC and Customers experience

5. Cyber Security pillars

7

Orange has owned and managed the largest voice and data network in the

world

8

security has always been part of Orange DNA

long proven experience in securing IP networks

– 30 years of security history– 15 Orange Labs in the world– 1 global CyberSOC and 8 Security

Operation Centers (SOCs), ISAE* 3402 – 500+ managed customers (companies)– the largest IP network in the world

extensive skills in security management

– More than 1000 security consultants around the world

– More than 10 000 managed devices (customers)

– More than 300.000 users of our strong authentication services

Distributed Denial of Services attempts on Orange French collection network:

+ 300 attacks per week of more than 500 Mb/s

With peak at up to 10 Gb/s !

Average duration30mn to a couple of hours

Orange remedy:anti-DDOS solution in the network

* International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization

9

agenda

1. Triggering factors to Digital security

2. Our legitimacy

3. The need for an Integrated end to end approach

4. CyberSOC and Customers experience

5. Cyber Security pillars

10

A true holistic security requiresan end to end approach

MANAGEMENT & GOVERNANCE LEVELProvide all the risk management reporting and compliance features

USER LEVELProtect user data’s devices and communications in a trusted work environment

INFRASTRUCTURE LEVELProvide a resilient and secure infrastructure foundation

CustomSolutions

Managed Services

Cloud Based

Professional Services

Solutions Delivery Model

Consulting

Implementation

11

Integration of best in class technologies need to be mastered

And a permanent watchdog activity to integrate the most technology advanced start-up security players

12

agenda

1. Triggering factors to Digital security

2. Our legitimacy

3. The need for an Integrated end to end approach

4. CyberSOC and Customers experience

5. Cyber Security pillars

13

the surveillance of security events has become a “must have”

SOCs have evolved from basic security management (ex: firewall rules management, proxy, filtering) to a complex set of security services (event analysis, business impact assessment, remediation, forensics analysis…)

Orange Business Services created the CyberSOC structure on top of its existing's legacy SOCs in order to deploy the new complex security services.

14

issues and challenges

migration of industrial IT to IP brings huge new threats

IT management is fully outsourced, increasing the risk of fraud

Orange solution identified with customer the

most critical data based on business criticity

jointly defined 30 threat scenarios based on business risk analysis

implemented surveillance of the defined critical perimeter

alerts customer in real time and conducts remediation

how cyberdefense supports competitiveness of the business : a real case one of the largest European industrial players in the car industry, 70 000

employees worldwide highly competitive environment, huge pressure on costs differentiates mainly through innovation, ie R&D protection of industrial secret and availability of IT system are vital to the

company

15

large multinationals choose Orange as their trusted partner in the digital world

a major tobacco manufacturing company(8 major brands >400b cigarettes,

>10b$)

A world wide Mining Company

(>50b$, >60 000 employees)

A brewing and distribution player

(190 breweries, 70 countries, 60 000+

employees. )

An industrial chemicals world

wide leader(80 countries, 50 000+

employees)

Airline Catering Services

World wide presence(120 locations)

Multinational financial services

company(100b€, 70 countries, 180 000 emp., 76M

customers)

16

agenda

1. Triggering factors to Digital security

2. Our legitimacy

3. The need for an Integrated end to end approach

4. CyberSOC and Customers experience

5. Cyber Security pillars

17

our recommendation : a four-step journey

Manag

e th

e

trans

form

atio

n Re-

asse

ss th

e

stra

tegy

Elaborate a defense strategyIdentify the sensitive data’s and

systems

Protect Data’s Input and Output

Check for security wholes or breaches

Implement surveillance

1

2

3

4

18

Thank you

presentation title