Security Operation Centre 5th generation

Transcription

1 Security Operation Centre 5th generation transition Cezary Prokopowicz Regional Manager SEE HP Enterprise Security Products

2 2

3 3

4 4

5 5

6 Challenges you are facing 1 Nature and motivation of attacks (Fame to fortune, market adversary) Research Infiltration Discovery Capture Exfiltration Transformation of enterprise IT Traditional DC Private cloud Managed cloud Public cloud 2 (Delivery and consumption changes) Consumption Virtual desktops Notebooks Tablets Smart phones 3 Regulatory pressures (Increasing cost and complexity) ISO Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

7 HACKTIVIST

8 ORGANIZE SPECIALIZE MONETIZE 8

9 9

10

11 HP Security Research Ecosystem Partner SANS, CERT, NIST, OSVDB, software & reputation vendors Researchers Customers sharing data HP Global Research 6X the Zero Days than the next 10 competitors combined. Top security vulnerability research organization for the past three years Frost & Sullivan FSRG ESS HP Security Research Teams: DV Labs, ArcSight, Fortify, HPLabs, Application Security Center and Enterprise Security Services Collect network and security data from around the globe 11

12

13 HP TippingPoint protects users, apps and data with market leading network security Simple Easy-to-use, configure and install with centralized management Effective Industry leading security intelligence with weekly DVLabs updates Reliable NGIPS with % network uptime track record 13

14 Gartner Leadership Quadrant 2013 HP TippingPoint has been in the leadership quadrant 9 years in a row! The TippingPoint IPS products have a broad model range of purpose-built appliances, and are known for low latency and high throughput. Customers often cite ease of installation as a positive in product evaluations, especially for deployments with many devices. 14

15 Swiss Federal Railways After a rigorous open bid process with lab tests utilizing our own network traffic, we selected the HP TippingPoint Next Generation IPS 7500NX. We searched for an IPS with minimal administrative effort, and this solution allows us to protect our network infrastructure using TippingPoint s easy-to-use but powerful security policies. 15 Erwin Jud, Lead Engineer for IPS Project

16 84% of breaches occur at the application layer 9/10 mobile applications are vulnerable to attack 16

17 HP Fortify helps you protect your applications In-house Outsourced Commercial Open source Application assessment Assess Find security vulnerabilities in any type of software Software security assurance Assure Fix security flaws in source code before it ships Application protection Protect Fortify applications against attack in production 17

18 HP Fortify named leader in Gartner AST MQ 2014 Gartner Magic Quadrant for Application Security Testing Once again, Gartner not only acknowledged Fortify s years of successful market execution but also called out several areas in which HP is leading in delivering on new technologies to stay ahead of the bad guys. 18 Strengths: Comprehensive SAST capabilities - the most broadly adopted SAST tool in the market. Evolved AST to address ios and Android mobile apps. Innovative IAST capabilities Early innovator with runtime application selfprotection (RASP) technology.

19 SAP Enterprise software Client outcome Significantly enhanced the security of SAP software, with increased number of security patches since 2010 Met board requirements for product security Protected revenue-generating applications and customer reputation 19

20

21 HP ArcSight, act with laser clarity against threats that matter Collect Analyze Prioritize Transform Big Data into actionable security intelligence Real-time correlation of data across devices to find threats Cyber forensics, fix what matters most first 21

22 HP ArcSight named leader in Gartner SIEM MQ 2013 HP ArcSight named a leader in the Gartner Magic Quadrant for Security Information and Event Management (SIEM), 10 years in a row. The most visionary product in the Gartner SIEM MQ 22

23 Vodafone Telecommunications We receive 550 million events per week from our security systems. Due to the aggregation and correlation capabilities of HP ArcSight ESM, those events are reduced to about 50,000 prioritized events. That s an efficiency factor of 1 to 11,000! Manfred Troeder, Head of Global Security Operations Center 23

24

25 HP Atalla helps you secure your sensitive information Payments security Secure payments and transacting systems Cloud and Data Security Encrypt and protect keys and data in public, hybrid, and private clouds Information Protection & Control Embed security at the point of creation for sensitive enterprise data HP Confidential,

26 Visa As the largest processor of Visa debit transactions globally, Visa Debit Processing Services is responsible for securing more than 23 billion debit transactions in the U.S. and prepaid transactions in the U.S. and Canada on an annual basis. HP Atalla is a critical piece of our enterprise IT portfolio, delivering innovative security solutions with the operational excellence, performance and reliability that helps Visa DPS enable secure access to business-critical payment processing data. Chris James, Senior Vice President Product Development, Issuer Processing, Visa Inc. HP Confidential,

27

28 of breaches 94% are reported by a 3rd party Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

29 243days average time to detect breach 2014 January February March April May June July August September October November December 2015 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

30 130 Since 2009, time to resolve an attack has grown 30

31 3 31 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

32 Cyber Defense Center (CDC) Security Operations Center (SOC) Threat Operations Center (TOC) Security Defense Center (SDC) Cyber Security Intelligence Response Center (C-SIRC) Threat Management Center (TMC) Security Intelligence and Operations Center (SIOC) Security Intelligence and Threat Handlers (SITH) Security Threat and Intelligence Center (STIC) 32 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

33 33 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

34 SOC Concept of Ops Process Intel / Threat 1 Network Technology 2 Firewall ID/PS Web server People 5 Level 1 Level 2 4 Engineer Escalation Incident Handler 6 Case closed Network & System Owners Proxy ESM server Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Business

35 SOC Common Elements 35 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

36 Drive to higher ROI / Vision Log Management Centralize Logs Retain Data Comply with Regulations Data Analysis Correlate Technologies Analyze Forensic Evidence Create Automated Reporting Near Time Alerting Streamline Event Feeds High fidelity correlation Custom Reporting Real Time Analysis & Incident Response Monitor Events in Real-time CIRT - Integrated Workflow Minimize Response Time Continual tuning Security Intelligence Analysis in depth Hunters as well as Defenders Information Fusion Uncovering new threats Advanced Use Cases 36 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

37 SOC Maturity Assessment Tech Process SOMM Level People Business Company A Average Maturity Assessment Score Business 2.44 Mission 1.86 Accountability 1.21 Sponsorship 2.18 Relationship 2.15 Deliverables 3.00 Vendor Engagement 2.67 Facilities 1.27 People 1.82 General 1.98 Training 2.61 Certifications 1.58 Experience 2.00 Skill Assessments 0.88 Career Path 1.92 Leadership 1.50 Comments 37 Current Phase 1 Phase 2 Phase 3 Timeline 6 mos 1 yr 2 yr SOMM Target Use Cases Logging Perimeter, compliance Staffing Ad hoc 4 x L1, 1x L2 Insider Threat, APT Application Monitoring 8 x L1, 2x L2 12 x L1, 2x L2, 2x L3 Coverage 8x5 8x5 12x7 24x7 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Process 0.63 General 2.01 Operational Process 1.67 Analytical Process 0.00 Business Process 0.00 Technology Process 0.00 Technology 2.60 Architecture 1.54 Data Collection 3.69 Monitoring 1.50 Correlation 1.37 General 2.13 Overall SOM Level 1.69

38 38

39 39 93 assessments 69 discrete SOCs 13 countries

40 2/5 on maturity continuum 24% fail to meet security requirements 70% fail to meet compliance 40

41 Photo Schmidt Peterson Motorsports 5G SOC Security for the New Reality

42 5G/SOC Acknowledge security threats are driven by human adversaries Assume compromise The SOC must align to the business and demonstrate meaningful value Anti-fragile enterprise led by intelligence, not vulnerabilities Interaction with peers; organizations readily share information Convergence of IT Security and IT Operations tools to facilitate better visibility Hunt teams search large data sets to find threats and attack patterns we did not know about previously Data visualization drives how anomalies are discovered and researched 42 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

43 HP ArcSight - #1 real time security correlation Get platform data from all sources 43

44 HP ArcSight differentiates on four key Collection capabilities Collection Consolidation Correlation Collaboration Collect events from any system or application Add context for assets, users, and business processes Extend to new data types easily Collection Consolidation Correlation Collaboration Collection Consolidation Correlation Collaboration Collection Consolidation Correlation Collaboration Consolidation Universal Log Management of any data to support IT operations, security, compliance and application development Search + report on years of data to investigate outages and incidents quickly and easily Correlation Pattern recognition and anomaly detection to identify modern advanced threats Analyze roles, identities, histories and trends to detect business risk violations The more you collect, the smarter it gets Collaboration Incorporates application security from HP Fortify Integrates reputation data from HP DVLabs Cloud Connections Program to get visibility into cloud data in addition to physical and virtual layers Bi-directional integration with HP IT management, Autonomy, Vertica and Hadoop 44

45 HP s industry-leading scale 9 Major banks out of out of 10 Top telecoms All major branches US Department of Defense 9 out of 10 Top software companies HP Security Professionals 47m HP Secured User Accounts 8 Global Security Operations Centers Global SOC Planned regional SOC 2.3billion Monthly security events Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP managed security customers

46 Thank you

47 86% of budget spent on blocking 31% greater ROI $4,000,000 saved