The Evolution of Application Monitoring



Similar documents
From the Bottom to the Top: The Evolution of Application Monitoring

Changing the Enterprise Security Landscape

Know your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Software EMEA Performance Tour Berlin, Germany June

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Партнерство с HP ESP Сильная Команда и Безопасное Будущее

HP Fortify application security

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

HP NonStop Server Security and HP ArcSight SIEM

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

HP Fortify Software Security Center

(S2.3) Security Spotlight: How cyber criminals can steal millions in seconds and how to fight back. Johannesburg

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Accelerating Software Security With HP. Rob Roy Federal CTO HP Software

HP ESP 2013 Solution Roadmap

HP Cyber Security Control Cyber Insight & Defence

Решения HP по информационной безопасности

Bezpečnosť dát v HP Cloude

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

End-user Security Analytics Strengthens Protection with ArcSight

HP Application Security Center

Application Security Center overview

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Testing Solutions to Tackle Application Security Checkpoint Technologies SQGNE. Jimmie Parson Checkpoint Technologies

Swordfish

Cloud and Data Center Security

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Continuous Network Monitoring

Fortify. Securing Your Entire Software Portfolio

Caretower s SIEM Managed Security Services

Security Operation Centre 5th generation

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Increase insight. Reduce risk. Feel confident.

The Hillstone and Trend Micro Joint Solution

IT Security & Compliance. On Time. On Budget. On Demand.

Worldwide Security and Vulnerability Management Forecast and 2013 Vendor Shares

ALERT LOGIC FOR HIPAA COMPLIANCE

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

High End Information Security Services

Find the intruders using correlation and context Ofer Shezaf

Secure Cloud Computing

The Benefits of an Integrated Approach to Security in the Cloud

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

SANS Top 20 Critical Controls for Effective Cyber Defense

I D C A N A L Y S T C O N N E C T I O N

Modern IT Security. Jerry Craft Sr. Security & Networking Consultant

IBM Security Strategy

CorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP. Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

SOC & HIPAA Compliance

Scalability in Log Management

CYBER SECURITY SERVICES PWNED

Trend Micro. Advanced Security Built for the Cloud

Metrics that Matter Security Risk Analytics

Security Services. 30 years of experience in IT business

McAfee Network Security Platform

2012 North American Managed Security Service Providers Growth Leadership Award

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY

Find the needle in the security haystack

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

The Sumo Logic Solution: Security and Compliance

Introducing IBM s Advanced Threat Protection Platform

Think like an MBA not a CISSP

DEMONSTRATING THE ROI FOR SIEM

Address C-level Cybersecurity issues to enable and secure Digital transformation

End-to-End Application Security from the Cloud

Enterprise Software Security Strategies

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

CyberArk Privileged Threat Analytics. Solution Brief

Q1 Labs Corporate Overview

What is Security Intelligence?

HP Fortify Application Security Lucas v. Stockhausen PreSales Manager HP Fortify EMEA Enterprise Security

Analyzing HTTP/HTTPS Traffic Logs

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

McAfee Server Security

integrating cutting-edge security technologies the case for SIEM & PAM

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

IBM QRadar Security Intelligence April 2013

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

IBM Rational AppScan: Application security and risk management

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

Analysis of the Global Security Information and Event Management (SIEM) and Log Management (LM) Market All Information Becomes Actionable

How To Buy Nitro Security

Demonstrating the ROI for SIEM: Tales from the Trenches

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Cloud Security Trust Cisco to Protect Your Data

On Demand Penetration Testing Applications Networks Compliance.

Securing the Cloud Infrastructure

The Value of Vulnerability Management*

Transcription:

The Evolution of Application Monitoring Narayan Makaram, CISSP, Director, Solutions Marketing, HP Enterprise Security Business Unit, May 18 th, 2012 Rise of the cyber threat Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the history of information. 2 1

Security awareness at board level Organizational and security leadership is under immense pressure EXTENDED SUPPLY CHAIN 44% OF DATA BREACH INVOLVED 3RD PARTY MISTAKES CYBER THREAT 56% ORGANIZATIONS HAVE BEEN THE TARGET OF NATION- STATE CYBER ATTACK 3 CISO Chief Information Security Officer sits at heart of the enterprise security response INCREASING COST PRESSURES 11% OF TOTAL IT BUDGET SPENT ON SECURITY Enterprise security priorities Manage INFORMATION RISK in the era of mobile, cloud, social media Protect against increasingly sophisticated CYBER THREATS Improve REACTION TIME to security incidents Reduce costs and SPEND WISELY Achieve COMPLIANCE in a predictable and cost-effective way 4 2

Applications: The New Frontier for Cyber Attacks 2011 Top Cyber Security Risks Report HP DVLabs biannual report (published since 2009) helps enterprise organizations prioritize security resources Uses data from the following sources: Vulnerability information from the Open Source Vulnerability Database (OSVDB) and the HP DVLabs Zero Day Initiative (ZDI) Web application data from the HP Fortify Web Security Research Group and Fortify on Demand Attack information from a worldwide network of HP TippingPoint Intrusion Prevention Systems and a network of honeypots Exploit analysis from HP DVLabs Available at http://www.hpenterprisesecurity.com/cybersecurityrisks 6 3

Key Findings Regardless of platform (mobile, virtual, etc.), applications are primary target for attack particularly web applications. Vulnerabilities declining in commercial applications but increasing in custom applications. Attacks on applications particularly Web applications are increasing at an alarming rate. New techniques are allowing attackers to use old vulnerabilities to successfully launch new attacks 7 Application Security Monitoring is Expensive application re-write required to audit applications (e.g. login sessions, file access, registry updates) Longer to develop connectors to forward logs to a central SIEM for security analytics and compliance Residual vulnerabilities in applications go undetected and easily exploited (OWASP Top 10: SQL injection, XSS, etc.) WAF provides limited application monitoring, more overhead, and cannot detect malware in encrypted traffic (SSL) WAF App. #1 App. #2 SIEM 8 4

Best Practices for Application Security Why are they NOT working? Adopt secure software development life cycle (SDLC) Slow Adoption: It takes years to train developers/testers to build in security 3 rd Party Code: Cannot impose SDLC practices on 3 rd parties and SAAS providers Detect application vulnerabilities during staging before production Developers accustomed to logging functional use-cases not abuse-cases Businesses under pressure to on-board web-applications before running penetration tests 9 Detect and Protect against application threats during operations Cannot detect and protect against application attacks without runtime context Need session and activity logs to detect abnormal user activity in applications Need SIEM to correlate across multiple event sources to identify business risk HP Security Strategy 5

HP Enterprise Security Market leading products and services Security Information and Event Management Log Management Application Security Network Security Data Protection Threat Research Security Services One Team, One Vision ATALLA 11 HP Security Intelligence Platform Security Intelligence Platform Information Establish complete visibility across all applications and systems Analyze vulnerabilities in applications and operations to understand risk Operations Applications Respond adaptively to build defenses against the exploitation of vulnerabilities Measure security effectiveness and risk across people, process, and technology to improve over time 12 Security Services 6

Increased Situational Awareness Provide Context Traditional Security Monitoring Hybrid Security Monitoring 13 Security Intelligence and Risk Management Solutions HP ESP Professional Services UNIVERSAL LOG MANAGEMENT COMPLIANCE & RISK MANAGEMENT PERIMETER & NETWORK SECURITY INSIDER THREAT Effectively manage risk and compliance at business-process level ADVANCED PERSISTENT THREAT Leverage centralized logging to maintain SOX, PCI, FISMA and HIPAA compliance SOFTWARE SECURITY ASSURANCE Adaptive monitoring to maintain network integrity and availability with superior network transparency DATA PRIVACY & DATA LOSS MONITORING Detect threats from within by correlating users with roles and activity APPLICATION & TRANSACTION MONITORING Identify anomalous behavior with grater insight into network and users Achieve Security-by-default software development capabilities Proactively detect and mitigate security and privacy breaches Track application activity for signs of fraud and abuse 14 7

HP Enterprise Security Services Security Governance Robust security services to align business drivers with legal and regulatory requirements Industry experience across enterprise and government Integrated measurement and reporting through HP Secure Boardroom Managed Security Services Comprehensive security services portfolio Dedicated 24*7*365 expert support ISO20071 Certified platform Over 40 years experience across industry leading solutions Full and flexible service offerings (SaaS, ECS) Security Consulting Dedicated, deep domain expertise across industry solutions and verticals SIEM solution consulting specialism Global industry accreditation qualifications Client Security Officer services Security Technology Services HP Enterprise Security Products Deep experience across leading IT security vendors McAfee, Symantec and CheckPoint Breadth of security solution consulting services 15 HP Application Security Solutions 8

HP ArcSight SIEM Solution A comprehensive platform for monitoring modern threats and risks, augmented by services expertise and the most advanced security user community, Protect724 User Monitoring Fraud Monitoring Event Correlation Data Capture Log Management Controls Monitoring App Monitoring Establish complete visibility Analyze events in real time to deliver insight Respond quickly to prevent loss Measure security effectiveness across people, process and technology 17 HP Fortify Application Security Solutions Identifies and eliminates risk in existing applications and prevents the introduction of risk during application development, in-house or from vendors. IN-HOUSE COMMERCIAL OUTSOURCED OPEN SOURCE Protects business critical applications from advanced cyber attacks by removing security vulnerabilities from software Accelerates time-to-value for achieving secure applications Increases development productivity by enabling security to be built into software, rather than added on after it is deployed Delivers risk intelligence from application development to improve operational security 18 9

HP Application Security Solutions Secure Software Development Solutions Monitoring Solutions for IT Operations HP Fortify Real Time Analyzer HP ArcSight App. Security Monitor HP WebInspect Penetration Test Security Devices Network Devices Email/Web Gateways Design Code Test Staging Secure Software Development Applications Fortify SIEM Platform Identity Mgmt Systems 19 HP Fortify Static Code Analyzer Database Access Mgmt Endpoint Security Physical Access HP ArcSight AppSM Dashboard Moving Avg. of Application Attacks Top Applications Attacked Attacks from Internal Systems Attacks from External Systems Top Application Attack Types Attacks detected from other sources Top 20 Attacks ordered by Priority 20 10

HP ArcSight Application Security Monitor (AppSM) AppSM : Fortify and AppSM rule-pack pre-configured to: Log application session activity (logins, file access, registry update etc.) Detect application level attacks (beyond OWASP Top 10) Forward event logs to ArcSight ESM over Syslog AppSM Content: ArcSight ESM Correlation Rules, Dashboards and Reports for viewing standard threats in applications Web-App #1 AppSM AppSM Rule-Pack Target API Fortify HP ArcSight Syslog Connector AppSM Content HP ArcSight ESM 21 Web-App #2 AppSM HP Fortify Run Time Analyzer (RTA) Adds Application Threat Protection and Centralized Management ArcSight AppSM: Rule-pack: DETECTS session activity and application security threat events. Fortify RTA: Rule-pack: DETECTS and BLOCKS application security threats identified in rule-pack. Security Center: To centrally manage all rule-packs on all application servers. Web-App #1 Target API AppSM+RTA Fortify-RTA Rule - pack AppSM Rule - pack Fortify manage monitor HP Fortify Security Center HP ArcSight Syslog Connector AppSM Content HP ArcSight ESM 22 Web-App #2 AppSM+RTA 11

Summary Adopt secure software development life cycle (SDLC) Train software developers/testers to build in security during SDLC Use tools to identify security risks early during software development Detect application vulnerabilities during staging before production Run penetration testing tools that detect residual vulnerabilities in applications Detect and Protect against application threats during operations Use tools that allow you to rapidly detect and protect application level threats without modifying applications Address critical application level threats by correlating application events with events reported by other enterprise sources using SIEM 23 Find out more HP Enterprise Security Products Gab Gennai +61 411 606 050 Gabriel.gennai@hp.com Shlomi Shaki +61 407 225 944 Shlomi Shaki@hp.com HP Enterprise Security Services Rob Hueston +61 407 163 088 Rob.hueston@hp.com Jeremy Roach +61 423 781 190 Jeremy.roach@hp.com After the event Contact your sales rep Visit us at: http://www.hpenterprisesecurity.com Stephen MacDonald +61 423 776 606 Stephen.macdonald@hp.com Andrew Latham +61 406 537 576 alatham@hp.com 24 12

Thank You 13

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information