SERVICES CATALOGUE MANAGED SECURITY DIGITAL TRUST SECURITY SERVICES CATALOGUE

MASTERING Dealing with cybercrime alone is a challenge, but as businesses BUSINESS look for a competitive edge through digital […] many SECURITY are looking for outside help. Increasingly that help comes in Businesses need help to defend against the rising the form of a Managed Security tide of attacks, exploitations and infections. Services Provider (MSSP). Businesses across Europe are facing increasingly complex Paul Fisher, Research Director, and challenging security issues – from new compliance PAC Study MSSP 2017 requirements, through the severe shortage of appropriately skilled staff, to a rapidly evolving threat landscape.

Added to this, the onward march to digital is resulting in more data, more devices, increased user demand for access and the use of Cloud; all of which creates new attack surfaces, ready to be exploited.

2 DIGITAL TRUST SECURITY SERVICES CATALOGUE

WITH OUR DIGITAL TRUST PROPOSITIONS, WE CAN MASTER BUSINESS SECURITY

Our job is to manage your infrastructure, your network and your workplace. Security is a part of that job, and is defined in the services that make up our Digital Trust Security Proposition.

• Cyber Defense Center MANAGEMENT • Control Compliance • Security Monitoring & Analytics • Risk Analysis Services • Vulnerability Management CYBER DEFENCE • Security Management

IDENTITY  ACCESS MANAGEMENT • Cloud Security • Privileged Account Management • Management • Identity Governance • Information Prevention END POINT SECURITY • Strong Authentication • Email Security • Single Sign On INFRASTRUCTURE SECURITY • Provisioning • ICS/SCADA Hardening • Network Segmentation • Predictive Maintenance • Endpoint Production Suite • Secure Connectivity INDUSTRIAL IT OFFICE IT • Mobile Security / MDM

3 DIGITAL TRUST SECURITY SERVICES CATALOGUE

MANAGED SECURITY Let us help you to master your business security

VULNERABILITY SIEM SERVICES SCANNING SECURITY MANAGER

The Customer Information Security Computacenter’s SIEM service analyses vast Operated by the Computacenter Cyber Manager (CISM) provides governance, amounts of data to identify anomalous Defence Center, our Vulnerability Scanning management and support to both the behaviour – alerting analysts to investigate service identifies and reports potential Computacenter support teams and the and report potential security issues. vulnerabilities before they can be exploited. customer security function.

Click to expand Click to expand Click to expand

4 DIGITAL TRUST SECURITY SERVICES CATALOGUE SAFE DELIVERY Delivery services company safeguards customer data with managed security service from Computacenter

OBJECTIVE

As a leading provider of delivery services, the company handles large volumes of customer data, which needs to be adequately protected. A security breach could not only impact service delivery, but also threaten compliance, reputation and customer trust. To balance data protection with availability, the company needed a partner to help maximise security across its IT infrastructure. SOLUTION

Computacenter provides managed security services for approximately 16,000 end points, including around 2,000 servers, 2,000 client devices, and networking components. As well as 24x7 remote monitoring and weekly vulnerability scanning, Computacenter provides trend analysis and proactive service management through its on-site Security Manager. It also works closely with the customer’s other IT providers to ensure a collaborative approach to reducing and addressing security risks.

OUTCOME

The customer can now better understand and mitigate security risks; helping to safeguard compliance, the customer experience and competitive advantage. Granular reporting and analysis have helped to identify genuine threats versus innocuous anomalies, which has reduced monthly alerts reduced by 75 per cent.

5 DIGITAL TRUST SECURITY SERVICES CATALOGUE

WHY COMPUTACENTER?

As a provider of secure IT, European-based, but with a global support capability, Computacenter looks beyond the Computacenter is well placed to support your managed boundaries of traditional security. security needs. We take an end-to-end view that helps us diagnose issues more quickly and provides customers Manage over 7.2 million unique security with access to a comprehensive events each year support skill set. Hold over 50 security certifications

Have over 200 dedicated security experts actively supporting Security for our customers

Deliver end-to-end support covering Workplace, Network, Datacenter and Platforms

With our extensive consultancy and supply chain capability, Computacenter can design and build your security solutions as well as run them

6 GET IN TOUCH

To find out how your organisation can take advantage of Computacenter’s Digital Trust security propositions, contact your Computacenter Account Manager. www.computacenter.com/uk

Enabling users and their business

Computacenter is Europe’s leading independent provider of IT infrastructure services, enabling users and their business. We advise organisations on IT strategy, implement the most appropriate technology, optimise its performance, and manage our customers’ infrastructures. In doing this we help CIOs and IT departments in enterprise and corporate organisations maximise productivity and the business value of IT for internal and external users. Computacenter (UK) Ltd Hatfield Avenue, Hatfield, Hertfordshire AL10 9TW, United Kingdom

computacenter.com +44 (0)1707 631000 MSS Catalogue | Gilroy | UK | v1 2018 DIGITAL TRUST SECURITY SERVICES CATALOGUE

SIEM SERVICES

The SIEM service is the core SERVICE FEATURES intelligence information managed security service offering OPERATING MODEL • Log collection and storage, log analytics and assessment from Computacenter. It operates as a partnership between the • Security incident detection and alerting Fronted by partners (either Symantec or Radar services) who deploy their technology to process and analyse • Alert analysis and assessment Computacenter Cyber Defence Center customer log data. (CDC) and our strategic partners, • Incident logging and assignment Using algorithms designed to test for specific types of Symantec and Radar Services. • Monthly status and trend reporting anomalies and anomalous behaviour, the SIEM solution Our partners complete the initial • Support for incident diagnosis and advice and guidance will alert the CDC when its analytics identify a potential for remediation security issue. identification, investigation and • Security Incident management classification of security issues using The algorithms are constructed to look for specific issues their native toolsets. The CDC will be • Use case assessment and change that are defined as “use cases”. Use cases can be complex or simple, and the mix of use case types and the scale of assigned identified security events for • On boarding/off boarding of new assets the customers target infrastructure determines the further investigation. Once analysed • Service operates 24x7x365 effectiveness of the service. and logged by the CDC, they are then

assigned to the most appropriate Delivered as an “embedded” security service as part of CUSTOMER OUTCOMES a broader infrastructure managed service, rather than support team for resolution. a standalone security service. • Identification, categorisation, investigation and assignment of security incidents The Symantec MSS model is cloud based, whilst the Radar • Monthly report showing volumes and trends of security services model in on premise. incidents impacting the customer estate • Recommendations and advice to improve security posture • Log retention to meet compliance requirements • Distribution of Computacenter cyber defence threat

SIEM SERVICES THE CYBER DEFENCE CENTER

4 DIGITAL TRUST SECURITY SERVICES CATALOGUE

THE CYBER DEFENCE CENTER

The Cyber Defence Center is a SERVICE FEATURES Computacenter function designed OPERATING MODEL • Analysis of security alerts, with security incidents to detect and react to cyber security automatically identified by the deployed SIEM tooling threats facing the customer. The Cyber Defence Center operates a shared remote • Creation of security incidents, post analysis, into the delivery model from Computacenter locations in Hatfield. The function ensures analysis call logging tool More locations are planned in Germany and France. can be completed quickly and • Documentation of recommended actions to resolve accurately, allowing remediation and incidents, recorded within the security incident log Typically operated as part of a broader managed service where security is a service tower alongside Endpoint, recommendations to be dealt with by • Management of the on-boarding / off-boarding of customer Network, Infrastructure and Application. the appropriate customer/internal data and assets as they come into scope for the SIEM resolver teams. or Vulnerability Service • Creation of standard customer reports The Cyber Defence Center delivers • Support and input to the management of major incidents this function by utilising technologies where there is a security dimension and tooling that concentrate on • Service operates 24x7x365 detecting and reporting cyber threats quickly and effectively. OPERATIONAL STRUCTURE Comprised of the following roles:- • CDC Operative (shared resource), CDC Senior Operative (shared resource), CDC Manager (shared resource) • The CDC Operative delivers the SIEM and Vulnerability Scanning services • The CDC Manager (in addition to line management responsibilities) is responsible for escalations, reporting oversight and customer interactions • The CDC Manager is also responsible for the quality and effectiveness of the CDC service delivery and is the senior technical escalation point SIEM SERVICES THE CYBER DEFENCE CENTER

4 VULNERABILITY SCANNING

The Vulnerability Scanning service SERVICE FEATURES utilises specialist tooling to scan OPERATING MODEL • Network and asset discovery a target customer IP range, or ranges, seeking to identify vulnerabilities. • Planning and running the scheduled scans The service is delivered by the Computacenter Cyber Defence Center (CDC) with scans being run by the CDC operatives. These vulnerabilities could be • Monthly status and trend reporting, aligned to in scope assets exploited by external criminal • Support for incident diagnosis and advice and guidance The CDC operatives collate the vulnerability scan results elements or rogue internal resources for remediation and compare them with the CMDB to align vulnerabilities to asset owners. for the purpose of financial • On boarding / off boarding of new IP ranges for scanning gain or to cause reputational • Support of the scan tooling Technical assessment is carried out by the supporting technical teams who are assigned requests to investigate damage to the customer. • Support for assessment and treatment of identified the vulnerabilities. security incidents Scans seek to identify vulnerabilities • Service operates Monday - Friday, 9:00am - 5:30pm Post assessment, and subject to appropriate change and weaknesses, and the service and release controls, the technical teams will apply the then looks to align them to owners, CUSTOMER OUTCOMES appropriate remediation to close the vulnerability. co-ordinate remediation activity with The results of the technical investigation are consolidated those owners, and then consolidate • Monthly report detailing identified vulnerabilities along into a report to be presented to the customer by the with remediation recommendations the results into a monthly report for Computacenter Information security manager and the review with the customer. • Monthly meeting with Security Manager to review vulnerability Computacenter service manager. reports and monitor trends Typically delivered remotely from the CDC as a shared service, • Measurement against agreed technical baselines to although bespoke onsite and ring fenced delivery options are demonstrate compliance to customer-provided standards available as a non standard design. • Active engagement with patching team to ensure that patching is applied in line with proposed service level agreements

VULNERABILITY SCANNING THE CYBER DEFENCE CENTER

4 DIGITAL TRUST SECURITY SERVICES CATALOGUE

THE CYBER DEFENCE CENTER

The Cyber Defence Center is SERVICE FEATURES a Computacenter function designed OPERATING MODEL • Analysis of security alerts, with security incidents to detect and react to cyber security automatically identified by the deployed SIEM tooling threats facing the customer. The Cyber Defence Center operates a shared remote • Creation of security incidents, post analysis, into the delivery model from Computacenter locations in Hatfield. The function ensures analysis call logging tool More locations are planned in Germany and France. can be completed quickly and • Documentation of recommended actions to resolve accurately, allowing remediation and incidents, recorded within the security incident log Typically operated as part of a broader managed service where security is a service tower alongside Endpoint, recommendations to be dealt with by • Management of the on-boarding / off-boarding of customer Network, Infrastructure and Application. the appropriate customer/internal data and assets as they come into scope for the SIEM resolver teams. or Vulnerability Service • Creation of standard customer reports The Cyber Defence Center delivers • Support and input to the management of major incidents this function by utilising technologies where there is a security dimension and tooling that concentrate on • Service operates 24x7x365 detecting and reporting cyber threats quickly and effectively. OPERATIONAL STRUCTURE Comprised of the following roles:- • CDC Operative (shared resource), CDC Senior Operative (shared resource), CDC Manager (shared resource) • The CDC Operative delivers the SIEM and Vulnerability Scanning services • The CDC Manager (in addition to line management responsibilities) is responsible for escalations, reporting oversight and customer interactions • The CDC Manager is also responsible for the quality and effectiveness of the CDC service delivery and is the senior technical escalation point VULNERABILITY SCANNING THE CYBER DEFENCE CENTER

4 CUSTOMER INFORMATION SECURITY MANAGEMENT

The Customer Information Security SERVICE FEATURES compliance posture Manager (CISM) service provides • Review the implementation and effectiveness of information OPERATING MODEL governance, management and control security measures and processes in collaboration with internal of the IT security functions delivered Computacenter departments in the delivery of daily operations • Delivered where there is a broader managed service – and projects rather than as a standalone service by Computacenter to our customers. • Continuous assessment of the levels of compliance for applicable • Typically sold alongside SIEM or Vulnerability Scanning information security standards and policies services, although can be positioned without these services The service ensures that effective • Supporting security incident investigation as required delivery of security management • Determination of potential threats, evaluation of risks and • Security Officers undertake most administrative and is achieved through contractual developing proposals to address vulnerabilities compliance based activity and report to the Security Manager • Support of audits relating to information security management, who is responsible for the broader representation of the compliance to customer security compliance management and internal audits, development of Computacenter security services delivered to the customer policy and effective security incident recommendations and follow-up measures • The Security Managers work hand in hand with the management. This is all supported by • Service operates Monday - Friday, 9:00am - 5:30pm Computacenter Service Managers to provide expertise and in life governance of contract change guidance for internal Computacenter delivery as well as external customer delivery to ensure the impact to all things CUSTOMER OUTCOMES security is understood. • Provision of regular monthly security reporting and trending, outlining the contracted Computacenter security deliverables • Assisting the customer in the collation and provision of information in the support of audits carried out on the customer • Creation of a Security Management Plan (SMP) which can be monitored, measured and reported against for effectiveness • Co-ordination of a Security Working Group (SWG) based on Computacenter’s standard Terms of Reference (ToR) • Set up of an initial Security Risk Register to track risks identified during the delivery of contracted security services • Provide input into change management in respect of Computacenter services and their impact on the customer’s security posture • Co-ordinate an annual security workshop with the customer and their key security personnel to assess Computacenter’s security

CUSTOMER INFORMATION SECURITY MANAGEMENT SECURITY MANAGER SECURITY OFFICER

4 SECURITY MANAGER & SECURITY OFFICER

QUALIFICATIONS OPERATIONAL STRUCTURE SERVICE OWNERS The Customer Information The Security Manager function can operate as follows: • Security Officer (dedicated to an individual customer) Security Manager is qualified to CYBER DEFENCE OPERATIONS DIRECTOR CCP Practitioner level with additional • Security Officer (shared to multiple customers – [email protected] ISO27001 foundation certifications. maximum of 4) These technical skills are aligned to • Security Manager (shared across multiple customers – HEAD OF CUSTOMER INFORMATION SECURITY MANAGEMENT customer facing experience and a maximum of 4) [email protected] background in service management • Security Manager (bespoke – can be dedicated to or customer relationship a single customer) management. A single customer may have a combination of the above roles. In these circumstances, all allocated Security Officers will report The Security Officer is qualified to the assigned Security Manager. to CISM (P) level and typically The service operates Monday to Friday 9:00am to 5:30pm. has a background in analytics and process based roles. DELIVERY LOCATION • Remote and on premise delivery. Typically a combination of contracted days working from a nominated customer site • Supported by remote delivery from a Computacenter office location • Security Officer services will be full time on site or remote shared delivery • Security Managers will not be based at multiple customer locations

CUSTOMER INFORMATION SECURITY MANAGEMENT SECURITY MANAGER SECURITY OFFICER

4