PDF

CYBER SECURITY @ T-Sys t ems
RSA Security Summit, München, 19. Mai 2015
Bernd König | Business Unit Cyber Security
CYBER SECURITY @ T-Systems
2
Digit al is ier ung al l er Ges c häf t s ber eic he
CYBER SECURITY @T-Systems
3
Cyber Threats Risiken
Quelle:
2014 Data-Breach InvestigationsReport VerizonRisk Team US
Secret Service DutchHigh-Tech Crime Unit Study April 2014
http://www.verizonenterprise.com/DBIR/2014/
CYBER SECURITY @T-Systems
4
Ok ös ys t emor ganis ier t er Cyber c r ime
Reseller /
Botnetz-
Bullet-Proof-Hoster
betreiber
plant
Straftat
MalwareVerbreiter
MalwareEntwickler
Bot /
Zombie
Forenbetreiber
C&C Frontend
C&C Backend
Datendiebe
Drop Zone
Legale
Mitverdiener
Anwerber von
Quelle :
Finanz- und
Warenagenten
Waren- bzw.
Finanzagentenführer
Finanzagenten
Warenagenten
CYBER SECURITY @T-Systems
5
Ges c häf t s model l OK
CYBER SECURITY @T-Systems
6
Coming up s oon...
Das IT-Sic her heit s ges et z
7
„Wir sind die Nummer Eins in Fragen der IT-Sicherheit für Großunternehmen;
Mit der Cybersecurity-Partnerschaft bauen wir das Rüstzeug
für die Abwehr von Cyber-Angriffen weiter aus.“
Reinhard Clemens, Telekom-Vorstand und CEO T-Systems.
„Unsere Cybersecurity-Partnerschaft in Europa ermöglicht es Sicherheitsexperten,
Werkzeuge für Analyse und Risikomanagement zu nutzen,
um Unternehmensnetze gegen heutige ausgefeilte Cyberangriffe zu schützen.“
Art Coviello, former CEO RSA
„Mit RSA haben wir einen verlässlichen und flexiblen Partner,
der die speziellen Erfordernisse des deutschen Datenschutzes in seine Lösungen einfließen lässt.“
Dr. Jürgen Kohr, Senior Vice President Cyber Security, T-Systems
CYBER SECURITY @T-Systems
8
Die alles durchdringende
Transparenz
Threat Actors
IP: 192.173.1.21
Firewall
Blocked Session
IDS/IPS
Blocked Session
Malicious
AntiVirus
Username: JSMith
FW Log
Country: Brazil
Risk: High
Blocked Session
Traffic
DLP
Alert
Strong
Authentication
Alert
Auth Log
Asset: SQL Server
Action: GET
Network
Session
Agent: Firefox
Session Data:
HTTP/1.1 200 OK …
Full Packet
Capture
...
Corporate Assets
CYBER SECURITY @T-Systems
9
Wir haben jeder zeit ein ak t uel l es Lagebil d
Sec ur it y
s er vic es
CYBER SECURITY @ T-Systems
10
PARADIGMENWECHSEL in
Cyber s ec ur it y NOTWENDIG
TRANSPARENZ






KOMPETENZ
Zunehmendes Wissen
über Gefahrenlage
Honeypots &
Sicherheitstacho
Simulationen
Reduktion von
Komplexität
“Einfach sicher”
CleanPipe Services



Cyber Sec ur it y @
Deut s c he Tel ek om


EINFACHHEIT
Prävention, Erkennung
und Reaktion
Advanced Cyber
Defense by Telekom
Partnerschaft mit RSA
Innovation durch
Kooperation
Partnerschaften mit
komplementären
Industrien
Kooper at ion
CYBER SECURITY @ T-Systems
11
Ent er pr is e - “ Sec ur it y is f or s har ing”
Aust auschpl at t f or m f ür akt uel l e Mal war e
THREAT FEEDs
Ext er ne Quel l en
Sit uat ional
awar enes s
PLATTFORM (s ammel n,
VEREINSMITGLIEDER
ver ar beit en, REPORTEN)
Betrieb
Auftrag
Cyber Secur it y
Ser vices
wit h
Incident Response Team
Mal war e
1
CYBER SECURITY @T-Systems
Mal war e
2
12
Was bedeut et ESARIS?
2
for large scale
ICT production
6
workable
(…we are using it)
1
Ordering and
standardization schema
Enterprise Security Architecture
for Reliable ICT Services (ESARIS)
3
about security,
assurance and trust
5
made for ICT service providers but
works also for large IT departments
4
balancing between user
organizations and provider
CYBER SECURITY @T-Systems
13
ESARIS: Tr ans par enz f ür uns er e Kunden dur c h
k l ar e Dir ek t iven f ür IT-Pr ovider
Level 4: taxonomy
and usage
Corporate Security Rule Base
L1
L2
Certification and 3rd
Party Assurance
Customer Communication and Security
Service Management
Corporate Security Policy
Assurance
to Customers
Risk Management and
Certification
Evidence and
Customer Relation
Refinement
Pyramid of Standards
Vulnerability Assessment, Mitigation Plan
Logging, Monitoring
&Security Reporting
Risk Management
Release Mngt. and
Acceptance Testing
AB
CDE
Asset and Configuration Management
System Development
Life-Cycle
Hardening, Provisioning &Maintenance
Systems Acquisition
and Contracting
Security Patch
Management
Change and Problem
Management
Incident Handling
and Forensics
Business Continuity
Management
Customer and users
ICT Security Principles
L3
Data center
Networks
User Identity
Management
Provider Identity
Management
Mobile Workplace Security
Office Workplace Security
ICT Security Standards
ICT Security Baselines
L4
L5
Fulfillment
Application and
AM Security
VM and S/W
Image Mngt.
Remote User
Access
Gateway and
Central Services
Computer
Systems Security
Database and
Storage Security
User LAN
Periphery
Corporate
Provider Access
Data Center
Networks
Operations
Support Security
Wide Area Network
Security
Data Center
Security
Administration Network
Security
Directives for
Service and Production
Attainment
CYBER SECURITY @ T-Systems
14
War r oomin Bad Kr euznac h
CYBER SECURITY @T-Systems
15
Advanc ed Cyber Def enc e BY TELEKOM
Kompet enz f ür ent er pr is e Kunden
TRANSPARENZ
EINFACHHEIT
KOMPETENZ
kooper at ion
Gebündel t e k ompet enzen





Erstmalig Ende zu Ende
Sicherheit durch Analyse
von IT und Netzwerk
Zielt auf die Entdeckung
von gezielten Angriffen
Schnellere Gegenmaßnahmen möglich
Echtzeit Lagebild
„Menschliche“ Experten
für mehr Sicherheit
Cons ul t ing
& Int egr at ion
Level 1
Analyst
Level 2
Analyst
Level 3
Analyst
Analysis & Tools
Support Analyst
oper at ions
Threat Intelligence Analyst
SOC
Manager
CYBER SECURITY @T-Systems
16
Soc & CERT T-Sys t ems in Košice, Sl owakei
CYBER SECURITY @T-Systems
17
next gener at ion s oc
TRANSPARENZ
EINFACHHEIT
Sic her heit s s ys t eme
Über bl ic k
KOMPETENZ
k ooper at ion
Kont ext
Firewall
Business
Anti Virus
Risiko
SIEM
Data Loss Prevention
Information
Alerts
Datenpakete
Bedrohungen
Rechner & Dateien
Cont ent Int el l igenc e
Workflow &
Automatisierung,
Regeln,
Alarmierungsschwellen
Thr eat Int el l igenc e
Anal yt ic Int el l igenc e
Level 1
Analyst
Level 2
Analyst
Level 3
Analyst
Threat
Analyst
Expertise
CYBER SECURITY @T-Systems
18
SoC T-Sys t ems Budapes t , Ungar n
CYBER SECURITY @T-Systems
19
TELEKOM ADVANCED CYBER DEFENSE
NG SECURITY OPERATIONS CENTER SERVICES
Services &
Processes
(e.g., Help
Desk, Ticketing,
Network/
Platform/
System/
Application
Operations)
 Asset
Information

NG SOC
Operations
Customer
Enterprise IT
Consulting
& Integration
Advanced Cyber Defense by Telekom
Strategy
Architecture Transformation
Response
Intelligence
Customer
CSIRT
Situation Center
 Mgt. Escalation
 External Com.
 Crisis Mgt.

Content
Engineering
Incident Detection
& Response
Cyber Situational
Awareness
Platform Operations
Further security systems
(Firewalls, IDS/IPS,
Anti-Virus, SIEM, …)
Network Recording
Cyber Threat
Information Feeds
360° Security by Deutsche Telekom & T-Systems
25.05.2015
20
Unif ied Sec ur it y Management Ser vic e .
360¨ Anal ys is .
•
Daten sammeln
•
Kritische Systeme
und
Daten identifizieren
„Big Data Analyse“
•
•
•
SIEM Event Correlation
Incident Response
Compliance Control (PCI, HIPAA, ISO)
Analyse des
Netzwerkverkehrs
auf Anomalien
•
•
•
Central Log Server
Data Collectors
T
•
•
•
Active/Passive Network Scanning
Asset Inventory
Host-based Software Inventory
Schwachstellen der
eigenen
IT identifizieren
Log Collection
NetflowAnalysis
Service Availability Monitoring
•
•
•
Erkennen von Angriffen
•
•
•
Vulnerability Monitoring
Active Scanning
Network IDS
Host IDS
Wireless IDS
File Integrity Monitoring
Kooper at ion
ent wickl ung VON secur it y ser vices
MIT PARTNERN
TRANSPARENZ
EINFACHHEIT
Idea Phas e
Cr eat ivit y
Concept ion
Make decisions
Impl ement at ion
Speed
KOMPETENZ
kooper at ion
Commer cial izat ion
Cost s
IPSfor Mobile
Advanced Malware Protection
Deep Packet Inspection
APT Detection in the cloud
Mobile Threat Detection
Cloud Encryption
Harddisk Encryption
APT Detection and SoC Software
SDN –Stealth
Big Data Forensic
Scout ing/ Cyber Secur it y Boot camp




Scouting in Tel-Aviv, Silicon Valley, Europa
Early/Late-Stage Startups
Cyber Security Bootcamps im September in Berlin
Ziel: Generierung und Identifizierung neuer
disruptiver Ansätze für neue Produkte
ACD by Tel ek om



Kernelement des (Cyber) Security Portfolio
Strategische Partnerschaft mit RSA und KPMG
Modulares Konzept
CYBER SECURITY @T-Systems
22
Ber nd König
+49 (0) 171 110 4357
Head of Innovat ion
Bus ines s Unit Cyber Sec ur it y
CISSP,
IT-Sachverständiger im Ring Deutscher Gutachter
[email protected]
T-Systems International GmbH
Friedrich-Ebert-Allee 140
53113 Bonn
CYBER SECURITY @T-Systems
23