Title title title title title title title title title title title title title title
Transcription
Title title title title title title title title title title title title title title
SECURITY ANALYTICS & OPERATIONS CENTRE SERVICES "KMD'S 'SECURITY-AS-A-SERVICE' MODEL IS TYPICALLY ~40% CHEAPER THAN A SIMILAR ONPREMISE SOLUTION – WITH FAST IMPLEMENTATION AND NO NEED FOR RETAINING OR ATTRACTING HIGHLY SKILLED SECURITY RESOURCES INTERNALLY" THE SECURITY THREAT SHOULD BE TAKEN SERIOUSLY CYBER ATTACKS HAVE INCREASED… IN NUMBER OF ATTACKS: 23% Number of data breaches increased globally by 23 percent from 2013-2014 250% More than 65,000 attacks on Danish IT installations occurred in 2014 – an increase of 250% from the year before IN TIME SPENT INSIDE: Months No longer a 'drive-by-shooting', but a sophisticated, long-term breach – CSC hacked for 5 months KMD BPO SAC/SOC …AND CAN HAVE SERIOUS CONSEQUENCES INTERNAL: STOLEN AND BROKEN SYSTEMS _Destroyed IT systems and data _Invalid data OPERATIONS _Disrupted working time _Inability to produce products CUSTOMERS/SUPPLIERS _Lost sales _Lost sensitive data _Lost trust RIGHTS _Theft of IP rights and confidential documents EXTERNAL: EU DATA REGULATION - IN IMPLEMENTATION, 2016-2018 FACTS: _Breach notification within 24 hours after breach has been detected – both to public authorities and affected entities/customers _Customers have a right to get data erased (not only forgotten) _Entities >250 employees or with significant monetary transactions are subject to regulation IMPACT: _Fines up to EUR 100 million or 2% of global revenue for personnel sensitive data leakage can apply when regulation becomes effective 2 DO YOU HAVE WELL-BALANCED PROTECTION IN ALL SECURITY AREAS? KMD BPO SAC/SOC REACTIONS TO THREATS PREVENTIVE MEASURES Policies & guidance Risk analysis & compliance TYPE OF INITIATIVE ADMINISTRATIVE MEASURES AND PROCEDURES PHYSICAL AND TECHNICAL MEASURES CORRECTIVE MEASURES Log policies Supplier agreement Service/support agreements Change management Contingency planning and politics System documentation Awareness Disaster Recovery Procedures Penetration tests Security Analytics & forensics Backup/Restore Firewall Standby Antivirus Logging equipment & site Test environments Authentication Identity management SIEM Redundance Virtualisation Monitoring Intrusion prevention Clusters Server snapshot Intrusion detection 3 KMD'S PRODUCT PLATFORM ENABLES A RELEVANT MATCH TO VARIOUS SECURITY MATURITY LEVELS FROM BLISSFUL IGNORANCE.. … TO RECOGNITION … TO ALERTNESS KMD BPO SAC/SOC ... TO BEST PRACTISE RISK KMD SOLUTIONS LEVEL OF SECURITY ALERT AND ATTACK PREVENTION COMPLIANCE AND AWARENESS SECURITY CONTROL (Passive) _Firewalls and antivirus _Log management _Risk analysis SECURITY MONITORING (Automated) PROACTIVE SECURITY INTELLIGENCE SECURITY EXCELLENCE (Proactive) _SIEM (Security Information & Event Management) _Security Analytics Centre -24/7/365 surveillance _IDMaaS (Easy Access and Efficiency) _Full security outsourcing _Business continuity planning _IDMaaS (Security) _Compliance _Employee training (Awareness) _Master data (APOS*) _IDMaaS (Insight) * Authoritative Personnel & Organisational System 4 KMD'S SECURITY ANALYTICS AND OPERATIONS CENTRE SAFEGUARDS YOUR BUSINESS AGAINST UNWARRANTED BEHAVIOUR DID YOU KNOW … … that more than 65,000 attacks on Danish IT installations occurred in 2014 – an increase of 250% from the year before?* … that the average costs for a large organisation in the UK was DKK 10-30 million in 2015 for a single breach?** … that companies can be issued a fine equivalent to 2% of the company's global revenue for data leakage when the new EU data regulation becomes effective? KMD KMDBPO BPO SAC/SOC KMD SECURITY ANALYTICS AND OPERATIONS CENTRE KMD SUPPORT We offer a full portfolio of security products from basic log management and alerts to state-of-the-art security and forensics with 24/7 surveillance and proactive breach mitigation by highly skilled security analysts More than 200 private and public security customers … that most cyber attacks are triggered by ordinary mistakes made by the company's own or their IT supplier's employees? Data in Denmark – handled and protected by +100 Danish security specialists KMD collects and analyses 20 million logs (events) – every day 24/7 surveillance of threats against customer's infrastructure and proactive mitigation before it happens Ample security certificates – such as ISO 27001 … that retaining or attracting competent security employees who can keep up with the change in technology and threats requires continuous, high investments? * DKCERT Trendrapport 2015 ** PWC, Information Security Breaches Survey, 2015 5 KMD'S SECURITY OFFERING PROTECTS YOUR DATA – EVERYTHING FROM THOUGHTLESSNESS TO SOPHISTICATED ATTACKERS CYBER ATTACKS ARE NO LONGER "DRIVE-BY-SHOOTINGS", BUT SOPHISTICATED, LONG-TERM BREACHES THAT CAN COST YOU YOUR BUSINESS PREPARATION INTRUSION LONG-TERM BREACH Time spent by attacker: Time spent by attacker: Time spent by attacker: Days Seconds Months _Attacker gathers information and weak spots on target and creates weapon _Attacker delivers and exploits vulnerability _Attacker creates a command and control channel to continue remote operation _The attacker performs the steps to achieve his actual goals inside the victim's network (e.g. 229 days at CSC) KMD BPO SAC/SOC IMPACTING BOTTOMLINE THROUGH LOSS OF _IP rights _Working time _Broken IT systems and data _Personal data (and associated fines) _Revenue and share price (e.g. the company Target's revenues fell 46%) _Your customers' trust and your reputation KMD'S SECURITY SOLUTION PROTECTS YOU AGAINST SOPHISTICATED ATTACKS REDUCTION IN RISK OF CYBER ATTACKS REDUCTION IN INTRUDER TIME AND DAMAGE There is no such thing as a 100% guarantee against being hit by cyber attacks. However, with KMD, you get both reactive and proactive protection and mitigation, which reduces the risk of intrusion and significantly increases the ability to spot an intrusion quickly or even while it happens – thus limiting the consequences IMPROVED INTERNAL BEHAVIOUR Tailor-made reports allow you to understand and regulate risky employee behaviour REGULATORY COMPLIANCE ENSURED KMD's certification ensures your compliance with different industry specifications 6 KMD IS A UNIQUE SECURITY PLAYER PROTECTING DENMARK MADE TO PROTECT YOUR SENSITIVE DATA WHY KMD? _Denmark's largest security competence centre with more than 40 years' experience handling sensitive data _KMD protects Denmark by managing 20% of Denmark's GDP _KMD collects and analyses 20 million logs (events) every day SECURITY MATCHING YOUR NEEDS AT YOUR SERVICE AS-ASERVICE (aaS) BEST-IN-CLASS INSIGHTS _Experience with heterogeneous networks and integration of all types of applications, making us quick at implementation and able to match all different needs and systems _~40% cheaper aaS model than on premise _Most advanced Security Analytics Centre (SAC) in Denmark _Strong partnerships with competent global security and IT players _More than 200 customers from the private and public sector FACTS KMD gives you the security competence to keep your business safe KMD BPO SAC/SOC KMD has the experience in security and IT to tailor a solution to your exact needs _No CAPEX needed – access to high-tech infrastructure in KMD's secure data centre _Fast implementation and continuous upgrades controlled by and from KMD _ISO 27001-certified asa-Service security solution _No need for internal highly skilled security resources KMD has own infrastructure and bestin-class security specialists to reduce your costs at the best quality _+100 security experts who proactively service and advise private and public customers today – as well as KMD's own data _Member of the CERT (Computer Emergency Response Team)* highly specialised worldwide security network KMD proactively keeps you one step ahead of upcoming threats and new regulations 7 WHAT KMD OFFERS IS DEPENDENT ON YOUR NEEDS KMD BPO SAC/SOC DEPLOYMENT MODEL AND SERVICE LEVELS REACTIVE (SOC) PROACTIVE (SAC) SAC (SECURITY ANALYTICS CENTRE) LOG MANAGEMENT Fast overview of events ~1 week implementation time SIEM (SECURITY INFORMATION & EVENT MANAGEMENT) 24/7 surveillance and proactive mitigation Instant alert when breach occurs based on pre-defined rules ~2 weeks implementation time Less than 3 months implementation time BENEFITS _Prevent future threats and unwarranted behaviour by understanding activities _Save time on audits and compliance _Insights through monthly reports on security incidents _Reduction in impact of attacks by knowing your threat within a few hours instead of several days _Full outsourcing proactively warning you against possible attacks – before and when they happen _Focus on areas where threat is highest KMD PROMISES NO INTERRUPTION OF YOUR BUSINESS (E.G. NO SLOWER SYSTEM) EMPLOYEE INVOLVEMENT IN IMPLEMENTATION IS LIMITED TO ANSWERING QUESTIONS AND PROVIDING INFRASTRUCTURE AND DATA ACCESS YOU DECIDE THE SECURITY LEVEL WHICH FITS YOUR BUSINESS' NEED NO SURPRISES – THE PRICE IS PAID "AS-A-SERVICE" PER USER LICENCE/IP DEVICE CUSTOMER SECURITY COVERAGE CUSTOMER RESOURCES ALLOCATED TO SECURITY 8 KMD IS READY TO GUIDE YOU ON SECURITY KMD BPO SAC/SOC NEXT STEPS SEE FOR YOURSELF Come visit our high-tech Security Analytics Centre where KMD experts surveil data for our customers 24/7/365 CYBER ATTACKS ARE HERE TO STAY! _Increase in attacks and significance _Often start with a trivial human error or a lack of due care DEMONSTRATION OF ATTACK Our experts can give you a demonstration of a possible scenario and how it is mitigated and controlled with our security solutions RISK ASSESSMENT Let us make an assessment of your internal and external security risks to allow you to make a well-informed decision regarding your needs 9 KMD BPO FOR MORE INFORMATION, PLEASE CONTACT Peter Kjær PKJ@kmd.dk Phone: +4541398599