Pulling our-socs-up
1 like365 views
Vodafone's RSA Conference presentation outlines their approach to cybersecurity, emphasizing the importance of a strong security culture, technology choices, and threat intelligence. The company aims to create a secure digital future for its customers by implementing proactive cyber defense strategies and enhancing team diversity and capability. Key messages include the need for alignment between security activities and business risks, and the importance of continuous learning and adapting to evolving cyber threats.
Pulling our-socs-up
- 1. SESSION ID: #RSAC Emma Smith PULLING OUR SOCS UP VODAFONE GROUP AT RSAC 2018 AIR-R04 Group Technology Security Director Vodafone Group Plc Andy Talbot Global Head of Cyber Defence Vodafone Group Plc
- 2. # R S A C Pulling our SOCs up
- 3. # R S A C Introduction About Vodafone, Vision, Target State Approach More than a SOC, Threat Scenarios, Tech Choices, Culture Pulling our SOCs up Key Messages Learnings and Benefits, Future
- 4. # R S A C Operating Countries Partner Markets / Enterprise only A bit about Vodafone Mobile Customers 529m Worlds 2nd largest network Minutes of mobile calls 4.4bn Every 24hrs IoT Connections 64m Globally M-Pesa financial transactions 20m Every 24hrs Customer Traffic 2.4Tbps At any time Cyber Security Professionals 870+ Local & Group # R S A C
- 5. # R S A C a secure digital future for our customers The Vodafone Security Vision
- 6. # R S A C Strong Security Basics Customer Security Cyber Defence • Threat Intelligence • Connect and Detect • Discovery and Hunting • Security Response • People, Process & Technology Risk, People & Culture Future Focused Security Strategy 2020
- 7. # R S A C From To Our Target State Stakeholders Aware Advocates Technology Size mattered Controlled and consistent coverage People External reliance Sustainable capability Approach Technology led Risk and threat led
- 8. # R S A C Security MonitoringActive Monitoring, Hunting & Analytics Threat Intelligence Cyber Defence (More than just a SOC) Security Testing Security Infrastructure Services Centre of Excellence Forensics and eDiscovery Incident Management Prevent Detect Respond
- 9. # R S A C System Compromise Phishing Social Engineering Malicious Comms Unauthorised Access User Access Management Potential Policy Violation Denial of Service Compliance or Legal (PCI) Web Monitoring 1st Evolution Threat Scenarios
- 10. # R S A C Connect and Detect Data Feeds Unifying focus for all stakeholders to provide these Device Types under a Connect and Detect programme Website Protection IDS/IPS Domain Controllers Endpoint Protection Web Traffic Management Remote Access Solution IP Management Firewalls DNS Firewall DDoS
- 11. # R S A C Cyber Risk Line of Sight Business Risks Cyber and Information Security at Number 1 Line of sight Data Feeds Only onboard what’s needed for the detection rules Alerts Linking alerts back to threat vectors and business risk Detection Rules Cyber attack scenarios dictate detection rules Cyber Attack Methods Environmental analysis to determine specific cyber attack methods Evolve Review post incident and evolve attack scenarios Coverage Ensure critical assets are protected and providing data feeds Cyber Threat Landscape All potential threat vectors, prioritized by frequency and impact Control Framework Mitigation through the Cyber Security Control Framework
- 12. # R S A C Malicious, Compromised or Exploited Software Vulnerability Exploitation Account Hijack Social Engineering Denial of Service Website Attacks Access Abuse Telecoms Interception Next Evolution Cyber Attack Method Groups
- 13. # R S A C Tough Tech Choices Standalone SIEMSIEM Integrated SIEM evolution & Big Data Advanced analytics & cognitive learning Incident ManagementIM Follow-the-sun and enhanced workflow with technology Automation Fragmented capability TI Centralized Threat Intelligence team Enhanced insight with technology
- 14. # R S A C Leadership, Culture & Team
- 15. # R S A C People & Culture Focus on diversity Neutral Language Personal Network Pay reviews 2 female candidates Set a target Apprentices & Graduates
- 16. # R S A C Security with PACE : Our Values Vodafone Security Values PACE We deliver at the right speed to achieve the best results for our customer, and we do this by operating swiftly and in an agile manner Passionate and have a thirst to make a difference, to empower our teams, to enable our customers Authentic and transparent, focused on achieving the right results in the right way. We act with integrity and strive to be our best self Curious and eager to learn, to innovate in the way we do things and we challenge, never accepting the status quo Expert and knowledge hungry. Our understanding of security is felt by our customers, colleagues and our team. We are open and share knowledge
- 17. # R S A C Detection rules tied to threats which enables quicker understanding and context Playbooks and automation free up human effort Learning and Benefits Always learning 16 Vodafone companies connected in one year 30% Gender Diversity and 52% of last year’s external hires were women >40% events of interest detected that we wouldn’t have otherwise seen Created unified focus, pace and momentum Increase in people reporting unusual activity 7 times more data and each piece of data counts for more Drive consistency in approach Be risk and threat led Create momentum with your advocates Set ambitious goals Keep the technology plan simple Do the basics well Shape core values & cherish diversity Build integrated end to end
- 18. # R S A C Implement new technologies Balance between SIEM and big data analytics Embrace learning By collaborating, sharing, curiosity and embracing failure Keep connecting and detecting Beyond IT: Networks, 5G, Cloud and IoT Invest in our people Develop the things that bind us together - our people and our culture Be efficient and automate Automate routines and empower people In the future, we will…
- 19. # R S A C Apply Pulling Our SOCs Up Next week Ask yourself; “Can I link my SOC activity back to my business risks?” Next three months Ask yourself; “Do my Cyber Security plans have aspects covering people, culture, processes and technology?” Next six months Ask yourself; “Do I have senior advocates for my Cyber Security plans?”