End State Infosec
Product Roadmap
Feb 2024
1
� Objectives of the End State Security Roadmap
• Fit for purpose for the Bank and not “Top of the line, Gartner Magic Quadrant” selection approach
• Vendor & Product consolidation to drive efficiency, productivity and scalability
• Seamless integration across product portfolio, driving standardization and reusability
• Standardized Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR)
• SIEM - Analyses security data from various sources, such as log data, to identify potential threats. SIEM focuses on raising alerts based on predefined rules
or correlation techniques. It provides incident data to Security Operations Centers (SOCs), to determine the next steps in an investigation.
• SOAR - Automates data collection, threat analysis, and incident response. SOAR integrates with a wider range of tools and technologies than SIEM,
including SIEM itself, to gather information from different security devices, threat intelligence feeds, and incident management systems. SOAR can help
security teams reduce alert fatigue, streamline incident response processes, and speed up response times. SOARs that automate investigation path
workflows can also significantly cut down on the amount of time required to handle alerts.
• Reduce utilization of external 3rd party managed SOC services
• Leverage strategic partnership with key vendors to drive better utilization of services, product roadmaps, investments and support
2
�Security
End StateFramework
Security Product Portfolio
End-Point Data
Management Management
360 Degree
Security Compliance
Threat Management Management
Management towards Zero-Trust
Identity Device
Management Management
33
�End State Security Product Portfolio
2024 2025
2025
2025 2024
4
Key: Implemented In progress Assessment for suitability Not in Scope
� Microsoft Defender
• Microsoft Defender for Endpoint (EDR) is an
Endpoint Detection and Response (EDR) solution
that helps security teams detect, investigate,
prevent, and respond to threats across endpoints.
• Coupling with Microsoft Defender, Microsoft Entra
& Microsoft Purview, underpinned with Security
Co-pilot, Microsoft Sentinel provides a 360-degree
view of the enterprise landscape
• Significant returns on TCO when aligned with
Microsoft365, Microsoft Entra and Microsoft
Sentinel
5
� Microsoft Sentinel
Microsoft Sentinel is a scalable, cloud-native security information
and event management (SIEM) that delivers an intelligent and
comprehensive solution for SIEM and security orchestration,
automation, and response (SOAR).
• With coupling with Microsoft Defender, Microsoft Entra &
Microsoft Purview, underpinned with Security Co-pilot,
Microsoft Sentinel provides a 360-degree view of the
enterprise landscape and supports –
• Detecting threats, and minimize false positives
• Investigate threats with artificial intelligence, and hunt
for suspicious activities at scale
• Automate common tasks and simplify security
orchestration with playbooks that integrate with Azure
services and existing tools, e.g. ServiceNow
• Ability to reduce 3rd party SOC services
6
� Microsoft Intune
Microsoft Intune is a cloud-based endpoint management
solution, managing user access to organizational resources and
simplifies app and device management across devices,
including mobile devices, desktop computers, and virtual
endpoints.
Key features deployed/being deployed at the Bank are –
• Manage users and devices – Implemented
• Automate policy deployment – In Progress
• Simplify app management – Assessment in progress
• Employee self-service features – TBD
• Integrate with mobile threat defence – TBD
• Advanced endpoint management and security (features, like
Remote Help, Endpoint Privilege Management, Microsoft
Tunnel for MAM, and more) - TBD
7
� Microsoft Entra
Microsoft Entra covers –
• Microsoft Azure Active Directory (Azure
AD)
• Cloud Infrastructure Entitlement
Management (CIEM) - Microsoft Entra
Permissions Management
• Decentralized identity – Scale out of
Azure AD with Entra Verified ID, a key
component to drive internal IAM & SSO
for employees
8
� Microsoft Purview
Microsoft Purview provides a unified data control solution to help manage and
secure your on-premises, multi-cloud, and software as a service (SaaS) data
through –
• Data Loss Prevention (DLP) – Automatically protect sensitive information
from risky and unauthorized access across apps, services, endpoints, and on-
premises files.
• Insider Risk Management – Detect, investigate, and act on critical risks in
your organization, including data theft, data leaks, and security policy
violations.
• Information Protection – Discover, identify, classify, and protect sensitive data
that’s business critical, and then manage and protect it across your
environment.
• Adaptive Protection – leverages Insider Risk Management machine learning
to understand how users are interacting with data, identify risky activities that
may result in data security incidents, then automatically tailor Data Loss
Prevention (DLP) controls based on the risk detected
• Audit – Support forensic investigations and meet regulatory requirements
with critical audit log events, and customized retention policies.
9
�Zero Trust Approach
10
