Transcription
DYNAMIC CYBERSECURITY.REDEFINING THE SECURITYOPERATIONS CENTER FORA DIGITAL WORLD
HCL Cybersecurity White Paper1.Introduction2.From static to dynamic Focus on adaptive security processes Focus on threat prediction and proactive prevention- Case study Focus on the fusion of intelligence and expertise Focus on continual assessment Focus on frictionless security- Case study3.HCL Dynamic Cybersecurity Framework Dynamic security reference architecture Technology and product management Machine learning enabled, automation centric solutions Smart security operations Information security, governance, and analytics- Conclusion4.About HCL Technologies2
HCL Cybersecurity White Paper3INTRODUCTIONWe are living in an age driven by innovation- a hyper-connected world powered by digital transformation.It’s based on technologies such as cloud computing, big data, mobile, social media, the Internet of Things (IoT),machine learning, and artificial intelligence. In a world that has become increasingly dynamic, businesses aroundthe globe are pursuing innovative strategies to grow, gain market share, satisfy evolving customer demands,and maintain competitive advantage.In such a world change happens fast, so speed and agility are essential. In turn, this means the underlying ITlandscape must evolve to keep up. Companies are boosting efficiency by taking advantage of new cloud-basedapplications, as well as releasing software updates far more frequently. They are constantly evolving andadapting to embrace new opportunities and experimenting frequently.At the same time cybercrime is growing and becoming more sophisticated. It is predicted that cybercrimedamages will cost the world 6 trillion annually by 2021, up from USD 3 trillion in 2015. In addition, CybersecurityVentures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019.Against this backdrop, the dynamic nature of today’s IT environments, whilst necessary, must also be seen asa potential risk. Every single IT change potentially impacts the security of the organization. One single softwaremodification, left in a silo or done in isolation, can become a chink in an organization’s security armor and resultin a disastrous breach.Protecting this dynamic IT environment requires a complete rethink of the Security Operations Center (SOC) andhow it operates, in order to protect organizations from the continuing threats to which they are exposed.
HCL Cybersecurity White Paper4FROM STATIC TO DYNAMICTraditionally, the ethos of the SOC has been to prevent, detect, and respond to threats in a static and predictableenvironment. This was fine whilst the rest of the IT environment was static and predictable too.But today’s IT environments are not like that. They are dynamic and constantly changing. A static, predictablesecurity stance will simply not be able to keep up, exposing organizations to all sorts of threats.Today the SOC needs to be dynamic, working at the speed of innovation and change within the organization,constantly being vigilant against threats while simultaneously looking for ways to strengthen security.The question, however, is how to achieve this dynamic security environment. At HCL we believe SOCs need tofocus on five key areas.1. Focus on adaptive security processesAt the heart of a dynamic security environment is the abilityto implement adaptive security policies that quickly alignwith the rapid changes in user scenarios, the threatlandscape, and the underlying IT landscape.Through analyzing past and present activity data, as well asmultiple external and internal threat feeds and threatintelligence, systems can then use workflow orchestrationand automation capabilities to set security policies thatadapt to changing scenarios.Say your firewall policies are static in nature with a given setof rules that remain the same under all circumstances. Bysynchronizing the policies with adaptive security processes,the rules can be configured to adapt to changes in the cyberlandscape.For example, if an enterprise environment is under attack,self-adapting firewall or protection policies will allow ordeny access to any network connection to critical servers,without any manual effort or action. They also self-learnabout the impact of attacks which are constantly validatedbased on feedback from human engineers.2. Focus on threat prediction and proactive preventionAs organizations undergo digital transformation the volumeof data they process and generate on a daily basis can makeit incredibly difficult for SOC teams to monitor wherethreats are coming from, or identify the signals of cyberattacks that are under way.However, using predictive analytics to analyze historicaldata – combined with threat modeling and machine learning– organizations can now forecast the probability of anincident to occur. Such solutions don’t just show wherecyber criminals have tried to attack in the past, they alsoenable security managers to see where they are likely to hitnext, where their weak points are, as well as how wellprepared they are to counter an attack before it’s too late.This ability to predict attacks- combined with dynamicsecurity operations that proactively act on the insights thatare revealed- helps enterprises maintain a dynamic securityenvironment that supports secure growth in times of achallenging threat landscape.As threats travel across clients and networks, they don’t justhappen or infiltrate overnight. Usually, attackers performreconnaissance about how to exploit the target networkover a period of time, sometimes months. And, as theymove through the network, they leave identifiable signs.This local knowledge, combined with global threatintelligence and HCL’s CyberSecurity Fusion Centers, allowspotential threats to be identified.Once HCL’s security platform is connected, it looks forevidence of malicious intent and suspicious activity. When itidentifies a potential threat it flags it to security experts,who do more detailed analysis. Through this process we areable to predict potential attacks before they occur.Case study:HCL has transformed the security posture of this F500organization in line with realities of today’s dynamic securityneeds. Catering to the needs of defense in depth, HCL hassupported the client with proactive prevention capabilities.Through an intelligence fused security operations center,HCL is enabling the client to predict threats and act on themfaster than ever before. Also with a focus on assessing theefficiency of security controls and policies, we have helpedthe client become more resilient against future threats.
HCL Cybersecurity White Paper53. Focus on the fusion of intelligence and expertiseDigital business in the innovation age will be driven at anaccelerated speed. Decisions will be made in an instant andexperiments will be run rapidly. Business can ill-afford towait for cybersecurity teams to catch up.In this environment SOCs need to collaborate with otherteams to build adaptive, embedded playbooks and policies.At the same time SOCs require expertise from other parts ofthe organization – such as network, cloud, apps, platforms,mobility, and workplace teams – so they are aware ofchallenges and response mechanisms.Many enterprises have successfully found an answer bysetting up "fusion centers" which are SOCs designed tocollaborate with teams from other IT and Businessdisciplines, and fuse the gathered intelligence to enhancesecurity.Today, HCLs CyberSecurity Fusion Centers act as a singlepoint of contact for the complete security incident lifecycle.The centers fuse threat intelligence with state-of-the-artsecurity technology platforms and the expertise from highlyskilled security professionals. The capabilities of theseCSFCs are highly scalable, across multiple security teamsand teams managing IT Infrastructure such as data centers,networks and workplace computing. Sophisticated securityapplications closely monitor each customer environment forsecurity incidents and if a threat is found, the CSFCs workclosely with other disciplines to orchestrate the appropriatesecurity action.4. Focus on continual assessmentIn a constantly evolving and dynamic threat landscape,continuously assessing the efficiency of controls, policies,and user awareness is essential.This can be achieved by running an advanced analyticsplatform that is integrated with multiple sources of dataincluding internal threat intelligence.For example, a policy status analysis can be used tomeasure the efficiency of the controls that have beenimplemented and, as the analytics platform receives thefeedback, rule set definitions and control configurations canbe improved.By integrating data from phishing assessments run on usersand employees, user awareness can be assessed. Usingin-the-moment pop-ups not only help to measure userawareness, but also enhance it in real time.By capturing all this information organizations can gain aclear view of their security posture in relation to their statedcybersecurity strategy, which enables the Chief InformationSecurity Officer to have meaningful discussions with otherstakeholders about the state of the enterprise’s securityreadiness and areas for improvement.As a part of the Dynamic Cybersecurity Framework, HCLhas implemented analytics-driven continual securityassessment platforms at leading enterprises around theworld. For these companies HCL security teams constantlymonitor their environments in near real time to identifychanges and assess if they compromise the confidentiality,integrity or availability of their applications, data andinfrastructure.For example if a user clicks on a phishing email, is theimpact isolated to the user or do the effects proliferatethrough the network and impact a larger set of users andsystems? With such insight appropriate action can be takento limit the impact of such threats and even entirely preventthem from occurring.
HCL Cybersecurity White Paper65. Focus on frictionless securityIn the digital age, speed and agility are the key drivers ofbusiness success. Employees need to be able to access thesystems and information they need where they are, whenthey want to, in the context of their roles.In this environment security cannot be invasive. It must notrestrict the organization from innovating. It needs tosupport innovation without encumbering usersunnecessarily.With this in mind, SOCs need to ensure their securitysolutions run in the background, making full use ofautomation, machine learning, and artificial intelligence toprovide a seamless experience that is invisible to the user.The best security is the security you cannot see.It is common for many modern enterprises to have criticaldata hosted on their cloud infrastructure or reside on themobile devices of their users. The question is how can thisdata be protected without obstruction. However, when thesame user tries to access an unapproved cloud service ormisuses the allowed cloud service (by downloadingthousands of critical sales lead information records fromCRM/Salesforce in an hour, for example) the securitysolution needs to intervene and, depending on the severityof the action, either warn or block the user’s access. Thisensures legitimate access and a frictionless experience forgenuine users while protecting the organization againstmalicious actions.Case study:HCL secures the end-to-end cyberspace for a leading research-led university. With HCL’s managed security services,the university provides frictionless security to its end users and furthers its goal of promising education to young minds.Through an intelligence-enabled fusion center approach, and periodic security assessments, HCL delivers proactiveprevention and threat prediction abilities for this institute, protecting its data, assets and users.
HCL Cybersecurity White Paper7HCL DYNAMIC CYBERSECURITY FRAMEWORKTo achieve these five areas of focus, and provide the highestlevel of protection for its customers, HCL has developed it’sDynamic Cybersecurity Framework, which enables ourcustomers to move from a static to a dynamic posture todeal with the ever-escalating threat landscape. Its keycomponents include:Machine learning enabled, automation centric solutionsBased on the award-winning DRYiCE AutonomicsFramework – our Security Intelligence & Analytic Solution(SecIntAI) allows enterprises to predict and analyze threatsbased on intelligence. The solution leverages advancedmachine learning, contextual and behavioral analytics toanalyze information gained from assets, data classification,and user identities.Dynamic security reference architectureOur security assessment framework supports the securityrequirements of modern, fast-moving cloud and digital-firstbusinesses. It also addresses compliance and riskmanagement challenges by translating them into businessopportunities.Smart security operationsOur advanced CyberSecurity Fusion Centers are poweredby smart analytics and artificial intelligence for userbehavior analytics, threat pattern detection, automatedincident response, and others.Technology and product managementAs technological developments occur- and the threatlandscape, business situations, and compliancerequirements change- we dynamically update our securitysolutions and architecture to address them. In doing this weintegrate security controls that may have been siloed, sothat real-time protection can be enabled.Information security, governance, and analyticsOur dynamic cybersecurity review processes- triggeredperiodically, post-incident, or post requirement- enable us torealign our architecture and operations to stay ahead andprovide the best possible protection.Dynamic Cybersecurity FrameworkBusiness SpecificPolicies, Procedures& Standards Dynamic ComponentInformation SecurityGovernance & AnalyticsDynamic CybersecurityReview processtriggered periodically, post-incident orpost requirement-change, for re-aligningarchitecture & operations and stay ahead15Strategy &ArchitectureRiskManagementFramework(OCTAVE, IAM)Dynamic Security Reference ArchitectureOur Security Assessment Framework has beenupdated to support security requirements of modern,fast-moving cloud & digital first businesses as well asaddressing compliance risk management challengesby translating them into business opportunities.DynamicCybersecurityFrameworkSmart Security OperationsAdvanced CyberSecurity FusionCenters powered by SmartAnalytics & AI for user behavioranalytics, threat patterndetection, automated incidentresponse and others.4ManagedServicesTechnology & Product ManagementTransformation& Integration3SecIntAlControlFrameworks &Guidelines(ISO, ITIL, COBIT)2We work on dynamically updating securitysolutions & architecture to match techdevelopments, threat landscape, businesssituation & compliance changes. This meanswe integrate security controls that may havebeen siloed so that real-time value can bederived from these controls.M.L.- Enabled; Automation Centric Technology SolutionsBased on the award-winning DRYiCE Autonomics Framework –SecIntAlallows enterprises to predict and analyze based on intelligence gained–contextual & behavioral analytics; leveraging advanced machine learningand AIConclusionIn this digital era, to take advantage of business opportunities and grow, organizations need IT solutions that can be adaptedrapidly to the needs of the business. However, creating such an environment means traditional security approaches will nolonger be sufficient to protect the organization against increasingly sophisticated cyber attacks.A next-generation of SOC is needed. One that can: Proactively predict threats and block attacksRespond rapidly and effectively if attacks occurProvide continual feedback and analysis to strengthen securityDeliver metrics that support future strategy definitionProtect the organization without impeding business operationsWith such a SOC in place, businesses can confidently innovate and grow, knowing that their organization is well protected.
HCL Cybersecurity White Paper8CASE STUDYHCL enables a holistic, dynamic cybersecurity posture for a global Fortune 500 customer.CLIENT CHALLENGES:The client was looking to embark on a journey that hinged on transforming its entire IT landscape to align with its global growthstrategy. Being a conglomerate of companies, the client had many marquee brands. Moving towards digitization meant thecybersecurity landscape had to be ramped up. The consolidation of technology and environment required leveraging availablecontrols and putting them to best use.HCL SOLUTION:HCL redefined the company’s security architecture keeping dynamism at its core, which meant it not only had the ability todefend itself, but also evolve to meet future business and IT needs. This redefinition included leveraging existing securitycontrols wherever applicable.Further to the architecture redefinition, existing solutions and next-generation transformational solutions were leveraged tobuild a secure, compliant, and resilient ecosystem of security and risk controls that allowed innovation, experimentation, andgrowth at a rapid pace, and with agility, without having to worry about non-defined security risks.HCL delivered the full lifecycle of security operations through an advanced Security-as-a-Service model which provided adynamic cybersecurity posture for the client. This Security-as-a-Service model includes targeted threat intelligence thatenables security analysts to quickly identify threats that matter and respond to them with a coordinated fusion center setup.CUSTOMER BENEFITS : The confidence for business to implement their transformational business strategies, without fear of increased riskSecurity embedded into enterprise fabric and engineered for the future, enabling proactive neutralization of threatsImproved enterprise security posture by keeping dynamism at its coreImproved compliance reportingmuch-needed dynamism to the customer’s security posture.About HCL TechnologiesHCL Technologies helps global enterprises reimagine their businesses for the digital age. Through innovativetechnology solutions built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, InfrastructureManagement and Engineering Services, amongst others, we solve complex business problems for our clients. We area ‘next-generation’ technology firm, driven by a unique Mode 1-2-3 strategy that not only acts as our roadmap for thefuture, but also as a powerful model for any enterprise looking to thrive in this age of disruption.Contact us:[email protected]: Cybercrime Report from the editors at Cybersecurity Ventures, 2017 edition.Source: Top 5 cybersecurity facts, figures and statistics for 2017, CSO onlineHello there! I am an Ideapreneur. I believe that sustainable business outcomes are driven by relationships nurtured throughvalues like trust, transparency and flexibility. I respect the contract, but believe in going beyond through collaboration, appliedinnovation and new generation partnership models that put your interest above everything else. Right now 115,000 Ideapreneurs arein a Relationship Beyond the Contract with 500 customers in 32 countries. How can I help you?TM
HCL Cybersecurity White Paper 2 1. Introduction 2. From static to dynamic Focus on adaptive security processes Focus on threat prediction and proactive prevention - Case study Focus on the fusion of intelligence and expertise Focus on continual assessment Focus on frictionless security - Case study 3. HCL Dynamic Cybersecurity Framework
