Professional Documents
Culture Documents
CYBER
DEFENSE
SOLUTION
A MANAGED SERVICE FOR
CYBER DEFENSE FROM
ACCENTURE AND SPLUNK.
YOUR CURRENT AN ACCENTURE -
APPROACHES TO CYBER SPLUNK CYBER
DEFENSE COULD BE DEFENSE SOLUTION
PUTTING YOU AT RISK Fortunately, companies now have a new weapon: a
Cyber-attacks are increasingly threatening and highly advanced managed cyber defense solution
costly. They drain $450 billion1 annually from the from Accenture and Splunk. The comprehensive
global economya number that some project solution employs tools such as machine learning,
will reach $2 trillion2 by 2019. Highly sophisticated analytics and automation to provide the advanced
attackers can hide their tracks for weeks, search, correlation, threat detection and incident
months and even years without being noticed. management capabilities needed to more effectively
Organizations need to match that sophistication in thwart cyber-attacks. To power these tools and
their defensive tactics and in their ability to bounce processes, Accenture and Splunk collect, analyze
back quickly if a breach does occur. and act upon all data that is available to them from
structured and unstructured as well as private and
Most companies focus cybersecurity investments public sources. These include logs, clickstreams,
on detection and remediation. But that alone is not sensors, web servers, custom applications,
enough to fight the high volume and advanced hypervisors, containers, operational technology,
level of todays attacks, especially across endpoints social media and cloud services.
and networks. Overwhelming data volumes slow
the responses of traditional security information
and event management tools. Companies also
struggle to manage and track the large number
of available data center and cloud cybersecurity
technologies.
2
FLEXIBLE AND EFFECTIVE REAL-TIME
Companies need to consider how to most effectively
CYBERSECURITY
deploy their security solutions and resources. PROTECTION AT
Accenture and Splunk provide guidance to help FREEPORT MCMORAN
clients understand the best approach based on
their unique requirements - on premise, in the cloud Freeport-McMoRan Inc., a premier international
or in a hybrid cloud environment with additional natural resources company, taps into the
options for the solutions to be operated in-house, or Accenture cyber defense solution to help secure
managed by Accenture as an integrated service. its hybrid cloud enterprise as a service. Accentures
solution provides a scalable, affordable, fast and
standardized managed security service that helps
Freeport-McMoRan rapidly understand its security
With continuing innovations from environment to get ahead of threats that target its
Accenture and Splunk, companies can: hybrid cloud.
Reduce the number of point products, Before Freeport-McMoRan began using the
which in turn reduces complexity Accenture cyber defense solution, a cyber security
and cost stress test contractor discovered that its red
team could reside in the companys systems
Increase resilience and extract data undetected for several days. A
subsequent test demonstrated that the Accenture
Mitigate risk
cyber defense solution enabled Freeport
Prepare for the threats affecting their McMoRan to detect an intrusion the same day
specific industry, present and future and prevent any loss or compromise of data.
Enhance compliance
3
CYBER DEFENSE PLATFORM SCHEMATIC
Endpoint Virtual
Endpoint Protection
Remote Protection Server Protection
Palo Alto Palo Alto Networks Traps Palo Alto Networks Traps
Networks Traps Palo Alto Networks Global Tanium Endpoint Platform
Tanium Endpoint Platform Protect Anti-virus
Anti-virus Tanium Endpoint Platform Server Logs
Anti-virus
Server Logs
UBA UBA
ES
SOC
4
Incident responders can download indicators of
compromise (IOCs) with Tanium IOC Detect which
provides an automated way to run scheduled
detection scans against endpoints. In this case,
Tanium Connect checks in with the Palo Alto
5
RANSOMWARE USE START
CASE FLOW
A client starts downloading a file
UNKNOWN
BENIGN
FW is informed that
FW hash for the file is not
MALWARE in the WF database
MALWARE
Benign
The Connect
contacts WF for Traps detects exploit TRAPS
WF SOC based on behavior
threat IOC
pattern and stops it
WF returns IOC
for threat
SOC must
manually
Traps NOT
TANIUM launch IOC ESM CLIENT stops malware
CONNECT detect in
Tanium
The Connect updates Malware is still working
IOC module
FW stops malware calling
TANIUM FW home by Anti-spyware
WF
IOC function (IDS)
6 SOC
Accenture and Splunk
Security Services help build
cybersecurity from the inside
out, managing strategy and risk,
cyber defense, digital identity,
application security and
managed security.
JEFF CHANCEY
jeffry.t.chancey@accenture.com
JEFF PENN
jpenn@splunk.com
7 7
ABOUT ACCENTURE ABOUT SPLUNK
Accenture is a leading global professional services Splunk Inc. is the market-leading platform that
company, providing a broad range of services and powers Operational Intelligence. We pioneer
solutions in strategy, consulting, digital, technology innovative, disruptive solutions that make machine
and operations. Combining unmatched experience data accessible, usable and valuable to everyone.
and specialized skills across more than 40 industries More than 11,000 customers in over 110 countries
and all business functionsunderpinned by the use Splunk software and cloud services to make
worlds largest delivery networkAccenture works business, government and education more efficient,
at the intersection of business and technology secure and profitable. Join hundreds of thousands of
to help clients improve their performance and passionate users by trying Splunk solutions for free:
create sustainable value for their stakeholders. With http://www.splunk.com/free-trials.
approximately 411,000 people serving clients in more
than 120 countries, Accenture drives innovation to
improve the way the world works and lives. Visit us at
www.accenture.com. Visit us at www.accenture.com.
REFERENCES
1. http://www.welivesecurity.com/2016/02/19/average-
cost-cybercrime-rises-200-just-five-years/
2. http://www.forbes.com/sites/stevemorgan/2016/01/17/
cyber-crime-costs-projected-to-reach-2-trillion-by-
2019/#421e63773bb0