Transcript Orange Business Services Contribution Session 2: Enterprise
Orange Business Services Contribution
Session 2: Enterprise Strategies Against Cyber Threats
Nicolas Furge Security Services Director [email protected]
2
agenda
1.
2.
3.
4.
5.
Triggering factors to Digital security Our legitimacy The need for an Integrated end to end approach CyberSOC and Customers experience Cyber Security pillars
Recent and extremely fast development of the cyber space
Pervasive mobility social networks,
BYOD
big data « everything in the cloud »
Evolution of threats
Infrastructures Devices Users
4 • attacks have become more targeted, more stealthy and more sophisticated • intrusions and data extrusion • Advanced Persistent Threat • DDoS • malicious apps • non encrypted data • jailbreaked devices • byod • device loss • privacy • data storage within devices and various Clouds
It takes less than ONE second for a threat to reach its target, and counter threat time to deploy is increasing year over year!
5 Melissa
18 15 12 9 6 3 0
Loveletter Kournikova Code Red Nimda Goner Klez Slammer LovSan Zeus.D, Loic
1998
presentation title
1999 2000 2001 2002 2003 2005 2008 2011 2014
6
agenda
1.
2.
3.
4.
5.
Triggering factors to Digital security Our legitimacy The need for an Integrated end to end approach CyberSOC and Customers experience Cyber Security pillars
7 Orange has owned and managed the largest voice and data network in the world
security has always been part of Orange DNA 8 long proven experience in securing IP networks – 30 years of security history – 15 Orange Labs in the world – 1 global CyberSOC and 8 Security Operation Centers (SOCs), ISAE* 3402 – 500+ managed customers (companies) – the largest IP network in the world extensive skills in security management – More than 1000 security consultants around the world – More than 10 000 managed devices (customers) – More than 300.000 users of our strong authentication services
Distributed Denial of Services attempts on Orange
collection network: French + 300 attacks per week of more than 500 Mb/s With peak at up to 10 Gb/s !
Average duration 30mn to a couple of hours Orange remedy: anti-DDOS solution in the network * International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization
9
agenda
1.
2.
3.
4.
5.
Triggering factors to Digital security Our legitimacy The need for an Integrated end to end approach CyberSOC and Customers experience Cyber Security pillars
Professional Services
A true holistic security requires an end to end approach
Solutions Delivery Model MANAGEMENT & GOVERNANCE LEVEL
Provide all the risk management reporting and compliance features
Consulting Implementation USER LEVEL
Protect user data’s devices and communications in a trusted work environment
Custom Solutions Managed Services Cloud Based INFRASTRUCTURE LEVEL
Provide a resilient and secure infrastructure foundation 10
Integration of best in class technologies need to be mastered
11 And a permanent watchdog activity to integrate the most technology advanced start-up security players
12
agenda
1.
2.
3.
4.
5.
Triggering factors to Digital security Our legitimacy The need for an Integrated end to end approach CyberSOC and Customers experience Cyber Security pillars
the surveillance of security events has become a “must have” SOCs have evolved from basic security management (ex: firewall rules management, proxy, filtering) to a complex set of security services (event analysis, business impact assessment, remediation, forensics analysis…) Orange Business Services created the CyberSOC structure on top of its existing's legacy SOCs in order to deploy the new complex security services.
13
14 how cyberdefense supports competitiveness of the business : a real case one of the largest European industrial players in the car industry, 70 000 employees worldwide highly competitive environment, huge pressure on costs differentiates mainly through innovation, ie R&D protection of industrial secret and availability of IT system are vital to the company issues and challenges migration of industrial IT to IP brings huge new threats IT management is fully outsourced, increasing the risk of fraud Orange solution identified with customer the most critical data based on business criticity jointly defined 30 threat scenarios based on business risk analysis implemented surveillance of the defined critical perimeter alerts customer in real time and conducts remediation
15 large multinationals choose Orange as their trusted partner in the digital world a major tobacco manufacturing company (8 major brands >400b cigarettes, >10b$)
An industrial chemicals world wide leader (80 countries, 50 000+ employees) Multinational financial services company (100b €, 70 countries, 180 000 emp., 76M customers) A brewing and distribution player ( 190 breweries, 70 countries, 60 000+ employees. )
Airline Catering Services World wide presence (120 locations)
A world wide Mining Company (>50b$, >60 000 employees)
16
agenda
1.
2.
3.
4.
5.
Triggering factors to Digital security Our legitimacy The need for an Integrated end to end approach CyberSOC and Customers experience Cyber Security pillars
17 our recommendation : a four-step journey
Implement surveillance
4 Check for security wholes or breaches 3 Protect Data’s Input and Output 2 Elaborate a defense strategy 1 Identify the sensitive data’s and systems
18 presentation title