2. Agenda
Who Are We?
Introduce The Teams & What We Do
Tools & Current Detection Capability
What’s Coming Next
Questions?
2
3. Organisation Design
IT Cyber Security
3
IT Cyber Security
Director
Head of
IT RISK (6)
Head of Cyber
Security Programme
Senior Manager
Platform Mgmt
Head of
Vulnerability
Management &
Testing
Head of
Network Security
Head of
Platform Security
Head of
Engineering,
Platform Direction &
Governance
Head of
Application Security
Head of
Cyber Security
Operations
4. Organisation Design
Cyber Security Operations
4
Head of Cyber Security
Operations
CSOC
(Managed
Service)
Senior Manager
Security Incident
Management
Senior Manager
Development
Technical
Support
Senior Manager
Operational
Technical
Support
Senior Manager
Strategy,
Governance &
Assurance
Senior Manager
Data Loss
Prevention
CSOC
Transition
Manager
24x7
Managed
Service
43 FTEs
8. What Do We Do?
Current CSOC Key Functions
Security Monitoring (Insider Threat)
Network Attack Monitoring
Rogue Device Detection
Cyber Threat Monitoring
SOX Compliance Monitoring
Security Log Retrieval
8
Current Engineering Key Functions
Use Case Development
Rule Configuration
Toolset Enhancement & Development
Perimeter Defence Analysis
Threat Intelligence
Forensics Analysis
Current CSIM Key Functions
Cyber Incident Response Governance
Incident Playbooks
Input to GS&F Investigations
Input to Colleague Conduct Team
Current DLP Key Functions
Use Case Development
Rule Configuration
Toolset Enhancement & Development
DLP Investigations
Education to Colleagues
9. QRadar – SIEM Platform
Privileged user monitoring
High Risk activity detection
Rogue Device Monitoring (RDD)
Lancope Event Logging
Rare Events. (CBEST Learning)
Compliance Monitoring
Tools & Current Detection Capability
Splunk – Tactical Security Analytics Platform
Correlation against Tactical Intelligence.
Heuristic behavioural Analysis.(E-mail , Web , Digital , Firewall)
Lateral movement detection / RDD (EPO, DHCP)
Contextual event enrichment. (Whois, Active Directory ,Geo Location)
Symantec – Web/Email Detection
Banned file types
Lexical Fails
Images
Banking Details
National Insurance numbers
Spam/Phishing emails
Once you lose control of your data, you lose control of your business
10. What’s Coming Next
View on Cyber threat methods, tools and techniques of actors.
Vigilance of new threats through new threat intelligence.
Threat landscape continues to evolve and CSOC Monitoring will
continue to adapt to these changes.
Greater detection of “Insider” Threat
Operational improvements include:
• Level 2 Triage across the Cyber Threat
• Improved real time monitoring of SOx controls
Cyber Programme Deliverables:
• New controls e.g. Network Segregation, NIPs, Application Monitoring
• Increased Detection Capability
• & Lots more!!!
10