• Like
Inteligencia en Seguridad y Gestión del Riesgo: ¿lo que no ves puede dañarte? / Security Intelligence and Risk Management. Is it able to hurt you what you can't see?
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Inteligencia en Seguridad y Gestión del Riesgo: ¿lo que no ves puede dañarte? / Security Intelligence and Risk Management. Is it able to hurt you what you can't see?

  • 122 views
Published

Ponencia de Simon Leech, Director de Preventa EMEA para Hewlett-Packkard - Seguridad en la Empresa. …

Ponencia de Simon Leech, Director de Preventa EMEA para Hewlett-Packkard - Seguridad en la Empresa.
Presentation by Simon Leech. Pre-Sales Director EMEA for Hewlett-Packard Enterprise Security.

Curso de Verano / Summer Course CIGTR/URJC 2012

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
122
On SlideShare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. TheValueofSecurityIntelligence Whatyoucan’tsee,canhurtyou Simon Leech CISSP CISM CRISC PreSales Director EMEA, HP Enterprise Security sleech@hp.com
  • 2. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 HP Enterprise SecurityHP Enterprise Security Market leading products and services • Security Information and Event Management • Log Management • Application Security • Network Security • Data Protection • Threat Research • Security Services One Team, One Vision ATALLA
  • 3. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 Global security research • i.e. SANS, CERT, NIST, OSVDB, software & reputation vendors • 1600+ Researchers • 2000+ Customers Ecosystem Partner • Leading security research • Continuously finds more vulnerabilities than the rest of the market combined • Collaborative effort of market leading teams: DV Labs, ArcSight, Fortify, HP Labs, Application Security Center • Collect network and security data from around the globe FSRG Fortify Security Research Group
  • 4. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Disruptive technology trends FUTURE OF SECURITY: PROACTIVE RISK MANAGEMENT COLLABORATIVE OPEN & EXTENDED DEVICES,DATA & INFRASTRUCTURE CLOUD Public, Private, Adoption BIG DATA Content, Context, Unstructured FORTRESS Reactive Perimeter Security CONSUMERIZATION Mobility, Device & Social Media
  • 5. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 The enterprise security problem Breaches continue… even though they have hundreds of security solutions available Siloed security products… don’t learn or share information Limited context… a gap between IT operations and security constrains potential actions No effective way… to understand and prioritize risk
  • 6. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the history of information. Rise Of The Cyber Threat
  • 7. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 …and becoming more costly Ponemon 2nd Annual Cost of Cybercrime Study 2011 Ponemon Institute: Private and Confidential $1,530,568 $2,872,913 $5,167,657 $5,895,065 $7,576,693 $8,389,828 $17,455,124 $36,470,889 $1,037,277 $1,650,976 $3,180,182 $3,788,468 $4,611,172 $6,459,362 $15,567,136 $51,925,510 $- $15,000,000 $30,000,000 $45,000,000 $60,000,000 Minimum value Quartile 1 Quartile 2 Median Quartile 3 Grand mean Quartile 4 Maximum value FY 2010 FY 2011
  • 8. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the history of information. Rise Of The Cyber Threat
  • 9. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 Advanced Persistent Threats Solar Sunrise Moonlight Maze Titan Rain Byzantine Foothold Aurora Exxon US Power Grid Operation Shockwave The Classics The Subversives Night Dragon 1998 1999 2004 2007 2009 2010 2011 RSA Lockheed Martin Stuxxnet 1997 Eligible Receiver
  • 10. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 Advanced Persistent Threats Solar Sunrise Moonlight Maze Titan Rain Byzantine Foothold Aurora Exxon US Power Grid Operation Shockwave The Classics The Subversives Night Dragon 1998 1999 2004 2007 2009 2010 2011 RSA Lockheed Martin Stuxxnet 1997 Eligible Receiver
  • 11. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 Advanced Persistent Threats Solar Sunrise Moonlight Maze Titan Rain Byzantine Foothold Aurora Exxon US Power Grid Operation Shockwave The Classics The Subversives Night Dragon 1998 1999 2004 2007 2009 2010 2011 RSA Lockheed Martin Stuxxnet 1997 Eligible Receiver
  • 12. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 What do these three organisations have in common?
  • 13. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 Modern Breaches Share a Pattern Acquire target, sneak in, hop around (Zero Day? Perimeter won’t always help) Get privileged access to critical assets (Impact takes time) Conduct the crime for an extended time (Early detection matters) “The success or failure of an attack will depend on the attacker’s ability to go undetected”
  • 14. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 The unlucky CISO? 1. At 5pm on Friday evening, a security administrator receives an email from US-CERT notifying him of a critical vulnerability in the database system he manages. It’s home time, he does nothing. 2. Sometime over the weekend, a high ranking user receives an email from an MTA in China. It’s from a known bad IP address, and it triggers an alert, but the IP isn’t rated highly enough to get the email blocked 3. Monday morning at 9am the user opens the email, and double clicks on the attachment that he had been sent. It seems to be a harmless PDF from a colleague, but unknown to him it installs a RAT and sends a hello back to the same IP address that had sent the email 4. A couple of hours later, at 1230pm, the CPU on a server in the application server farm spikes, triggering an alert on the app monitoring dashboard. But after a couple of minutes it goes away, and the server admin ignores it
  • 15. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 The unlucky CISO? 5. At the same time, the database admin notices an increase in activity deviating 10x from the norm at this time of the day. The number of data sets being accessed is also higher than normal, but the database remains up so the admin doesn’t worry 6. Also at 1230pm, the network admin notices a significant increase in the traffic between the app server and the database server, and then out to the Internet (coincidentally to the same IP address that had sent the email and installed the RAT, but no one notices this) 7. Later that day, as part of a weekly vulnerability scan, the security team identify the database server has the newly discovered vulnerability, and create a trouble ticket to get it patched 8. The following morning the security team patch the vulnerability, and a couple of days later a dump of the entire database, including gigs of PII, appears on pastebin…..
  • 16. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Main areas to focus on • Understand the weaknesses that you have inherited • Understand the weaknesses that you have created • (Understand the weaknesses that you can use) • Make your security intelligence work
  • 17. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Understand the weaknesses that you have inherited • You will have vulnerabilities in your third party applications! • But do you have the time to find them? • Is it even your job to find them? Vulnerabilities entered in OSVDB annually
  • 18. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 Understand the weaknesses that you have inherited • You will have vulnerabilities in your third party applications! • But do you have the time to find them? • Is it even your job to find them? • A recent study by Forrester concluded: • Independent and original vulnerability research is important to security organisations • Companies want to leverage relationships with vulnerability researchers in order to make decisions • Quality vulnerability information helps improve security
  • 19. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 Vulnerability Bounty Programs – Good or Bad?
  • 20. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 Vulnerability Bounty Programs – Good or Bad?
  • 21. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21 Understand the weaknesses that you have created • You will have vulnerabilities in your self developed applications! • You need to make the time to find them • You owe it to your customers, and to your own cyber reputation Source: HP DVLabs Threatlinq
  • 22. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22 Understand the weaknesses that you have created • You will have vulnerabilities in your self developed applications! • You need to make the time to find them • You owe it to your customers, and to your own cyber reputation • A recent study by Ponemon Institute showed: • 73% of respondents hacked at least once in the past 2 years • 72% actually test less than 10% of their web applications for security • Investments in awareness around secure software development best practices will help here
  • 23. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 Understand the weaknesses that you can use • Probably outside the realm of most information security policies • But definitely becoming a usable tactic in the art of cyber warfare Articles from Andy Greenberg, Forbes.com
  • 24. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24 Making Your Security Intelligence Work TECHNOLOGY PROCESS Network & System Owners Incident Handler Case closed Escalation PEOPLE Level 1 Level 2 Engineer 1 3 4 2 5 6 • Advanced Persistent Threat (APT) Detection • Compliance Reporting • High-risk User Monitoring • Privacy Breach Detection • Data Leakage Monitoring • Critical Business Transaction Monitoring • Perimeter Security Monitoring • Universal Log Management Risk Management Solution Focus Areas
  • 25. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 Conclusions • There are no good neighborhoods on the Internet – they’re all some kind of bad • Legacy controls will not be able to keep up – but keep security technologies up to date to stay ahead of the changing threat • Vulnerability research is critical to provide insight into potential future cyber attacks – align with security operations and change management • Actionable security intelligence is as important as any security product – and make your risk position a board room topic
  • 26. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26 HP Enterprise Security vision • Must be driven by business priorities • Must “see everything” in the context of business processes and enable fast, efficient resource prioritization • Must deliver standalone and intelligently integrated solutions • Must achieve compliance goals and manage security costs
  • 27. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27 Security Intelligence and Risk Management Platform HP EnterpriseView COMPLIANCE AND POLICY VULNERABILITY MANAGEMENT ASSET PROFILING RISK MANAGEMENT Security Intelligence Network Security Application Security & FSRG Threat Research A Security Intelligence and Risk Management platform
  • 28. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28 HP EnterpriseView: see everything and prioritize response
  • 29. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thankyou sleech@hp.com http://www.hpenterprisesecurity.com/solutions/2011-cyber-security-risk-report