Proactive Approach to Cyber Security

Similar documents
HP Software EMEA Performance Tour Zurich, Switzerland September 18

Agile Security Solutions

THE ACCENTURE CYBER DEFENSE SOLUTION

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Building Resilience in a Digital Enterprise

SYMANTEC DATA CENTER SECURITY

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

RSA NetWitness Suite Respond in Minutes, Not Months

Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

SIEM: Five Requirements that Solve the Bigger Business Issues

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Stopping Advanced Persistent Threats In Cloud and DataCenters

CloudSOC and Security.cloud for Microsoft Office 365

Transforming Security from Defense in Depth to Comprehensive Security Assurance

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Express Monitoring 2019

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Securing the Modern Data Center with Trend Micro Deep Security

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Infoblox as Part of the Ecosystem

Dynamic Datacenter Security Solidex, November 2009

Reinvent Your 2013 Security Management Strategy

Protect Your End-of-Life Windows Server 2003 Operating System

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

align security instill confidence

Datacenter Security: Protection Beyond OS LifeCycle

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Protect Your End-of-Life Windows Server 2003 Operating System

A comprehensive framework for securing virtualized data centers. Business white paper

Carbon Black PCI Compliance Mapping Checklist

Changing face of endpoint security

AT&T Endpoint Security

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

CSP 2017 Network Virtualisation and Security Scott McKinnon

Trend Micro and IBM Security QRadar SIEM

AKAMAI CLOUD SECURITY SOLUTIONS

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

HP Software product hierarchy updates

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Copyright 2011 Trend Micro Inc.

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Building a Resilient Security Posture for Effective Breach Prevention

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Rethinking Security: The Need For A Security Delivery Platform

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Adaptive & Unified Approach to Risk Management and Compliance via CCF

ForeScout ControlFabric TM Architecture

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

From Managed Security Services to the next evolution of CyberSoc Services

RSA IT Security Risk Management

Outwit Cyber Criminals with Comprehensive Malware and Exploit Protection.

A Risk Management Platform

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Bromium: Virtualization-Based Security

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

External Supplier Control Obligations. Cyber Security

Are we breached? Deloitte's Cyber Threat Hunting

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Symantec Ransomware Protection

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Securing the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Cybersecurity Roadmap: Global Healthcare Security Architecture

NEXT GENERATION SECURITY OPERATIONS CENTER

Models HP Security Management System XL Appliance with 500-IPS System License

Designing and Building a Cybersecurity Program

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

Top 10 use cases of HP ArcSight Logger

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Transcription:

Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products

Customers struggle to manage the security challenge Today, security is a board-level agenda item 2

Trends driving security investments Primary Challenges 1 A new market adversary Nature & Motivation of Attacks (Fame fortune, market adversary) Research Infiltration Discovery Capture Delivery Traditional DC 2 Transformation of Enterprise IT (Delivery and consumption changes) Private Cloud Managed Cloud Consumption Virtual Desktops Notebooks Tablets Regulatory Pressures (Increasing cost and complexity) Basel III DoD 8500.1 3 Public Cloud Network Storage Servers Policies and regulations 3 Exfiltration Smart phones

APT - Definition Advanced Persistent Threat (APT) Well-funded and skilled attacker (teams) with profound knowledge about the target and a long-term infiltration strategy. Once the target is infiltrated the highest priority is to stay covert and exfiltrate as much sensible and valuable dataasset as possible or to damage the target (organization) effectively and sustained. Due to the high stakes the attacker(s) will keep on trying until success. 4

APT - Definition Advanced Persistent Threat (APT) Well-funded and skilled attacker (teams) with profound knowledge about the target and a long-term infiltration strategy. Once the target is infiltrated the highest priority is to stay covert and exfiltrate as much sensible and valuable dataasset as possible or to damage the target (organization) effectively and sustained. Due to the high stakes the attacker(s) will keep on trying until success. They will keep on trying until they succeed! 5

The adversary ecosystem Research Infiltration Discovery Their ecosystem Capture Exfiltration 6 Our enterprise

Build capability to disrupt their ecosystem Educate users / use counterresearc intelligence h Block adversary Infiltration access FindDiscover and remove y adversary Their ecosystem Secure the Capture important asset Plan to mitigate Exfiltration damage 7 Our enterprise

A new approach is needed A risk-based, adversary-centric approach

Our strategy is to focus solutions around three areas 1. Harden the attack surface 2. Improve risk management and response 3. Proactively protect information assets 9

HP addresses three major capability weaknesses: 10 Harden the attack surface Improve risk remediation Identify, improve and reduce the vulnerability profile of enterprise applications and systems Turn information to intelligence and more quickly see, find and stop known and unknown threats Proactively protect information Proactively find, understand and protect sensitive information across the enterprise

HP Enterprise Security Products HP Security Technology HP Security SaaS #1 #2 In all markets where we compete 9 out of 10 Major banks 11 2.5B lines of code under SaaS subscription 9 out of 10 Top software companies HP ESP Customers 10000+ Customers Managed 900+ Security Services 10 of 10 Top telecoms New Technologies 35 Released in the last 12 months All Major Branches US Department of Defense

A Security Intelligence and Risk Management platform COMPLIANCE AND POLICY VULNERABILITY MANAGEMENT ASSET PROFILING RISK MANAGEMENT Security Intelligence and Risk Management Platform HP EnterpriseView & Security Intelligence 12 Network Security lication Security FSRG Threat Research

Security Intelligence Proactively detect and respond to threats and compliance breaches Security Performance Suite Business Service Management Shared situational awareness in business context TippingPoint & Fortify Security Intelligence ArcSight ESM Advanced correlation and security intelligence ArcSight Logger ArcSight Express Security and IT event log storage & search Pre-configured SIEM for quick deployment ArcSight Connectors Reputation intelligence 300+ pre-built connectors to collect and manage all logs Real Time Sec monitoring lications 13 Storage Mobile Cloud Clients Network System s

Gartner SIEM MQ 2013 HP ArcSight has moved UP and to the RIGHT A LEADER for 10 consecutive years, while others have appeared and disappeared The most visionary product in the Gartner MQ Gartner recognizes HP s vision through ops-analytics, integrating SIEM and IT Ops We are #1 in 4, #2 in 3 of the 8 categories in meeting customer s SIEM requirements no other vendor is #1 in more than 2 categories HP/ArcSight #1 14 #2

HP ArcSight: Centralized Threat and Risk Management Firewalls Firewalls Firewalls Firewalls Firewalls/ Firewalls VPN Intrusion Detection Systems Vulnerability Assessment Mainframes Server and Desktop OS Network Equipment Identity Sign-On Sign-On Management lications lications lications lications lications lications lications lications lications Anti-Virus lications Directory Services User Attributes Physical Infrastructure Anti Anti Virus Databases Virus Business Processes Collect Analyze & Alert Report & Archive Respond Address 15 Security Threats 15 Monitor Compliance Controls Ensure Business Continuity 15

Security Intelligence Solutions A Use Case roach to Solving Common Business Challenges 16 Mature Manage Assess Design Security Operations Capability People Process Technology

Network Security Proactive next generation network security Security Performance Suite licatio n Security Security Intelligence HP TippingPoint for Network Security with DV Labs research Security Unified network security Management Systemmanagement control Next-Generation IPS Advanced network security Identify known vulnerabilities Integrated early warning system Reputation Digital Vaccine lication Digital Vaccine Block millions of attacks based on reputation Granular application control of over 300 common applications vulnerability Digital Vaccine LabsZero-day detection from 1600 global researchers liance/ Virtualization 17 lication Infrastructure lications Storage Mobile Cloud Clients Network System s

Introducing the NX Platform NGIPS Advanced Protection Against Advanced Threats Highest Port Density available on the market today 24 x 1G segments 16 x 10G segments 4 x 40G segments Improved performance capabilities Swappable I/O modules Multiple performance options (3Gbps to 20Gbps) Installs quickly for seamless in-line threat protection Supports multiple security services: 18 Reputation Digital Vaccine HP TippingPoint NX Series Agile NGIPS Adapts to Prevent Future Attacks Web lication Digital Vaccine lication Digital Vaccine DV Toolkit ThreatlLinQ portal

The Virtual Network Visibility Gap 2 Can t deploy IPS in front of every server Also Need VM to Host security Virtual trust zones Traffic does not enter the physical network for inspection A victim VM can attack other VMs VM Mobility 2 Virtualized Host 1 3 VM OS VM OS vmotion launches VMs in separate sites for DR or other purposes Physical IPS options are cost prohibitive for these uses 21 Top of Rack Switch VM to VM Threats 4 Are mission critical Can t be secured with virtual IPS Patches must be immediate Host to Host Threats 3 Core Switch Hypervisor Security 1 Virtualized Host VM VM OS OS 4 Virtualized Host VM OS VMs moved to separate site VM OS

Secure Virtualization FrameWork (SVF) What s Included IPS Platform Virtual Controller (vcontroller) SMS / Virtual Management Center (vmc) Securing Virtualization DC security solution Single, purpose-built DC security solution Extend IPS solution into the virtual DC Leverage previous IPS investments Flexibly Inspect Data in Both the Physical and Virtual DC 23 VMC Core Switch TippingPoint IPS VMware vcenter Management Network Top of Rack Switch Virtualized Host Hypervisor vswitch VMsafe Kernel Module Redirect Policy OS OS OS OS lication VMs vcontroller Service VM

lication Security Mitigate security risk posed by weak & vulnerable software Security Performance Suite Fortify - Software Security Assurance Fortify on Demand TippingPoint Security Intelligence & Fortify SaaS-based application security testing Secure Development Mobile lication Security With Fortify SCA & SSC Ensure your code is free of vulnerabilities Deliver mobile apps impervious to attack Web Security Testing Fortify Runtime Security With WebInspect Automatically block common attacks within an application Vulnerability scanning and reporting Integrated early warning system Reputation intelligence Real Time Sec monitoring lications 24 Mobile Cloud Clients Network

Fortify Competitive Position Static Analysis MQ 25 Dynamic Analysis MQ

Secure Software Assessment Technologies Discover, Fix DEVELOPMENT Static Analysis During Build Vulnerability Remediation Driven By Lead Developers HP Fortify SCA 26 Discover, Verify QUALITY ASSURANCE Dynamic Testing During QA Security Testing During Regular QA Cycle HP QAInspect Validation Govern Protect PRE-PRODUCTION GO/NO-GO PRODUCTION Dynamic Testing of PreProd Production Gate Periodic Security Testing of Pre-Prod Version of the HP WebInspect Real Time Vulnerability Mgt, Governance, Reporting HP Fortify Governance Module HP Software Security Centre Ongoing Hacker Attacks HP Fortify RTA

Proactive Web lication Protection How does it work? 1. HP WebInspect scans for potential security risks 2. Assess vulnerability threat report 3. Create customized application protection filters 4. Manage exposure with TippingPoint IPS 27 HP WebInspect Scan 1 Internet 3 SSL 4 IPS 2 Vulnerability Report Vulnerability Page and Parameter

Proactive Attack Remediation ThreatLinQ 1) Connection and Context information is reported by Firewall, NGIPS, Active Directory, lication, etc. RepDV LightHouse Events Filters Updates to ESM via ThreatLinQ 2) Security Intelligence feeds ArcSight ESM correlate the information and identify malicious / violation incidents 2 3) ESM instructs SMS to quarantine internal endpoints for remediation / block malicious connection 4) SMS sends action set to IPS. Endpoints are now blocked and quarantined for remediation Policy Mgmt (SMS) 3 ESM 1 Correlation Zone 28 Malware Analysis 1 4 4 4) Identity based reporting provides visibility to endpoint infection by dept/groups IPS 4 IPS Enforcement Zone

Reputation-based Threat Intelligence HP Reputation Security Monitor (RepSM) Bad IPs/ DNS names What does it provide? Enables Security Operations to leverage global threat intelligence to detect and protect against APTs Features Submissions from global security community Intelligence fed to SIEM for real-time correlation Active response taken in response to malicious activity Detects and prioritizes advanced persistent threats (APTs) through correlation of suspicious enterprise-wide activity Enables security operations to respond to unknown attacks with manual or automated actions Customer Benefits Reputation Data HP TippingPoint RepDV HP ArcSight Events Identifies APTs that go undetected by signature-based security controls Enables security operations to respond to unknown attacks with s Laptops manual or automated actions Improves efficiency of SOC, by reducing false-positives using 29 correlation Responses Servers Database Network s

Thank You! jneo@hp.com, +65 9177 3397

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback