In the United Kingdom we are transforming the way in which public services are delivered and how citizens interact with government. Out belief is that technology has a fundamental role to play in helping to meet the challenge of delivering better public services at a lower cost to the taxpayer.
CSC work with a number of civil government departments such as the Department for Work and Pensions and the Foreign and Commonwealth Office, transforming the way in which public services are delivered and how citizens interact with government.
Department for Work and Pensions (DWP)
DWP have signed a contract with CSC to deliver protective monitoring as a service through CSC’s Government Security Operations Centre. This contract is expected to save DWP an estimated £1million cost savings over two years. CSC have taken the time to understand DWPs requirements, and believe that this new service will keep the department aligned with current and future risk mitigation requirements as well as ensuring assets and data are protected
Foreign and Commonwealth Office (FCO)
CSC delivers an onsite 24x7 Security Operations Centre (SOC) service that provides protective monitoring security services for FCO’s core business infrastructure via secure handling procedures at IL3 and 4 as detailed by HMG IA policies and Cabinet Office. The SOC service comprises monitoring for all possible security incidents, analysis, alerting and reporting. Incident analysis is to packet capture level using knowledge of attack types, standard protocol behaviour and a deep understanding of the client environment.
The CSC FCO SOC utilises a security threat and vulnerability management and alerting system accessed via web portal. This service incorporates open source intelligence gathered by vendor specific intelligence gathered from thousands of endpoints and appliances globally. A mapped subset of this information is automatically fed into the SIEM tool to assist with triage, investigation and vulnerability assessment
The service includes monitoring of network and host firewalls, IPS, IDS, and endpoint protection including anti-virus. The CSC FCO SOC’s knowledge of IDS/IDP signatures, policies, firewall rule-sets and client environment and risk profile enables them to create and deploy appropriate SIEM rule-sets to correlate and identify threats such as APT behaviour.
Knowledge is kept appropriate and current by continual research and the CSC FCO SOC maintains close links with the CSC GovSOC and Global SOCs for intelligence gathering and knowledge base purposes. Open source intelligence is regularly gathered from various security vendors and security websites along with vulnerability and threat alerts from CESG. The vulnerability management and reporting service in return contributes to APT mitigation requirements and techniques by reporting client-relevant vulnerabilities, threats and exploits.