Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

Transcription

1 Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

2 Agenda Today s Threat Landscape HP ArcSight Summary

3 Agenda Today s Threat Landscape HP ArcSight Summary

4 What s so significant about these numbers?

5 Experts Marvel At How Cyberthieves Stole $45 Million Global Network of Hackers Steal $45 Million From ATMs Bank Hack Results in Stunning $45 Million ATM Heist In Hours, Thieves Took $45 Million in A.T.M. Scheme The Circuit: Hackers took $45 million in ATM heist 5

6 $45M stolen in a matter of hours

7 but planned over a number of years

8 If you know the enemy and know yourself, you need not fear the result of a hundred battles. Sun Tzu, The Art of War

9 Cloud Big data Mobile

10 Defining the adversary Cybercrime Market with distinct process Hacktivist The Actors organize and specialize adversar y Intelligence is bought and sold Nation state 10

11 Organize our capability to disrupt the market Researc h Infiltration Their ecosystem Discover y Capture Our enterprise Exfiltration 11

12 Organize our capability to disrupt the market Educating users Researc Counter intelligence h Their ecosystem Blocking Infiltration access Discover y Capture Our enterprise Exfiltration 12

13 84% of breaches occur at the application layer 68% increase in mobile application vulnerability disclosures 13

14 Organize our capability to disrupt the market Educating users Researc Counter intel h Blocking Infiltration access Discover Finding y them Their ecosystem Capture Our enterprise Exfiltration 14

15 of breaches 94% are reported by a 3rd party 15

16 416days average time to detect breach 2012 June July August September October November December 2013 January February March April May June July August 16

17 Organize our capability to disrupt the market Educating users Researc Counter intel h Blocking Infiltration access Discover Finding y them Their ecosystem Protecting Capture the target asset Planning damage Exfiltration mitigation Our enterprise 17

18 Since 2010, time to resolve an attack has grown 71 % 18

19 Rethink our capability investments Researc h Infiltration Discover y 5X 1X Their ecosystem Capture Our enterprise Exfiltration 19

20 Use our intelligence 20

21 What s so significant about these numbers?

22 Agenda Today s Threat Landscape HP ArcSight Summary

23 Agenda Today s Threat Landscape HP ArcSight Summary

24 Security awareness at board level Organizational and security leadership is under immense pressure CISO Cyber threat Extended supply chain Financial loss Reputation damage Cost of protection Reactive vs. proactive 56% of organizations have been the target of a cyber attack 44% of all data breach involved third-party mistakes $8.6M average cost associated with data breach 30% market cap reduction due to recent events 11% of total IT budget spent on security 97% of data breaches could have been avoided 24

25 The new business reality A time of significant change & acceleration Cloud Big Data Risk Volume From Cloud or xsps Volume Critical business data expanding from Megabytes to Zetabytes 2020 Volume Business services, devices, and identify need to be dynamically secured in context 2020 On Premise Today Today Time Time Time 25

26 The new business reality What does this mean for IT security? Volume On Premise Added complexity Cloud More monitoring end points/data Harder triage From Cloud or xsps Less visibility Volume Increased analytics pressure within IT Big Data Faster decision Critical business making data expanding from Megabytes to Zetabytes Data Volume Velocity Variety Three V s of IT 2020 Volume Shared Log Management Alignment of NOC and SOC Risk Common purpose: Business services, devices, Business and identify need to be dynamically secured Continuity context 2020 Today Today Time Time Time 26

27 traditional dc saas Packaged Applications Employees IT Metrics/Analytics Storage Public Cloud Security Problem with the current approach Cloud Virtual Physica l Expensive Comprehensive monitoring Trade off Third party apps No automation suppliers vendors, devices, & apps Service Software Models Driven Networks Mobile Monitoring Assuring the Hybrid Environment managed in-house App cloud custom apps Systems Monitoring Virtual Fabric private cloud 27

28 A new approach is needed Risk based, adversary-centric

29 A new approach: Risk based, adversary-centric Log management & Security information and event management (SIEM) Collect Consolidate Correlate Collaborate Collect logs from any device, any source, and in any format at high speed Machine data is unified into a single format through normalization and categorization Real-time, crossdevice correlation of events Automate the process of event analysis, information sharing for IT GRC, IT security, and IT operations 29

30 Collect

31 Security Intelligence through Event Analytics Taking unstructured data into account Challenges Scalablility Ingest high Volumes of data (all available data) Normalization Variety of data (structured, semistructured, unstructured) Simultaneous data and query processing Faster access to all relevant information SIEM in the cloud Prioritization of events Other Vendors No no No No No No No No HP ArcSight Yes Yes Yes Yes Yes Yes Yes Yes Competitive Advantage Std reports Adhoc reports The questions that are answered Query Drilldown Alerts Statistical Analysis How many, how often,, where? What happened? Discover Patterns Threat Intelligence Why is this happening? What actions are needed? Is this actually a problem? Degree of Intelligence Decision Support Real-Time Responsiveness What will happen next? What is normal, what might be malicious? 31

32 Consolidation

33 Consolidation Access the data from one point The power of the fastest log management tool Universal Log Management of any data to support IT operations, security, compliance and application development Search and report on years of data to investigate outages and incidents quickly and easily Recognized as the industry leader in log management Cost effective powerful solution 33 Easily aggregate your log information into one solution Strong user community powered Protect 7/24 Search and reporting dashboards as standard

34 Correlation

35 Correlation What can ArcSight show you? Monitor privileged users Privileged user administration Successful logins Failed logins User session monitoring Network usage Top bandwidth users Top protocols Top domains and zones Top external destinations Top external sources Protect your data Database errors and warnings Successful and failed log ins Database configuration changes 35

36 Correlation What can ArcSight show you? Control user access User authentication across hosts Authentication success and failures Configuration changes Prevent intrusions Top Attackers and internal targets IPS/IDS metrics Intrusion alert counts Top alert sources and destinations Top attackers and internal targets Control network devices Network Device Errors and Critical Events Network Device Status and Down Notifications Configuration Changes by User and Change Type Successful and Failed Logins 36

37 Correlation What can ArcSight show you? Prevent viruses Top Infected Systems All AV Errors AV Signature Update Stats Consolidated Virus Activity AV Configuration Changes 37 Monitor VPN/Remote access VPN Authentication Errors Connection Counts Connection Durations Connections Accepted and Denied Successful and Failed Logins Top Connections Top Bandwidth Users VPN Configuration Changes Guard the perimeter Firewall Monitoring Denied Inbound Connections Denied Outbound Connections Successful / Failed Login Activity

38 Correlation ArcSight provides you with system intelligence The most complete correlation engine on the market Pattern recognition and anomaly detection to identify modern advanced threats Analyze roles, identities, histories and trends to detect business risk violations The more you collect, the smarter it gets 38

39 Correlation with Context To understand your Enterprise you need deep coverage Asset Context Vulnerability Attack History Criticality Asset Context Roles Attributes Accounts Location Physical Logical Actions Badge swipes Database queries USB file saves Files Accessed s Sent Screen prints Web Surfing Hosted Applications 39

40 Correlation Brings it all Together Your own Sherlock Holmes History Privileged User Session Role Anomaly Asset Location Transactions Action IP Address 40

41 Collaboration

42 Collaboration Leverage the power of HP ESP The future of IT security Incorporates application security from HP Fortify Integrates reputation data from HP DVLabs Cloud Connections program to get visibility into cloud data (In addition to physical & virtual layers) Bi-directional integration with HP BSM products ATALLA 42

43 ArcSight solution delivers Universal Log Management Compliance & Risk Management Perimeter, Data Center & Network Security Insider Threat Mitigation Advanced Persistent Threat & Data Loss Security Information & Event Management Security Operation Center Application & Transaction Monitoring 43

44 Why HP ArcSight? Advantage Benefit Collect Collect anything from anywhere Comprehensive breadth & depth of collection Store Store big data through high compression ratio, normalize and categorize data Reduced cost of storing logs and unify machine data? Search Sift through big data in seconds through a text-based searching No need of domain expert to investigate deep into logs and events Consolidate Single view into IT security through analytics, monitoring, and machine data Detect & resolve security incidents quickly Correlate Real-time, user-centric, and cross-device correlation of all events Isolate the root-cause and business impact, and fix issues proactively Modular Best price to performance ratio in the market with low TCO Piece of mind through automated & comprehensive continuous monitoring 44

45 How HP ArcSight has helped? 5 minutes to generate IT GRC report Logger compliance packs generates IT GRC reports that otherwise would take 4 weeks 3 days to run an IT audit Search results yield audit-quality data that otherwise would take 6 weeks 2 days to fix a threat vulnerability Logger integration with SIEM solution builds threat immune that otherwise would take 3 weeks 10 minutes to fix an IT incident Text based searching and integration with BSM detects and corrects IT incident that otherwise would take 8 hours 4 hours to respond to a breach Logger enables forensic investigation and a quick response to a data breach that otherwise would take 24 days 45

46 Agenda Today s Threat Landscape HP ArcSight Summary

47 Agenda Today s Threat Landscape HP ArcSight Summary

48 48 Why HP ArcSight for security? 100,000 Breadth & depth of collection 350+ SmartConnectors to collect logs, events, and flows from 350 distinct log generating sources 350+ Ultra-fast & full-text search Advanced filtering and parsing with rich metadata on unified machine data enables search speeds at over 2 million EPS 2,000,000 EPS Huge savings through SIEM Average companies $1,700,000 through SIEM implementation per Ponemon Institute research $1,700,000 Speed of collection The connectors enable collection up to 100,000 EPS, a speed that nobody else can match in the market. HP-IT, an internal HP s IT organization collects flows at 150,000 EPS 100,000 EPS Scale linearly with big data Modular solution helps you to grow linearly with big data, analyzing and storing at compression at 10:1 10:1 Reduction in compliance audits Automating these compliance is one time task and saves 90% of time every quarter from each audit 90%

49 HP Protect 2013 Washington DC, September 16th 19th hp.com/go/protect

50 Make it matter.

51 Thank you