Orange Business Services Contribution Session 2: Enterprise

advertisement
Orange Business
Services Contribution
Session 2: Enterprise Strategies
Against Cyber Threats
Nicolas Furge
Security Services Director
Nicolas.furge@orange.com
agenda
1.
Triggering factors to Digital security
2.
Our legitimacy
3.
The need for an Integrated end to end
approach
4.
CyberSOC and Customers experience
5.
Cyber Security pillars
2
Recent and extremely fast development of the
cyber space
Pervasive
mobility
social networks,
BYOD
big data
« everything in the
cloud »
Evolution of threats
Infrastructures
• attacks have become
more targeted, more
stealthy and more
sophisticated
• intrusions and data
extrusion
• Advanced Persistent
Threat
• DDoS
4
Devices
Users
• malicious apps
• device loss
• non encrypted data
• privacy
• jailbreaked devices
• data storage within
devices and various
Clouds
• byod
Melissa
18
15
Loveletter
12
Kournikova
9
6
3
0
Code Red
Nimda
Goner
1998
5
time taken to implement counter-measures (in
hrs)
time to compromise 10,000 systems (in hrs)
It takes less than ONE second for a threat to reach its target, and counter
threat time to deploy is increasing year over year!
presentation title
1999
2000
2001
Klez
2002
Slammer
LovSan
2003
2005
Zeus.D, Loic
2008
2011
2014
agenda
1.
Triggering factors to Digital security
2.
Our legitimacy
3.
The need for an Integrated end to end
approach
4.
CyberSOC and Customers experience
5.
Cyber Security pillars
6
Orange has owned and managed the largest
voice and data network in the world
7
security has always been part of Orange DNA

long proven experience in securing
IP networks
– 30 years of security history
– 15 Orange Labs in the world
– 1 global CyberSOC and 8 Security
Operation Centers (SOCs), ISAE* 3402
– 500+ managed customers (companies)
– the largest IP network in the world

extensive skills in security
management
– More than 1000 security consultants
around the world
Distributed Denial of Services
attempts on Orange French
collection network:
 + 300 attacks per week of more than 500 Mb/s

With peak at up to 10 Gb/s !

Average duration
30mn to a couple of hours

Orange remedy:
anti-DDOS solution in the network
– More than 10 000 managed devices
(customers)
– More than 300.000 users of our strong
authentication services
8
* International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization
agenda
1.
Triggering factors to Digital security
2.
Our legitimacy
3.
The need for an Integrated end to end
approach
4.
CyberSOC and Customers experience
5.
Cyber Security pillars
9
A true holistic security requires
an end to end approach
Professional
Services
Solutions
Delivery
Model
MANAGEMENT & GOVERNANCE LEVEL
Provide all the risk management reporting and
compliance features
Custom
Solutions
Consulting
Implementation
USER LEVEL
Protect user data’s devices and communications
in a trusted work environment
Managed
Services
Cloud
Based
INFRASTRUCTURE LEVEL
Provide a resilient and secure infrastructure
foundation
10
Integration of best in class technologies need
to be mastered
And a permanent watchdog activity to integrate the most
technology advanced start-up security players
11
agenda
1.
Triggering factors to Digital security
2.
Our legitimacy
3.
The need for an Integrated end to end
approach
4.
CyberSOC and Customers experience
5.
Cyber Security pillars
12
the surveillance of security events has become a
“must have”

SOCs have evolved from basic security
management (ex: firewall rules
management, proxy, filtering) to a
complex set of security services (event
analysis, business impact assessment,
remediation, forensics analysis…)

Orange Business Services created the
CyberSOC structure on top of its
existing's legacy SOCs in order to
deploy the new complex security
services.
13
how cyberdefense supports competitiveness of the
business : a real case
 one of the largest European industrial players in the car industry, 70 000 employees
worldwide
 highly competitive environment, huge pressure on costs
 differentiates mainly through innovation, ie R&D
 protection of industrial secret and availability of IT system are vital to the company
issues and
challenges
 migration of industrial IT to
IP brings huge new threats
 IT management is fully
outsourced, increasing the
risk of fraud
14
Orange solution
 identified with customer the most
critical data based on business
criticity
 jointly defined 30 threat scenarios
based on business risk analysis
 implemented surveillance of the
defined critical perimeter
 alerts customer in real time and
conducts remediation
large multinationals choose Orange as their
trusted partner in the digital world
a major tobacco
manufacturing company
(8 major brands >400b cigarettes, >10b$)
An industrial
chemicals world wide
leader
(80 countries, 50 000+
employees)
Multinational financial
services company
(100b€, 70 countries, 180
000 emp., 76M customers)
A brewing and
distribution player
(190 breweries, 70 countries,
60 000+ employees. )
Airline Catering
Services
World wide presence
(120 locations)
15
A world wide Mining
Company
(>50b$, >60 000
employees)
agenda
1.
Triggering factors to Digital security
2.
Our legitimacy
3.
The need for an Integrated end to end
approach
4.
CyberSOC and Customers experience
5.
Cyber Security pillars
16
our recommendation : a four-step journey
Implement surveillance
Check for security wholes or breaches
Protect Data’s Input and Output
1
Elaborate a defense strategy
Identify the sensitive data’s and systems
17
2
3
4
Thank you
18
presentation title
Download