5G/SOC: Inside the world’s most advanced SOCsh41382. · Security Operations Center (SOC) Threat...
Transcript of 5G/SOC: Inside the world’s most advanced SOCsh41382. · Security Operations Center (SOC) Threat...
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
5G/SOC: Inside the world’s most advanced SOCs Colin Henderson, Global Principal Consultant
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2
Web & application security
Data protection
Data center security
Intelligence & operations
Information governance
START
Mobility and devices
Identity and access
Cloud security
We see security everywhere
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3
Security Intelligence & Operations Consulting
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5
Security Operations Center
Situational awareness
Security Monitoring
Cyber Defense Center (CDC) Security Operations Center (SOC) Threat Operations Center (TOC) Security Defense Center (SDC) Cyber Security Intelligence Response Center (C-SIRC)
Threat Management Center (TMC) Security Intelligence and Operations Center (SIOC) Security Intelligence and Threat Handlers (SITH) Security Threat and Intelligence Center (STIC)
Intrusion Analysis
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6
People, process, technology
Technology Process
Network & system owners Incident
handler
Case closed
Escalation People
Level 1 Level 2
Engineer
1
Firewall
Router Intrusion detection
Web server Proxy
server
ESM server
3
4
5
6
2
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8
1G/SOC: 1970’s - 1995
Birth of the Internet: businesses not connected, or via slow connections Nuisance programs and minimally impacting malicious code Information security tools appear Military and governments start to build SOCs and CERTs
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9
Firewalls IDS Network equipment
1G/SOC data feeds
LOG LOG LOG
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11
2G/SOC: 1996 - 2001 Malware outbreaks & intrusion detection MSSPs begin to offer SOC as a service to customers SIEM concepts are introduced
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12
2G/SOC data feeds
Firewalls IDS Network equipment
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
3G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14
3G/SOC: 2002 - 2005
Botnets, cybercrime, intrusion prevention, and compliance Largest companies in specific industries create SOCs internally
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15
3G/SOC data feeds
Intelligence feeds Vulnerability scanning
Server and desktop OS
Firewalls/ VPN IDPS Databases
Network equipment
System health information
Web traffic Anti-virus
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
4G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17
4G/SOC: 2006 - today Hacktivism, intellectual property theft, advanced persistent threat Wide adoption of continuous security monitoring as breaches fill headlines
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18
4G/SOC data feeds Network equipment
Vulnerability scanning Anti-virus
Business context Physical infrastructure
System health information
Web traffic Intelligence feeds Directory
services
Firewalls/ VPN Idps Databases Applications Server and
desktop OS
Identity management
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
5G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20
10+ years of breaches
How we got here
Increased awareness Advancements in technology Increasing regulation Consumerization of IT
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21
Subtle threat detection, hunt teams, counter-intel, anti-fragile, Advanced analytics, big data
5G/SOC: 2013 - ?
The Internet Client/server Mobile, social, big data & the cloud
CRM
SCM
HCM
MRM
Amazon Web Services
IBM
GoGrid
Joyent
Hosting.com Tata Communications
Datapipe Alterian
Hyland
LimeLight NetDocuments NetReach
OpenText
HP
EMC Qvidian
Sage
salesforce.com
Xactly
Zoho
Ariba
CCC
DCC
Cost Management
Order Entry
Product Configurator
Bills of Material Engineering
Inventory
Manufacturing Projects
Quality Control
Education
Lifestyle
Music
Reference
Sport
Travel
Every 60 seconds
400,710 ad requests
2000 lyrics played on Tunewiki
1500 pings sent on PingMe
34,597 people using Zinio
208,333 minutes of Angry Birds played
23,148 apps downloaded
Unisys
Burroughs Hitachi
NEC
Taleo
Workscape
Cornerstone onDemand
OpSource
PPM
PaperHost
Xerox Microsoft
SLI Systems
IntraLinks
SugarCRM
Volusion
Adobe
Avid
Corel
Microsoft
Serif
Yahoo CyberShift
Saba
Softscape
Sonar6
Yahoo!
Quadrem
Elemica
Kinaxis
SCM ADP VirtualEdge
CyberShift
Kenexa Saba
Softscape
Sonar6
Exact Online
FinancialForce.com
Intacct NetSuite
SAP
NetSuite
Plex Systems
Database
ERP HCM
PLM
Claim Processing
Bull
Fijitsu
Cash Management
Accounts Receivable
Fixed Assets Costing
Billing
Time and Expense
Activity Management
Payroll
Training
Time & Attendance
Rostering Sales tracking &
Marketing
Commissions Service
Data Warehousing
546,000 tweets
Finance
box.net
Atlassian
SmugMug Amazon iHandy
PingMe
Snapfish Urban
Scribd.
Pandora
AppFog
Bromium
Splunk
kaggle
Parse
ScaleXtreme
SolidFire
Quickbooks
Foursquare
buzzd
Dragon Diction eBay
SuperCam
UPS Mobile
Scanner Pro
Rackspace
Jive Software
Paint.NET
Business
Entertainment
Games
Navigation
News
Photo & Video
Productivity
Social Networking
Utilities
Workbrain
SuccessFactors
Workday
TripIt
Zynga
Zynga
Baidu
Twitter Yammer
Atlassian
MobilieIron SmugMug
Atlassian
Amazon
PingMe
Associatedcontent
Flickr
YouTube
Answers.com
Tumblr.
MobileFrame.com
Mixi
CYworld
Qzone
Renren
Yandex
Yandex Heroku
RightScale
New Relic
CloudSigma
cloudability
nebula
Zillabyte
dotCloud
BeyondCore
Mozy
Viber
Fring Toggl
MailChimp
Hootsuite
Fed Ex Mobile
DocuSign
HP ePrint
iSchedule
Khan Academy
BrainPOP
myHomework
Cookie Doodle
Ah! Fasion Girl
Mainframe
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22
5G/SOC Acknowledge security threats are driven by human adversaries
Assume compromise
Anti-fragile enterprise
Interaction with peers; organizations readily share information
Hunt teams search large data sets to find threats and attack patterns we did not know about previously
Convergence of IT Security and IT Operations tools to facilitate better visibility
Data visualization drives how anomalies are discovered and researched
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23
5G/SOC functional process framework
Intelligence
Detect
Respond
Remediate
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24
Security Intelligence
Manager
Intelligence Team
Monitoring and Analysis
Rules & Content Development
Triage & Prioritization
Hunt Teams
Infrastructure Support
Incident Management
Escalation Handling and Root Cause
Analysis
Forensics
Other Functions
Red Team
?
Business Office
5G/SOC org structure
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How has security visualization evolved?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26
1G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 27
2G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 28
3G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 29
4G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 30
5G/SOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 31
Hunt teams Big data analysis
Use cases: • Previously unseen connections from DMZ servers • Previously unseen connections from critical business servers • Previously unseen executables launching • Abnormal logins from service accounts • Abnormal logins from admin accounts
Select a subset of fields to save long term for analytical searches
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 32
The now and future of security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 33
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 34
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you! [email protected] www.hp.com/go/5GSOC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security for the new reality
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 37
A short video