the building blocks of good detection and response services for … · the building blocks of good...
TRANSCRIPT
![Page 1: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/1.jpg)
The building blocks of good detection and response services for the ICS environment
1
By:Søren Egede Knudsen
sorenegedeknudsen
![Page 2: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/2.jpg)
3
Our objectives today are to give Gartner a better understanding of:
1. why do customers choose Ezenta MDR and what have we learned from our engagements• Sales cycle , in d u stry , cu sto m er size , d ecis io n m akers, im p lem en tatio n h o n eym o o n• R ecap – w h y d o cu sto m ers say yes
2. How is Ezenta sales organised and what are our sales strategy on MDR going forward
![Page 3: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/3.jpg)
4
THE TEAM LeadershipNobody want managers we wants leaders!
Understanding the people’s value set is critical
The leader Team members
ValuesKnow
ledge Strategy
Values
InnovationInves
tmen
t
Practice as you preach!
![Page 4: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/4.jpg)
5
Organisational priorities
1 101 101 10Casualties (H)
AvailabilityRemote control
Staff
Auditors
You Value Chain
Threats
![Page 5: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/5.jpg)
6
TEAM Setting
Incident
Event
CrisisRecommended
Define the needed technical level of the team
![Page 6: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/6.jpg)
7
TEAM Setting
Name Skills Personality
Manager People, Business and
Technical skills and
experience. IT and OT.
Transformational leader
Common purpose / goal
Value basedHonest
Security Network
specialist/Analyst
FW, IDS, OT, IT, SIEM,
Network
Team player
Follow a list
Communicative
OS Security
specialist/Analyst
Windows, Linux,
application, SIEM, OT
IR and forensicsanalyst
OS, Network, pen-test, forensics, OT
Plus: Analytic,Digger
SCADA specialist IT, OT, SCADA processes
and logic
Plus: Process
Analytic
Selecting “do’ers”
IT not OT focusedOnly technical knowledgeNot team player
Pitfalls in selecting people
Empower the team !
![Page 7: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/7.jpg)
8
TEAM Structure
R=Responsible, A=Accountable, C=Consulted, I=Informed
Integrated team (in-house & consultants)
Horizontal vs hierarchical team
Plant level
Area level
![Page 8: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/8.jpg)
9
Incident response plan
Regulation and rules
Agreements
Easy to understand
Proactive services
Priorities and stakeholders
Roles
Communication IR Plan
![Page 9: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/9.jpg)
10
ICS visibility
![Page 10: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/10.jpg)
11
ICS visibility
Asset Communication Profile(Assets, protocol, tags)
NSM + Asset + Segmentation = visibility
![Page 11: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/11.jpg)
12
INCIDENT readinessAre you ready for an incident?
8 step for readiness
Stakeholders and priorities
Definition of IR types
Members of the IR team
Empowerment of the team
Model (RACI)
Network (segmentation)
AssetsDataflow
![Page 12: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/12.jpg)
13
BUILDING blocks
Organisational priorities
leadership
Team members
Skills and experience
Visibility
![Page 13: The building blocks of good detection and response services for … · The building blocks of good detection and response services for the ICS environment 1 By: Søren Egede Knudsen](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed3ba79ba125d781d5da0b1/html5/thumbnails/13.jpg)
THANK YOU!