Security Operation Centre 5th generation transition• “The TippingPoint IPS products have a broad...
Transcript of Security Operation Centre 5th generation transition• “The TippingPoint IPS products have a broad...
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security Operation Centre – 5th generation
transition
Cezary Prokopowicz
Regional Manager SEE
HP Enterprise Security Products
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Challenges you are facing
Nature and motivation of attacks(Fame to fortune, market adversary)1
Research Infiltration Discovery Capture Exfiltration
Transformation of enterprise IT(Delivery and consumption changes)2 Consumption
Traditional DC Private cloud Managed cloud Public cloud
Virtual desktops Notebooks Tablets Smart phones
Regulatory pressures(Increasing cost and complexity)3
ISO 27001
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HACKTIVIST
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
ORGANIZE
SPECIALIZE
MONETIZE
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
HP Security Research
Ecosystem
Partner
FSRG
ESS
• SANS, CERT, NIST, OSVDB, software & reputation vendors
• 2650+ Researchers
• 2000+ Customers sharing data
• www.hp.com/go/HPSRblog
• 6X the Zero Days than the next 10 competitors combined.
• Top security vulnerability research organization for the past three
years —Frost & Sullivan
• HP Security Research Teams: DV Labs, ArcSight, Fortify,
HPLabs, Application Security Center and Enterprise Security
Services
• Collect network and security data from around the globe
HP Global Research
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
HP TippingPoint protects users, apps and data
with market leading network security
Reliable
NGIPS with
99.99999%
network uptime
track record
Simple
Easy-to-use,
configure and install
with centralized
management
Effective
Industry leading
security intelligence
with weekly DVLabs
updates
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
• HP TippingPoint has been in the
leadership quadrant 9 years in a
row!
• “The TippingPoint IPS products
have a broad model range of
purpose-built appliances, and are
known for low latency and high
throughput.”
• “Customers often cite ease of
installation as a positive in
product evaluations, especially for
deployments with many devices.”
Gartner Leadership Quadrant 2013
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
―After a rigorous open bid
process with lab tests utilizing
our own network traffic, we
selected the HP TippingPoint
Next Generation IPS 7500NX.
We searched for an IPS with
minimal administrative effort,
and this solution allows us to
protect our network
infrastructure using
TippingPoint’s easy-to-use but
powerful security policies.‖
—Erwin Jud, Lead Engineer for IPS Project
Swiss Federal Railways
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
84%of breaches occur at the
application layer
9/10 mobile applications are
vulnerable to attack
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
Assess
Find security
vulnerabilities in any type
of software
Assure
Fix security flaws in source
code before it ships
Protect
Fortify applications against
attack in production
Software
security assurance
Application
assessment
Application
protection
HP Fortify helps you protect your applications
In-house
Outsourced
Commercial
Open source
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
HP Fortify named leader in Gartner AST MQ
Once again, Gartner not only
acknowledged Fortify’s years of successful
market execution but also called out
several areas in which HP is leading in
delivering on new technologies to stay
ahead of the bad guys.
Strengths:
· Comprehensive SAST capabilities - the most
broadly adopted SAST tool in the market.
· Evolved AST to address iOS and Android mobile
apps.
· Innovative IAST capabilities
· Early innovator with runtime application self-
protection (RASP) technology.
2014 Gartner Magic Quadrant for Application Security Testing
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
Enterprise software
SAP
Client outcome
• Significantly enhanced the security of SAP
software, with increased number of security
patches since 2010
• Met board requirements for product security
• Protected revenue-generating applications
and customer reputation
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
Transform Big Data
into actionable
security intelligence
Cyber forensics, fix
what matters most first
AnalyzeCollect Prioritize
HP ArcSight, act with laser clarity against
threats that matter
Real-time correlation of
data across devices to
find threats
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
HP ArcSight named leader in Gartner SIEM MQ
2013
• HP ArcSight named a leader in
the Gartner Magic Quadrant for
Security Information and Event
Management (SIEM), 10 years in
a row.
• The most visionary product in
the Gartner SIEM MQ
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23
VodafoneTelecommunications
―We receive 550 million events per
week from our security systems.
Due to the aggregation and
correlation capabilities of HP
ArcSight ESM, those events are
reduced to about 50,000
prioritized events. That’s an
efficiency factor of 1 to 11,000!‖
— Manfred Troeder, Head of Global Security
Operations Center
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Confidential, © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Encrypt and protect keys
and data in public, hybrid,
and private clouds
Embed security at the
point of creation for
sensitive enterprise data
Cloud and Data
Security
Information
Protection &
Control
HP Atalla helps you secure your sensitive
information
Secure payments and
transacting systems
Payments
security
HP Confidential, © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
―As the largest processor of Visa debit transactions
globally, Visa Debit Processing Services is
responsible for securing more than 23 billion debit
transactions in the U.S. and prepaid transactions in
the U.S. and Canada on an annual basis. HP Atalla
is a critical piece of our enterprise IT portfolio,
delivering innovative security solutions with the
operational excellence, performance and reliability
that helps Visa DPS enable secure access to
business-critical payment processing data.‖
Chris James, Senior Vice President
Product Development, Issuer Processing, Visa Inc.
Visa
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
of breaches
are reported
by a 3rd party94%
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
average time to detect
breach
3days
2014 January February March April May June July August September October November December 2015
24
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
130
%
Since 2009, time to resolve an attack has grown
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31
3
1
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32
Cyber Defense Center (CDC)
Security Operations Center (SOC)
Threat Operations Center (TOC)
Security Defense Center (SDC)
Cyber Security Intelligence
Response Center (C-SIRC)
Threat Management Center (TMC)
Security Intelligence and
Operations Center (SIOC)
Security Intelligence and
Threat Handlers (SITH)
Security Threat and Intelligence Center
(STIC)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.33
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34
SOC Concept of Ops
Technology
Process
Network & System Owners
Incident Handler
Case closed
EscalationPeople
Firewall
Network
ID/PS
Web server
Proxy
ESM server
3
4
5
6
Level 1 Level 2
Engineer
21
Business
7
Intel / Threat
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.35
SOC Common Elements
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36
Drive to higher ROI / Vision
Data
Analysis•Correlate
Technologies
•Analyze Forensic
Evidence
•Create
Automated
Reporting
Near Time
Alerting•Streamline Event
Feeds
•High fidelity
correlation
•Custom Reporting
Log
Management•Centralize Logs
•Retain Data
•Comply with
Regulations
Real Time
Analysis &
Incident
Response•Monitor Events in
Real-time
• CIRT - Integrated
Workflow
•Minimize Response
Time
•Continual tuning
Security
Intelligence
•Analysis in depth
•Hunters as well as
Defenders
•Information Fusion
•Uncovering new
threats
• Advanced Use Cases
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37
SOC Maturity Assessment
0.00
0.50
1.00
1.50
2.00
2.50SOMM Level
Business
PeopleProcess
Tech
Company A
Average
Maturity
AssessmentScore Comments
Business 2.44Mission 1.86
Accountability 1.21
Sponsorship 2.18
Relationship 2.15
Deliverables 3.00
Vendor Engagement 2.67
Facilities 1.27
People 1.82General 1.98
Training 2.61
Certifications 1.58
Experience 2.00
Skill Assessments 0.88
Career Path 1.92
Leadership 1.50
Process 0.63General 2.01
Operational Process 1.67
Analytical Process 0.00
Business Process 0.00
Technology Process 0.00
Technology 2.60Architecture 1.54
Data Collection 3.69
Monitoring 1.50
Correlation 1.37
General 2.13
Overall SOM Level 1.69
Current Phase 1 Phase 2 Phase 3
Timeline 6 mos 1 yr 2 yr
SOMM
Target
1.6 2.0 2.5 3.0
Use Cases Logging Perimeter,
compliance
Insider Threat,
APT
Application
Monitoring
Staffing Ad hoc 4 x L1, 1x
L2
8 x L1, 2x L2 12 x L1, 2x L2, 2x
L3
Coverage 8x5 8x5 12x7 24x7
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.38
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.39
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
93 assessments
69 discrete
SOCs
13 countries
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.40
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2/5 on maturity continuum
24% fail to meet security
requirements
70% fail to meet compliance
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security for the New
Reality
5G SOC
Ph
oto
© S
ch
mid
t P
ete
rso
n M
oto
rsp
ort
s
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42
5G/SOCAcknowledge security threats are driven by human adversaries
Assume compromise
Anti-fragile enterprise – led by intelligence, not vulnerabilities
Interaction with peers; organizations readily share information
Hunt teams search large data sets to find threats and attack patterns
we did not know about previously
Convergence of IT Security and IT Operations tools to facilitate better visibility
Data visualization drives how anomalies are discovered and researched
The SOC must align to the business and demonstrate meaningful value
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43
Get data from all sources
HP ArcSight - #1 real time security correlation
platform
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44
Collection Consolidation Correlation Collaboration
Collection Consolidation Correlation Collaboration
Collection Consolidation Correlation Collaboration
Collection Consolidation Correlation Collaboration
HP ArcSight differentiates on four key
capabilities Collection
• Collect events from any system or application
• Add context for assets, users, and business processes
• Extend to new data types easily
Correlation
• Pattern recognition and anomaly detection to identify modern advanced threats
• Analyze roles, identities, histories and trends to detect business risk violations
• The more you collect, the smarter it gets
Collaboration
• Incorporates application security from HP Fortify
• Integrates reputation data from HP DVLabs
• Cloud Connections Program to get visibility into cloud data in addition to physical
and virtual layers
• Bi-directional integration with HP IT management, Autonomy, Vertica and Hadoop
Consolidation
• Universal Log Management of any data to support IT
operations, security, compliance and application development
• Search + report on years’ of data to investigate outages and incidents quickly and
easily
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP’s industry-leading scale
Monthly security events
2.3billion
HP Secured User Accounts
47mHP Security Professionals
5000+
10 out of 10Top telecoms
9
out
of
10
Major banks
Global Security
Operations
Centers
8 Global SOCPlanned regional SOC
HP managed security customers
900+
All major branchesUS Department of Defense
9 out of 10Top software companies
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you
86% of budget spent on blocking
31% greater ROI
$4,000,000 saved
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.