Increasing Visibility and Security Across your Network: The HP Arcsight and AcessData CIRT Integrated Solution
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Increasing Visibility and Security Across your Network: The HP Arcsight and AcessData CIRT Integrated Solution

on

  • 773 views

Learn how AccessData has created a cyber security solution (CIRT) that merges Enterprise Forensics, Malware detection, e-discovery, and remediation in a single platform to meet the ever expanding ...

Learn how AccessData has created a cyber security solution (CIRT) that merges Enterprise Forensics, Malware detection, e-discovery, and remediation in a single platform to meet the ever expanding needs of federal customers.

Gain the actionable intelligence required to battle today's most pressing threat; malicious code and cyber breaches.

Statistics

Views

Total Views
773
Views on SlideShare
773
Embed Views
0

Actions

Likes
0
Downloads
33
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • HP AllianceOne Partner of the Year Awards recognize HP business partners’ outstanding accomplishments in the development and delivery of innovative HP-based solutions that raise the standard for business excellence and client satisfaction. Winners are chosen for delivering solutions that drive meaningful business results for shared customers. Together, HP and AccessData demonstrated the ability to help clients respond to and analyze cyber security threats, forensics and e-discovery and to provide a powerful end-to-end solution for incident response and remediation with Access Data’s CIRT solution and HP’s ArcSight SIEM Solution.“It’s an honor to receive such a prestigious award from HP and be named a leader in the field,” said Chad Gailey, VP, Worldwide Channel Sales at AccessData. “Together with HP, we are working to raise the bar in cyber security innovation and fight the war on cyber-attacks by offering solutions that streamline the incident response process and allow for much faster responses by forensics and investigative teams.”"AccessData is recognized as HP AllianceOne Partner of the Year in the Security category for their solutions built on HP technology that help customers respond to and analyze cyber security threats,” said Doug Oathout, vice president, Channel and Alliances, Enterprise Marketing, HP. “AccessData has demonstrated their expertise in this area by developing innovative end-to-end security solutions for its customers, paving the way for more agile business.”
  • Click and call out how the traditional method involves many disparate tools.Click and call out how we’ve rolled them all into a single platform that integrates the critical analysis and enables real-time collaboration across teamsClick, click, click, calling out how CIRT is able to detect threats and data spillage routinely missed by signature-based alerting tools and DLP toolsClick and explain that CIRT also has bidirectional integration with SIEM and SIM platforms, such as ArcSight, to enable automated rapid response.
  • Resource and Bandwidth ThrottlingOn Agent Analysis With ResumptionProxy / Off-network SupportSpeed and Scalability Child Site ServersKFF Whitelist and BlacklistDetailed StatusAgent ManagementPurpose-built and Battle-testedAgent Deployment and UpdatingFIPS and Common Criteria Certified

Increasing Visibility and Security Across your Network: The HP Arcsight and AcessData CIRT Integrated Solution Presentation Transcript

  • 1. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Enterprise Security Innovative Platforms for Advanced Cyber Solutions Rob Roy (esproy@hp.com) Federal Chief Technology Officer http://hp.com/security
  • 2. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 What’s so significant about these numbers? 94 71416
  • 3. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 of breaches are reported by a 3rd party94%
  • 4. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 71% Since 2010, time to resolve an attack has grown average time to detect breach 416 days 2012 January February March April May June July August September October November December 2013 January February March April
  • 5. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 Better Intelligence Utilization
  • 6. Network Security Application Security Security Intelligence HP Enterprise Security Product Pillars ATALLA HP Enterprise Security Products
  • 7. Join us for HP Protect 2013 in DC! https://h30627.www3.hp.com/
  • 8. Introducing
  • 9. Cyber Intelligence & Response Technology (CIRT) Jason Mical Vice President of Cyber Security www.accessdata.com
  • 10. Detection and Response Times are a Joke *Source: 2013 Verizon Data Breach Investigations Report
  • 11. Top 3 Reasons You Struggle to Defend Your Domain 1. Inherently handicapped tools Signature-based tools (IDS, antivirus, etc.) and DLP solutions only catch what you tell them to look for 3. Disparate teams that don’t collaborate with each other Computer forensics, information compliance, malware, network security 2. Juggling several disparate products Network analysis, computer analysis, malware analysis, log analysis…
  • 12. Who Your Focus Should Be… Faster Response and Remediation Detecting Unknown Threats IDS, Antivirus, DLP Miss Automating Incident Response •Two-way communication between SIEM/SIM and IR platform •Ability to customize auto-response tasks Integrated Analysis Reveals whole picture in minutes, not hours, not days… packet capture, hard drive, memory/RAM, malware disassembly Real-Time Collaboration NetSec, Forensics, Malware, IA teams all using single platform Built-in Batch Remediation Eliminating blind spots through integrated visibility into the following through single pane of glass… Network Communications •Whether target machines are logged onto your network or not Host •Disk •Volatile/RAM Malware Disassembly to Extract Functions without Sandbox Removable Media What is uploaded and downloaded
  • 13. 2013 DBIR: Lessons Learned that CIRT Enables Eliminate unnecessary data; keep tabs on what’s left. Without deemphasizing prevention, focus on better and faster detection through a blend of people, processes, and technology Collect, analyze and share incident data to create a rich data source that can drive security program effectiveness. Collect, analyze, and share tactical threat intelligence, especially Indicators of Compromise (IOCs), that can greatly aid defense and detection. Regularly measure things like “number of compromised systems” and “mean time to detection” in networks. Use them to drive security practices. Evaluate the threat landscape to prioritize a treatment strategy. Don’t buy into a “one-size fits all” approach to security.
  • 14. Traditional Model vs Integration/Automation/Collaboration Many Disparate Tools 1 Agent. 1 Database. Real-time Collaboration IDS/IPS/Antivirus DLP FIREWALL Detect threats your prevention and alerting tools miss, even on nodes outside of your network. AUTOMATED RESPONSE Host Network Removable Media Malware Remediation
  • 15. 1 Web Interface Multi-Team Collaboration for Improved Emergency Response Incident Response Team Information Assurance Team Network Security Team Compliance Team Computer Forensics Team Malware Team
  • 16. CIRT Business Value Incident ResponseData Spillage & PII /PCI Reporting Removable Media Monitoring Malware Triage & Analysis Regulatory & Standards Compliance Mitigate Brand & Shareholder Exposure Enterprise Risk Posture CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
  • 17. Optimizing Reactive Operations: SIEM–CIRT Integration Automatically and systematically respond to security incidents leveraging two-way communication between SIEM / SIM and AccessData CIRT. Details: • Easy setup; no lengthy configuration process • SIEM alerts trigger automated incident response operations by CIRT, or… • Manually execute CIRT response/analysis operations from the SIEM interface • Results can be automatically sent to SIEM in CEF (Common Event Format) or stored for future analysis • Full analysis of results can be performed within the SIEM or CIRT interfaces • 11 pre-programmed response templates • Quickly create new response templates or modify existing ones.
  • 18. All Functionality on a Single Agent
  • 19. A Look at the Components… Host Forensics w/ Volatile Data Analysis Data Audit Network & Host-based Packet Capture Removable Media Monitoring Malware Analysis SSL Decryption SIEM / SIM Integration Batch Remediation
  • 20. CIRT Fills Your Cyber Security Gaps CIRT augments your cyber security infrastructure to address the two most prevalent weaknesses plaguing organizations today—response times and detection capabilities. You will be able to perform a broad range of operations that are otherwise not possible, taking a more comprehensive approach to risk mitigation and dramatically reducing the cost of incident response. Detect threats & spillage missed by alerting tools. Automate rapid response. Determine behavior & intent in minutes. Enforce security policies. Synchronize with real-time collaboration. Stop the bleeding fast.
  • 21. Questions Tom Delellis Thomas_Delellis@immixGroup.com 571-405-2947 Rob Roy esproy@hp.com 703-623-7743 Jason Mical jmical@accessdata.com