Building an effective and dynamic cyber defence capability: A practitioner’s perspective Luke Beeson, Vice President Security UK and GB&FM BT Security 1
BT Security 2
Our History – Rethinking the Risk as a Trusted Security Partner BT Security Delivers London 2012 Olympics Protect BT Cyber Defense BT Security joins Operations Established BTGS: team of NET2S +2000 security technology BT INS professionals and security MoD Watch security consultancy Tower Goes LIve protection, BT Infonet specialised in capital (IOC) including ethical 35 years of markets Colossus hacking experience created by globally Tommy Flowers 2013 2014 2015 2012 2011 2008 2007 2006 2004 1980s 1940s BT Security BT iNet Enterprise established BT Counterpane strong security track BT Frontline security 1,300 security people from services across record to Italian BT throughout AsiaPac across BT 150 countries blue chips privatised in 1984 Market Penetration Increasing BT Assure. Security that matters IN CONFIDENCE 3
Protect BT We built BT’s Cyber Defence Operations from scratch, using our experience in Security Operations as our basis for continued improvement. Assure Cyber was conceived to provide the tooling required to execute the operating model created for ‘Protect BT’ and address a lack of single solution within the vendor market place. BT Assure. Security that matters IN CONFIDENCE 5
Assure Cyber our end-to-end Cyber Defence Platform BT Assure. Security that matters 6
Core Proposition - Assure Cyber for Enterprise Clients Tailored solution templates in the form of capability packs that realise client specific service operating models. Capability can be introduced as tailored analytics within the big data construct and via integrated partner capability as required. Critical Security Control 1 – Critical Security Control 4 – Where and how are my critical business Continuous Vulnerability Assessment applications deployed and Remediation BT Assure. Security that matters IN CONFIDENCE 7
Advanced Analytics – Super Correlator • The risk is pervasive, no matter how well patched a network is or well trained staff are, the super correlator sets out to address this risk: – Assume there is always a threat and break down barriers between internal and external. – Based on complex, probabilistic mathematics, Behavioural Cyber Defence is a new category of cyber technology that passively sees all network interactions and events and self-learns to build dynamic models of the normal behaviour of each user and machine, and the enterprise as a whole. – Transcends the need for rule and signature based detection by: – Building a picture of what is normal for a network – Identifying anomalies from what it perceives as normal – Real time functionality For when signatures and rules don’t exist! BT Assure. Security that matters 8
BT’s Learning and Next Steps • Cyber is an evolution of traditional risks, traditional risks are no less important • This is an arms race – constant evolution is needed • The long game – do you know what normal looks like? • You have to understand and value your assets and the business risk appetite if you are to protect them • Horizon scanning – use of tools to change data into intelligence • Use Intelligence, business context and asset knowledge to allow focused defences • Sharing Information is vital to maintain an equal footing with adversaries • Technology is important but people make the difference • Alignment of Cyber and Physical Security Operations teams with Network Operations teams will be necessary to further improve situational awareness to allow faster more effective mitigation of blended threats at lower layers of the network stack BT Assure. Security that matters IN CONFIDENCE 9
BT Assure Security that matters IN CONFIDENCE
Recommend
More recommend