1

IT Cyber Security Operations

Agenda

Who Are We?

Introduce The Teams & What We Do

Tools & Current Detection Capability

What’s Coming Next

Questions?

2

Organisation Design IT Cyber Security

3

IT Cyber SecurityDirector

Head of IT RISK (6)

Head of Cyber Security Programme

Senior ManagerPlatform Mgmt

Head of Vulnerability

Management & Testing

Head ofNetwork Security

Head of Platform Security

Head of Engineering,

Platform Direction & Governance

Head of Application Security

Head of Cyber Security

Operations

Organisation Design Cyber Security Operations

4

Head of Cyber Security Operations

CSOC (Managed Service)

Senior ManagerSecurity Incident

Management

Senior ManagerDevelopment

Technical Support

Senior ManagerOperational Technical Support

Senior ManagerStrategy,

Governance & Assurance

Senior ManagerData Loss Prevention

CSOC Transition Manager

24x7 Managed Service43 FTEs

5

6

7

What Do We Do?

Current CSOC Key Functions Security Monitoring (Insider Threat) Network Attack Monitoring Rogue Device Detection Cyber Threat Monitoring SOX Compliance Monitoring Security Log Retrieval

8

Current Engineering Key Functions Use Case Development Rule Configuration Toolset Enhancement & Development Perimeter Defence Analysis Threat Intelligence Forensics Analysis

Current CSIM Key Functions Cyber Incident Response Governance Incident Playbooks Input to GS&F Investigations Input to Colleague Conduct Team

Current DLP Key Functions Use Case Development Rule Configuration Toolset Enhancement & Development DLP Investigations Education to Colleagues

QRadar – SIEM Platform Privileged user monitoring High Risk activity detection Rogue Device Monitoring (RDD) Lancope Event Logging Rare Events. (CBEST Learning) Compliance Monitoring

Tools & Current Detection Capability

Splunk – Tactical Security Analytics Platform Correlation against Tactical Intelligence. Heuristic behavioural Analysis.(E-mail , Web , Digital , Firewall) Lateral movement detection / RDD (EPO, DHCP) Contextual event enrichment. (Whois, Active Directory ,Geo Location)

Symantec – Web/Email Detection Banned file types Lexical Fails Images Banking Details National Insurance numbers Spam/Phishing emails

Once you lose control of your data, you lose control of your business

What’s Coming Next

View on Cyber threat methods, tools and techniques of actors.

Vigilance of new threats through new threat intelligence.

Threat landscape continues to evolve and CSOC Monitoring will continue to adapt to these changes.

Greater detection of “Insider” Threat

Operational improvements include:• Level 2 Triage across the Cyber Threat • Improved real time monitoring of SOx controls

Cyber Programme Deliverables:• New controls e.g. Network Segregation, NIPs, Application Monitoring• Increased Detection Capability• & Lots more!!!

10

Thank You & Questions