Többet (mesterséges) ésszel, mint erővel Gépi tanulás az IT-biztonságban
Hargitai Zsolt
Üzletfejlesztési igazgató
YEARS40
COBOL Content Manager
Network Management
Data Protector
Micro Focus TodayBuilt on stability, innovation and delivering for customers over the long term
3
Comprehensive security for the enterprise
ENDPOINTSECURITY
▪ Lifecycle management▪ Patching & containerization▪ Application virtualization▪ Mobile & server management
IDENTITY& ACCESS
▪ Adaptive Identity governance▪ Adaptive access management▪ Adaptive privileged management
APPSECURITY
▪ Static, Dynamic, & Runtime application testing
▪ Application security-as-a-service
DATASECURITY
▪ Data de-identification (encryption/tokenization)
▪ Key management▪ Hardware-based trust assurance▪ Messaging security
ANALYTICS & MACHINE LEARNING
SECURITYOPERATIONS
▪ Real-time detection▪ Workflow automation▪ Open source data ingestion▪ Hunt and investigation
4
SecurityVoltage
Fortify
NetIQ
ZENworks
ArcSight &Sentinel
Vertica
Machine learning in cybersecurity
6
7
8
9
10
11
12
13
14
15
16
ArcSight Ecosystem
SECURITY OPEN DATA PLATFORM
SMART/FLEX CONNECTORSInformation collection, enrichment and normalization
MANAGEMENT CENTERSuite management and administration
TRANSFORMATION HUBInformation delivery
LOGGERCompliance, search & reporting
ESMIncident monitoring & management
INVESTIGATEHunting and investigation
UEBAEntity behaviour analytics
CONTENTUnified, actionable & insightful
WEB CONSOLEAccessible monitoring and platform management
DSAD
CIP
LB
TI
17
ArcSight UEBA MissionUse Cases and Customer Requirements
We detect Insider Threats and Outsider Threatswith insider characteristics.
TYPE DESCRIPTION
Account CompromiseUnauthorized account usage by anyone other than the account holder. For example, an outsider who has spearfished an executive in order to obtain and use those credentials to further infiltrate an organization.
Account MisuseUnauthorized account usage by an account holder. For example, a manager in the Finance department who downloads executive salary information for all executives in the company.
Data Staging/ExfiltrationUnauthorized transfer of data from a computer. Such a transfer may be manual and carried out by someone with physical access to a computer or it may be automated and carried out through malicious programming over a network
Infected HostEvidence that a network resource has been compromised and is behaving differently than expected. For example, communicating over unexpected network applications, protocols, etc.
Insider FraudIntentional act of deception involving financial and prescription transactions for purpose of personal gain. This may be performed by professional attackers, organized crime, insiders, or customers. The goal of financial fraud is the illegal acquisition of assets such as money for personal use or profit. Prescription fraud is the illegal acquisition of prescription drugs for personal use or profit.
Internal ReconAttempt to gain information about targeted computers or networks that can be used as a preliminary step toward a further attack seeking to exploit the target system.
Lateral Movement
Unauthorized movement from system to system within an environment. Common lateral movement methods include accessing network shares, using the Windows Task Scheduler to execute programs, using remote access tools such as PsExec, or using remote desktop clients such as Remote Desktop Protocol (RDP), DameWare, or Virtual Network Computing (VNC) to interact with target systems using a graphical user interface.
THREAT COVERAGE
18©2019 Micro Focus
19
SecurityVoltage
Fortify
NetIQ
ZENworks
ArcSight &Sentinel
Vertica
Kahoot.it
20
Thank you.
www.microfocus.com/solutions/security
Top Related