services catalogue managed security...dealing with cybercrime alone is a challenge, but as...
TRANSCRIPT
SERVICES CATALOGUE
MANAGED SECURITY
Dealing with cybercrime alone is a challenge, but as businesses
look for a competitive edge through digital […] many
are looking for outside help. Increasingly that help comes in the form of a Managed Security
Services Provider (MSSP).Paul Fisher, Research Director,
PAC Study MSSP 2017
MASTERING BUSINESS SECURITYBusinesses need help to defend against the rising tide of attacks, exploitations and infections.
Businesses across Europe are facing increasingly complex and challenging security issues – from new compliance requirements, through the severe shortage of appropriately skilled staff, to a rapidly evolving threat landscape.
Added to this, the onward march to digital is resulting in more data, more devices, increased user demand for access and the use of Cloud; all of which creates new attack surfaces, ready to be exploited.
SECURITY SERVICES CATALOGUE
DIGITAL TRUST
2
INFORMATION SECURITY MANAGEMENT
CYBER DEFENCE
IDENTITY & ACCESS MANAGEMENT
END POINT SECURITY
INFRASTRUCTURE SECURITY
OFFICE ITINDUSTRIAL IT
WITH OUR DIGITAL TRUST PROPOSITIONS,
WE CAN MASTER BUSINESS SECURITY Our job is to manage your infrastructure, your network and your workplace. Security is a part of that job, and is defined in the services that make up our Digital Trust Security Proposition.
• Control Compliance• Risk Analysis Services• Security Management
• Privileged Account Management• Identity Governance• Strong Authentication• Single Sign On• Provisioning
• Endpoint Production Suite• Mobile Security / MDM
• Cyber Defense Center• Security Monitoring & Analytics• Vulnerability Management
• Cloud Security• Firewall Management• Information Prevention• Email Security
• ICS/SCADA Hardening• Network Segmentation• Predictive Maintenance• Secure Connectivity
SECURITY SERVICES CATALOGUE
DIGITAL TRUST
3
MANAGED SECURITY Let us help you to master your business security
VULNERABILITY SCANNING
Operated by the Computacenter Cyber Defence Center, our Vulnerability Scanning service identifies and reports potential vulnerabilities before they can be exploited.
DIGITAL TRUST
SECURITY SERVICES CATALOGUE
4
SIEM SERVICES
Computacenter’s SIEM service analyses vast amounts of data to identify anomalous behaviour – alerting analysts to investigate and report potential security issues.
SECURITY MANAGER
The Customer Information Security Manager (CISM) provides governance, management and support to both the Computacenter support teams and the customer security function.
Click to expand Click to expand Click to expand
OBJECTIVE
As a leading provider of delivery services, the company handles large volumes of customer data, which needs to be adequately protected. A security breach could not only impact service delivery, but also threaten compliance, reputation and customer trust. To balance data protection with availability, the company needed a partner to help maximise security across its IT infrastructure.
SOLUTION
Computacenter provides managed security services for approximately 16,000 end points, including around 2,000 servers, 2,000 client devices, and networking components. As well as 24x7 remote monitoring and weekly vulnerability scanning, Computacenter provides trend analysis and proactive service management through its on-site Security Manager. It also works closely with the customer’s other IT providers to ensure a collaborative approach to reducing and addressing security risks.
OUTCOME
The customer can now better understand and mitigate security risks; helping to safeguard compliance, the customer experience and competitive advantage. Granular reporting and analysis have helped to identify genuine threats versus innocuous anomalies, which has reduced monthly alerts reduced by 75 per cent.
SAFE DELIVERYDelivery services company safeguards customer data with managed security service from Computacenter
DIGITAL TRUST
SECURITY SERVICES CATALOGUE
5
WHY COMPUTACENTER?As a provider of secure IT,
Computacenter looks beyond the boundaries of traditional security.
We take an end-to-end view that helps us diagnose issues more
quickly and provides customers with access to a comprehensive
support skill set.
European-based, but with a global support capability, Computacenter is well placed to support your managed security needs.
Manage over 7.2 million unique security events each year
Hold over 50 security industry certifications
Have over 200 dedicated security experts actively supporting Security for our customers
Deliver end-to-end support covering Workplace, Network, Datacenter and Platforms
With our extensive consultancy and supply chain capability, Computacenter can design and build your security solutions as well as run them
SECURITY SERVICES CATALOGUE
DIGITAL TRUST
6
GET IN TOUCH
Computacenter (UK) Ltd Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW, United Kingdom
computacenter.com +44 (0)1707 631000
Enabling users and their business
Computacenter is Europe’s leading independent provider of IT infrastructure services, enabling users and their business. We advise
organisations on IT strategy, implement the most appropriate technology, optimise its performance, and manage our customers’
infrastructures. In doing this we help CIOs and IT departments in enterprise and corporate organisations maximise productivity and
the business value of IT for internal and external users.
MSS Catalogue | Gilroy | UK | v1 2018
To find out how your organisation can take advantage of Computacenter’s Digital Trust security propositions, contact your Computacenter Account Manager.
www.computacenter.com/uk
SERVICE FEATURES
• Log collection and storage, log analytics and assessment
• Security incident detection and alerting
• Alert analysis and assessment
• Incident logging and assignment
• Monthly status and trend reporting
• Support for incident diagnosis and advice and guidance for remediation
• Security Incident management
• Use case assessment and change
• On boarding/off boarding of new assets
• Service operates 24x7x365
CUSTOMER OUTCOMES
• Identification, categorisation, investigation and assignment of security incidents
• Monthly report showing volumes and trends of security incidents impacting the customer estate
• Recommendations and advice to improve security posture
• Log retention to meet compliance requirements
• Distribution of Computacenter cyber defence threat
intelligence informationThe SIEM service is the core managed security service offering
from Computacenter. It operates as a partnership between the
Computacenter Cyber Defence Center (CDC) and our strategic partners,
Symantec and Radar Services.
Our partners complete the initial identification, investigation and
classification of security issues using their native toolsets. The CDC will be
assigned identified security events for further investigation. Once analysed and logged by the CDC, they are then
assigned to the most appropriate support team for resolution.
SIEM SERVICES THE CYBER DEFENCE CENTER
SIEM SERVICES
OPERATING MODEL
Fronted by partners (either Symantec or Radar services) who deploy their technology to process and analyse customer log data.
Using algorithms designed to test for specific types of anomalies and anomalous behaviour, the SIEM solution will alert the CDC when its analytics identify a potential security issue.
The algorithms are constructed to look for specific issues that are defined as “use cases”. Use cases can be complex or simple, and the mix of use case types and the scale of the customers target infrastructure determines the effectiveness of the service.
Delivered as an “embedded” security service as part of a broader infrastructure managed service, rather than a standalone security service.
The Symantec MSS model is cloud based, whilst the Radar services model in on premise.
DIGITAL TRUST
SECURITY SERVICES CATALOGUE
4
DIGITAL TRUST
SECURITY SERVICES CATALOGUE
4
SERVICE FEATURES
• Analysis of security alerts, with security incidents automatically identified by the deployed SIEM tooling
• Creation of security incidents, post analysis, into the call logging tool
• Documentation of recommended actions to resolve incidents, recorded within the security incident log
• Management of the on-boarding / off-boarding of customer data and assets as they come into scope for the SIEM or Vulnerability Service
• Creation of standard customer reports
• Support and input to the management of major incidents where there is a security dimension
• Service operates 24x7x365
OPERATIONAL STRUCTUREComprised of the following roles:-
• CDC Operative (shared resource), CDC Senior Operative (shared resource), CDC Manager (shared resource)
• The CDC Operative delivers the SIEM and Vulnerability Scanning services
• The CDC Manager (in addition to line management responsibilities) is responsible for escalations, reporting oversight and customer interactions
• The CDC Manager is also responsible for the quality and effectiveness of the CDC service delivery and is the senior technical escalation point
The Cyber Defence Center is a Computacenter function designed
to detect and react to cyber security threats facing the customer.
The function ensures analysis can be completed quickly and
accurately, allowing remediation and recommendations to be dealt with by
the appropriate customer/internal resolver teams.
The Cyber Defence Center delivers this function by utilising technologies
and tooling that concentrate on detecting and reporting cyber threats
quickly and effectively.
The Cyber Defence Center operates a shared remote delivery model from Computacenter locations in Hatfield. More locations are planned in Germany and France.
Typically operated as part of a broader managed service where security is a service tower alongside Endpoint, Network, Infrastructure and Application.
OPERATING MODEL
THE CYBER DEFENCE CENTERSIEM SERVICES
THE CYBER DEFENCE CENTER
VULNERABILITY SCANNING THE CYBER DEFENCE CENTER
The Vulnerability Scanning service utilises specialist tooling to scan
a target customer IP range, or ranges, seeking to identify vulnerabilities.
These vulnerabilities could be exploited by external criminal
elements or rogue internal resources for the purpose of financial
gain or to cause reputational damage to the customer.
Scans seek to identify vulnerabilities and weaknesses, and the service
then looks to align them to owners, co-ordinate remediation activity with
those owners, and then consolidate the results into a monthly report for
review with the customer.
SERVICE FEATURES
• Network and asset discovery
• Planning and running the scheduled scans
• Monthly status and trend reporting, aligned to in scope assets
• Support for incident diagnosis and advice and guidance for remediation
• On boarding / off boarding of new IP ranges for scanning
• Support of the scan tooling
• Support for assessment and treatment of identified security incidents
• Service operates Monday - Friday, 9:00am - 5:30pm
CUSTOMER OUTCOMES
• Monthly report detailing identified vulnerabilities along with remediation recommendations
• Monthly meeting with Security Manager to review vulnerability reports and monitor trends
• Measurement against agreed technical baselines to demonstrate compliance to customer-provided standards
• Active engagement with patching team to ensure that patching is applied in line with proposed service level agreements
OPERATING MODEL
The service is delivered by the Computacenter Cyber Defence Center (CDC) with scans being run by the CDC operatives.
The CDC operatives collate the vulnerability scan results and compare them with the CMDB to align vulnerabilities to asset owners.
Technical assessment is carried out by the supporting technical teams who are assigned requests to investigate the vulnerabilities.
Post assessment, and subject to appropriate change and release controls, the technical teams will apply the appropriate remediation to close the vulnerability.
The results of the technical investigation are consolidated into a report to be presented to the customer by the Computacenter Information security manager and the Computacenter service manager.
Typically delivered remotely from the CDC as a shared service, although bespoke onsite and ring fenced delivery options are available as a non standard design.
4
VULNERABILITY SCANNING
DIGITAL TRUST
SECURITY SERVICES CATALOGUE
4
SERVICE FEATURES
• Analysis of security alerts, with security incidents automatically identified by the deployed SIEM tooling
• Creation of security incidents, post analysis, into the call logging tool
• Documentation of recommended actions to resolve incidents, recorded within the security incident log
• Management of the on-boarding / off-boarding of customer data and assets as they come into scope for the SIEM or Vulnerability Service
• Creation of standard customer reports
• Support and input to the management of major incidents where there is a security dimension
• Service operates 24x7x365
OPERATIONAL STRUCTUREComprised of the following roles:-
• CDC Operative (shared resource), CDC Senior Operative (shared resource), CDC Manager (shared resource)
• The CDC Operative delivers the SIEM and Vulnerability Scanning services
• The CDC Manager (in addition to line management responsibilities) is responsible for escalations, reporting oversight and customer interactions
• The CDC Manager is also responsible for the quality and effectiveness of the CDC service delivery and is the senior technical escalation point
The Cyber Defence Center is a Computacenter function designed to detect and react to cyber security
threats facing the customer. The function ensures analysis can be completed quickly and
accurately, allowing remediation and recommendations to be dealt with by
the appropriate customer/internal resolver teams.
The Cyber Defence Center delivers this function by utilising technologies
and tooling that concentrate on detecting and reporting cyber threats
quickly and effectively.
The Cyber Defence Center operates a shared remote delivery model from Computacenter locations in Hatfield. More locations are planned in Germany and France.
Typically operated as part of a broader managed service where security is a service tower alongside Endpoint, Network, Infrastructure and Application.
OPERATING MODEL
THE CYBER DEFENCE CENTERVULNERABILITY SCANNING
THE CYBER DEFENCE CENTER
CUSTOMER INFORMATION SECURITY MANAGEMENT SECURITY MANAGER SECURITY OFFICER
CUSTOMER INFORMATION SECURITY MANAGEMENT
The Customer Information Security Manager (CISM) service provides
governance, management and control of the IT security functions delivered by Computacenter to our customers.
The service ensures that effective delivery of security management
is achieved through contractual compliance to customer security
policy and effective security incident management. This is all supported by in life governance of contract change
to ensure the impact to all things security is understood.
SERVICE FEATURES• Review the implementation and effectiveness of information
security measures and processes in collaboration with internal Computacenter departments in the delivery of daily operations and projects
• Continuous assessment of the levels of compliance for applicable information security standards and policies
• Supporting security incident investigation as required• Determination of potential threats, evaluation of risks and
developing proposals to address vulnerabilities• Support of audits relating to information security management,
compliance management and internal audits, development of recommendations and follow-up measures
• Service operates Monday - Friday, 9:00am - 5:30pm
CUSTOMER OUTCOMES• Provision of regular monthly security reporting and trending,
outlining the contracted Computacenter security deliverables• Assisting the customer in the collation and provision of
information in the support of audits carried out on the customer• Creation of a Security Management Plan (SMP) which can be
monitored, measured and reported against for effectiveness• Co-ordination of a Security Working Group (SWG) based on
Computacenter’s standard Terms of Reference (ToR)• Set up of an initial Security Risk Register to track risks identified
during the delivery of contracted security services• Provide input into change management in respect of
Computacenter services and their impact on the customer’s security posture
• Co-ordinate an annual security workshop with the customer and their key security personnel to assess Computacenter’s security
compliance posture
• Delivered where there is a broader managed service – rather than as a standalone service
• Typically sold alongside SIEM or Vulnerability Scanning services, although can be positioned without these services
• Security Officers undertake most administrative and compliance based activity and report to the Security Manager who is responsible for the broader representation of the Computacenter security services delivered to the customer
• The Security Managers work hand in hand with the Computacenter Service Managers to provide expertise and guidance for internal Computacenter delivery as well as external customer delivery
OPERATING MODEL
4
SECURITY MANAGER SECURITY OFFICERCUSTOMER INFORMATION SECURITY MANAGEMENT
OPERATIONAL STRUCTURE
The Security Manager function can operate as follows:
• Security Officer (dedicated to an individual customer)
• Security Officer (shared to multiple customers – maximum of 4)
• Security Manager (shared across multiple customers – maximum of 4)
• Security Manager (bespoke – can be dedicated to a single customer)
A single customer may have a combination of the above roles. In these circumstances, all allocated Security Officers will report to the assigned Security Manager.
The service operates Monday to Friday 9:00am to 5:30pm.
DELIVERY LOCATION
• Remote and on premise delivery. Typically a combination of contracted days working from a nominated customer site
• Supported by remote delivery from a Computacenter office location
• Security Officer services will be full time on site or remote shared delivery
• Security Managers will not be based at multiple customer locations
QUALIFICATIONS
The Customer Information Security Manager is qualified to
CCP Practitioner level with additional ISO27001 foundation certifications.
These technical skills are aligned to customer facing experience and a
background in service management or customer relationship
management.
The Security Officer is qualified to CISM (P) level and typically
has a background in analytics and process based roles.
SERVICE OWNERS
CYBER DEFENCE OPERATIONS [email protected]
HEAD OF CUSTOMER INFORMATION SECURITY [email protected]
SECURITY MANAGER & SECURITY OFFICER
4