SERVICES CATALOGUE

MANAGED SECURITY

Dealing with cybercrime alone is a challenge, but as businesses

look for a competitive edge through digital […] many

are looking for outside help. Increasingly that help comes in the form of a Managed Security

Services Provider (MSSP).Paul Fisher, Research Director,

PAC Study MSSP 2017

MASTERING BUSINESS SECURITYBusinesses need help to defend against the rising tide of attacks, exploitations and infections.

Businesses across Europe are facing increasingly complex and challenging security issues – from new compliance requirements, through the severe shortage of appropriately skilled staff, to a rapidly evolving threat landscape.

Added to this, the onward march to digital is resulting in more data, more devices, increased user demand for access and the use of Cloud; all of which creates new attack surfaces, ready to be exploited.

SECURITY SERVICES CATALOGUE

DIGITAL TRUST

2

INFORMATION SECURITY MANAGEMENT

CYBER DEFENCE

IDENTITY & ACCESS MANAGEMENT

END POINT SECURITY

INFRASTRUCTURE SECURITY

OFFICE ITINDUSTRIAL IT

WITH OUR DIGITAL TRUST PROPOSITIONS,

WE CAN MASTER BUSINESS SECURITY Our job is to manage your infrastructure, your network and your workplace. Security is a part of that job, and is defined in the services that make up our Digital Trust Security Proposition.

• Control Compliance• Risk Analysis Services• Security Management

• Privileged Account Management• Identity Governance• Strong Authentication• Single Sign On• Provisioning

• Endpoint Production Suite• Mobile Security / MDM

• Cyber Defense Center• Security Monitoring & Analytics• Vulnerability Management

• Cloud Security• Firewall Management• Information Prevention• Email Security

• ICS/SCADA Hardening• Network Segmentation• Predictive Maintenance• Secure Connectivity

SECURITY SERVICES CATALOGUE

DIGITAL TRUST

3

MANAGED SECURITY Let us help you to master your business security

VULNERABILITY SCANNING

Operated by the Computacenter Cyber Defence Center, our Vulnerability Scanning service identifies and reports potential vulnerabilities before they can be exploited.

DIGITAL TRUST

SECURITY SERVICES CATALOGUE

4

SIEM SERVICES

Computacenter’s SIEM service analyses vast amounts of data to identify anomalous behaviour – alerting analysts to investigate and report potential security issues.

SECURITY MANAGER

The Customer Information Security Manager (CISM) provides governance, management and support to both the Computacenter support teams and the customer security function.

Click to expand Click to expand Click to expand

OBJECTIVE

As a leading provider of delivery services, the company handles large volumes of customer data, which needs to be adequately protected. A security breach could not only impact service delivery, but also threaten compliance, reputation and customer trust. To balance data protection with availability, the company needed a partner to help maximise security across its IT infrastructure.

SOLUTION

Computacenter provides managed security services for approximately 16,000 end points, including around 2,000 servers, 2,000 client devices, and networking components. As well as 24x7 remote monitoring and weekly vulnerability scanning, Computacenter provides trend analysis and proactive service management through its on-site Security Manager. It also works closely with the customer’s other IT providers to ensure a collaborative approach to reducing and addressing security risks.

OUTCOME

The customer can now better understand and mitigate security risks; helping to safeguard compliance, the customer experience and competitive advantage. Granular reporting and analysis have helped to identify genuine threats versus innocuous anomalies, which has reduced monthly alerts reduced by 75 per cent.

SAFE DELIVERYDelivery services company safeguards customer data with managed security service from Computacenter

DIGITAL TRUST

SECURITY SERVICES CATALOGUE

5

WHY COMPUTACENTER?As a provider of secure IT,

Computacenter looks beyond the boundaries of traditional security.

We take an end-to-end view that helps us diagnose issues more

quickly and provides customers with access to a comprehensive

support skill set.

European-based, but with a global support capability, Computacenter is well placed to support your managed security needs.

Manage over 7.2 million unique security events each year

Hold over 50 security industry certifications

Have over 200 dedicated security experts actively supporting Security for our customers

Deliver end-to-end support covering Workplace, Network, Datacenter and Platforms

With our extensive consultancy and supply chain capability, Computacenter can design and build your security solutions as well as run them

SECURITY SERVICES CATALOGUE

DIGITAL TRUST

6

GET IN TOUCH

Computacenter (UK) Ltd Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW, United Kingdom

computacenter.com +44 (0)1707 631000

Enabling users and their business

Computacenter is Europe’s leading independent provider of IT infrastructure services, enabling users and their business. We advise

organisations on IT strategy, implement the most appropriate technology, optimise its performance, and manage our customers’

infrastructures. In doing this we help CIOs and IT departments in enterprise and corporate organisations maximise productivity and

the business value of IT for internal and external users.

MSS Catalogue | Gilroy | UK | v1 2018

To find out how your organisation can take advantage of Computacenter’s Digital Trust security propositions, contact your Computacenter Account Manager.

www.computacenter.com/uk

SERVICE FEATURES

• Log collection and storage, log analytics and assessment

• Security incident detection and alerting

• Alert analysis and assessment

• Incident logging and assignment

• Monthly status and trend reporting

• Support for incident diagnosis and advice and guidance for remediation

• Security Incident management

• Use case assessment and change

• On boarding/off boarding of new assets

• Service operates 24x7x365

CUSTOMER OUTCOMES

• Identification, categorisation, investigation and assignment of security incidents

• Monthly report showing volumes and trends of security incidents impacting the customer estate

• Recommendations and advice to improve security posture

• Log retention to meet compliance requirements

• Distribution of Computacenter cyber defence threat

intelligence informationThe SIEM service is the core managed security service offering

from Computacenter. It operates as a partnership between the

Computacenter Cyber Defence Center (CDC) and our strategic partners,

Symantec and Radar Services.

Our partners complete the initial identification, investigation and

classification of security issues using their native toolsets. The CDC will be

assigned identified security events for further investigation. Once analysed and logged by the CDC, they are then

assigned to the most appropriate support team for resolution.

SIEM SERVICES THE CYBER DEFENCE CENTER

SIEM SERVICES

OPERATING MODEL

Fronted by partners (either Symantec or Radar services) who deploy their technology to process and analyse customer log data.

Using algorithms designed to test for specific types of anomalies and anomalous behaviour, the SIEM solution will alert the CDC when its analytics identify a potential security issue.

The algorithms are constructed to look for specific issues that are defined as “use cases”. Use cases can be complex or simple, and the mix of use case types and the scale of the customers target infrastructure determines the effectiveness of the service.

Delivered as an “embedded” security service as part of a broader infrastructure managed service, rather than a standalone security service.

The Symantec MSS model is cloud based, whilst the Radar services model in on premise.

DIGITAL TRUST

SECURITY SERVICES CATALOGUE

4

DIGITAL TRUST

SECURITY SERVICES CATALOGUE

4

SERVICE FEATURES

• Analysis of security alerts, with security incidents automatically identified by the deployed SIEM tooling

• Creation of security incidents, post analysis, into the call logging tool

• Documentation of recommended actions to resolve incidents, recorded within the security incident log

• Management of the on-boarding / off-boarding of customer data and assets as they come into scope for the SIEM or Vulnerability Service

• Creation of standard customer reports

• Support and input to the management of major incidents where there is a security dimension

• Service operates 24x7x365

OPERATIONAL STRUCTUREComprised of the following roles:-

• CDC Operative (shared resource), CDC Senior Operative (shared resource), CDC Manager (shared resource)

• The CDC Operative delivers the SIEM and Vulnerability Scanning services

• The CDC Manager (in addition to line management responsibilities) is responsible for escalations, reporting oversight and customer interactions

• The CDC Manager is also responsible for the quality and effectiveness of the CDC service delivery and is the senior technical escalation point

The Cyber Defence Center is a Computacenter function designed

to detect and react to cyber security threats facing the customer.

The function ensures analysis can be completed quickly and

accurately, allowing remediation and recommendations to be dealt with by

the appropriate customer/internal resolver teams.

The Cyber Defence Center delivers this function by utilising technologies

and tooling that concentrate on detecting and reporting cyber threats

quickly and effectively.

The Cyber Defence Center operates a shared remote delivery model from Computacenter locations in Hatfield. More locations are planned in Germany and France.

Typically operated as part of a broader managed service where security is a service tower alongside Endpoint, Network, Infrastructure and Application.

OPERATING MODEL

THE CYBER DEFENCE CENTERSIEM SERVICES

THE CYBER DEFENCE CENTER

VULNERABILITY SCANNING THE CYBER DEFENCE CENTER

The Vulnerability Scanning service utilises specialist tooling to scan

a target customer IP range, or ranges, seeking to identify vulnerabilities.

These vulnerabilities could be exploited by external criminal

elements or rogue internal resources for the purpose of financial

gain or to cause reputational damage to the customer.

Scans seek to identify vulnerabilities and weaknesses, and the service

then looks to align them to owners, co-ordinate remediation activity with

those owners, and then consolidate the results into a monthly report for

review with the customer.

SERVICE FEATURES

• Network and asset discovery

• Planning and running the scheduled scans

• Monthly status and trend reporting, aligned to in scope assets

• Support for incident diagnosis and advice and guidance for remediation

• On boarding / off boarding of new IP ranges for scanning

• Support of the scan tooling

• Support for assessment and treatment of identified security incidents

• Service operates Monday - Friday, 9:00am - 5:30pm

CUSTOMER OUTCOMES

• Monthly report detailing identified vulnerabilities along with remediation recommendations

• Monthly meeting with Security Manager to review vulnerability reports and monitor trends

• Measurement against agreed technical baselines to demonstrate compliance to customer-provided standards

• Active engagement with patching team to ensure that patching is applied in line with proposed service level agreements

OPERATING MODEL

The service is delivered by the Computacenter Cyber Defence Center (CDC) with scans being run by the CDC operatives.

The CDC operatives collate the vulnerability scan results and compare them with the CMDB to align vulnerabilities to asset owners.

Technical assessment is carried out by the supporting technical teams who are assigned requests to investigate the vulnerabilities.

Post assessment, and subject to appropriate change and release controls, the technical teams will apply the appropriate remediation to close the vulnerability.

The results of the technical investigation are consolidated into a report to be presented to the customer by the Computacenter Information security manager and the Computacenter service manager.

Typically delivered remotely from the CDC as a shared service, although bespoke onsite and ring fenced delivery options are available as a non standard design.

4

VULNERABILITY SCANNING

DIGITAL TRUST

SECURITY SERVICES CATALOGUE

4

SERVICE FEATURES

• Analysis of security alerts, with security incidents automatically identified by the deployed SIEM tooling

• Creation of security incidents, post analysis, into the call logging tool

• Documentation of recommended actions to resolve incidents, recorded within the security incident log

• Management of the on-boarding / off-boarding of customer data and assets as they come into scope for the SIEM or Vulnerability Service

• Creation of standard customer reports

• Support and input to the management of major incidents where there is a security dimension

• Service operates 24x7x365

OPERATIONAL STRUCTUREComprised of the following roles:-

• CDC Operative (shared resource), CDC Senior Operative (shared resource), CDC Manager (shared resource)

• The CDC Operative delivers the SIEM and Vulnerability Scanning services

• The CDC Manager (in addition to line management responsibilities) is responsible for escalations, reporting oversight and customer interactions

• The CDC Manager is also responsible for the quality and effectiveness of the CDC service delivery and is the senior technical escalation point

The Cyber Defence Center is a Computacenter function designed to detect and react to cyber security

threats facing the customer. The function ensures analysis can be completed quickly and

accurately, allowing remediation and recommendations to be dealt with by

the appropriate customer/internal resolver teams.

The Cyber Defence Center delivers this function by utilising technologies

and tooling that concentrate on detecting and reporting cyber threats

quickly and effectively.

The Cyber Defence Center operates a shared remote delivery model from Computacenter locations in Hatfield. More locations are planned in Germany and France.

Typically operated as part of a broader managed service where security is a service tower alongside Endpoint, Network, Infrastructure and Application.

OPERATING MODEL

THE CYBER DEFENCE CENTERVULNERABILITY SCANNING

THE CYBER DEFENCE CENTER

CUSTOMER INFORMATION SECURITY MANAGEMENT SECURITY MANAGER SECURITY OFFICER

CUSTOMER INFORMATION SECURITY MANAGEMENT

The Customer Information Security Manager (CISM) service provides

governance, management and control of the IT security functions delivered by Computacenter to our customers.

The service ensures that effective delivery of security management

is achieved through contractual compliance to customer security

policy and effective security incident management. This is all supported by in life governance of contract change

to ensure the impact to all things security is understood.

SERVICE FEATURES• Review the implementation and effectiveness of information

security measures and processes in collaboration with internal Computacenter departments in the delivery of daily operations and projects

• Continuous assessment of the levels of compliance for applicable information security standards and policies

• Supporting security incident investigation as required• Determination of potential threats, evaluation of risks and

developing proposals to address vulnerabilities• Support of audits relating to information security management,

compliance management and internal audits, development of recommendations and follow-up measures

• Service operates Monday - Friday, 9:00am - 5:30pm

CUSTOMER OUTCOMES• Provision of regular monthly security reporting and trending,

outlining the contracted Computacenter security deliverables• Assisting the customer in the collation and provision of

information in the support of audits carried out on the customer• Creation of a Security Management Plan (SMP) which can be

monitored, measured and reported against for effectiveness• Co-ordination of a Security Working Group (SWG) based on

Computacenter’s standard Terms of Reference (ToR)• Set up of an initial Security Risk Register to track risks identified

during the delivery of contracted security services• Provide input into change management in respect of

Computacenter services and their impact on the customer’s security posture

• Co-ordinate an annual security workshop with the customer and their key security personnel to assess Computacenter’s security

compliance posture

• Delivered where there is a broader managed service – rather than as a standalone service

• Typically sold alongside SIEM or Vulnerability Scanning services, although can be positioned without these services

• Security Officers undertake most administrative and compliance based activity and report to the Security Manager who is responsible for the broader representation of the Computacenter security services delivered to the customer

• The Security Managers work hand in hand with the Computacenter Service Managers to provide expertise and guidance for internal Computacenter delivery as well as external customer delivery

OPERATING MODEL

4

SECURITY MANAGER SECURITY OFFICERCUSTOMER INFORMATION SECURITY MANAGEMENT

OPERATIONAL STRUCTURE

The Security Manager function can operate as follows:

•  Security Officer (dedicated to an individual customer)

• Security Officer (shared to multiple customers – maximum of 4)

• Security Manager (shared across multiple customers – maximum of 4)

• Security Manager (bespoke – can be dedicated to a single customer)

A single customer may have a combination of the above roles. In these circumstances, all allocated Security Officers will report to the assigned Security Manager.

The service operates Monday to Friday 9:00am to 5:30pm.

DELIVERY LOCATION

• Remote and on premise delivery. Typically a combination of contracted days working from a nominated customer site

• Supported by remote delivery from a Computacenter office location

• Security Officer services will be full time on site or remote shared delivery

• Security Managers will not be based at multiple customer locations

QUALIFICATIONS

The Customer Information Security Manager is qualified to

CCP Practitioner level with additional ISO27001 foundation certifications.

These technical skills are aligned to customer facing experience and a

background in service management or customer relationship

management.

The Security Officer is qualified to CISM (P) level and typically

has a background in analytics and process based roles.

SERVICE OWNERS

CYBER DEFENCE OPERATIONS DIRECTORKevin.Gourlay@computacenter.com

HEAD OF CUSTOMER INFORMATION SECURITY MANAGEMENTRichard.Chapman@computacenter.com

SECURITY MANAGER & SECURITY OFFICER

4