All about Threat Central

Similar documents
The Third Rail: New Stakeholders Tackle Security Threats and Solutions

Find the intruders using correlation and context Ofer Shezaf

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Решения HP по информационной безопасности

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

You ll learn about our roadmap across the Symantec and gateway security offerings.

Symantec Cyber Security Services: DeepSight Intelligence

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

HP ESP 2013 Solution Roadmap

FROM INBOX TO ACTION AND THREAT INTELLIGENCE:

The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era

After the Attack: RSA's Security Operations Transformed

Redefining SIEM to Real Time Security Intelligence

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data

Eight Essential Elements for Effective Threat Intelligence Management May 2015

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

HIGH-RISK USER MONITORING

The Evolution of Application Monitoring

Hunting for the Undefined Threat: Advanced Analytics & Visualization

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Know your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products

Security Business Intelligence Big Data for Faster Detection/Response

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Practical examples of Big Data, security analytics and visualization

Palo Alto Networks. October 6

Enterprise Security and Risk Management

Changing the Enterprise Security Landscape

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Things To Do After You ve Been Hacked

Concierge SIEM Reporting Overview

Security Operation Centre 5th generation

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

What s New in Security Analytics Be the Hunter.. Not the Hunted

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Threat Intelligence Buyer s Guide

Unified Security Management and Open Threat Exchange

Integrating MSS, SEP and NGFW to catch targeted APTs

Security Intelligence Services.

SEIZE THE DATA SEIZE THE DATA. 2015

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Using SIEM for Real- Time Threat Detection

How To Manage Threat Intelligence On A Microsoft Microsoft Iphone Or Ipad Or Ipa Device

ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014

HP NonStop Server Security and HP ArcSight SIEM

Next Generation IPS and Reputation Services

Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

Managed Security Services

HP ArcSight User Behavior Analytics

IBM Security X-Force Threat Intelligence

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Unstructured Threat Intelligence Processing using NLP

Threat Intelligence Platforms: The New Essential Enterprise Software

Security Operations Metrics Definitions for Management and Operations Teams

A Primer on Cyber Threat Intelligence

SPEAR PHISHING AN ENTRY POINT FOR APTS

Debunking the Myths: An Essential Guide to Software-Defined Networking April 17, 2013

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Dealing with Big Data in Cyber Intelligence

CUTTING THROUGH THE HYPE: WHAT IS TRUE NEXT GENERATION SECURITY?

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

APPLICATION PROGRAMMING INTERFACE

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Threat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

ADVANCED KILL CHAIN DISRUPTION. Enabling deception networks

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

End-user Security Analytics Strengthens Protection with ArcSight

24/7 Visibility into Advanced Malware on Networks and Endpoints

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

End-to-End Application Security from the Cloud

Automate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH

Unified Security, ATP and more

Intelligence Driven Security

From the Bottom to the Top: The Evolution of Application Monitoring

REVOLUTIONIZING ADVANCED THREAT PROTECTION

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

US-CERT Year in Review. United States Computer Emergency Readiness Team

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Transcription:

All about Threat Central Ted Ross & Nadav Cohen #HPProtect

Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without notice. This document contains forward looking statements regarding future operations, product development, product capabilities and availability dates. This information is subject to substantial uncertainties and is subject to change at any time without prior notification. Statements contained in this document concerning these matters only reflect Hewlett Packard's predictions and / or expectations as of the date of this document and actual results and future plans of Hewlett-Packard may differ significantly as a result of, among other things, changes in product strategy resulting from technological, internal corporate, market and other changes. This is not a commitment to deliver any material, code or functionality and should not be relied upon in making purchasing decisions. 3

HP confidential information This is a rolling (up to three year) Roadmap and is subject to change without notice. This Roadmap contains HP Confidential Information. If you have a valid Confidential Disclosure Agreement with HP, disclosure of the Roadmap is subject to that CDA. If not, it is subject to the following terms: for a period of 3 years after the date of disclosure, you may use the Roadmap solely for the purpose of evaluating purchase decisions from HP and use a reasonable standard of care to prevent disclosures. You will not disclose the contents of the Roadmap to any third party unless it becomes publically known, rightfully received by you from a third party without duty of confidentiality, or disclosed with HP s prior written approval. 4

Agenda Threat Central journey Why HP Threat Central? Offering vision What is Threat Central? Use cases Technical walkthrough Questions 5

Threat Central journey Building a high fidelity threat intelligence sharing community for our customers! Automate and correlate crowd-source threat intelligent feeds Innovation Project: 2013 Alpha: 2013 Beta: Today Target GA: Soon! Project out of HP Innovation Initiative Interview and validate use cases with many ArcSight Security Operation Center customers Multiple Iterations of Alpha testing with customers Announced & demo d at Protect2013 Beta testing with HP internal customers ArcSight customers beta testing Threat intelligence partners beta testing Building community with ArcSight customers, ESP customers, partners, security researcher, open source threat intelligence community Please join Protect724 ArcSight product announcement forum for Threat Central product launch updates. Join Threat Central community to advance the cause for cyber threat defense for your company! 6

Why HP Threat Central? Crowd-source actionable threat intelligence Industry is still learning how to collaborate effectively Companies spend time combatting the same threat The adversary collaborates in an effective eco-system Feedback regarding existing sharing models: Limited participation not comfortable sharing Data is not actionable lacks context Overly manual not timely Government alone can t fix the problem Can t hire resources fast enough Limited visibility: Need intelligence/data from industry Threat Central Threat Central enables Automated bi-directional sharing Ability to analyze the data Actionable derived results Existing community of advanced security customers Product-agnostic sharing 7

Vision An open and automated cloud based platform for high fidelity threat intelligence that enables ArcSight and enterprise customers to consume and share community driven threat intelligence. Threat Central differentiates itself by providing near real-time analyzed, correlate, and actionable threat intelligence to ArcSight customers and members of the Threat Central community. 8

Threat Central community HP ESP leads to create an open threat intelligence sharing community! ArcSight customers Threat intelligence partners HP Security Research ESP customers Threat intelligenc e community 9

Customer benefits Actionable intelligence Confidence Feedback Anonymous sharing Community 10

What is Threat Central?

Threat Central HP Security Research SIEM, STIX & Portal Private community Privacyenhanced TC forum Sector community Threat Central Threat DB Partners feeds Open source SIEM STIX SIEM Global community STIX SIEM Portal SIEM 12

Automated action influenced by context Collect Normalize Analyze/correlate Distribute/ACT Actionable intel TC community Open source ESM Connector, STIX, TAXII, CSV, etc. IP address \ Domain File hash Signature URL Contextual intel Compare & Correlate IP address match? Domain match? \ File Hash match? Signature match? TC Portal ArcSight ESM Feeds STIX, TAXII, CSV, etc Actor \ Campaign Tools Techniques URL match? CHANGE SCORE HP TippingPoint HP Security Research Procedures 13

Threat Central use cases

Use case: Automated actions Brute force login Invalid login Attacker Invalid login IPS Key assets 15

Use case: Automated actions Current approach Invalid login Company A Attacker Invalid login IPS Invalid login Company B Attacker Invalid login IPS Invalid login Company C Attacker Invalid login IPS 16

Use case: Automated actions New approach Attacker Invalid login Invalid login IPS Company A SCORE 1 Threat Central SCORE 13 9 Attacker Invalid login Invalid login IPS Company B SCORE 1 Company D If score > 5, push IP to IPS Invalid login Company C SCORE 1 SCORE 9 Attacker Invalid login IPS HP TippingPoint 17

Use case: Proactive block lists recon Current approach Recon source IPS Source 1.1.1.X Key assets Attack source(s) 18

Use case: Proactive block lists recon With Threat Central Threat Central Recon source IPS Recon IP Attack IPs Source 2.2.2.X Key assets Attack IP List Attack source(s) 19

Use case: Leveraging the community Zero day Company A New event Malware variant Company B New event MALWARE ZERO BAD DAY IP Threat Central Malicious IP address Company C New event 20

Threat Central walkthrough

Screenshot tour Create case Distribute Collaborate Get results Mitigate In the following example we will see how TC can be used to Query about an incident Distribute indicator information to communities Collaborate with security experts Get derived intelligence directly into SIEM Mitigate risks 22

Create a case This is a rolling (up to 3 year) roadmap and is subject to change without notice CaptnProton runs into suspicious behavior with LGCScanner.exe 23 All product views are illustrations and might not represent actual product screens

Distribute indicators This is a rolling (up to 3 year) roadmap and is subject to change without notice CaptnProton submits the case. Indicators are now extracted and sent to community members 24 All product views are illustrations and might not represent actual product screens

This is a rolling (up to 3 year) roadmap and is subject to change without notice Distribute indicators (2) ESM customers benefit from direct integration and targeted intelligence 25 All product views are illustrations and might not represent actual product screens

Collaborate with experts HP Security Researcher enhances indicators with contextual information This is a rolling (up to 3 year) roadmap and is subject to change without notice 26 All product views are illustrations and might not represent actual product screens

Get results This is a rolling (up to 3 year) roadmap and is subject to change without notice By the end of the process, CaptnProton s case is filled out with relevant and contextual information 27 All product views are illustrations and might not represent actual product screens

Mitigate This is a rolling (up to 3 year) roadmap and is subject to change without notice Easily quarantine bad IPs/domains using ESM and TippingPoint SMS 28 All product views are illustrations and might not represent actual product screens

For more information Attend these sessions TB3169, Correlating advanced threat information feeds Visit these demos Threat Central Demo Booth 307 After the event Web: www.hp.com/go/threatcentral Blog: hp.com/go/hpsrblog Whitepaper: http://hpsw.co/z4l7zbx Your feedback is important to us. Please take a few minutes to complete the session survey. 29

Questions?

Please give me your feedback Session TB3013 Speakers Ted Ross & Nadav Cohen Please fill out a survey. Hand it to the door monitor on your way out. Thank you for providing your feedback, which helps us enhance content for future events. 31

Thank you

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information