presentation update

profilejuskickz1
projectupdate.pptx

ACME BANK PRIORITIES

1

Leading Customer Experience Digitising the group Maximising Group Capabilities Transforming ways of working
Driving stronger relationships through best-in-class propositions while continuing to provide our customers with brilliant service and a seamless experience across all channels Deploying new technology to improve our efficiency and make banking simpler and easier for customers Aligning the Bank’s capability to deepen customer relationships and grow in targeted segments Enhancing employee skills and processes, investing in agile working practices and embracing new technology to drive better outcomes for customers

USE CASES

2

Title Description Status
F1 McAfee AV Find McAfee AV running or stopped across workstations and servers. Potential to drill down where necessary
F2 Malicious Indicators Using IOC Detect (later Detect3 and Signals) to find MD5 Hash, IP address, URL domain for specific IOC provided by threat intelligence.
F3 Malware Persistence Find malware persistence (suspicious file reference in an unmanaged schedule task) using file creation, deletion, rename sensors and show entries if the parent process is powershell, WMI, cmd, CScript or WScript
F4 Lateral Movement Combining the command line, scheduled tasks, and WMI sensors to find remote logins, remotely executed commands and executed malware
F5 C2 Connection Attempts Find Command and Control (C2) connection attempts by searching for services listening for inbound connections on systems exposed to the Internet
F6 File Shares Find shares a user should not be connect to. Use Connect to pull a user’s privileges from AD, then correlate with Tanium to list of open public network shares Thread Response needed
F7 Rogue Device Connection Rogue device detection for high-risk endpoints. Use “connected USB storage device” sensor to Payments, C-Level, SWIFT machines containing sensitive date. Dependent on Trace for historical information Need Computer Groups & Trace
F8 Privileged Account Attempts Find attempts to break into highly privileged accounts. Restrict Windows Security Event log sensor for login failures to static list of critical administrator accounts Need Privileged Account & Trace
F9 Malicious Processes Identify rare, malicious processes. Use the running processes + file path, loaded libraries (DLL) and loaded drivers sensors and sort by count. Send hashes to VirusTotal via Connect Thread Response needed
F10 Infection Attempts Search for unusual parent processes such as Outlook, Word, notepad, cmd to detect malicious process execution and file creations Thread Response needed

Tanium SQ (Auto)

Into Splunk

Apply Logic

Create JIRA

24/7 SOC

Into Hadoop

FIRe

Needs work

Ready

Future

Above based on guidance from FIRe team

USE CASES (Continued)

Current Status (Security Tools Team, VM, Other)

3

Title Description Status
E1 Agent Identification Identification of presence of Security Tools Team managed agents (beginning with syslog, Titus, Encase) and eventually others (McAfee)
E2 Agent Health Check Identify where an agent may be disabled, require a reboot, or where a version or config file may need updating
E3 Agent Fix Via appropriate actions and packages, ensuring any issues identified with agents are rectified quickly and efficiently

Security Tools Team

Title Description Status
V1 Patch Assurance If and where a patch has been deployed (Windows Security Patch)
V2 Vulnerable Assets Identification of vulnerable asset based off Cyber Threat Intelligence
V3 Host Security Applications Ability to see where vulnerable machines do not have compensating controls in place to mitigate vulnerabilities (eg McAfee HIPS)
V4 Host Configuration Ability to view the configuration/policy settings across the estate on a per-host basis to ensure that appropriate policy and configuration settings are in place
V5 Threat Modelling Translating industry attack frameworks (MITRE Att&ck) into questions to proactively secure the environment

VM

Title Description Status
X1 IT Asset Mgt SAP, Tableau footprint, general SW, HW asset management
X2 Privileged Accounts Assisting wider Privileged Accounts project to identify quick wins in Tanium (eg listing Windows services and scheduled tasks)
X3 NYC Office Patching and general IT security and operations use cases (TBD)
X4 M&A Using Tanium to assess and improve the health of machines from acquired companies
X5 Win10 Using Tanium to determine appropriateness of specs for Win10 migration
X6 Venafi / SSH Key TBD
X7 Unauthorised Software TBD
X8 Divestiture Machines Using Tanium to quickly and efficiently wipe (‘brick’) ex-Divestiture machines

Other

Needs work

Ready

Future

Above based on guidance from Security Tools Team

Above based on guidance from VM

Above based on numerous sources

ACCOUNT TEAM ACTIONS / GOALS

4

ID Title Description Owner Status
1 Partner Planning Day Hold a day planning session (Account Team) plus key Partner (IT Experts Ltd) to plan a joint ‘art of the possible’ roadmap session AM Overdue
2 Enhance Account Plan Describe use cases, resources, sales campaigns AM / TPM
3 Demo for Pete Complete demo for Pete AM / TAM Overdue
4 Complete Operating Model Work with Taylor’s team to complete RACI and Comms plan TPM
5 Complete 1 IT Ops 1 pager Describe 20 key IT Operations industry level pain points in a 1 pager AM / TAM / TPM
6 7.3 upgrade session Set up 7.3 upgrade planning session with Taylor and team TAM Overdue
7 Centre of Execellence Drive CoE planning and launch in 3 months time TPM At Risk
8 12 month plan Build 12 months plan for account TPM / AM Overdue

Goals

Strategic partner for ACME to help achieve their goals

Secure renewal of contract

Upsell Asset

Maintain account referencability

Flagship ROI account