Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

Similar documents
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Top 10 use cases of HP ArcSight Logger

Proactive Approach to Cyber Security

RSA NetWitness Suite Respond in Minutes, Not Months

FOR FINANCIAL SERVICES ORGANIZATIONS

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

locuz.com SOC Services

SIEM Solutions from McAfee

align security instill confidence

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

SIEM: Five Requirements that Solve the Bigger Business Issues

Cyber-Threats and Countermeasures in Financial Sector

Combating Cyber Risk in the Supply Chain

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

RSA IT Security Risk Management

NEXT GENERATION SECURITY OPERATIONS CENTER

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

MITIGATE CYBER ATTACK RISK

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

CloudSOC and Security.cloud for Microsoft Office 365

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

AKAMAI CLOUD SECURITY SOLUTIONS

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Integrated, Intelligence driven Cyber Threat Hunting

Strategies for a Successful Security and Digital Transformation

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

SECURITY SERVICES SECURITY

Copyright 2011 Trend Micro Inc.

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

MEETING ISO STANDARDS

Not your Father s SIEM

Traditional Security Solutions Have Reached Their Limit

HP Fortify Software Security Center

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

The Future of Threat Prevention

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

RSA Security Analytics

IBM Security Network Protection Solutions

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Security. Made Smarter.

From Managed Security Services to the next evolution of CyberSoc Services

CSP 2017 Network Virtualisation and Security Scott McKinnon

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

TRUE SECURITY-AS-A-SERVICE

CyberArk Privileged Threat Analytics

Secure & Unified Identity

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

AT&T Endpoint Security

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

May the (IBM) X-Force Be With You

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

THE ACCENTURE CYBER DEFENSE SOLUTION

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

SYMANTEC DATA CENTER SECURITY

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Agile Security Solutions

CA Security Management

SIEMLESS THREAT DETECTION FOR AWS

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Reinvent Your 2013 Security Management Strategy

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Teradata and Protegrity High-Value Protection for High-Value Data

Imperva Incapsula Website Security

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Building a Threat-Based Cyber Team

Power of the Threat Detection Trinity

Cybowall Solution Overview

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

RSA INCIDENT RESPONSE SERVICES

Operationalizing the Three Principles of Advanced Threat Detection

Popular SIEM vs aisiem

PT Unified Application Security Enforcement. ptsecurity.com

Consumerization. Copyright 2014 Trend Micro Inc. IT Work Load

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

ForeScout Extended Module for Splunk

Transcription:

Todays Threat Landscape Cloud / Big data / Mobile Jonathan Martin HP Enterprise Security Products

Agenda Today s Threat Landscape HP ArcSight Summary

Agenda Today s Threat Landscape HP ArcSight Summary

What s so significant about these numbers? 94 416 71 84 68 4

Experts Marvel At How Cyberthieves Stole $45 Million Global Network of Hackers Steal $45 Million From ATMs Bank Hack Results in Stunning $45 Million ATM Heist In Hours, Thieves Took $45 Million in A.T.M. Scheme The Circuit: Hackers took $45 million in ATM heist 5

$45M stolen in a matter of hours

but planned over a number of years

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Sun Tzu, The Art of War

Cloud Big data Mobile

Defining the adversary Cybercrime Market with distinct process Hacktivist The Actors organize and specialize adversar y Intelligence is bought and sold Nation state 10

Organize our capability to disrupt the market Researc h Infiltration Their ecosystem Discover y Capture Our enterprise Exfiltration 11

Organize our capability to disrupt the market Educating users Researc Counter intelligence h Their ecosystem Blocking Infiltration access Discover y Capture Our enterprise Exfiltration 12

84% of breaches occur at the application layer 68% increase in mobile application vulnerability disclosures 13

Organize our capability to disrupt the market Educating users Researc Counter intel h Blocking Infiltration access Discover Finding y them Their ecosystem Capture Our enterprise Exfiltration 14

of breaches 94% are reported by a 3rd party 15

416days average time to detect breach 2012 June July August September October November December 2013 January February March April May June July August 16

Organize our capability to disrupt the market Educating users Researc Counter intel h Blocking Infiltration access Discover Finding y them Their ecosystem Protecting Capture the target asset Planning damage Exfiltration mitigation Our enterprise 17

Since 2010, time to resolve an attack has grown 71 % 18

Rethink our capability investments Researc h Infiltration Discover y 5X 1X Their ecosystem Capture Our enterprise Exfiltration 19

Use our intelligence 20

What s so significant about these numbers? 94 416 71 84 68 21

Agenda Today s Threat Landscape HP ArcSight Summary

Agenda Today s Threat Landscape HP ArcSight Summary

Security awareness at board level Organizational and security leadership is under immense pressure CISO Cyber threat Extended supply chain Financial loss Reputation damage Cost of protection Reactive vs. proactive 56% of organizations have been the target of a cyber attack 44% of all data breach involved third-party mistakes $8.6M average cost associated with data breach 30% market cap reduction due to recent events 11% of total IT budget spent on security 97% of data breaches could have been avoided 24

The new business reality A time of significant change & acceleration Cloud Big Data Risk Volume From Cloud or xsps Volume Critical business data expanding from Megabytes to Zetabytes 2020 Volume Business services, devices, and identify need to be dynamically secured in context 2020 On Premise Today Today Time Time Time 25

The new business reality What does this mean for IT security? Volume On Premise Added complexity Cloud More monitoring end points/data Harder triage From Cloud or xsps Less visibility Volume Increased analytics pressure within IT Big Data Faster decision Critical business making data expanding from Megabytes to Zetabytes Data Volume Velocity Variety Three V s of IT 2020 Volume Shared Log Management Alignment of NOC and SOC Risk Common purpose: Business services, devices, Business and identify need to be dynamically secured Continuity context 2020 Today Today Time Time Time 26

traditional dc saas Packaged Applications Employees IT Metrics/Analytics Storage Public Cloud Security Problem with the current approach Cloud Virtual Physica l Expensive Comprehensive monitoring Trade off Third party apps No automation suppliers 1000+ vendors, devices, & apps Service Software Models Driven Networks Mobile Monitoring Assuring the Hybrid Environment managed in-house App cloud custom apps Systems Monitoring Virtual Fabric private cloud 27

A new approach is needed Risk based, adversary-centric

A new approach: Risk based, adversary-centric Log management & Security information and event management (SIEM) Collect Consolidate Correlate Collaborate Collect logs from any device, any source, and in any format at high speed Machine data is unified into a single format through normalization and categorization Real-time, crossdevice correlation of events Automate the process of event analysis, information sharing for IT GRC, IT security, and IT operations 29

Collect

Security Intelligence through Event Analytics Taking unstructured data into account Challenges Scalablility Ingest high Volumes of data (all available data) Normalization Variety of data (structured, semistructured, unstructured) Simultaneous data and query processing Faster access to all relevant information SIEM in the cloud Prioritization of events Other Vendors No no No No No No No No HP ArcSight Yes Yes Yes Yes Yes Yes Yes Yes Competitive Advantage Std reports Adhoc reports The questions that are answered Query Drilldown Alerts Statistical Analysis How many, how often,, where? What happened? Discover Patterns Threat Intelligence Why is this happening? What actions are needed? Is this actually a problem? Degree of Intelligence Decision Support Real-Time Responsiveness What will happen next? What is normal, what might be malicious? 31

Consolidation

Consolidation Access the data from one point The power of the fastest log management tool Universal Log Management of any data to support IT operations, security, compliance and application development Search and report on years of data to investigate outages and incidents quickly and easily Recognized as the industry leader in log management Cost effective powerful solution 33 Easily aggregate your log information into one solution Strong user community powered Protect 7/24 Search and reporting dashboards as standard

Correlation

Correlation What can ArcSight show you? Monitor privileged users Privileged user administration Successful logins Failed logins User session monitoring Network usage Top bandwidth users Top protocols Top domains and zones Top external destinations Top external sources Protect your data Database errors and warnings Successful and failed log ins Database configuration changes 35

Correlation What can ArcSight show you? Control user access User authentication across hosts Authentication success and failures Configuration changes Prevent intrusions Top Attackers and internal targets IPS/IDS metrics Intrusion alert counts Top alert sources and destinations Top attackers and internal targets Control network devices Network Device Errors and Critical Events Network Device Status and Down Notifications Configuration Changes by User and Change Type Successful and Failed Logins 36

Correlation What can ArcSight show you? Prevent viruses Top Infected Systems All AV Errors AV Signature Update Stats Consolidated Virus Activity AV Configuration Changes 37 Monitor VPN/Remote access VPN Authentication Errors Connection Counts Connection Durations Connections Accepted and Denied Successful and Failed Logins Top Connections Top Bandwidth Users VPN Configuration Changes Guard the perimeter Firewall Monitoring Denied Inbound Connections Denied Outbound Connections Successful / Failed Login Activity

Correlation ArcSight provides you with system intelligence The most complete correlation engine on the market Pattern recognition and anomaly detection to identify modern advanced threats Analyze roles, identities, histories and trends to detect business risk violations The more you collect, the smarter it gets 38

Correlation with Context To understand your Enterprise you need deep coverage Asset Context Vulnerability Attack History Criticality Asset Context Roles Attributes Accounts Location Physical Logical Actions Badge swipes Database queries USB file saves Files Accessed Emails Sent Screen prints Web Surfing Hosted Applications 39

Correlation Brings it all Together Your own Sherlock Holmes History Privileged User Session Role Anomaly Asset Location Transactions Action IP Address 40

Collaboration

Collaboration Leverage the power of HP ESP The future of IT security Incorporates application security from HP Fortify Integrates reputation data from HP DVLabs Cloud Connections program to get visibility into cloud data (In addition to physical & virtual layers) Bi-directional integration with HP BSM products ATALLA 42

ArcSight solution delivers Universal Log Management Compliance & Risk Management Perimeter, Data Center & Network Security Insider Threat Mitigation Advanced Persistent Threat & Data Loss Security Information & Event Management Security Operation Center Application & Transaction Monitoring 43

Why HP ArcSight? Advantage Benefit Collect Collect anything from anywhere Comprehensive breadth & depth of collection Store Store big data through high compression ratio, normalize and categorize data Reduced cost of storing logs and unify machine data? Search Sift through big data in seconds through a text-based searching No need of domain expert to investigate deep into logs and events Consolidate Single view into IT security through analytics, monitoring, and machine data Detect & resolve security incidents quickly Correlate Real-time, user-centric, and cross-device correlation of all events Isolate the root-cause and business impact, and fix issues proactively Modular Best price to performance ratio in the market with low TCO Piece of mind through automated & comprehensive continuous monitoring 44

How HP ArcSight has helped? 5 minutes to generate IT GRC report Logger compliance packs generates IT GRC reports that otherwise would take 4 weeks 3 days to run an IT audit Search results yield audit-quality data that otherwise would take 6 weeks 2 days to fix a threat vulnerability Logger integration with SIEM solution builds threat immune that otherwise would take 3 weeks 10 minutes to fix an IT incident Text based searching and integration with BSM detects and corrects IT incident that otherwise would take 8 hours 4 hours to respond to a breach Logger enables forensic investigation and a quick response to a data breach that otherwise would take 24 days 45

Agenda Today s Threat Landscape HP ArcSight Summary

Agenda Today s Threat Landscape HP ArcSight Summary

48 Why HP ArcSight for security? 100,000 Breadth & depth of collection 350+ SmartConnectors to collect logs, events, and flows from 350 distinct log generating sources 350+ Ultra-fast & full-text search Advanced filtering and parsing with rich metadata on unified machine data enables search speeds at over 2 million EPS 2,000,000 EPS Huge savings through SIEM Average companies $1,700,000 through SIEM implementation per Ponemon Institute research $1,700,000 Speed of collection The connectors enable collection up to 100,000 EPS, a speed that nobody else can match in the market. HP-IT, an internal HP s IT organization collects flows at 150,000 EPS 100,000 EPS Scale linearly with big data Modular solution helps you to grow linearly with big data, analyzing and storing at compression at 10:1 10:1 Reduction in compliance audits Automating these compliance is one time task and saves 90% of time every quarter from each audit 90%

HP Protect 2013 Washington DC, September 16th 19th hp.com/go/protect

Make it matter.

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback