應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊



Similar documents
Changing the Enterprise Security Landscape

Know your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products

The Evolution of Application Monitoring

Find the intruders using correlation and context Ofer Shezaf

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

End-user Security Analytics Strengthens Protection with ArcSight

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

Software EMEA Performance Tour Berlin, Germany June

Bezpečnosť dát v HP Cloude

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

RSA Security Analytics

Security Operations Metrics Definitions for Management and Operations Teams

Решения HP по информационной безопасности

High End Information Security Services

IBM Security Intelligence Strategy

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Cybersecurity and internal audit. August 15, 2014

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Security Operation Centre 5th generation

All about Threat Central

Advanced Threats: The New World Order

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Enterprise Cybersecurity: Building an Effective Defense

From the Bottom to the Top: The Evolution of Application Monitoring

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

The Future of the Advanced SOC

IBM QRadar Security Intelligence April 2013

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

HP NonStop Server Security and HP ArcSight SIEM

Analyzing HTTP/HTTPS Traffic Logs

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Practical Steps To Securing Process Control Networks

Connected Intelligence and the 21 st Century Digital Enterprise

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Defending Against Cyber Attacks with SessionLevel Network Security

Security and Privacy

Combating a new generation of cybercriminal with in-depth security monitoring

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Securing your IT infrastructure with SOC/NOC collaboration

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Security Intelligence

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

IBM Security Strategy

Security Analytics for Smart Grid

Protecting against cyber threats and security breaches

McAfee Network Security Platform

SANS Top 20 Critical Controls for Effective Cyber Defense

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Evolving Threat Landscape

Defending Against Data Beaches: Internal Controls for Cybersecurity

Security strategies to stay off the Børsen front page

Breaking the Cyber Attack Lifecycle

External Supplier Control Requirements

Caretower s SIEM Managed Security Services

How Attackers are Targeting Your Mobile Devices. Wade Williamson

SECURITY BEGINS AT THE ENDPOINT

Data Center security trends

Braindumps QA

QRadar SIEM and Zscaler Nanolog Streaming Service

Patch and Vulnerability Management Program

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

HP ESP 2013 Solution Roadmap

HP Cyber Security Control Cyber Insight & Defence

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

How To Manage Security On A Networked Computer System

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

QRadar SIEM and FireEye MPS Integration

THE BLIND SPOT IN THREAT INTELLIGENCE THE BLIND SPOT IN THREAT INTELLIGENCE

How To Create An Insight Analysis For Cyber Security

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

HP IT Operations Management (ITOM)

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Critical Security Controls

Security Information & Event Management (SIEM)

HP Fortify Software Security Center

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

2015 Global Megatrends in Cybersecurity

SIEM Implementation Approach Discussion. April 2012

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Transcription:

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 HP Enterprise Security 林 傳 凱 (C. K. Lin) Senior Channel PreSales, North Asia HP ArcSight, Enterprise Security 1

Rise Of The Cyber Threat Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the history of information. 2

Security Awareness at Board Level Organizational and security leadership is under immense pressure CISO Chief Information Security Officer sits at heart of the enterprise security response 3

Disruptive Technology Trends FORTRESS Reactive Perimeter Security COLLABORATIVE OPEN & EXTENDED DATA, INFRASTRUCTURE & DEVICES FUTURE OF SECURITY: PROACTIVE RISK MANAGEMENT BIG DATA Content, Context, Unstructured CLOUD Public, Private, Adoption CONSUMERIZATION Mobility, Device & Social Media 4

Enterprise Security Priorities Manage INFORMATION RISK in the era of mobile, cloud, social media Protect against increasingly sophisticated CYBER THREATS Improve REACTION TIME to security incidents Reduce costs and SPEND WISELY Achieve COMPLIANCE in a predictable and costeffective way 5

The Enterprise Security Problem BREACHES CONTINUE even though they have hundreds of security solutions available SILO D SECURITY PRODUCTS don t learn or share information LIMITED CONTEXT a gap between IT operations and security constrains potential actions NO EFFECTIVE WAY to understand and prioritize risk 6

The Result: Increased Risk and Wasted Resources Gartner estimates more than $1B in IT spending is misallocated each year because of a lack of business line of sight impact.* That level of investment is unsustainable.???????????????? 7 *Gartner, Business Intelligence for IT: Integrating Operational and Security Intelligence 10/2011

What is APT? 8 2012 Copyright Hewlett-Packard 2012 Hewlett-Packard Development Development Company, L.P. Company, L.P. The information contained herein is subject to change without notice

APT Threat Landscape 9

What is APT? Advanced Using exploits for unknown vulnerabilities (Zero Day Attack) Using customized malwares that aren t detected by any antivirus or signature based IDS/IPS products Using hybrid attack Persistent Threat Attacks lasting for months or years and multi-phases Attackers are dedicated to the targets Targeted at specific individuals and groups within an organization, aimed at compromising confidential information 10 Not random attacks

Anatomy of Advanced Persistent Threat (APT) Phishing SQL Injection Zero Day Virus Known Malicious Code Brute Force Command & Control via Botnet Acquire target, sneak in, hop around 1. Penetrate the perimeter with relatively advanced techniques Get privileged access to critical assets 2. Expand internal footprint by mimicking privileged users & authorized users Conduct the crime for an extended time 3. Achieve Persistence 11

Intelligent ESP Solutions 12 2012 Copyright Hewlett-Packard 2012 Hewlett-Packard Development Development Company, L.P. Company, L.P. The information contained herein is subject to change without notice

ESP Security Intelligence and Operations Solutions Breach Recovery Solution HP ArcSight ESM Provides Instant Visibility to. Assess the extent of the breach Limit & contain the breach to minimize adverse impacts Prioritize & expedite remediation activities 13

HP ArcSight and Operations Management 360º view of security and IT events WHAT IT IS Bi-directional integration between OM/NNM/NNMi and HP ArcSight ESM/Logger BENEFITS Complete visibility into anomalies and threats Single pane of glass view of security, compliance and IT ops Reduced gap between NOC and SOC Security and compliance related KPIs to IT operations service health dashboards Automate business process and workflows to enable effective business risk management FW, VPN, IPS, AV, OS, db, App, etc ESM SmartConnectors Logger SmartConnectors OM/OMi/NNMi CPU, memory, I/O, storage, latency, fan speed, temp, HA, etc. 14

Protecting Against Advanced Persistent Threats Perimeter Security Intelligence The Perimeter will be breached at some points Insider Threat Security Intelligence Understand the behaviors of privileged users & authorized users to identify anomalies An Effctive Operational Capability People, Processes and Procedures 15

Thank you 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information