Welcome!Mike Howard,
Chief Security Officer
Microsoft Corporation
Virtual Security Operation Center Transformation:
How to Utilize the Cloud, Big Data and Machine Learning
The Journey to VSOC
GSOC
Envisioning the VSOC
1990s
Personal Computing
1980s
Mainframes
GGG GSOC VSOCLSCC
Incident collaboration
Timely communication and improved
response times
Analysis to Operational
Management
Real-time intelligence monitoring
Agile, intelligence-driven model
VSOC
Operators with different skillsets Intel and Ops closer collaboration
People Requirements
Intelligent Cloud
Intelligent Edge
Cloud-enabled “edge” of devices lets data, applications, and intelligence flow to where people are.
Digital Transformation
VSOC Budget Request
Initiatives:VSOC Core Components
1. Video Analytics Implementation
2. Incident Management Team (IMT) portal
3. Physical Security Information Management System +
4. White Wall & Single Smart View Platform
5. GSOC to Fusion Center Transformation
6. Systems Center Operations Manager
7. Centralized Reporting & Compliance
8. High Value Asset Upgrade
9. Visitor Management
10. Data Intelligence
11. Alarm Classification and Renaming
12. Notification & Travel Safety
Objective:Deliver intelligent cloud, intelligent edge,
cloud-first alignment , proactive monitoring
and data transformation
How:Update staffing models, upgrade tools in
physical space, and functional workflows and
communications.
Powered By SSVP from ATL Israel
■ Send notification FSCA; W-20-Sep-17 09:02:54
PT
□ Task RSA; 0:10:38 remaining to meet SLA
□ Task RSA; 1:42:21 remaining to meet SLA …
Standard Operating Procedure
Current View: Situation Management Mode
⬤EPU
⬤RSA
⬤RLPM
⬤ HVA
⬤INV
⬤Events
⬤Onsite Security
⬤ MSGS Comms
⬤RE&F/Lease Owner
⬤Law Enforcement
⬤First Responders
⬤Utility Company
Other POCs
⬤Puerto Rico Area IMT - ActiveActivated on: W 20-Sep-2017 09:01:48 PT
Activated by: John Young
⬤Dominican Republic Area IMT - ActiveActivated on: W 20-Sep-2017 09:03:26 PT
Activated by: John Young
⬤Jamaica Area IMT - ActiveActivated on: W 20-Sep-2017 09:05:13 PT
Activated by: John Young
⬤US Area IMT - MonitoringActivated on: W 20-Sep-2017 10:26:37 PT
Activated by: Jon Dinsmore
IMT Status
• Stats (event origin, date/time)
• Impact to MS
• Potential Impact to MS
• Potential Impact to Country Risk
• …
Incident Summary
Lead Security POCs on Duty
□ IMT Portal
□ MS Teams
□ POC Sheets
□ Org Chart
□ Intel Report
□ SitRep
Resources
MS Exposure
Safe
99
Unknown
32
At Risk
15
Accountability Status
⬤PIN: “Title”Sent on: W 20-Sep-2017 09:01:48 PT
⬤SIA: “Title”Sent on: W 20-Sep-2017 09:03:26 PT
Messaging Status
Click to View: Situation Awareness Mode
Click to call
Click to view
6:17 PM
Redmond
8:17 PM
Dallas
9:17 PM
San Juan
9:17 PM
Mississauga
2:17 AM
London
3:17 AM
Paris
3:17 AM
Munich3:17 AM
Johannesburg
4:17 AM
Herzeliya
6:30 AM
Hyderabad
9:17 AM
Singapore
9:17 AM
Beijing
10:17 AM
Tokyo
11:17 AM
Sydney
• RSM – Action taken
• RSA – Action taken
• …..
Coordination Efforts
Puerto Rico 100% without power (ABCNews)
3.4 Million in Puerto Rico could be without power for
4-6 months, Mayor warns (WNEP-TV)
Hurricane Maria slams Dominican Republic (MS Intel)
Aggregated Media Feeds
□ Door Forced Open GUAYNABO-CVP (13:47:03 PT)
□ Door Held Open SANTODOMINGO-BM (13:53:29 PT)
Signals
FUSION CENTER SECURITY ADVISOR
⚠ Hurricane Maria – Now Category 5
Click for camera
⚠ Puerto Rico – Now High Risk
Sites
5
People
146
Events
2
MS Assets
Execs
0
HVA
1
Travelers
4
MS Critical Assets
Click to chat
Click to view
09:03:26 PT
09:03:26 PT
Live Camera Feed - GUAYNABO-CVPLive News Feed - CNN
100 33
⬤EPU
THU AM
145 MPH
WED AM
150 MPH
1 93 12
0 11 10 28 0
Click for detail
Prediction Model5-Day ForecastLast 10 Years
(2007 – 2016)
□ Re-evaluate surveillance camera locations
□ Relocate HVA assets
…..
Suggested Actions – Sites
□ Send SAT phones to field
□ Temporarily relocate RSA to Florida, US
…..
Suggested Actions – People
□ Recommend relocation of Ignite 2018
□ Coordinate with MSTravel
…..
Suggested Actions – Events
• Time to Recovery – 10-days
• Cost to Recovery - $100,000 USD
MS Statistics – Historical
• Time to Recovery – 30-days
• Cost to Recovery - $500,000 USD
MS Statistics – Prediction
• Maria was the first Category 4 hurricane to
make landfall in Puerto Rico in 85 years.
• It is the tenth-most intense Atlantic
hurricane on record, and the worst to strike
Puerto Rico since 1928.
• The last major hurricane (Cat-3 or higher)
to hit Puerto Rico was Georges in 1998.
• Georges killed 604 people and caused
extensive damage resulting at just under
$10 billion (1998 USD, equivalent to $17
billion in 2016).
Historical
• Existing resources have been depleted
• Reliance on imported goods increases
• Populations in neighboring areas will surge
Next Six Months
Powered By SSVP from ATL IsraelCurrent View: Situation Awareness Mode
Geographical Impact – Puerto Rico
• Imminent dam failure in Isabela and
Quebradillas
• Puerto Rico power outages will continue
Next Two Weeks
Click to View: Situation Management Mode
6:17 PM
Redmond
8:17 PM
Dallas
9:17 PM
San Juan
9:17 PM
Mississauga
2:17 AM
London
3:17 AM
Paris
3:17 AM
Munich3:17 AM
Johannesburg
4:17 AM
Herzeliya
6:30 AM
Hyderabad
9:17 AM
Singapore
9:17 AM
Beijing
10:17 AM
Tokyo
11:17 AM
Sydney
PRIOR TO
INCIDENT
3 MONTH
PREDICTION
6 MONTH
PREDICTION
12 MONTH
PREDICTION
COUNTRY RISK ⬤ ■ ■ ⬤
TRAVEL RISK ⬤ ■ ■ ⬤
NATURAL HAZARDS ⬤ ⬤ ⬤ ⬤
CULTURAL ISSUES ⬤ ■ ■ ⬤
MEDICAL RISK ⬤ ■ ■ ■
MEDICAL CARE ⬤ ■ ■ ■
FOOD & WATER ⬤ ■ ■ ■
VACCINATIONS ⬤ ⬤ ⬤ ⬤
DISEASE RISK ⬤ ⬤ ⬤ ⬤
CRIME ⬤ ■ ■ ⬤
PROTESTS ⬤ ⬤ ⬤ ⬤
TERRORISM ⬤ ⬤ ⬤ ⬤
EMPLOYMENT ⬤ ■ ■ ■
TRANSPORT ⬤ ■ ■ ■
Click for detail
• The hurricane has caused at least 56 deaths.
• Initial assessments indicate catastrophic
damage to Dominica.
Current
• Unemployment rate will increase by 4%
• Crime will increase by 10% in Puerto Rico
• Puerto Rico will become Extreme Risk
Next Year
⚠ Hurricane Maria – Now Category 5⚠ Puerto Rico – Now High Risk
Case Studies
Boston Marathon Bombing
• Simplified interaction
• Rapid accountability
• Proactive emergency response
• Improved response time
• Timely communication
Active Shooter, Paris, France
• Improved response time
• Incident collaboration
• Simplified accounting
• GAPs identified
• Communication clarity
Chennai Floods
• Proactive intelligence monitoring
• Automated accountability
• Information stored in the Cloud
• Improved response time
• Timely communication
More immediate Response
Matured Unified Technology
Interconnected Intelligence Feeds
Real Time Analysis & Response
More timely Communication
Benefits of VSOC over GSOC
What got us here…
…won’t get us there.
Digital Transformation is
NOT just technology
Engage your
customers
Empower your
employees
Transform your
products
Optimize your
operations
Digital Transformation is
Societies are
going
Cashless
Cities are
becoming
Smarter
Robots are
Revolutionizing
Service Delivery
EVERYWHEREMobile-first
Cloud-first
Digital Transformation affects
EVERYONE
of consumer data will be stored and accessed in the Cloud by 2016
1/3
Americans use social media to connect with one another, engage with news content, share information and entertain themselves
7 of 10of Americans now own a cell phone of some kind, with 77% owning smartphones
95%
American adults use the internet
9 in 10
Digital Transformation is a
2 in 3 CEOs of Global 2000 companies will have digital transformation at the center of their corporate strategy by the end of 2017
of companies believe that digital transformation is a competitive opportunity87%
of enterprise decision makers feel they have a timeframe of two years before suffering financially and/or falling behind their competitors
85%
of executives rate digital transformation as a "matter of survival" 27%
NECESSITY
How to
Leaders of winning companies re-envision existing business models and embrace a different way of brining together people, data and processes to create value for their customers and capture new opportunities for their organizations.
THRIVE
Engage your customers
Empower your employees
Transform your products
Optimize your operations
How to
TRANSFORM
Envision what’s possible
Prepare your people
Connect your devices
Automate your data
Analyze your data
Visualize your data
Step #1:
Imagine a future built around collaboration, not around devices on a wall.
ENVISION
Engage your
customers
Empower your
employees
Step #2: PREPARE
Build the platform
Leverage the Cloud
Connect all endpoints
Step #3: CONNECT
Automation will provide the ability to scale and empowers the users with a self-service model.
Aggregate your data
Mitigate your signals
Leverage complex rules engine
Enable machine learning
Consume internet of things
Step #4: AUTOMATE
Find
Patterns
Uncover
Trends
See
Correlations
Step #5: ANALYZE and VISUALIZE
Leverage your data to challenge conventional thinking, drive business decisions and to demonstrate the true value of your security organization.
Reinvent productivity
Transform processes
Build effective budgets
Develop lean operating models
Lead from the front
Challenge conventional thinking
Step #6: TRANSFORM
Digital Transformation will
GET US THERE
Discussion and Questions
© 2017 Microsoft Corporation. All rights reserved.