Cybersecurity teams are faced with an uphill battle when it comes to defending their organisations against skilled attackers. The waves of attacks are relentless and increasingly sophisticated. Detecting and responding to security incidents remains a fundamental element of a security programme.
Over the last 5 years, in oncology alone ICON has successfully completed 363 clinical studies, touched the lives of over 48,000 patients across 15,000 sites and 23 countries worldwide. In addition, ICON has 14,500 staff who operate out of 37 countries and 97 locations. In order to protect patient data, the security team need to detection and respond quickly and consistently to security incidents on a 24×7 basis.
During this 30 minute presentation we will explain how security orchestration, automation & response (SOAR) adoption is a necessity for security teams and how it can help organisations scale up when it comes to detection and response. Gartner predicts that SOAR adoption will be up to 15% of companies in 2020, which is an increase from less than 1% in 2018.
We will present on important pre-requisites that should be in place when looking to adopt SOAR. We will explain three practical use cases and how ICON was doing incident response and how SOAR dramatically changed how ICON were operating on an hourly basis. We will focus on three areas and touch on others; these are phishing attacks, perimeter attacks and proactively blocking cyber threat intelligence in large volumes. These use cases take a lot of manual effort in modern security teams to analyse, extract information and remediate accordingly.
We have completely automated these use cases and have given back valuable time to security and operational teams. We will also explain in detail how we built the business case and how it was received by our senior leadership team. The presentation will cover ICON’s challenges any why we looked to SOAR to solve them. We will walk through the deployment challenges; lessons learnt and advise the audience on things to be careful off. We will also explain what skillsets you need to ensure you have for SOAR to be successful in your organisation and what to consider when it comes to human intervention with incident response.
We will discuss about how we selected our technology (remaining agnostic but will take your lead on this) and will briefly explain why that was a perfect fit for our requirements as well as advising the audience on solution selection tips and tricks! We will also touch on what worked for us may not work for others and explain why that is. We will not speak or mention product during this presentation and will remain agnostic throughout. We can say that we are the only security professionals speaking about this in a real practical way at the moment and from other conferences that we have been speaking at the security community is really interested in SOAR.
Tony started his career in electronics and transitions into Information Technology where he began to focus in cybersecurity. Over the last 20 years, Tony has provided security services to several organisations across a wide variety of industries before specialising in healthcare. In his current role as CISO with ICON Plc he leads a global security team. He is a strong believer in contributing to the security community and advocating security best practices. Tony is currently chair of the H-ISAC European Council and involved with Open Web Application Security Project (OWASP) Dublin Chapter. Tony has been a speaker and expert panel participant discussing cybersecurity topics across European and US security conferences including ISACA, H-ISAC & OWASP events. He holds a M.Sc. in Security and Forensic computing, a certificate in Artificial Intelligence and numerous cybersecurity & privacy certifications.
I am the cybersecurity operations manager in ICON Clinical Research. I have a strong technical background having worked in the security industry for over 15 years. My expertise spans all parts of the kill chain, from installation and configuration to operational management of security technologies. I am a contributing member to the security community, a board member of the OWASP Dublin Chapter and I have numerous industry certifications. I am responsible for ensuring ICON is protected against cybersecurity threats and ensuring ICON tools and processes respond to these threats quickly and efficiently. As Cybersecurity Operations Manager, I defined all of ICON’s requirements for SOAR, led the design for the solution, and fully operationalised it across ICON.