Решения HP по информационной безопасности Евгений Нечитайло ynechyta@hp.com Mobile: +380 67 464 0218 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2
3
4
Challenges you are facing 1 Nature and motivation of attacks (Fame to fortune, market adversary) Research Infiltration Exfiltration Discovery Capture Delivery Transformation of enterprise IT Traditional DC Private cloud Managed cloud Public cloud 2 (Delivery and consumption changes) Consumption Virtual desktops Notebooks Tablets Smart phones Regulatory pressures Basel III 3 (Increasing cost and complexity) 5
HACKTIVIST
7
HP Security Research Ecosystem Partner SANS, CERT, NIST, OSVDB, software & reputation vendors 2650+ Researchers 2000+ Customers sharing data HP Global Research www.hp.com/go/hpsrblog 6X the Zero Days than the next 10 competitors combined. Top security vulnerability research organization for the past three years Frost & Sullivan FSRG ESS HP Security Research Teams: DV Labs, ArcSight, Fortify, HPLabs, Application Security Center and Enterprise Security Services Collect network and security data from around the globe 9
Threat Central Partners InQuest Open Source Feeds Threat Central Threat DB Private TC Forum Private Community Sector Community Threat Central Threat Central enables Bi-directional collaboration Actionable and Automated Standards-based open sharing Integrated directly with ArcSight and TippingPoint HP Security Research TC Portal Global Community HP Confidential. This information is not to be shared without the approval from HP. 10
HP TippingPoint Neutralize Patient Zero In-line Threat Protection with Next- Generation Intrusion Prevention (NGIPS) Inspects network traffic and blocks against known vulnerabilities Reliable network uptime track record Next-Generation Firewall NGIPS with enterprise firewall Granular application visibility and control Integrated Policy Digital Vaccine Labs Industry-leading security intelligence Delivers zero-day coverage Security Management System Centralized management across NGIPS and NGFW Single console to deploy devices and policies 12 Advanced Threat Appliance (ATA) Static, dynamic and behavioral detection Enhanced defense against patient zero infection and subsequent lateral
Gartner Leadership Quadrant 2013 HP TippingPoint has been in the leadership quadrant 9 years in a row! The TippingPoint IPS products have a broad model range of purpose-built appliances, and are known for low latency and high throughput. Customers often cite ease of installation as a positive in product evaluations, especially for deployments with many devices. 13
84% of breaches occur at the application layer 9/10 mobile applications are vulnerable to attack 14
HP Fortify helps you protect your applications In-house Outsourced Commercial Open source Application assessment Assess Find security vulnerabilities in any type of software Software security assurance Assure Fix security flaws in source code before it ships Application protection Protect Fortify applications against attack in production 15
HP Application Defender Application Security Simplified Visibility Actionable information through interactive dashboards and alerts HP Application Defender 1,2,3 Simplicity Install quickly and easily with a three-step deployment, get protection up and running in minutes Protection Stop attacks from inside the application. 16
HP Fortify named leader in Gartner AST MQ 2014 Gartner Magic Quadrant for Application Security Testing Once again, Gartner not only acknowledged Fortify s years of successful market execution but also called out several areas in which HP is leading in delivering on new technologies to stay ahead of the bad guys. 17 Strengths: Comprehensive SAST capabilities - the most broadly adopted SAST tool in the market. Evolved AST to address ios and Android mobile apps. Innovative IAST capabilities Early innovator with runtime application selfprotection (RASP) technology.
229days average time to detect breach 2013 January February March April May June July August September October November December 2014 January February March April 19
HP ArcSight, act with laser clarity against threats that matter Collect Analyze Prioritize Transform Big Data into actionable security intelligence Real-time correlation of data across devices to find threats Cyber forensics, fix what matters most first 20
The #1 real time security correlation platform Comprehensive solution for data collection from 350+ log generating sources 21
Gartner SIEM MQ 2014 HP ArcSight is named a leader for SIEM in the Gartner MQ 2014 ArcSight is named a leader again for 11th year in a row ArcSight continues to be very visible in competitive evaluations of SIEM technologies Significant enhancements in ArcSight has been validated by Gartner through reference customers HP ArcSight is the only vendor that is #1 in all use cases that matters most to customers Early breach discovery requires effective user activity, data access and application activity monitoring. ArcSight is the only vendor that does all 3 effectively 22
HP Atalla helps you secure your sensitive information Payments security Secure payments and transacting systems Cloud and Data Security Encrypt and protect keys and data in public, hybrid, and private clouds Information Protection & Control Embed security at the point of creation for sensitive enterprise data HP Confidential,
Visa As the largest processor of Visa debit transactions globally, Visa Debit Processing Services is responsible for securing more than 23 billion debit transactions in the U.S. and prepaid transactions in the U.S. and Canada on an annual basis. HP Atalla is a critical piece of our enterprise IT portfolio, delivering innovative security solutions with the operational excellence, performance and reliability that helps Visa DPS enable secure access to business-critical payment processing data. Chris James, Senior Vice President Product Development, Issuer Processing, Visa Inc. HP Confidential,
HP HAVEn helps you monitor the assets that matter HP ArcSight with IDOL People generate data IDOL Machines generate data ESM 26
Since 2009, time to resolve an attack has grown 130% 28
HP Services provides quick, effective breach response Enterprise Security Services 29 Get deep visibility and take action to address and stop attacks Deploy remediating products fast Integration with Breach Response Services
3 30 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Security Disrupt the adversary, manage risk, and extend your capabilities 5000+ Disrupt the adversary Security technology Manage risk Risk & compliance Reduce cost & complexity Advisory & management 31
HP Security s industry-leading scale 9 out of 10 Major banks 10 out of 10 Top telecoms 5000+ HP Security Professionals All major branches US Department of Defense 9 out of 10 Top software companies 900+ HP managed security customers 8Security Operations Centers 23bn Monthly security events 47m HP Secured User Accounts 32
Спасибо за внимание!