SlideShare a Scribd company logo

Hp cyber defence center

at MicroFocus Italy ❖✔
at MicroFocus Italy ❖✔

The HP Cyber Defense Center (CDC) offers world-class capabilities in operations, engineering, intelligence, and incident management for all of HP. The CDC deployed much of the HP ArcSight product family and integrated data feeds from approximately 600 HP TippingPoint Intrusion Prevention System (IPS) platforms, and performs complex analytics on massive quantities of web and syslog data with the HP Vertica Analytics Platform for advanced analytics and alerting. This real-world testing ground not only protects the HP global IT infrastructure, but also provides a framework to help HP customers stay steps ahead of cyber attacks and seamlessly conduct business.

Software
1 of 6
Download to read offline
“The CDC has already detected and deflected thousands of potential attacks in just less than a year. Our cyber security program provides accurate security data to help management make fact-based decisions while helping us continue to implement a predictive security strategy.” –Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP The HP Cyber Defense Center (CDC) offers world-class capabilities in operations, engineering, intelligence, and incident management for all of HP. The CDC deployed much of the HP ArcSight product family and integrated data feeds from approximately 600 HP TippingPoint Intrusion Prevention System (IPS) platforms, and performs complex analytics on massive quantities of web and syslog data with the HP Vertica Analytics Platform for advanced analytics and alerting. This real-world testing ground not only protects the HP global IT infrastructure, but also provides a framework to help HP customers stay steps ahead of cyber attacks and seamlessly conduct business. Case study HP Cyber Defense Center safeguards global resources every minute, every day Global security operations center serves as largest showcase deployment of HP security technologies and operational excellence Industry Technology Objective Protect worldwide enterprise resources while serving as an operational best-practices model for innovation in enterprise security Approach • Deploy HP ArcSight products and integrate data feeds from the HP TippingPoint Intrusion Prevention System and third-party sources • Analyze big data sources to conduct advanced analytics and alerting with the HP Vertica Analytics Platform IT matters • ArcSight products monitor about one billion events per day, reducing the event flow to a volume that can be managed by a handful of analysts— something that would take an army of over 30,000 analysts to perform manually. • Events are correlated from about 600 TippingPoint IPS platforms and dozens of other sources to proactively detect threats. TippingPoint IPS actively detects and blocks about five million attacks per day. • Vertica Analytics Platform allows the CDC to correlate over two billion records each day, and enables the staff to perform queries 50-1,000 times faster than possible with traditional databases, using a fraction of the hardware. Business matters • HP enterprise data is protected on a global scale for about 330,000 employees with a staff of only 22 security professionals. • The CDC serves as a framework for global enterprise security to keep HP security best practices continuously refreshed and highly effective. • Innovations in CDC security practices are transferred into HP security products and services to keep customers steps ahead of cyber threats.
2 Case study | HP Cyber Defense Center After analyzing over 90 customer security operations centers (SOCs) throughout the world and accumulating the largest dataset of its kind, HP has taken industry best practices and lessons learned and applied them to its own Cyber Defense Center. The CDC demonstrates not only HP’s ability to gain a collective 3D view of the entire enterprise, but it also serves as a showcase for enterprise security innovation, protecting one of the company’s most important assets: data. The CDC, which opened in the fall of 2013, leverages the lessons HP has learned from more than 10 years of security operations implementations. It is already one of the largest SOCs in the world, protecting the HP global IT infrastructure from cyber attacks while providing a forum to showcase HP security expertise to customers and partners. For example, it has protected HP from attack types such as Heartbleed and Shellshock, malwares that could have resulted in extreme vulnerabilities and exploitation if not detected and patched. “At HP, TippingPoint actively detects and blocks about five million attacks per day. Our CDC operates the third-largest TippingPoint IPS installation in the world, and when it detects a serious threat, we sanitize the traffic and actively block those attacks.” - Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP In alignment with the “HP on HP” vision that HP IT should be the company’s foremost showcase, the CDC team has deployed the majority of products within the HP ArcSight product family and integrated data feeds from approximately 600 HP TippingPoint Intrusion Prevention System platforms deployed worldwide. HP also collects logs from web servers and other sources and conducts advanced analytics and alerting with the HP Vertica Analytics Platform. This real-world testing ground allows HP to secure its own IT infrastructure, and it also allows HP to analyze cyber threats while translating insights into future advances in HP security products and consulting services. It represents a major accomplishment in security intelligence at a massive scale, since HP currently has: • 20,000 network devices • 37,000 servers • 330,000 employees • 450,000 managed endpoints Correlating data across dozens of platforms The TippingPoint IPS platform is deployed at HP locations worldwide and managed locally, with the CDC serving as the primary consumer of their intrusion prevention events. TippingPoint IPS delivers in-line, real-time protection by providing proactive network security for HP network traffic and data centers. ArcSight solutions centrally correlate logs from TippingPoint and other sources so the CDC can proactively detect threats. All TippingPoint platforms rely on the HP TippingPoint Threat Digital Vaccine (ThreatDV) subscription service, which delivers a weekly malware filter package to help enterprises secure against the latest advanced threats, prevent and disrupt malware activity, protect sensitive data, and optimize network performance. According to Marcel Hoffmann, senior manager of the HP Cyber Defense Center, “At HP, TippingPoint actively detects and blocks about five million attacks per day. Our CDC operates the third-largest TippingPoint IPS installation in the world, and when it detects a serious threat, we sanitize the traffic and actively block those attacks.”
3 Case study | HP Cyber Defense Center Despite the size of the TippingPoint deployment, the CDC receives relatively few TippingPoint alerts. “We receive high-volumes of alerts from firewalls, but many of them are background noise,” Hoffmann explains. “TippingPoint IPS provides a low-volume, high-fidelity feed of actionable alerts that we actively investigate.” HP ArcSight Enterprise Security Manager (ESM), HP ArcSight Logger, and HP TippingPoint IPS platforms work together to create a powerful, comprehensive cyber defense system. Each element plays a critical role in ensuring the security of HP valuable information assets, which includes enterprise applications, customer information systems, intellectual property assets, and all the critical information resources available on the HP enterprise network. TippingPoint IPS monitors and detects activity on the network, blocks malicious activity at the application layer, and feeds event data to ArcSight ESM. ArcSight Logger categorizes and stores the event information from TippingPoint and other sources. “TippingPoint IPS provides a low-volume, high-fidelity feed of actionable alerts that we actively investigate.” - Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP ArcSight enables monitoring of logs from dozens of platforms from a single console and performs advanced correlation of events from multiple sources. In addition to ingesting log data from TippingPoint IPS platforms, ArcSight also ingests logs from firewalls, Microsoft® Windows® Server Active Directory, HP-UX, VMware, Microsoft.net, and VPNs, network devices and switches, web proxies, open source solutions, and databases. “We’re able to capture logs from most of the sources using ArcSight’s out-of-the-box connectors, and we use the HP FlexConnector framework to build collection logic and contextualize logs for any others,” says Jorge Alzati, senior manager of ArcSight Engineering Production Management. An enterprise the size of HP receives probes for vulnerabilities and attempts to exploit vulnerabilities hundreds of times per second. ArcSight ESM filters and correlates the data gleaned by TippingPoint IPS and the other sources, arming analysts with the robust, high-quality information they need to perform effective security intelligence analysis. Implementation of the HP security products followed the HP Software Professional Services deployment methodology and incorporates high availability, disaster recovery, fault tolerance, and load-balancing properties. Detecting and deflecting attacks An enterprise the size of HP receives probes for vulnerabilities and attempts to exploit vulnerabilities hundreds of times per second. The HP ArcSight solution processes an average of one billion events daily, reducing the event flow to a volume that can be managed by the handful of analysts that are active during each CDC shift. Those analysts further refine the alerts to 15-20 incidents that are referred for follow-up and remediation action. It would take an army of over 30,000 analysts to perform an equivalent function manually. Without ArcSight in place, that analysis would not be performed and those events would be left unexamined, leaving attacks in progress to remain undetected. The ArcSight solution detects patterns of activity, correlates them, and creates alerts based on use-case rules. HP manages an enormous amount of sensitive data that needs to be protected, including data from systems, employees, and customers. ArcSight ESM provides the CDC with a centralized point to conduct all security monitoring. The CDC leverages ArcSight to detect threats in real-time so they can be mitigated quickly, and uses ArcSight to collect and correlate vast amounts of security data, which greatly improves the ability of CDC analysts to pinpoint and thwart genuine threats.
4 Case study | HP Cyber Defense Center “The ArcSight solution provides a single view into the threat landscape and helps us maximize our security resources,” says Hoffmann. “Our analysts’ time and efforts can now be focused on filtered security events that indicate actual threats, instead of sifting through reams of raw data from separate monitoring systems.” “We wrote a use-case rule in ArcSight to detect activity attempting to exploit the Poodle vulnerability. As a result, we blacklisted about 250 IP addresses based on ArcSight alerts.” - Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP The data analysis provided by ArcSight supports faster and more effective mitigation, and presents a strong case to affected-assets owners, which is key for speedy and effective remediations. When an attack is detected, ArcSight helps CDC analysts document the facts and provide the proof needed to effectively engage asset owners and gain their buy-in on a solution. Data feeds are centrally correlated across business units and geographies, providing the CDC with unique visibility into cyber threats. “Large enterprises need the ability to quickly cross-correlate attack data across multiple planes so they can rapidly identify potential threats occurring across the company that individual business units or regions might not recognize,” explains Alzati. Hoffmann adds, “ArcSight offers a highly sophisticated correlation engine, and it enriches the event data to provide faster context analysis. This allows our analysts to work more efficiently and effectively, and enables quicker action to mitigate threats. “ArcSight also allows us to detect reconnaissance activities when attackers are searching for weaknesses in our systems so we can block potential attacks before they occur.” The CDC continuously leverages its experiences to develop use cases to filter the data feeds and sharpen the alerting process. “It’s important to proactively develop use cases to make sure the CDC team receives the proper automated alerts,” Alzati says. “Operations staff reviews reports on a daily basis to ensure that the proper controls and instrumentation are in place, but once they have the right use cases, ArcSight serves as a single pane of glass that helps them make sense of all the log information to understand the security status of the organization.” The combination of the ArcSight ESM and TippingPoint IPS solutions has helped CDC analysts detect and deflect thousands of potential attacks. For example, the CDC proactively prevented attacks from the Padding Oracle On Downgraded Legacy Encryption (Poodle) exploit. According to Hoffmann, “When we first heard about the Poodle vulnerability, we wrote a use-case rule in ArcSight to detect activity attempting to exploit the vulnerability. We blacklisted about 250 IP addresses based on ArcSight alerts resulting from the new rule, potentially blocking attackers from exploiting vulnerabilities.” “ArcSight ESM also allows us to detect reconnaissance activities when attackers are searching for weaknesses in our systems so we can block potential attacks before they occur.” - Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP
5 Within moments of the Shellshock announcement in September 2014, TippingPoint informed CDC analysts that attackers were scanning HP systems looking for vulnerabilities through alerts displayed on ArcSight ESM dashboards. “ArcSight showed us in real-time where the scans were coming from and what they were targeting,” says Hoffmann. “In a short timeframe, we were able to report on HP’s vulnerabilities to Shellshock and drive prioritization of system patches to remediate them.” Big data correlation and analysis Partnering with HP Labs, the CDC implemented domain name server (DNS) logging appliances to collect logs from all six internal DNS clusters, which are then sent to the HP Vertica Analytics Platform for advanced analytics and alerting. The Vertica Analytics platform manages massive amounts of data quickly and reliably, giving the CDC real-time business intelligence for advanced, big data analytics. With Vertica, the CDC is able to perform queries 50−1,000 times faster than possible with traditional databases, using a fraction of the hardware. Unlike traditional relational databases designed for processing business data, Vertica is built from the ground up specifically for complex analytic workloads, and can easily handle the velocity and volume of data that is collected within a SOC. “The CDC needs a big data analytics platform because traditional technology can’t meet the velocity and fast data access demands necessary for swiftly analyzing big data,” says Lin Li, cyber security enterprise architect for HP. “For example, the CDC analyzes log files from over 130 internal web servers. With Vertica, we can store and inject these files as an hourly batch and process them so the CDC team can run the analytics.” The correlated logs from ArcSight are also ingested into Vertica, allowing the CDC to swiftly perform sophisticated big data analysis to mitigate threats and prevent future attacks. “Vertica allows the CDC to correlate over two billion records each day, with log files coming in from a wide variety of formats,” Li explains. “With Vertica, the CDC can normalize and cleanse the data, and correlate it with other reference data. This allows the CDC to put the whole picture together so the team can understand the traffic coming into the HP global network and efficiently secure enterprise resources.” “With the Vertica platform, the CDC analyzes log files from over 130 internal web servers. We can store and inject these files as an hourly batch and process them so the CDC team can run the analytics.” - Lin Li, Cyber Security Enterprise Architect, HP Li continues, “Since Vertica is easy to use and compresses the data very well, it allows the CDC to cost-effectively store data and conduct historical analysis of past events. Most of the detailed queries against over 100 billion log records in Vertica return within one minute. This was impossible under the old architecture because this kind of throughput would simply be impossible with a conventional DBMS of comparable scale. This level of historical analysis enables the CDC to understand whether users may be exposed to previously unknown malware and perform proactive security improvements.” “Most of the detailed queries against over 100 billion log records in the Vertica platform return within one minute.” - Lin Li, Cyber Security Enterprise Architect, HP Case study | HP Cyber Defense Center
Rate this documentShare with colleagues © 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. 4AA5-8767ENW, May 2015 Sign up for updates hp.com/go/getupdated Customer at a glance HP Security Solution • HP ArcSight Enterprise Security Manager • HP ArcSight Logger • HP TippingPoint Intrusion Prevention System • HP TippingPoint Threat Digital Vaccine • HP Vertica Analytics Platform Preparing for the future The CDC is in the first of a three-phased implementation strategy. The initial phase has focused on securing the perimeter by leveraging threat intelligence and reducing the attack surface. Phase 2 will concentrate on securing the application while Phase 3 will secure the business. The CDC’s roadmap calls for complete deployment across the enterprise by 2017, and HP continues to evolve best practices that can be leveraged by other large enterprises. “Start small, don’t try to boil the ocean,” advises Hoffmann. “It’s best to deploy enterprise security in phases, especially for very large enterprises with multiple divisions. Prior to deployment, identify the most critical assets, train your people on the products, and develop mature remediation processes.” “Large enterprises need the ability to quickly cross- correlate attack data across multiple planes so they can rapidly identify potential threats occurring across the company that individual business units or regions might not recognize.” - Jorge Alzati, Senior Manager of ArcSight Engineering Production Management, HP The CDC is also planning for emerging security threats to ensure it is well prepared to address these future challenges—today. With a focus on continuous improvement, the CDC continues to evolve while serving as a real-world testing ground for HP products and services and a framework for operating an agile SOC with a relatively small staff of only 22 security professionals. By operating one of the largest SOCs in the world, HP is learning to extract even more value from each security dollar so that it can be passed onto HP customers. Learn more at hpenterprisesecurity.com Case study | HP Cyber Defense Center

Recommended

Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Bper services Case Study Application Delivery Management
Bper services Case Study Application Delivery ManagementBper services Case Study Application Delivery Management
Bper services Case Study Application Delivery Managementat MicroFocus Italy ❖✔
 
Configuration Management in a Multi-Cloud Era
Configuration Management in a Multi-Cloud EraConfiguration Management in a Multi-Cloud Era
Configuration Management in a Multi-Cloud Eraat MicroFocus Italy ❖✔
 
Crittografia end to-end basata sui dati come volano della app economy
Crittografia end to-end basata sui dati come volano della app economyCrittografia end to-end basata sui dati come volano della app economy
Crittografia end to-end basata sui dati come volano della app economyat MicroFocus Italy ❖✔
 
Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationat MicroFocus Italy ❖✔
 
HPE Security – Data Security HPE Voltage SecureMail
HPE Security – Data Security HPE Voltage SecureMailHPE Security – Data Security HPE Voltage SecureMail
HPE Security – Data Security HPE Voltage SecureMailat MicroFocus Italy ❖✔
 
Chationary
ChationaryChationary
Chationaryat MicroFocus Italy ❖✔
 
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...at MicroFocus Italy ❖✔
 

Recommended

Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Bper services Case Study Application Delivery Management
Bper services Case Study Application Delivery ManagementBper services Case Study Application Delivery Management
Bper services Case Study Application Delivery Managementat MicroFocus Italy ❖✔
 
Configuration Management in a Multi-Cloud Era
Configuration Management in a Multi-Cloud EraConfiguration Management in a Multi-Cloud Era
Configuration Management in a Multi-Cloud Eraat MicroFocus Italy ❖✔
 
Crittografia end to-end basata sui dati come volano della app economy
Crittografia end to-end basata sui dati come volano della app economyCrittografia end to-end basata sui dati come volano della app economy
Crittografia end to-end basata sui dati come volano della app economyat MicroFocus Italy ❖✔
 
Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationat MicroFocus Italy ❖✔
 
HPE Security – Data Security HPE Voltage SecureMail
HPE Security – Data Security HPE Voltage SecureMailHPE Security – Data Security HPE Voltage SecureMail
HPE Security – Data Security HPE Voltage SecureMailat MicroFocus Italy ❖✔
 
Chationary
ChationaryChationary
Chationaryat MicroFocus Italy ❖✔
 
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...
The Best Articles of 2016 DEVELOPING AND CONNECTING CYBERSECURITY LEADERS GLO...at MicroFocus Italy ❖✔
 
Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentat MicroFocus Italy ❖✔
 
HPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 DecemberHPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 Decemberat MicroFocus Italy ❖✔
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 
Format preserving encryption bachelor thesis
Format preserving encryption bachelor thesisFormat preserving encryption bachelor thesis
Format preserving encryption bachelor thesisat MicroFocus Italy ❖✔
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
 
Mobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectationsMobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectationsat MicroFocus Italy ❖✔
 
Privacy e recupero crediti il vademecum
Privacy e recupero crediti il vademecumPrivacy e recupero crediti il vademecum
Privacy e recupero crediti il vademecumat MicroFocus Italy ❖✔
 
Threat report 2015_v1
Threat report 2015_v1Threat report 2015_v1
Threat report 2015_v1at MicroFocus Italy ❖✔
 
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegatiSicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegatiat MicroFocus Italy ❖✔
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTat MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsat MicroFocus Italy ❖✔
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 securityat MicroFocus Italy ❖✔
 
Hpe security research cyber risk report 2016
Hpe security research cyber risk report 2016Hpe security research cyber risk report 2016
Hpe security research cyber risk report 2016at MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsat MicroFocus Italy ❖✔
 
A data-centric program
A data-centric program A data-centric program
A data-centric program at MicroFocus Italy ❖✔
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Soluzioni per proteggere i dati nel cloud
Soluzioni per proteggere i dati nel cloudSoluzioni per proteggere i dati nel cloud
Soluzioni per proteggere i dati nel cloudat MicroFocus Italy ❖✔
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageat MicroFocus Italy ❖✔
 
Hp secure file
Hp secure fileHp secure file
Hp secure fileat MicroFocus Italy ❖✔
 
Hp Secure Mail
Hp Secure MailHp Secure Mail
Hp Secure Mailat MicroFocus Italy ❖✔
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 

More Related Content

More from at MicroFocus Italy ❖✔

Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentat MicroFocus Italy ❖✔
 
HPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 DecemberHPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 Decemberat MicroFocus Italy ❖✔
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
 
Mobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectationsMobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectationsat MicroFocus Italy ❖✔
 
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegatiSicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegatiat MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsat MicroFocus Italy ❖✔
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsat MicroFocus Italy ❖✔
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageat MicroFocus Italy ❖✔
 

More from at MicroFocus Italy ❖✔ (20)

Hpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessmentHpe secure data-payments-pci-dss-control-applicability-assessment
Hpe secure data-payments-pci-dss-control-applicability-assessment
 
HPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 DecemberHPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 December
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
 
Format preserving encryption bachelor thesis
Format preserving encryption bachelor thesisFormat preserving encryption bachelor thesis
Format preserving encryption bachelor thesis
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hacking
 
Mobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectationsMobile app user_survey_failing_meet_user_expectations
Mobile app user_survey_failing_meet_user_expectations
 
Privacy e recupero crediti il vademecum
Privacy e recupero crediti il vademecumPrivacy e recupero crediti il vademecum
Privacy e recupero crediti il vademecum
 
Threat report 2015_v1
Threat report 2015_v1Threat report 2015_v1
Threat report 2015_v1
 
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegatiSicurezza end-to-end-per-la-posta-e-documenti-allegati
Sicurezza end-to-end-per-la-posta-e-documenti-allegati
 
PCI COMPLIANCE REPORT
PCI COMPLIANCE REPORTPCI COMPLIANCE REPORT
PCI COMPLIANCE REPORT
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environments
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
Hpe security research cyber risk report 2016
Hpe security research cyber risk report 2016Hpe security research cyber risk report 2016
Hpe security research cyber risk report 2016
 
Protecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environmentsProtecting your data against cyber attacks in big data environments
Protecting your data against cyber attacks in big data environments
 
A data-centric program
A data-centric program A data-centric program
A data-centric program
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Soluzioni per proteggere i dati nel cloud
Soluzioni per proteggere i dati nel cloudSoluzioni per proteggere i dati nel cloud
Soluzioni per proteggere i dati nel cloud
 
HP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantageHP secure mail techincal brief and the ibe advantage
HP secure mail techincal brief and the ibe advantage
 
Hp secure file
Hp secure fileHp secure file
Hp secure file
 
Hp Secure Mail
Hp Secure MailHp Secure Mail
Hp Secure Mail
 

Recently uploaded

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 

Recently uploaded (20)

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 

Hp cyber defence center

  • 1. “The CDC has already detected and deflected thousands of potential attacks in just less than a year. Our cyber security program provides accurate security data to help management make fact-based decisions while helping us continue to implement a predictive security strategy.” –Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP The HP Cyber Defense Center (CDC) offers world-class capabilities in operations, engineering, intelligence, and incident management for all of HP. The CDC deployed much of the HP ArcSight product family and integrated data feeds from approximately 600 HP TippingPoint Intrusion Prevention System (IPS) platforms, and performs complex analytics on massive quantities of web and syslog data with the HP Vertica Analytics Platform for advanced analytics and alerting. This real-world testing ground not only protects the HP global IT infrastructure, but also provides a framework to help HP customers stay steps ahead of cyber attacks and seamlessly conduct business. Case study HP Cyber Defense Center safeguards global resources every minute, every day Global security operations center serves as largest showcase deployment of HP security technologies and operational excellence Industry Technology Objective Protect worldwide enterprise resources while serving as an operational best-practices model for innovation in enterprise security Approach • Deploy HP ArcSight products and integrate data feeds from the HP TippingPoint Intrusion Prevention System and third-party sources • Analyze big data sources to conduct advanced analytics and alerting with the HP Vertica Analytics Platform IT matters • ArcSight products monitor about one billion events per day, reducing the event flow to a volume that can be managed by a handful of analysts— something that would take an army of over 30,000 analysts to perform manually. • Events are correlated from about 600 TippingPoint IPS platforms and dozens of other sources to proactively detect threats. TippingPoint IPS actively detects and blocks about five million attacks per day. • Vertica Analytics Platform allows the CDC to correlate over two billion records each day, and enables the staff to perform queries 50-1,000 times faster than possible with traditional databases, using a fraction of the hardware. Business matters • HP enterprise data is protected on a global scale for about 330,000 employees with a staff of only 22 security professionals. • The CDC serves as a framework for global enterprise security to keep HP security best practices continuously refreshed and highly effective. • Innovations in CDC security practices are transferred into HP security products and services to keep customers steps ahead of cyber threats.
  • 2. 2 Case study | HP Cyber Defense Center After analyzing over 90 customer security operations centers (SOCs) throughout the world and accumulating the largest dataset of its kind, HP has taken industry best practices and lessons learned and applied them to its own Cyber Defense Center. The CDC demonstrates not only HP’s ability to gain a collective 3D view of the entire enterprise, but it also serves as a showcase for enterprise security innovation, protecting one of the company’s most important assets: data. The CDC, which opened in the fall of 2013, leverages the lessons HP has learned from more than 10 years of security operations implementations. It is already one of the largest SOCs in the world, protecting the HP global IT infrastructure from cyber attacks while providing a forum to showcase HP security expertise to customers and partners. For example, it has protected HP from attack types such as Heartbleed and Shellshock, malwares that could have resulted in extreme vulnerabilities and exploitation if not detected and patched. “At HP, TippingPoint actively detects and blocks about five million attacks per day. Our CDC operates the third-largest TippingPoint IPS installation in the world, and when it detects a serious threat, we sanitize the traffic and actively block those attacks.” - Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP In alignment with the “HP on HP” vision that HP IT should be the company’s foremost showcase, the CDC team has deployed the majority of products within the HP ArcSight product family and integrated data feeds from approximately 600 HP TippingPoint Intrusion Prevention System platforms deployed worldwide. HP also collects logs from web servers and other sources and conducts advanced analytics and alerting with the HP Vertica Analytics Platform. This real-world testing ground allows HP to secure its own IT infrastructure, and it also allows HP to analyze cyber threats while translating insights into future advances in HP security products and consulting services. It represents a major accomplishment in security intelligence at a massive scale, since HP currently has: • 20,000 network devices • 37,000 servers • 330,000 employees • 450,000 managed endpoints Correlating data across dozens of platforms The TippingPoint IPS platform is deployed at HP locations worldwide and managed locally, with the CDC serving as the primary consumer of their intrusion prevention events. TippingPoint IPS delivers in-line, real-time protection by providing proactive network security for HP network traffic and data centers. ArcSight solutions centrally correlate logs from TippingPoint and other sources so the CDC can proactively detect threats. All TippingPoint platforms rely on the HP TippingPoint Threat Digital Vaccine (ThreatDV) subscription service, which delivers a weekly malware filter package to help enterprises secure against the latest advanced threats, prevent and disrupt malware activity, protect sensitive data, and optimize network performance. According to Marcel Hoffmann, senior manager of the HP Cyber Defense Center, “At HP, TippingPoint actively detects and blocks about five million attacks per day. Our CDC operates the third-largest TippingPoint IPS installation in the world, and when it detects a serious threat, we sanitize the traffic and actively block those attacks.”
  • 3. 3 Case study | HP Cyber Defense Center Despite the size of the TippingPoint deployment, the CDC receives relatively few TippingPoint alerts. “We receive high-volumes of alerts from firewalls, but many of them are background noise,” Hoffmann explains. “TippingPoint IPS provides a low-volume, high-fidelity feed of actionable alerts that we actively investigate.” HP ArcSight Enterprise Security Manager (ESM), HP ArcSight Logger, and HP TippingPoint IPS platforms work together to create a powerful, comprehensive cyber defense system. Each element plays a critical role in ensuring the security of HP valuable information assets, which includes enterprise applications, customer information systems, intellectual property assets, and all the critical information resources available on the HP enterprise network. TippingPoint IPS monitors and detects activity on the network, blocks malicious activity at the application layer, and feeds event data to ArcSight ESM. ArcSight Logger categorizes and stores the event information from TippingPoint and other sources. “TippingPoint IPS provides a low-volume, high-fidelity feed of actionable alerts that we actively investigate.” - Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP ArcSight enables monitoring of logs from dozens of platforms from a single console and performs advanced correlation of events from multiple sources. In addition to ingesting log data from TippingPoint IPS platforms, ArcSight also ingests logs from firewalls, Microsoft® Windows® Server Active Directory, HP-UX, VMware, Microsoft.net, and VPNs, network devices and switches, web proxies, open source solutions, and databases. “We’re able to capture logs from most of the sources using ArcSight’s out-of-the-box connectors, and we use the HP FlexConnector framework to build collection logic and contextualize logs for any others,” says Jorge Alzati, senior manager of ArcSight Engineering Production Management. An enterprise the size of HP receives probes for vulnerabilities and attempts to exploit vulnerabilities hundreds of times per second. ArcSight ESM filters and correlates the data gleaned by TippingPoint IPS and the other sources, arming analysts with the robust, high-quality information they need to perform effective security intelligence analysis. Implementation of the HP security products followed the HP Software Professional Services deployment methodology and incorporates high availability, disaster recovery, fault tolerance, and load-balancing properties. Detecting and deflecting attacks An enterprise the size of HP receives probes for vulnerabilities and attempts to exploit vulnerabilities hundreds of times per second. The HP ArcSight solution processes an average of one billion events daily, reducing the event flow to a volume that can be managed by the handful of analysts that are active during each CDC shift. Those analysts further refine the alerts to 15-20 incidents that are referred for follow-up and remediation action. It would take an army of over 30,000 analysts to perform an equivalent function manually. Without ArcSight in place, that analysis would not be performed and those events would be left unexamined, leaving attacks in progress to remain undetected. The ArcSight solution detects patterns of activity, correlates them, and creates alerts based on use-case rules. HP manages an enormous amount of sensitive data that needs to be protected, including data from systems, employees, and customers. ArcSight ESM provides the CDC with a centralized point to conduct all security monitoring. The CDC leverages ArcSight to detect threats in real-time so they can be mitigated quickly, and uses ArcSight to collect and correlate vast amounts of security data, which greatly improves the ability of CDC analysts to pinpoint and thwart genuine threats.
  • 4. 4 Case study | HP Cyber Defense Center “The ArcSight solution provides a single view into the threat landscape and helps us maximize our security resources,” says Hoffmann. “Our analysts’ time and efforts can now be focused on filtered security events that indicate actual threats, instead of sifting through reams of raw data from separate monitoring systems.” “We wrote a use-case rule in ArcSight to detect activity attempting to exploit the Poodle vulnerability. As a result, we blacklisted about 250 IP addresses based on ArcSight alerts.” - Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP The data analysis provided by ArcSight supports faster and more effective mitigation, and presents a strong case to affected-assets owners, which is key for speedy and effective remediations. When an attack is detected, ArcSight helps CDC analysts document the facts and provide the proof needed to effectively engage asset owners and gain their buy-in on a solution. Data feeds are centrally correlated across business units and geographies, providing the CDC with unique visibility into cyber threats. “Large enterprises need the ability to quickly cross-correlate attack data across multiple planes so they can rapidly identify potential threats occurring across the company that individual business units or regions might not recognize,” explains Alzati. Hoffmann adds, “ArcSight offers a highly sophisticated correlation engine, and it enriches the event data to provide faster context analysis. This allows our analysts to work more efficiently and effectively, and enables quicker action to mitigate threats. “ArcSight also allows us to detect reconnaissance activities when attackers are searching for weaknesses in our systems so we can block potential attacks before they occur.” The CDC continuously leverages its experiences to develop use cases to filter the data feeds and sharpen the alerting process. “It’s important to proactively develop use cases to make sure the CDC team receives the proper automated alerts,” Alzati says. “Operations staff reviews reports on a daily basis to ensure that the proper controls and instrumentation are in place, but once they have the right use cases, ArcSight serves as a single pane of glass that helps them make sense of all the log information to understand the security status of the organization.” The combination of the ArcSight ESM and TippingPoint IPS solutions has helped CDC analysts detect and deflect thousands of potential attacks. For example, the CDC proactively prevented attacks from the Padding Oracle On Downgraded Legacy Encryption (Poodle) exploit. According to Hoffmann, “When we first heard about the Poodle vulnerability, we wrote a use-case rule in ArcSight to detect activity attempting to exploit the vulnerability. We blacklisted about 250 IP addresses based on ArcSight alerts resulting from the new rule, potentially blocking attackers from exploiting vulnerabilities.” “ArcSight ESM also allows us to detect reconnaissance activities when attackers are searching for weaknesses in our systems so we can block potential attacks before they occur.” - Marcel Hoffmann, Senior Manager, Cyber Defense Center, HP
  • 5. 5 Within moments of the Shellshock announcement in September 2014, TippingPoint informed CDC analysts that attackers were scanning HP systems looking for vulnerabilities through alerts displayed on ArcSight ESM dashboards. “ArcSight showed us in real-time where the scans were coming from and what they were targeting,” says Hoffmann. “In a short timeframe, we were able to report on HP’s vulnerabilities to Shellshock and drive prioritization of system patches to remediate them.” Big data correlation and analysis Partnering with HP Labs, the CDC implemented domain name server (DNS) logging appliances to collect logs from all six internal DNS clusters, which are then sent to the HP Vertica Analytics Platform for advanced analytics and alerting. The Vertica Analytics platform manages massive amounts of data quickly and reliably, giving the CDC real-time business intelligence for advanced, big data analytics. With Vertica, the CDC is able to perform queries 50−1,000 times faster than possible with traditional databases, using a fraction of the hardware. Unlike traditional relational databases designed for processing business data, Vertica is built from the ground up specifically for complex analytic workloads, and can easily handle the velocity and volume of data that is collected within a SOC. “The CDC needs a big data analytics platform because traditional technology can’t meet the velocity and fast data access demands necessary for swiftly analyzing big data,” says Lin Li, cyber security enterprise architect for HP. “For example, the CDC analyzes log files from over 130 internal web servers. With Vertica, we can store and inject these files as an hourly batch and process them so the CDC team can run the analytics.” The correlated logs from ArcSight are also ingested into Vertica, allowing the CDC to swiftly perform sophisticated big data analysis to mitigate threats and prevent future attacks. “Vertica allows the CDC to correlate over two billion records each day, with log files coming in from a wide variety of formats,” Li explains. “With Vertica, the CDC can normalize and cleanse the data, and correlate it with other reference data. This allows the CDC to put the whole picture together so the team can understand the traffic coming into the HP global network and efficiently secure enterprise resources.” “With the Vertica platform, the CDC analyzes log files from over 130 internal web servers. We can store and inject these files as an hourly batch and process them so the CDC team can run the analytics.” - Lin Li, Cyber Security Enterprise Architect, HP Li continues, “Since Vertica is easy to use and compresses the data very well, it allows the CDC to cost-effectively store data and conduct historical analysis of past events. Most of the detailed queries against over 100 billion log records in Vertica return within one minute. This was impossible under the old architecture because this kind of throughput would simply be impossible with a conventional DBMS of comparable scale. This level of historical analysis enables the CDC to understand whether users may be exposed to previously unknown malware and perform proactive security improvements.” “Most of the detailed queries against over 100 billion log records in the Vertica platform return within one minute.” - Lin Li, Cyber Security Enterprise Architect, HP Case study | HP Cyber Defense Center
  • 6. Rate this documentShare with colleagues © 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. 4AA5-8767ENW, May 2015 Sign up for updates hp.com/go/getupdated Customer at a glance HP Security Solution • HP ArcSight Enterprise Security Manager • HP ArcSight Logger • HP TippingPoint Intrusion Prevention System • HP TippingPoint Threat Digital Vaccine • HP Vertica Analytics Platform Preparing for the future The CDC is in the first of a three-phased implementation strategy. The initial phase has focused on securing the perimeter by leveraging threat intelligence and reducing the attack surface. Phase 2 will concentrate on securing the application while Phase 3 will secure the business. The CDC’s roadmap calls for complete deployment across the enterprise by 2017, and HP continues to evolve best practices that can be leveraged by other large enterprises. “Start small, don’t try to boil the ocean,” advises Hoffmann. “It’s best to deploy enterprise security in phases, especially for very large enterprises with multiple divisions. Prior to deployment, identify the most critical assets, train your people on the products, and develop mature remediation processes.” “Large enterprises need the ability to quickly cross- correlate attack data across multiple planes so they can rapidly identify potential threats occurring across the company that individual business units or regions might not recognize.” - Jorge Alzati, Senior Manager of ArcSight Engineering Production Management, HP The CDC is also planning for emerging security threats to ensure it is well prepared to address these future challenges—today. With a focus on continuous improvement, the CDC continues to evolve while serving as a real-world testing ground for HP products and services and a framework for operating an agile SOC with a relatively small staff of only 22 security professionals. By operating one of the largest SOCs in the world, HP is learning to extract even more value from each security dollar so that it can be passed onto HP customers. Learn more at hpenterprisesecurity.com Case study | HP Cyber Defense Center