Global professional services firm Deloitte launched its Cyber Intelligence Centre (CIC) in Woodmead, Johannesburg, last month, which is one of 17 worldwide centres used in combination to provide 24/7 high-level protection for subscribers, says Deloitte Cyber Risk Services Advisory Africa leader Derek Schraader.
The CIC provides active cybersecurity monitoring services of clients’ information technology and operational technology environments and correlates the information to threat intelligence by threat actor, industry type, motive, operating systems, software used and patterns of attack.
Schraader notes that understanding clients’ environments can initially be a fairly complex process, owing to the need to understand the details while ensuring that the clients’ information is protected.
Onboarding of clients can sometimes take two to three months because Deloitte has to become familiar with client environments and install the hardware that performs much of the data gathering and machine-based analysis, he adds. Further, the system has sophisticated controls to govern which users can access or view data according to the client’s policies and regulatory requirements.
“The solution collects and correlates the data sent to the Deloitte CIC to protect clients’ information and intellectual property, which enables the CIC to have a detailed view of their systems and to defend them against cyberattacks without the clients risking losing valuable information or privacy.”
The type of data that the CIC uses is mainly metadata and system logs, which are used to determine the characteristics of the attack and what type of data, systems or users the malware or advanced threat is targeting. This means that clients’ intellectual property and personal information remain private, he explains.
Outsourcing of cybersecurity does not remove clients’ responsibility, and the CIC works in concert and as additional support for security administrators. However, the complexity of effectively defending against increasing and increasingly complex cyberattacks has been flagged by companies as a key problem, and partnering with a managed security services provider to take responsibility for some security functions like monitoring, threat intelligence and continuous vulnerability scanning will enable companies to improve security.
The economies of scale afforded by the local CIC and the firm’s global CIC network means that it can provide high-quality cybersecurity that is cost effective. Deloitte will have a total of 22 CICs in its global network by the end of the year, says Schraader.
Deloitte Risk Advisory director Cathy Gibson notes that the CIC builds threat models for each client using knowledge of their environments and operations, as well as threat intelligence from its 16 other CICs and more than 300 proprietary and nonproprietary threat intelligence sources in the cybersecurity industry, including global law enforcement agencies.
These threat models are used to identify which clients are most at risk from specific threat actors and their associated modus operandi, enabling the CIC to proactively predict and defend against possible cyberattacks.
The security analytics engine implemented on hardware at clients’ sites monitor millions of data logs generated by the client’s devices and network elements in real-time. The logs are then matched to known cyberattack use cases and methods, identifying a possible incident which is forwarded to the CIC enabling security personnel to confirm, notify and respond when an attack is happening.
The client is also given access to the CIC environment through the global Deloitte Unified Cyber Portal enabling clients to have a clear view of their environment through the eyes of the CIC. The client can then track possible incidents and have an instant view of their security posture, details Schraader.
As part of the predefined response process information about the attack is also captured for use by the CIC forensic team, which studies the breaches and methods to improve defences and to share the information with the wider CIC network and its threat intelligence partners, he adds.
“Indeed, a key requirement demanded by our customers is that we plug into and are prepared to share and work with other cybersecurity communities to better protect our clients’ operations and networks,” concludes Schraader.