Security Operation Centre 5th generation

Similar documents
Решения HP по информационной безопасности

Changing the Enterprise Security Landscape

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Find the intruders using correlation and context Ofer Shezaf

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Connected Intelligence and the 21 st Century Digital Enterprise

HP ESP 2013 Solution Roadmap

Security Information & Event Management (SIEM)

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

HP NonStop Server Security and HP ArcSight SIEM

Digitization of Enterprise - New Style of IT

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

(S2.1) The importance of security intelligence in choosing a network protection system. Johannesburg

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

The Evolution of Application Monitoring

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

HP Business Service Management 9.2 and

High End Information Security Services

HP Yazılım Zirvesi - İstanbul 20 May Wyndham Grand Levent Burak DAYIOĞLU, Hüseyin ÖZEL Uygulamalarım Ne Kadar Güvende?

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Software EMEA Performance Tour Berlin, Germany June

Securing your IT infrastructure with SOC/NOC collaboration

Q1 Labs Corporate Overview

IBM Security IBM Corporation IBM Corporation

Enterprise Security and Risk Management

McAfee Next Generation Firewall

Continuous Network Monitoring

IBM QRadar Security Intelligence April 2013

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Evolution Of Cyber Threats & Defense Approaches

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Vulnerability Management

From the Bottom to the Top: The Evolution of Application Monitoring

2012 North American Managed Security Service Providers Growth Leadership Award

HP Next-Generation Network Security Solutions Radoslav Georgiev Technical Consultant HP Networking

Is your software secure?

CIO Update: Gartner s IT Security Management Magic Quadrant Lacks a Leader

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

IBM Security Intelligence Strategy

HP Fortify Software Security Center

Intelligence Driven Security

The webinar will begin shortly

Know your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

How To Buy Nitro Security

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

The Next Generation Security Operations Center

McAfee Network Security Platform

IBM QRadar as a Service

All about Threat Central

What is Security Intelligence?

Security strategies to stay off the Børsen front page

Advanced Threats: The New World Order

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

End-user Security Analytics Strengthens Protection with ArcSight

Testing the Security of your Applications

McAfee Network Security Platform Services solutions for Managed Service Providers (MSPs)

Using SIEM for Real- Time Threat Detection

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

SourceFireNext-Generation IPS

HIGH-RISK USER MONITORING

Information & Asset Protection with SIEM and DLP

Cisco Cloud Web Security

QRadar SIEM and FireEye MPS Integration

Caretower s SIEM Managed Security Services

Hunting for the Undefined Threat: Advanced Analytics & Visualization

McAfee - Overview. Anthony Albisser

How to Choose the Right Security Information and Event Management (SIEM) Solution

VISIBLY BETTER RISK AND SECURITY MANAGEMENT

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Ecom Infotech. Page 1 of 6

Accelerating Enterprise Growth by Leveraging Strategic Solutions. Eva Chen CEO and Co-Founder

Combating a new generation of cybercriminal with in-depth security monitoring

QRadar SIEM and Zscaler Nanolog Streaming Service

Braindumps QA

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Big Data and Security: At the Edge of Prediction

State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1

Transcription:

Security Operation Centre 5th generation transition Cezary Prokopowicz Regional Manager SEE HP Enterprise Security Products

2

3

4

5

Challenges you are facing 1 Nature and motivation of attacks (Fame to fortune, market adversary) Research Infiltration Discovery Capture Exfiltration Transformation of enterprise IT Traditional DC Private cloud Managed cloud Public cloud 2 (Delivery and consumption changes) Consumption Virtual desktops Notebooks Tablets Smart phones 3 Regulatory pressures (Increasing cost and complexity) ISO 27001 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

HACKTIVIST

ORGANIZE SPECIALIZE MONETIZE 8

9

HP Security Research Ecosystem Partner SANS, CERT, NIST, OSVDB, software & reputation vendors 2650+ Researchers 2000+ Customers sharing data HP Global Research www.hp.com/go/hpsrblog 6X the Zero Days than the next 10 competitors combined. Top security vulnerability research organization for the past three years Frost & Sullivan FSRG ESS HP Security Research Teams: DV Labs, ArcSight, Fortify, HPLabs, Application Security Center and Enterprise Security Services Collect network and security data from around the globe 11

HP TippingPoint protects users, apps and data with market leading network security Simple Easy-to-use, configure and install with centralized management Effective Industry leading security intelligence with weekly DVLabs updates Reliable NGIPS with 99.99999% network uptime track record 13

Gartner Leadership Quadrant 2013 HP TippingPoint has been in the leadership quadrant 9 years in a row! The TippingPoint IPS products have a broad model range of purpose-built appliances, and are known for low latency and high throughput. Customers often cite ease of installation as a positive in product evaluations, especially for deployments with many devices. 14

Swiss Federal Railways After a rigorous open bid process with lab tests utilizing our own network traffic, we selected the HP TippingPoint Next Generation IPS 7500NX. We searched for an IPS with minimal administrative effort, and this solution allows us to protect our network infrastructure using TippingPoint s easy-to-use but powerful security policies. 15 Erwin Jud, Lead Engineer for IPS Project

84% of breaches occur at the application layer 9/10 mobile applications are vulnerable to attack 16

HP Fortify helps you protect your applications In-house Outsourced Commercial Open source Application assessment Assess Find security vulnerabilities in any type of software Software security assurance Assure Fix security flaws in source code before it ships Application protection Protect Fortify applications against attack in production 17

HP Fortify named leader in Gartner AST MQ 2014 Gartner Magic Quadrant for Application Security Testing Once again, Gartner not only acknowledged Fortify s years of successful market execution but also called out several areas in which HP is leading in delivering on new technologies to stay ahead of the bad guys. 18 Strengths: Comprehensive SAST capabilities - the most broadly adopted SAST tool in the market. Evolved AST to address ios and Android mobile apps. Innovative IAST capabilities Early innovator with runtime application selfprotection (RASP) technology.

SAP Enterprise software Client outcome Significantly enhanced the security of SAP software, with increased number of security patches since 2010 Met board requirements for product security Protected revenue-generating applications and customer reputation 19

HP ArcSight, act with laser clarity against threats that matter Collect Analyze Prioritize Transform Big Data into actionable security intelligence Real-time correlation of data across devices to find threats Cyber forensics, fix what matters most first 21

HP ArcSight named leader in Gartner SIEM MQ 2013 HP ArcSight named a leader in the Gartner Magic Quadrant for Security Information and Event Management (SIEM), 10 years in a row. The most visionary product in the Gartner SIEM MQ 22

Vodafone Telecommunications We receive 550 million events per week from our security systems. Due to the aggregation and correlation capabilities of HP ArcSight ESM, those events are reduced to about 50,000 prioritized events. That s an efficiency factor of 1 to 11,000! Manfred Troeder, Head of Global Security Operations Center 23

HP Atalla helps you secure your sensitive information Payments security Secure payments and transacting systems Cloud and Data Security Encrypt and protect keys and data in public, hybrid, and private clouds Information Protection & Control Embed security at the point of creation for sensitive enterprise data HP Confidential,

Visa As the largest processor of Visa debit transactions globally, Visa Debit Processing Services is responsible for securing more than 23 billion debit transactions in the U.S. and prepaid transactions in the U.S. and Canada on an annual basis. HP Atalla is a critical piece of our enterprise IT portfolio, delivering innovative security solutions with the operational excellence, performance and reliability that helps Visa DPS enable secure access to business-critical payment processing data. Chris James, Senior Vice President Product Development, Issuer Processing, Visa Inc. HP Confidential,

of breaches 94% are reported by a 3rd party Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

243days average time to detect breach 2014 January February March April May June July August September October November December 2015 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

130 Since 2009, time to resolve an attack has grown 30

3 31 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Cyber Defense Center (CDC) Security Operations Center (SOC) Threat Operations Center (TOC) Security Defense Center (SDC) Cyber Security Intelligence Response Center (C-SIRC) Threat Management Center (TMC) Security Intelligence and Operations Center (SIOC) Security Intelligence and Threat Handlers (SITH) Security Threat and Intelligence Center (STIC) 32 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

33 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

SOC Concept of Ops Process Intel / Threat 1 Network Technology 2 Firewall ID/PS Web server People 5 Level 1 Level 2 4 Engineer Escalation Incident Handler 6 Case closed Network & System Owners Proxy ESM server 3 7 34 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Business

SOC Common Elements 35 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Drive to higher ROI / Vision Log Management Centralize Logs Retain Data Comply with Regulations Data Analysis Correlate Technologies Analyze Forensic Evidence Create Automated Reporting Near Time Alerting Streamline Event Feeds High fidelity correlation Custom Reporting Real Time Analysis & Incident Response Monitor Events in Real-time CIRT - Integrated Workflow Minimize Response Time Continual tuning Security Intelligence Analysis in depth Hunters as well as Defenders Information Fusion Uncovering new threats Advanced Use Cases 36 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

SOC Maturity Assessment Tech Process SOMM Level 2.50 2.00 1.50 1.00 0.50 0.00 People Business Company A Average Maturity Assessment Score Business 2.44 Mission 1.86 Accountability 1.21 Sponsorship 2.18 Relationship 2.15 Deliverables 3.00 Vendor Engagement 2.67 Facilities 1.27 People 1.82 General 1.98 Training 2.61 Certifications 1.58 Experience 2.00 Skill Assessments 0.88 Career Path 1.92 Leadership 1.50 Comments 37 Current Phase 1 Phase 2 Phase 3 Timeline 6 mos 1 yr 2 yr SOMM Target 1.6 2.0 2.5 3.0 Use Cases Logging Perimeter, compliance Staffing Ad hoc 4 x L1, 1x L2 Insider Threat, APT Application Monitoring 8 x L1, 2x L2 12 x L1, 2x L2, 2x L3 Coverage 8x5 8x5 12x7 24x7 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Process 0.63 General 2.01 Operational Process 1.67 Analytical Process 0.00 Business Process 0.00 Technology Process 0.00 Technology 2.60 Architecture 1.54 Data Collection 3.69 Monitoring 1.50 Correlation 1.37 General 2.13 Overall SOM Level 1.69

38

39 93 assessments 69 discrete SOCs 13 countries

2/5 on maturity continuum 24% fail to meet security requirements 70% fail to meet compliance 40

Photo Schmidt Peterson Motorsports 5G SOC Security for the New Reality

5G/SOC Acknowledge security threats are driven by human adversaries Assume compromise The SOC must align to the business and demonstrate meaningful value Anti-fragile enterprise led by intelligence, not vulnerabilities Interaction with peers; organizations readily share information Convergence of IT Security and IT Operations tools to facilitate better visibility Hunt teams search large data sets to find threats and attack patterns we did not know about previously Data visualization drives how anomalies are discovered and researched 42 Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

HP ArcSight - #1 real time security correlation Get platform data from all sources 43

HP ArcSight differentiates on four key Collection capabilities Collection Consolidation Correlation Collaboration Collect events from any system or application Add context for assets, users, and business processes Extend to new data types easily Collection Consolidation Correlation Collaboration Collection Consolidation Correlation Collaboration Collection Consolidation Correlation Collaboration Consolidation Universal Log Management of any data to support IT operations, security, compliance and application development Search + report on years of data to investigate outages and incidents quickly and easily Correlation Pattern recognition and anomaly detection to identify modern advanced threats Analyze roles, identities, histories and trends to detect business risk violations The more you collect, the smarter it gets Collaboration Incorporates application security from HP Fortify Integrates reputation data from HP DVLabs Cloud Connections Program to get visibility into cloud data in addition to physical and virtual layers Bi-directional integration with HP IT management, Autonomy, Vertica and Hadoop 44

HP s industry-leading scale 9 Major banks out of 10 10 out of 10 Top telecoms All major branches US Department of Defense 9 out of 10 Top software companies 5000+ HP Security Professionals 47m HP Secured User Accounts 8 Global Security Operations Centers Global SOC Planned regional SOC 2.3billion Monthly security events Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 900+ HP managed security customers

Thank you

86% of budget spent on blocking 31% greater ROI $4,000,000 saved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information