Your SlideShare is downloading. ×
Event Correlation Applications for Utilities
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Event Correlation Applications for Utilities

152
views

Published on

Today, there is a flood of data pouring into Utilities. From AMI data coming into MDM systems to trading system data, to grid management data, this sea of information makes it easy to lose sight of …

Today, there is a flood of data pouring into Utilities. From AMI data coming into MDM systems to trading system data, to grid management data, this sea of information makes it easy to lose sight of threats to the core business. Combining this with the additional threat intelligence information necessary to protect your business and the scope of the data problem can quickly become overwhelming. Learn how utility customers are applying event correlation to their AMI events, threat intelligence feeds, and Customer Service System events to protect against security threats, while improving business operations, and reducing costs. Additionally, learn about the fascinating future plans that utility customers have for event correlation such as:

Pushing physical security event correlation beyond meter tampering and into video camera control and integration
Correlating micro-earthquake data with meter tilt tamper events to eliminate false positive security alerts
Measuring voltages across meters and the associated transformer to identify theft and meter tampering
It’s an exciting time of transformation in the Utilities industry and event correlation can help drive efficiency, visibility, and security in your business.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
152
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Hello, I’m XX of Enterprise Security Services— 
     
    Like most people who work in security, my role has changed a lot over the last few years. Not too long ago, it was all about firewalls and passwords—keeping everyone out. But you and I both know it’s not that simple anymore. Security is now a complex and expanding challenge at your enterprise. In fact, it’s a challenge at every enterprise worldwide.

    My message today is that you must evolve your approach to information security if you want to keep pace with a changing market and constantly growing technology. And, really, it’s not optional.
     
  • So what are the big concerns? If you’re like most of our clients, the challenges fall into three major areas, all of which are hitting the enterprise at once.
     
    First, the criminals are better than us. They’re smart. And they’re a step ahead.
    Security threats can be external or internal in nature or they can represent malicious or unintentional actions. But more and more, they are a result of cybercriminals that have created an adversary market place that has become more specialized, more efficient, and more lucrative.
     
    Second, regulatory pressures are intense.
    Conflicting regulatory drivers, sovereignty challenges and industry specific issues add up to increasingly complex regulatory issues. You have to deal with compliance regulations, privacy rules and data protection. And you must find ways to implement governance, risk and compliance frameworks across their extended enterprise of partners, suppliers and customers.
     
    Third, The New Style of IT means new models to protect.
    Innovations like cloud, bring-your-own-device, and mobility are part of an enterprise’s infrastructure transformation and can drive innovation and growth. But these new models make it harder for your security team to proactively manage an information security and risk strategy because you’re constantly changing the internal security AND reacting to new threats that an open and interactive enterprise can bring.
  • Let’s start with disrupting your adversaries.
     
    In our business, you hear a lot of about internal processes and policies. And, in fact, the standardization of security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary—the cyber-criminals creating new threats every day No framework discussed in committee will be able to evolve as fast as the market, especially the black market. We need to build our response in a way that disrupts the adversary at every step of their process.
     
    The adversary’s ecosystem is very sophisticated.  It starts with building profiles on executives like you—your LinkedIn bio, Facebook posts, the places you’ve been, and things you like to do. It makes the victim an easy “phishing” target because the profiler know things about him or her that not many people should know. They sell the profiles to hackers.
     
    These hackers then breach the company. They might have used a phishing attack and installed malware to break into the network and use your credentials. They may build their own toolkits. They can sell these access points to the highest bidder, who then spends days or weeks figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create a map and sell it to the next person.
     
    Eventually the criminals are able to access critical databases and change the account profile, including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party.  And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.
     
  • My point is that cyber security too often focuses on the specific state-sponsored group, “hacktivist” or cyber criminal. We need to focus on the full black market in which these actors participate. There are market processes for breach, enabling disparate parties to collaborate. As actors specialize in this marketplace, based on skill sets, innovation is extraordinary. This criminal ecosystem is much more efficient at creating, sharing and acting on the security intelligence than the ecosystem that exists to defend our clients. 

    Instead, we need to build capabilities and think about solutions that disrupt that chain at multiple points.

    In the discovery and capture stages, you need the ability to process large data sets in real time and at scale. You have to monitor the data that you have in your organization and be able to know when something unusual is happening. For instance, if it looks like a verified employee starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off.

    Now, what these criminals are looking for is your critical data like intellectual property and customer information. You should know when it is being moved, accessed inappropriately, or sent outside the organization in an email, posted on a Facebook account, or stored on cloud storage. Information can be correlated from all over the enterprise and from data outside the enterprise as well. Cybercriminals are monitoring the black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders.

  • Let’s start with disrupting your adversaries.
     
    In our business, you hear a lot of about internal processes and policies. And, in fact, the standardization of security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary—the cyber-criminals creating new threats every day No framework discussed in committee will be able to evolve as fast as the market, especially the black market. We need to build our response in a way that disrupts the adversary at every step of their process.
     
    The adversary’s ecosystem is very sophisticated.  It starts with building profiles on executives like you—your LinkedIn bio, Facebook posts, the places you’ve been, and things you like to do. It makes the victim an easy “phishing” target because the profiler know things about him or her that not many people should know. They sell the profiles to hackers.
     
    These hackers then breach the company. They might have used a phishing attack and installed malware to break into the network and use your credentials. They may build their own toolkits. They can sell these access points to the highest bidder, who then spends days or weeks figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create a map and sell it to the next person.
     
    Eventually the criminals are able to access critical databases and change the account profile, including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party.  And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.
     
  • Transcript

    • 1. EnergySec 2014 Summit Brandon Dunlap
    • 2. 2 United States Smart Meter Deployments History Source: Utility-Scale Smart Meter Deployments - Innovation Electricity Efficiency Institute of the Edison Foundation - 2013
    • 3. 3 Of the 46M Smart Meters currently deployed in the US... ...three utilities are responsible for nearly a third of installed meters. HP Enterprise Security is a key partner to 2 of these top 3 utilities.
    • 4. 4 Planned Projects Through 2015 US Smart Meter Implementation Map Source: Utility-Scale Smart Meter Deployments - Innovation Electricity Efficiency Institute of the Edison Foundation - 2013
    • 5. 5 ...the beginning of the Internet of Things The Electric Grid is...
    • 6. 6 The Data Deluge A small municipal electric utility in Lakeland, Florida went from collecting 122,000 data points per month prior to their Smart Meter implementation to 90 Million data points per month following implementation… ...a 73,000% increase!
    • 7. 7 “We're entering a new world in which data may be more important than software.” Tim O’Reilly
    • 8. 8 But we are constrained.
    • 9. 9 Do More...With Less
    • 10. 10 “I think frugality drives innovation, just like other constraints do. One of the only ways to get out of a tight box is to invent your way out.” Jeff Bezos
    • 11. 11 What is INNOVATION?
    • 12. 12 December 17, 1903
    • 13. 13 Embrace the constraints Many tools have multiple purposes
    • 14. 14 “Data is not information, information is not knowledge, knowledge is not understanding, understanding is not wisdom.” Clifford Stoll
    • 15. 15 Turn Data Into Information
    • 16. 16 Case Study HP technology is currently used to run a Security Operations Center (SOC) for a very large smart meter implementation. Correlating and tracking events around: • Power outage event correlation • Meter failures and tampering Allowing event-driven integration with internal systems to reduce technician dispatch
    • 17. 17 Using the tools effectively All of this is accomplished with ArcSight: • HP ArcSight Connector Appliance • HP ArcSight Logger • HP ArcSight Enterprise Security Management (ESM)
    • 18. 18 Summary HP’s event correlation capabilities enable utilities to create customized Smart Meter event responses, increasing network visibility and reducing cost.
    • 19. 19
    • 20. 20 Questions?