Are your Cloud Services Secure and Compliant today?
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Are your Cloud Services Secure and Compliant today?

  • 219 views
Uploaded on

The cyber threat landscape is evolving faster than security teams can manage without dramatically increasing headcount. As IT organizations seek to achieve new levels of IT efficiency and value for......

The cyber threat landscape is evolving faster than security teams can manage without dramatically increasing headcount. As IT organizations seek to achieve new levels of IT efficiency and value for the hybrid cloud, both security and compliance headaches increase in severity as well. See how HP is delivering advanced, data-driven security technologies designed to empower security operations to run more efficiently for the Hybrid Cloud.

Register for this webinar to learn how you can benefit from a new style of IT through the combined wealth of information assimilated from multiple sources to provide you valuable insights that impact your business. In addition you will learn how you can enjoy the use of secure compliant cloud services, that can be consolidated in one view and automated to the click of a button.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
219
On Slideshare
219
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
17
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Are your cloud services secure and compliant? Delivering security through cloud service automation Sridhar Karnam, Sr. Manager, Product Marketing HP Software © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. How much do hackers pay? 2 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. $499 $499 $499 $399 $33 $55 $99 $88 $99
  • 3. Threat landscape Cloud enables large surface area for attackers Cloud Providers Attacks 24 Million Hactivists 3 Anonymo us Infrastructure 40 Million 95 Million State funded © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Consumer s 101 Million 130 Million LulzSec
  • 4. Current solutions are not enough Providers Infrastructur e Consumers 4 Too much data Too many solutions Too perimeter focused © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1000+ Security vendors
  • 5. The result © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 6. 243 days average time to detect breach 2012 January February March April May June July August September October November December 2013 January February March April 6 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 7. Security is a bigger than just an IT problem Security is a board level discussion Cyber threat Data Breach CISO 56% of organizations have 94% of the data breaches Financial loss Reputation damage been the target of a cyber attack were reported by third-parties $8.6M average cost associated with data breach 30% market cap reduction due to recent events Cost of protection Reactive vs. proactive 7 11% of total IT budget spent 97% of data breaches could © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. on security have been avoided
  • 8. 97% 8 of the breaches could be prevented through simple controls such as log management © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 9. Compliance landscape Annual cost of SOX compliance: $1.8M or equivalent cost of roughly 14.4 employees! • • • • • User management Access control/authorization Change management Security operations Differences is mainly in interpretation • Leverage similarities to increase efficiencies and reduce costs • Consistent themes across regulations 9 NIST SAS 70 ISO 27001 NIACAP FISMA FTC SEC • Any similarities in compliance activities? SOX OCC CobiT FERC/NERC ISO 17799 PIPEDA COSO NY Privacy J-SOX US Patriot Act DITSCAP GLBA FFIEC © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. DATA HIPAA ITIL Basel II PCI CA-1386 FDPA
  • 10. 70% similarities between compliance & security User Management Access / Incident Authorization Management SOX FISMA HIPAA PCI NIST CobiT 10 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Security Operations Management Operations
  • 11. Why use multiple tools then? Security Compliance Common Text challenges Cloud services 11 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 12. Who is responsible for cloud security? IaaS PaaS SaaS • Increasing security responsibilities at the information, application & user layers • Reducing visibility into O/S, network, and physical layers User Application Application Information Information SaaS O/S O/S image PaaS • Examples: • IaaS: Amazon EC2 • PaaS: Heroku, Google Apps Application Network IaaS Physical • SaaS: SalesForce.com Consumer responsible 12 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Provider responsible
  • 13. Transform your IT with HP Hybrid Cloud Greater flexibility, simpler operations and more comprehensive end-to-end solutions Management Choice: Open, extensible architecture offers greater flexibility with support for industry standards, open APIs and integration with 3rd party products and services Confidence: Complete management across traditional IT and cloud offers lower cost and simplifies operations Consistency: Comprehensive, end-to-end solution allow you to meet business SLAs with secure, compliant cloud services 13 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 14. Here is how HP ArcSight helps you secure your cloud… © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 15. Comprehensive & continuous monitoring of cloud Competitive advantage in the digital universe Massive amounts of useful data are getting lost % of data that would be potentially useful IF tagged and analyzed 23% 3% 0.5% ¹Source: IDC The Digital Universe in 2020, December 2012 15 % of the Digital Universe that actually is being tagged and analyzed © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. % actually being tagged for Big Data Value (will grow to 33% by 2020)
  • 16. What we do? HP ArcSight Log management and SIEM solution Collect 16 Store © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Analyze
  • 17. What is ArcSight? 4 hours to respond to a breach 10 minutes to fix an IT incident ArcSight enables forensic investigation and a quick response to a data breach that otherwise would take 24 days Full-text searching of any data enables incident resolution that otherwise would take 8 hours 5 minutes to generate IT GRC report ArcSight content generates IT GRC reports that otherwise would take 4 weeks 2 days to fix a threat vulnerability 3 days to run an IT audit ArcSight builds threat immune that otherwise would take 3 weeks Search results yield audit-quality logs that otherwise would take 6 weeks 17 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 18. How do we do it? Feature Benefit Collect Collect logs from any device, any source, and in any format at high speed Enrich Machine data is unified into a single format through normalization and categorization Search ? Simple text-based search tool for logs and events without the need of domain experts Store Correlate 18 Archive years’ worth of unified machine data through high compression ratios Automate the analysis, reporting, and alerting of machine data for IT security, IT operations, and IT GRC © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 19. HP ArcSight & Cloud services deliver Universal log managemen t Advanced persistent threat remediation 19 Compliance & risk management Mobile security Perimeter, data center & network security Data privacy & data loss prevention © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Insider threat mitigation Application & transaction monitoring
  • 20. Deploy Logger within CSA in three simple steps © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 21. Modular packaging designed for cloud Get started quickly with HP Cloud and Automation Ultimate Suite transformation HP Cloud and Automation Ultimate Suite Service lifecycle management Automation and Orchestration Compliance IaaS, PaaS, Sa aS Resource/Capaci ty management Security: Access Mgmt HP Products: HP Cloud Service Automation, HP Server Automation, HP Operations Orchestration, HP Database and Middleware Automation, UCMDB, ArcSight Logger, HP SiteScope Application Perf. Mgmt DevOps Backup HP Business Service Mgmt HP Continuous Delivery Auto. Asset Management Application Security Help Desk HP Asset Manager HP Fortify Service Performance Mgmt Business Management HP Executive Scorecard Portfolio Management HP Product and Portfolio Mgmt HP Data Protector Network Security HP Tipping Point Add optional features as needed 21 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Note: HP ArcSight Logger’s 6 months trial available through HP Cloud Service Automation Ultimate Suite . Alternatively, download a copy of the HP ArcSight Logger Trial Software from: www.hp.com/go/hplogger
  • 22. Deployment step 1: HP ArcSight Logger Service Design Log into a CSA consumer portal and select HP ArcSight Logger 22 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 23. Deployment step 2: Supply the required information, to complete the request for the subscription 23 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 24. Deployment step 3: Once completed, you can look at the subscription, and access HP ArcSight within HP CSA 24 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 25. managed in-house/legacy custom apps Apps cloud Systems Monitoring 25 Virtual © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Applications Security SIEM log management Cloud security Insider threats Mobile Monitoring Continuous compliance SaaS 350+ CEF partners Big Data IT operations Storage Security Analytics Thank you
  • 26. Additional resources HP Cloud Management: hp.com/go/cloudmanagement HP Cloud Service Automation: hp.com/go/csa HP Software’s premier customer event: hp.com/go/discover HP Software’s Community of IT Professionals: hp.com/go/swcommunity HP Software Education Services: hp.com/software/education HP Software Support Services: hp.com/go/hpswsupport HP Software Professional Services: hp.com/go/hpswprofessionalservices For more information: HPSWebEvents@hp.com 26 © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.