Wolfgang Kiener
Business Development Manager
Threat Detection -
Cyberangriffe frühzeitig
erkennen und eindämmen!
13.06.2018
Umsatz 2017
2
955
1.077
963
895
25
24
24
11
10
6
1.972 Mio. €
Deutschland/international (in Millionen €) Nach Geschäftsbereichen (in %)
1.972
1.918
2017
2016
■ Produkte
■ Industrie Service
■ Mobilität
■ Academy & Life Care
■ Systeme
■ ICT & Business SolutionDEUTSCHLAND INTERNATIONAL
Konsolidierte Daten (gemäß IFRS) Unkonsolidierte Daten
Corporate Präsentation 2018
Von der strategischen Beratung über Konzeption und Prozessoptimierung bis
zu Implementierung, Betrieb oder Zertifizierung der Systeme
13.06.2018 Corporate Präsentation 20183
ICT & Business Solutions
ICT & Business Solutions
Corporate Präsentation 2018
SCHWERPUNKTBRANCHEN
Telekommunikation
Finanzdienstleistungen
Energie
Handel
Gesundheit
Fertigung
Mobilität, Logistik, Automobil
Luft- und Raumfahrt
WISSENSWERTES
Seit 2014 sind wir am deutschen Markt
der führende unabhängige Anbieter von
IT- und Internetsicherheitsleistungen und
gehören weltweit zu den führenden
Akteuren
Wir beraten Netzwerkbetreiber bei der
Planung, beim Aufbau und bei der Pflege
ihrer Telekommunikationsinfrastrukturen
kompetent
technologieorientiert
kosteneffizient
Eckdaten
600 Spezialisten139 Mio. € Umsatz
GESCHÄFTSFELDER
IT-Services & Cyber Security
Telco Solutions & Consulting
des Gesamtumsatzes6%
13.06.20184
Stand 2017: Unkonsolidierte Daten
TÜV Rheinland i-sec. Informations- und IT-Sicherheit.
Führender unabhängiger Dienstleister
für Informationssicherheit in Deutschland
Beratungs- und Lösungskompetenz in ganzheitlicher
Informationssicherheit – von der Steuerungsebene
bis ins Rechenzentrum inkl. betriebsunterstützender Leistungen
Exzellente Technologie-Expertise, umfassendes Branchen-Know-
how, Partnerschaften mit Marktführern
International zählen wir im Verbund mit unseren Schwester-
gesellschaften OpenSky und 2MC zu den wichtigsten
unabhängigen Anbietern
Zertifiziert nach ISO 27001 und ISO 9001
13.06.2018 ICT & Business Solutions5
TÜV Rheinland i-sec GmbH. Fakten und Zahlen.
Projekteinsatz an 25.000 Tagen in 2016.!
Standorte
Deutschland
Köln (HQ)
München
Gelnhausen
Saarbrücken
Hannover
Hamburg
Fachliches
Kompetenzteam
15 × Sales
20 × Security Engineering
60 × Management Beratung
45 × Professional Service
und Betrieb
Kernbranchen und
Sitz unserer Kunden
Finanzen
Automobil
Energiewirtschaft
Chemie/Pharma
Telekommunikation
Int. Mischkonzerne
Transport/Logistik
Öffentlicher Dienst
Handel
13.06.2018 ICT & Business Solutions6
Cloud Security
Enterprise Cloud Adoption
Hybrid Infrastructure
Identity & Access Management IoT Security
Network Security Industrial Security
Application Security Security Analytics & Detection
Endpoint Security Incident Response
Data Protection
Service Lines:
Governance & Strategy Business Continuity Management
Risk & Compliance Management Data Privacy
Information Security Management Systems
Digital Enterprise. Protected.
13.06.2018 TÜV Rheinland7
Ein umfassendes, globales Serviceportfolio zum Schutz digitaler Unternehmen.
Consulting
Services
Testing
Services
Managed
Services
Portfolio Kategorien:
Mastering Risk &
Compliance
Advanced Cyber
Defenses
Secure Cloud
Adoption
Consulting
Services
Testing
Services
Managed
Services
Service Typen:
Governance & Strategy Business Continuity Management
Risk & Compliance Management Data Privacy
Information Security Management Systems
Cloud Security
Enterprise Cloud Adoption
Hybrid Infrastructure
Identity & Access Management IoT Security
Network Security Industrial Security
Application Security Security Analytics & Detection
Endpoint Security Incident Response
Data Protection
Referent
WOLFGANG KIENER
Business Development Manager
TÜV Rheinland - Cybersecurity
14.06.2018 Managed Threat Detection8
Status Quo: Threat Detection and Response
14.06.2018 Managed Threat Detection9
CYBER-
DEFENSE
GAP
DEFENDERS LOSING THE INNOVATION BATTLE1
Average total cost of a data
breach
Average cost per stolen
recordCost increase per record
100%
75%
50%
25%
0%
67% 56% 55% 61% 67% 62% 67% 89% 62% 76% 62% 84%
2005 2007 2009 2011 2013 2015
% w
he
re “
da
ys o
r le
ss”
ATTACKER
DEFENDERS
$4,31 Mio. $225 25%
2016: On average, it took respondents 242 days to spot a breach caused
by a malicious attacker, and further 99 days to contain it.
COST AND TIME FOR REMEDIATION IS HIGH AND RISING 2
MTTI MTTC
20
206 206
582
7
69 70
175
Minimum Mean Mediana Maximum
1 Verizon DBIR 2016 | 2 Ponemon Institute 2015
Reducing time to detect and contain incidents
Opportunities for improvement
Big Data
Analytics
Real-time security
insights across the
large and growing
data of the modern
enterprise
Emerging
Technologies
Machine learning
and behavior anomaly
detection beyond
traditional event
correlation
Enhanced Use of
Threat Intelligence
Integration of threat
intelligence correlation
across data sources
Visibility into
IoT & OT
Behavior based
analytics for Internet-
of-Things and
Operational
Technology
!
Risk-Aligned
Threat Detection
Focus detection on
top risks, accelerate
investigation and
response, and report
on capabilities and
operational metrics
14.06.2018 Managed Threat Detection10
Digitalisation is Progressing. Unstoppable.
Risks develop exponential as well.
14.06.2018 Managed Threat Detection11
Technical Development Know-How
The Great Train
Robbery, 1963
£ 2,631,684 $ 951,000,000
Bangladesh Bank/
Swift Heist, 2016
Risk Gap
INDUSTRY 4.0
Automation
Scalability and Interconnectivity
AI and Machine Learning
Agility
CYBER RISK 4.0
Attack automation
AI and Machine Learning
Attackers are agile
Complexity increases attack surface
Vulnerabilities are hardly to avoid
Cyber Risk = Business Risk
Risk-aligned threat detection approach
1 Identify top risks
Top Cyber Risks
4 Develop Analytics
Industry Risk Profiles
Enterprise Risk Register
2 Define related attack scenarios 3 Map threat activities
5 Monitor, Investigate & Respond 6 Capture Metrics & Inform GRC
14.06.2018 Managed Threat Detection12
Controls
ReductionImpact
Risk Prioritization
Many ways to prioritize risk – this example uses a scoring method and considers controls and residual risk
LikelihoodResidual
Risk
Inherent
Risk
ConfidentialityRisk
Statement1
2.5Integrity 4
Availability 1
Safety 4
Treat Means 4
3.0Treat Motive 1
Threat
Opportunity 4
7.5 4.7 2.8
ConfidentialityRisk
Statement4
1.8Integrity 1
Availability 1
Safety 1
Treat Means 4
4.0Treat Motive 4
Threat
Opportunity 4
7.2 5.1 2.1
14.06.2018 Managed Threat Detection14
Define threat activities by attack phase for the selected attack scenario
Models available to assist
Cyber Kill Chain CIS Community Attack Model MITRE ATT&CK Cyber Threat Framework
Preparation
Engagement
Presence
Effect/Consequence
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Execution
Collection
Exfiltration
Command & Control
Initial Recon
Acquire/Develop Tools
Delivery
Initial Compromise
Misuse/Escalate Privileges
Internal Recon
Lateral Movement
Establish Persistence
Execute Mission
Objectives
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives
14.06.2018 Managed Threat Detection15
Unfetter – NSA tool that utilizes ATT&CK
14.06.2018 Managed Threat Detection16
Develop and documenting threat analytics
Threat activity
Analytic name
Analytic description
Key risk indicator
Data sources
Required data
Analytics (platform specific)
Threat detection guidance
Notes
Map to risk statements
Author
Date
EXAMPLE: THREAT ACTIVITY – LOGIN WITH COMPROMISED CREDENTIALS (EXPLOIT PHASE)
14.06.2018 Managed Threat Detection18
Risk-Aligned Threat Detection
14.06.2018 Managed Threat Detection19
Information Security
IT-Security
Cyber
Security
Require-
ments
Risks
Log Data
Metrics
GRC
SOC
Metrics &
Reporting
Security Relevant
Informationen
Incident
Management
Reports
Trends
BCM
Risk Management
Sensors
Security Intelligence
Flow Data
Compliance
ISMS
Trend/
History!
!
! Relevant Deviations
Conclusion
Benefits of risk-aligned threat detection
Better focus on threat activity that matters most to the organization
Reduced time to detect and contain incidents
Improved risk management program
Opportunities to automate investigation and response activities
More context and clarity about detected threat events
14.06.2018 Managed Threat Detection20
TÜV Rheinland. Who are we?
14.06.2018 Managed Threat Detection21
$2.3 Billion
Privately Held
144 Years Old
500 Locations
69 Countries
19,320 people
The digital transformation will be defined by the use of “cyber-physical” systems.!
Protecting society since 1872
Industry 1.0
Mechanical
Production
Industry 2.0
Mass Production
& Electricity
Industry 3.0
Electronic &
IT Systems
Industry 4.0
Cyber-physical Systems,
Social, Mobile, Analytics, Cloud
TÜV Rheinland ICT & Business Solutions. Cybersecurity.
14.06.2018 Managed Threat Detection22
400 Security Experts
€ 68 Mio. € Revenue 2016
HQ´sCologne / Boston / London
Core Industries
Finance, Automotive
Chemie & Pharma, Energy, Telecommunication
Regions
Germany, USA, UK, Golf Region, APAC as Growth Case
Vielen Dank!
Wolfgang Kiener
Business Development Manager – Cybersecurity
www.tuv.com/informationssicherheit