Proactive Approach to Cyber Security

Transcription

1 Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products

2 Customers struggle to manage the security challenge Today, security is a board-level agenda item 2

3 Trends driving security investments Primary Challenges 1 A new market adversary Nature & Motivation of Attacks (Fame fortune, market adversary) Research Infiltration Discovery Capture Delivery Traditional DC 2 Transformation of Enterprise IT (Delivery and consumption changes) Private Cloud Managed Cloud Consumption Virtual Desktops Notebooks Tablets Regulatory Pressures (Increasing cost and complexity) Basel III DoD Public Cloud Network Storage Servers Policies and regulations 3 Exfiltration Smart phones

4 APT - Definition Advanced Persistent Threat (APT) Well-funded and skilled attacker (teams) with profound knowledge about the target and a long-term infiltration strategy. Once the target is infiltrated the highest priority is to stay covert and exfiltrate as much sensible and valuable dataasset as possible or to damage the target (organization) effectively and sustained. Due to the high stakes the attacker(s) will keep on trying until success. 4

5 APT - Definition Advanced Persistent Threat (APT) Well-funded and skilled attacker (teams) with profound knowledge about the target and a long-term infiltration strategy. Once the target is infiltrated the highest priority is to stay covert and exfiltrate as much sensible and valuable dataasset as possible or to damage the target (organization) effectively and sustained. Due to the high stakes the attacker(s) will keep on trying until success. They will keep on trying until they succeed! 5

6 The adversary ecosystem Research Infiltration Discovery Their ecosystem Capture Exfiltration 6 Our enterprise

7 Build capability to disrupt their ecosystem Educate users / use counterresearc intelligence h Block adversary Infiltration access FindDiscover and remove y adversary Their ecosystem Secure the Capture important asset Plan to mitigate Exfiltration damage 7 Our enterprise

8 A new approach is needed A risk-based, adversary-centric approach

9 Our strategy is to focus solutions around three areas 1. Harden the attack surface 2. Improve risk management and response 3. Proactively protect information assets 9

10 HP addresses three major capability weaknesses: 10 Harden the attack surface Improve risk remediation Identify, improve and reduce the vulnerability profile of enterprise applications and systems Turn information to intelligence and more quickly see, find and stop known and unknown threats Proactively protect information Proactively find, understand and protect sensitive information across the enterprise

11 HP Enterprise Security Products HP Security Technology HP Security SaaS #1 #2 In all markets where we compete 9 out of 10 Major banks B lines of code under SaaS subscription 9 out of 10 Top software companies HP ESP Customers Customers Managed 900+ Security Services 10 of 10 Top telecoms New Technologies 35 Released in the last 12 months All Major Branches US Department of Defense

12 A Security Intelligence and Risk Management platform COMPLIANCE AND POLICY VULNERABILITY MANAGEMENT ASSET PROFILING RISK MANAGEMENT Security Intelligence and Risk Management Platform HP EnterpriseView & Security Intelligence 12 Network Security lication Security FSRG Threat Research

13 Security Intelligence Proactively detect and respond to threats and compliance breaches Security Performance Suite Business Service Management Shared situational awareness in business context TippingPoint & Fortify Security Intelligence ArcSight ESM Advanced correlation and security intelligence ArcSight Logger ArcSight Express Security and IT event log storage & search Pre-configured SIEM for quick deployment ArcSight Connectors Reputation intelligence 300+ pre-built connectors to collect and manage all logs Real Time Sec monitoring lications 13 Storage Mobile Cloud Clients Network System s

14 Gartner SIEM MQ 2013 HP ArcSight has moved UP and to the RIGHT A LEADER for 10 consecutive years, while others have appeared and disappeared The most visionary product in the Gartner MQ Gartner recognizes HP s vision through ops-analytics, integrating SIEM and IT Ops We are #1 in 4, #2 in 3 of the 8 categories in meeting customer s SIEM requirements no other vendor is #1 in more than 2 categories HP/ArcSight #1 14 #2

15 HP ArcSight: Centralized Threat and Risk Management Firewalls Firewalls Firewalls Firewalls Firewalls/ Firewalls VPN Intrusion Detection Systems Vulnerability Assessment Mainframes Server and Desktop OS Network Equipment Identity Sign-On Sign-On Management lications lications lications lications lications lications lications lications lications Anti-Virus lications Directory Services User Attributes Physical Infrastructure Anti Anti Virus Databases Virus Business Processes Collect Analyze & Alert Report & Archive Respond Address 15 Security Threats 15 Monitor Compliance Controls Ensure Business Continuity 15

16 Security Intelligence Solutions A Use Case roach to Solving Common Business Challenges 16 Mature Manage Assess Design Security Operations Capability People Process Technology

17 Network Security Proactive next generation network security Security Performance Suite licatio n Security Security Intelligence HP TippingPoint for Network Security with DV Labs research Security Unified network security Management Systemmanagement control Next-Generation IPS Advanced network security Identify known vulnerabilities Integrated early warning system Reputation Digital Vaccine lication Digital Vaccine Block millions of attacks based on reputation Granular application control of over 300 common applications vulnerability Digital Vaccine LabsZero-day detection from 1600 global researchers liance/ Virtualization 17 lication Infrastructure lications Storage Mobile Cloud Clients Network System s

18 Introducing the NX Platform NGIPS Advanced Protection Against Advanced Threats Highest Port Density available on the market today 24 x 1G segments 16 x 10G segments 4 x 40G segments Improved performance capabilities Swappable I/O modules Multiple performance options (3Gbps to 20Gbps) Installs quickly for seamless in-line threat protection Supports multiple security services: 18 Reputation Digital Vaccine HP TippingPoint NX Series Agile NGIPS Adapts to Prevent Future Attacks Web lication Digital Vaccine lication Digital Vaccine DV Toolkit ThreatlLinQ portal

19 The Virtual Network Visibility Gap 2 Can t deploy IPS in front of every server Also Need VM to Host security Virtual trust zones Traffic does not enter the physical network for inspection A victim VM can attack other VMs VM Mobility 2 Virtualized Host 1 3 VM OS VM OS vmotion launches VMs in separate sites for DR or other purposes Physical IPS options are cost prohibitive for these uses 21 Top of Rack Switch VM to VM Threats 4 Are mission critical Can t be secured with virtual IPS Patches must be immediate Host to Host Threats 3 Core Switch Hypervisor Security 1 Virtualized Host VM VM OS OS 4 Virtualized Host VM OS VMs moved to separate site VM OS

20 Secure Virtualization FrameWork (SVF) What s Included IPS Platform Virtual Controller (vcontroller) SMS / Virtual Management Center (vmc) Securing Virtualization DC security solution Single, purpose-built DC security solution Extend IPS solution into the virtual DC Leverage previous IPS investments Flexibly Inspect Data in Both the Physical and Virtual DC 23 VMC Core Switch TippingPoint IPS VMware vcenter Management Network Top of Rack Switch Virtualized Host Hypervisor vswitch VMsafe Kernel Module Redirect Policy OS OS OS OS lication VMs vcontroller Service VM

21 lication Security Mitigate security risk posed by weak & vulnerable software Security Performance Suite Fortify - Software Security Assurance Fortify on Demand TippingPoint Security Intelligence & Fortify SaaS-based application security testing Secure Development Mobile lication Security With Fortify SCA & SSC Ensure your code is free of vulnerabilities Deliver mobile apps impervious to attack Web Security Testing Fortify Runtime Security With WebInspect Automatically block common attacks within an application Vulnerability scanning and reporting Integrated early warning system Reputation intelligence Real Time Sec monitoring lications 24 Mobile Cloud Clients Network

22 Fortify Competitive Position Static Analysis MQ 25 Dynamic Analysis MQ

23 Secure Software Assessment Technologies Discover, Fix DEVELOPMENT Static Analysis During Build Vulnerability Remediation Driven By Lead Developers HP Fortify SCA 26 Discover, Verify QUALITY ASSURANCE Dynamic Testing During QA Security Testing During Regular QA Cycle HP QAInspect Validation Govern Protect PRE-PRODUCTION GO/NO-GO PRODUCTION Dynamic Testing of PreProd Production Gate Periodic Security Testing of Pre-Prod Version of the HP WebInspect Real Time Vulnerability Mgt, Governance, Reporting HP Fortify Governance Module HP Software Security Centre Ongoing Hacker Attacks HP Fortify RTA

24 Proactive Web lication Protection How does it work? 1. HP WebInspect scans for potential security risks 2. Assess vulnerability threat report 3. Create customized application protection filters 4. Manage exposure with TippingPoint IPS 27 HP WebInspect Scan 1 Internet 3 SSL 4 IPS 2 Vulnerability Report Vulnerability Page and Parameter

25 Proactive Attack Remediation ThreatLinQ 1) Connection and Context information is reported by Firewall, NGIPS, Active Directory, lication, etc. RepDV LightHouse Events Filters Updates to ESM via ThreatLinQ 2) Security Intelligence feeds ArcSight ESM correlate the information and identify malicious / violation incidents 2 3) ESM instructs SMS to quarantine internal endpoints for remediation / block malicious connection 4) SMS sends action set to IPS. Endpoints are now blocked and quarantined for remediation Policy Mgmt (SMS) 3 ESM 1 Correlation Zone 28 Malware Analysis ) Identity based reporting provides visibility to endpoint infection by dept/groups IPS 4 IPS Enforcement Zone

26 Reputation-based Threat Intelligence HP Reputation Security Monitor (RepSM) Bad IPs/ DNS names What does it provide? Enables Security Operations to leverage global threat intelligence to detect and protect against APTs Features Submissions from global security community Intelligence fed to SIEM for real-time correlation Active response taken in response to malicious activity Detects and prioritizes advanced persistent threats (APTs) through correlation of suspicious enterprise-wide activity Enables security operations to respond to unknown attacks with manual or automated actions Customer Benefits Reputation Data HP TippingPoint RepDV HP ArcSight Events Identifies APTs that go undetected by signature-based security controls Enables security operations to respond to unknown attacks with s Laptops manual or automated actions Improves efficiency of SOC, by reducing false-positives using 29 correlation Responses Servers Database Network s

27 Thank You!