cyber defence capability: A practitioners perspective Luke Beeson, - - PowerPoint PPT Presentation

BT Security

1

Building an effective and dynamic cyber defence capability: A practitioner’s perspective

Luke Beeson, Vice President Security UK and GB&FM

BT Security

2

BT Assure. Security that matters

3

Our History – Rethinking the Risk as a Trusted Security Partner

BT privatised in 1984

1940s 1980s 2004 2006 2007 2008 2013 2011

Colossus created by Tommy Flowers BT Infonet 35 years of experience globally BT Counterpane services across 150 countries BT INS security protection, including ethical hacking BT iNet strong security track record to Italian blue chips BT Frontline security throughout AsiaPac MoD Watch Tower Goes LIve (IOC) NET2S technology and security consultancy specialised in capital markets BT Security Enterprise established 1,300 security people from across BT

2012

BT Security Delivers London 2012 Olympics Protect BT Cyber Defense Operations Established

2014

BT Security joins BTGS: team of +2000 security professionals

2015

Market Penetration Increasing

IN CONFIDENCE

BT Assure. Security that matters

5

Protect BT

We built BT’s Cyber Defence Operations from scratch, using our experience in Security Operations as our basis for continued improvement. Assure Cyber was conceived to provide the tooling required to execute the operating model created for ‘Protect BT’ and address a lack of single solution within the vendor market place.

IN CONFIDENCE

BT Assure. Security that matters

6

Assure Cyber our end-to-end Cyber Defence Platform

BT Assure. Security that matters

7

Core Proposition - Assure Cyber for Enterprise Clients

Critical Security Control 1 – Where and how are my critical business applications deployed Critical Security Control 4 – Continuous Vulnerability Assessment and Remediation Tailored solution templates in the form of capability packs that realise client specific service operating models. Capability can be introduced as tailored analytics within the big data construct and via integrated partner capability as required.

IN CONFIDENCE

BT Assure. Security that matters

8

• The risk is pervasive, no matter how well patched a network is or well trained staff

are, the super correlator sets out to address this risk: –

Assume there is always a threat and break down barriers between internal and external.

–

Based on complex, probabilistic mathematics, Behavioural Cyber Defence is a new category

• f cyber technology that passively sees all network interactions and events and self-learns to

build dynamic models of the normal behaviour of each user and machine, and the enterprise as a whole.

–

Transcends the need for rule and signature based detection by:

–

Building a picture of what is normal for a network

–

Identifying anomalies from what it perceives as normal

–

Real time functionality

 For when signatures and rules don’t exist!

Advanced Analytics – Super Correlator

BT Assure. Security that matters

9

BT’s Learning and Next Steps

• Cyber is an evolution of traditional risks, traditional risks are no

less important

• This is an arms race – constant evolution is needed
• The long game – do you know what normal looks like?
• You have to understand and value your assets and the

business risk appetite if you are to protect them

• Horizon scanning – use of tools to change data

into intelligence

• Use Intelligence, business context and asset knowledge to

allow focused defences

• Sharing Information is vital to maintain an equal footing with

adversaries

• Technology is important but people make the difference
• Alignment of Cyber and Physical Security Operations

teams with Network Operations teams will be necessary

to further improve situational awareness to allow faster more effective mitigation of blended threats at lower layers of the network stack

IN CONFIDENCE

BT Assure

Security that matters

IN CONFIDENCE