Big Data Security with HP ArcSight

  • 392 views
Uploaded on

Big Data Security with HP ArcSight

Big Data Security with HP ArcSight

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
392
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
32
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • This webinar is designed to understand the type of data and its context that these two groups collect and analyze. In many organizations, security operations work in siloes to IT Operations. As a result, security vulnerabilities have to be handled twice: once by the SOC groups or security teams; and secondly by the IT Operations team who could not initially identify the issue. Consequently, you cannot establish any automation for information sharing or event correlation between security vulnerabilities and performance issues. Let us see how some of these automation challenges can be addressed between security and IT Operations. A good starting point is to understand the tools available to manage the data comprehensively from security, risk, compliance, and operations viewpoint, and integrate them with the existing IT operations
  • The emergence of Enterprise 2.0 with social, mobile, local, and cloud applications within the enterprise have increased IT operational challenges. Other trends such as Bring your own device (BYOD) are adding new dimensions that are challenging for IT Operations due to diversified form, OS, vendors, etc. Your customers and employees are demanding an open platform to facilitate better collaboration. However, your IT operations may not be in position to support Enterprise 2.0 or BYOD due to security challenges or resource constraints. So, how do you align your business requirements and IT resources, while keeping it secure? Cyber-threats have become more sophisticated, persistent, slow, deep, and unpredictable. New research conducted on behalf of HP showed that the volume and complexity of security threats has continued to escalate. More than 50 percent of senior business and technology executives surveyed believe that security breaches within their organizations have increased during the last year.
  • If you look at those trends, they challenge the traditional notions of enterprise security. The traditional approach in IT security was to establish strong perimeters around the network and around a company’s computers that could keep bad guys out and let good guys in, and then setting strict rules about what people allowed access can do.The bad guys are getting better, but as we change our IT environment we’re giving them more surface area from which to launch these attacksThe Data Breach Investigation Report (DBIR) of 2012 conducted by Verizon, states that 98% of the data breaches come from external agents. 97% of those breaches were avoidable through simple controls .In all of these breaches studied, 92% of them were reported by third parties. This is an embarrassment to organizations that did not even detect a breach in their internal IT systems.
  • "You can't secure it if you can't see it,In a world where perimeter security is no longer enough, businesses need this holistic approach to securing their networks, applications and sensitive data.

Transcript

  • 1. Big Data Security Sridhar Karnam Product Marketing Manager HP EnterpriseSecurity.com Hewlett-Packard Company © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. Threat landscape Riskier enterprises + advanced attackers = more attacks New technologies Cloud Virtualizatio n 24 millions Mobile/BYO D Attacks 40 millions 95 millions 101 millions 130 millions Hactivists 2 Anonymou s State funded © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. LulzSec
  • 3. Problem with existing approach Cloud Virtual Too many security solutions Physica l 3 Too much data No integrated intelligence © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1000+ security vendors
  • 4. Big data security challenges • Consolidated view • Centralized approach • Comprehensive log management • Correlation of security events • Network security • Change management • Secure applications • Unified data • Simplify un-structured data • Resource optimization 4 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 5. Consolidated view Single view of security, operations, and IT GRC 5 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 6. Centralized approach Seamless integration of security and IT operation tools – no point solutions SECURITY User Provisioning Identity & Access Mgmt Database Encryption Anti-Virus, Endpoint Firewall, Email Security IT OPERATIONS User Management App Lifecycle Mgmt Information Mgmt Operations Mgmt Network Mgmt 6 See everything Understand context See everything © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Act Proactive risk reduction
  • 7. Comprehensive log management Log management approach to unify collection, search, and reporting of machine data • Collection complete visibility Monitoring & alerting Dashboard • Analyze events in real time to deliver insight Analysis Machine Data IT GRC 7 • IT GRC & Security in a single tool Search Log Collection • Search quickly to simplify IT • Reporting on log data • IT operations through monitoring & alerting © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 8. Unified data Convert all machine data into common format for search, report, and retention Raw machine data Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outside Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Unified data Time (Event Time) name Device Vendor DeviceProduct Category Behavior Category DeviceGroup Category Outcome Category Significance 6/17/2009 12:16:03 Deny Cisco PIX /Access /Firewall /Failure /Informational/ Warning 6/17/2009 14:53:16 Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/ Warning Benefit: Single data for searching, indexing, reporting, and archiving 8 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 9. Simplify un-structured data Simplify searching, reporting, forensics, and correlation through search tool • • • • • 9 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Simplify forensics and investigation through a search tool Easily search and report on historical data Retention of logs as per regulatory compliance Pre-packaged content for security and GRC Feed unified data into event correlation engine
  • 10. How we help our customers 3 days to generate IT GRC report through 8 hours to fix a new IT incident logs Now with HP, search years worth of log data Now with HP, get a consolidated view of IT with annotations in 5 minutes to find resolution GRC, security, and operations in 2 minutes giving 99% improvement giving a 99% improvement 32 weeks to run a IT audit 10 days to investigate and Now with HP, audit ready log data respond to a data breach can be searched within 2 days Now with HP, forensics takes less giving a 99+% improvement than 5 minutes giving a 99+% improvement 3 weeks to fix a threat vulnerability Now with HP, built threat immune and respond to new threats in 2 minutes giving a 99+% improvement 10 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 11. Download HP ArcSight Logger trial software HP.COM/GO/LOGGER • • • • • 11 Free downloadable software Collect up to 750 MB of log data per day Store up to 500 GB of uncompressed logs Access to most enterprise features for a full 12 months Standard HP ArcSight community support (Protect 724) © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 12. hp.com/go/logger © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.