HP and netforensics Security Information Management solutions. Business blueprint

Transcription

1 HP and netforensics Security Information Management solutions Business blueprint

2 Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization s ability to do business. Not only are these new threats increasing in number, but they are also increasing in sophistication making it virtually impossible for information security staff to keep pace. You need to be able to keep your business going in the face of escalating security threats, increasing regulatory demands for data privacy and growing complexity of managing digital identities and access rights. The number of heterogeneous security and network devices is increasing dramatically particularly across large enterprises. Managing the breadth and volume of security events from these diverse products and vendors is a daunting, if not impossible, task; there is no standard device message type, and maintaining dedicated resources for monitoring these resources is both impractical and ineffective. A firewall manager may see an attack undetected by his colleague managing the intrusion detection system. Filtering out bad behavior from normal behavior is no longer possible without a comprehensive Security Information Management solution. Another issue that is facing organizations is ineffective incident response and case management. Organizations require a documented and monitored incident response process that is integrated with their knowledge base to remediate IT security attacks and breaches. An integrated network and security management environment that supports a holistic incident response workflow that spans network and security operations teams is essential for creating a sense and respond security environment. Increasingly, regulatory compliance is driving decisions about network and security infrastructure. Organizations must demonstrate the presence and effectiveness of controls around such regulations as Sarbanes-Oxley, HIPAA, FISMA, GLBA and Basel II. In order to do so, security events must be captured and preserved in an auditable database that can be harnessed to populate compliance reports. Finally, information security must be managed like any other strategic business process. This requires establishing a set of metrics, measuring performance relative to those metrics over a set period of time, and continuously refining security processes and policy to improve performance. A SIM environment collects information from each phase of the security information life-cycle, and enables executives to gain visibility into their organization s performance. 2

3 netforensics and HP understand that organizations need prioritized, actionable security intelligence from diverse enterprise systems while addressing the requirements of regulations, policies and audits. Our companies have partnered to deliver the most extensible solution for security event correlation, monitoring, incident management and compliance reporting. Philippe Lamy, Director Global Security Practice, HP Services Consulting and Integration Integrating security and network operations groups with a unified management environment With the spate of security threats that have accompanied the mainstream adoption of Internet technology, many organizations have moved quickly to build dedicated security organizations to protect the enterprise. This necessitated the creation of a security operations center (SOC) staffed by dedicated security specialists, separate from the network operations center (NOC). The rationale for building a distinct security organization was based on the assumption that the pace of change required specialized skills and knowledge from dedicated resources with a separate buying center. In this model, the NOC could focus on keeping the network running, while the SOC could focus on protecting the network. As a result, separate environments were created to manage the security infrastructure. This has created blind spots that have constrained information sharing and communication between the network and security organizations. This, combined with cultural and political barriers, has created greater risk and overhead for organizations. HP OpenView customers can now integrate with netforensics nfx Open Security Platform to implement a security management process that spans the NOC/SOC to shorten remediation cycle times and ensure full eradication of attacks. Organizations can quickly and cost-effectively integrate their network and security infrastructure to derive more value from their existing investment in HP OpenView technology while monitoring the health of the SIM infrastructure from OpenView. netforensics overview nfx Open Security Platform (nfx OSP), netforensics flagship Security Information Management (SIM) solution, sets the standard for enterprise SIM by providing customers with a completely integrated solution that meets the security team s requirements for real-time monitoring and historical analysis of security information. nfx OSP is the only SIM solution built on a robust enterprise class architecture that can scale to deliver 24x7 SIM across a complex, distributed and heterogeneous enterprise. The nfx OSP architecture forms a backbone to guarantee users reliable access to rich SIM functionality including event normalization, comprehensive correlation, real-time notification, dynamic threat visualization, reporting and analytics, embedded security knowledge, incident resolution management, policy compliance and vulnerability management. The end result is a flexible security infrastructure that helps the security organization to combat, identify and respond to threats to mitigate risk and continuously reduce time to remediation. 3

4 Figure 1. nfx OSOP HP Openview integration More enterprises are seeking to improve operational efficiency by managing network and security from a single console and implementing a holistic process that fosters collaboration between network and security operations groups. nfx OSP functionality is fully available from the HP OpenView NNM and Operations Console and provides bi-directional event flows from nfx OSP to the HP OpenView components. With the integration of HP OpenView with nfx OSP, organizations can reduce risk by becoming more effective at coordinating activities across IT security and network operations via a centralized, holistic view of the entire infrastructure. HP OpenView customers can quickly and costeffectively integrate their network and security infrastructures to derive more value from existing investments. Yale Tankus, VP Alliances and Partnerships, Hewlett-Packard Company nfx OSP empowers the security organization with the agility required to meet the information security challenges facing today s enterprise by: Creating an auditable security infrastructure to demonstrate compliance with key regulatory statutes. Preventing catastrophic loss by protecting critical assets and identifying attacks sooner. Enabling analysts to conduct historical or forensic analysis when an attack occurs to determine the full extent of the attack. Reducing the risk baseline. Increasing the value of existing information security investments. Improving the effectiveness of security personnel by improving the efficiency of limited human resources and closing knowledge gaps. Measuring security operations performance against key metrics. nfx OSP delivers comprehensive multi-vendor security event management by normalizing and aggregating large quantities of security data. Real-time security events are correlated then presented in a dynamic console and stored in a centralized, auditable repository. Users are provided with prioritized, actionable intelligence based on security activities across the enterprise. The nfx solution identifies and prioritizes the most critical real issues, while providing an integrated incident response system to quickly eradicate threats before damage can occur. The complex nature of distributed and decentralized networks make it critical for a security information solution to effectively scale to maintain high performance processing of security events. nfx OSP is a tried and trusted enterprise class solution that can scale to any requirement while providing built-in redundancies to maintain high performance event processing and continuous availability. A growing number of regulations now require that organizations demonstrate the presence and effectiveness of security controls, while implementing best practices for monitoring, reporting and incident response. nfx OSP enables organizations to demonstrate compliance with security controls by storing event information and recreating the security posture at any point in time, while providing centralized logging and reporting of events, periodic risk assessment and a formal security incident management process. Joint solution summary Security and risk management are top priorities for IT. Security and trusted computing platforms are essential for the realization of web services and wireless networking. Regulations for the finance, health, and service provider industries now include requirements to protect the privacy of individuals while still facilitating secure sharing of information. And, effective security spans people, process, and multiple technologies. 4

5 Figure 2. Compliance reporting nfx OSP provides a comprehensive suite of reports that address specific sections of key compliance regulations. Operational reports create a timely, prioritized view of threats against the assets that are most pertinent to demonstrating compliance. Executive reports and dashboards show overall security posture, vulnerability, and incident management trends. With the importance of verifiable IT controls for meeting governance and regulatory mandates, process-driven IT Service Management (ITSM) can help organizations meet auditing requirements while also better aligning their IT management with business objectives. Users can manage their IT resources from a business service perspective assessing the impact of security and other IT problems. HP's industry leading ITSM solutions span change, configuration, help desk, incident, problem, and service level management. While the advanced functionality and usability of a SIM solution can transform the way a security organization works, it must be built on a scalable architecture for customers to realize its full value. The nfx Open Security Platform is built on the industry s most robust architecture to meet the performance demands of a mission-critical infrastructure application running across multiple sites. This gives management the confidence it needs to know that the security operations center is up and running and protecting the enterprise, and that the data needed to comply with an audit remain available and uncompromised. Solution Description nfx OSP Integration with HP OpenView Operations Console and Network Node Manager (NNM) HP OpenView users can now leverage a single operations console to manage both security and network incidents. nfx Open Security Platform can be launched directly from the HP OpenView Operations Console and NNM to view reported security incidents, analyze raw events collected from security devices across the network, as well as monitor the applications health and performance statistics. HP Service Desk HP OpenView Service Desk is a comprehensive, scalable IT service desk solution based on a unified configuration management foundation. Using the HP OpenView Service Desk solution, your IT organization can easily streamline IT service processes as well as manage the IT service life cycle through comprehensive service level management capabilities. Built on ITIL principles and leveraging industry best practices, Service Desk enables you to manage IT services and provide effective controls for your critical service support and service delivery processes. Value Proposition The HP-netForensics security information management solution offers unique methods of addressing knowledge management challenges. By implementing this solution in your organization, you will realize reduced support costs, rapid deployment, low total cost of ownership (TCO) and self-learning that will drive improvements in your processes. The value of integrating intelligence from the network operations center and the security operations center is coming to the forefront of enterprise IT management. Organizations are seeking to become more effective at the coordination of activities across IT security and network operations via a unified network and security management infrastructure. 5

6 Figure 3. Role-based views nfx Open Security Platform allows different types of users to organize information views for their specific needs. Executives can now get high level views that measure performance against key metrics while operators and analysts can gain easy access to multiple real-time views and analytic tools they need to quickly identify and eradicate threats. The integration of HP OpenView with netforensics Open Security Platform help you realize a number of benefits: Provides an integrated solution to ensure that threats are identified and contained, and that systems are rapidly returned to operational standards. Improves collaboration between network and security teams. Incorporates security information management capabilities and security intelligence into the network management environment. More readily incorporates security policy into the network architecture to ensure that configuration changes don t increase vulnerability. Reduces TCO by creating a central point for monitoring and managing the network infrastructure. Delivers actionable intelligence to Operations, Incident Response Teams, Network Engineers, Audit and Compliance teams. Helps organizations comply with regulations and service agreements that require high levels of security controls, data privacy and integrity. Enhances operational efficiencies by fully leveraging best-of-breed network and security resources. Centrally monitors and manages security, networks and service levels simultaneously. Why HP and netforensics? HP IT Service Management (ITSM) combines powerful HP OpenView software with years of experience to transform your IT into a real business and competitive differentiator. See how HP IT Service Management solutions bring people, processes, and technology together to capitalize on change. Each approach can be implemented on a standalone basis, or can be combined with any of the other approaches in order to create a greater positive impact for your IT organization, and those that rely on your IT services. The HP OpenView portfolio of management solutions helps you take control of your IT and telecommunications resources. By giving you tools to troubleshoot problems, adapt quickly to change, and keep your data secure, our solutions ensure that business-critical data and services are delivered on time, all the time. HP OpenView solutions for business, service, resource, as well as solutions specific to an industry's needs, let you align your company's people, processes, and technology to contribute to an Adaptive Enterprise environment. HP management solutions for the Adaptive Enterprise extend across your company, helping solve critical enterprisewide business challenges. HP management solutions address these challenges by providing the software and services needed to manage today's demanding IT environments. Operational costs are reduced by increased staff efficiency, better application availability and optimized service delivery. You're free to focus on innovation instead of maintenance. 6

7 Figure 4. nfx Open Security Platform transforms data from diverse devices and applications into actionable information, and then automatically harnesses this information to support security operators, analysts and managers-as well as network operations staff-throughout the security management life-cycle. Event data Firewalls, IDS, VPN, Anti-Virus, Vulnerability Scanners, OS, Applications Normalizaion Knowledge base Aggregation Vulnerability correlation Statistical correlation Rules correlation Centralized event management Real-time visualization Reporting and compliance Security policy refinement Evidence gathering Incident analysis Eradication Mitigation Containment By bringing our vast security expertise and mature technology directly to HP OpenView customers, we enable more of the world s largest, most complex organizations to improve their security posture and meet compliance mandates through the value of enterprise Security Information Management. Rajeev Khanolkar, CEO, netforensics HP s ITSM methodology evolves from our extensive experience in delivering high-quality IT services for all kinds of IT environments. We embody best practices as defined by the IT Infrastructure Library (ITIL), a defacto industry standard for IT management. With IT Service Management Solutions from HP, you can evolve your IT organization from the role of technology provider to a valued contributor, full aligned with the business goals of your enterprise. HP delivers solutions based on a collaborative methodology that focuses on customer needs. HP takes a holistic approach to security always with an eye on the bigger picture of people, processes and technology within your organization to improve the effectiveness of your security solution. netforensics is the leading authority in Security Information Management (SIM) with more than 400 clients including Global 1000 enterprises and government organizations operating some of the largest networks in the world. netforensics is the only SIM vendor with an integrated family of enterprise-class products and services that are based on the proven, repeatable nfx information security methodology. This combination empowers security organizations to combat threats more efficiently, while connecting the security organization with network operations, compliance, and risk management. With award-winning technology, netforensics improves security operations performance by extracting real-time intelligence from point security products and applications into a single data repository, flagging the most-critical issues and launching integrated incident resolution and remediation processes. netforensics and HP understand that you need: Prioritized, actionable intelligence from diverse enterprise systems Methods and tools to address the requirements of regulations, policies and audits. HP s industry leading technology portfolio combined with netforensics industry leading SIM solution is unparalleled. Together, HP and netforensics offer an end-to-end solution that will meet your needs today and in the future. As your needs grow and change, this solution is flexible enough to grow and change with you. For more information To learn more about this solution, contact your local HP sales representative or visit: 7

8 For more information For more information, please visit Copyright 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.the only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. 4AA0-0710ENW, 06/2005.