Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

HPE-Security update talk presented in Vienna to partners on 15th April 2016

827 views

Published on

I covered the General Data Protection Regulation(GDPR), HPE-Security's strategy, ArcSight's roadmap and application security

Published in: Technology
  • Login to see the comments

HPE-Security update talk presented in Vienna to partners on 15th April 2016

  1. 1. HPE Security – update session Steve Lamb Head of Security Technology thought leadership, EMEA stephlam@hpe.com @actionlamb
  2. 2. Our focus for the next 60 minutes • What are our customers up against from a security perspective? • General Data Protection Law(GDPR) • Our strategy • Breathing fire into ArcSight’s belly! • Major upgrades to ArcSight • How to beat Splunk & IBM NOW • Discussion of application-security Note: Data-security is covered in other sessions 2
  3. 3. What are our customers up against from a security perspective? 3
  4. 4. The new normal Enterprise IT will continue to transform Regulatory costs and complexity will continue to rise Cyber attacks will increase in sophistication
  5. 5. 53 Research: Top concerns for IT executives Risk associated with more consumption of apps/IT services across public, private & hybrid cloud Source: HP 20:20 CIO Report, 2012 Focus: Security Breach Management Focus: Security Intelligence Focus: Cloud Security Focus: Integrated GRC Lack of skilled resources to effectively manage security Risk associated with more consumption of apps/IT services Data privacy and information breaches
  6. 6. Worldwide security trends & implications Cyber threat 56% of organizations have been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $7.7m average Global cost associated with data breach Cost of protection 8% of total IT budget spent on security Reputation damage 30% market cap reduction due to recent events Source: HP internal data, Forrester Research, Ponemon Institute, Coleman Parkes Research Key Points • Security is a board of directors concern • Security leadership is under immense pressure • Need for greater visibility of business risks and to make sound security investment choices Reactive vs. proactive 60% of enterprises spend more time and money on reactive measures vs. proactive risk mgmt In US $15.4m & UK £4.1m average cost of a data breach.
  7. 7. What IS The General Data Protection Regulation aka GDPR? Slide 1 of 3“…is a Regulation in the making by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) from 1995.” Wikipedia 7
  8. 8. What IS The General Data Protection Regulation aka GDPR? Slide 2 of 3“The scale and severity of fines (Parliament suggests fines of up to €100 million or 5% of annual global turnover, whichever is greater, while the Commission proposes fines of up €1 million or 2% of annual global turnover) for noncompliance with the GDPR, as well as the ensuing reputational damage, present a risk that will reach the board level. Mandatory breach notifications remove any notion of hiding noncompliance. This increased visibility of risk will drive behaviour and, more importantly, budget.” IDC 8
  9. 9. What IS The General Data Protection Regulation aka GDPR? Slide 3 of 3 “The GDPR is remarkably light on the subject of security. Of the 91 articles in the regulation, only three relate to security — two of which cover breach notification. “ IDC - The third article refers to encryption As it currently stands GDPR does not prescribe specific security controls – it’s outcome oriented – don’t get breached, if the worst happens you have to disclose and my face a significant fine. 9
  10. 10. Our Strategy 10
  11. 11. USERS APPS DATA Today’s digital Enterprise needs a new style of protection 11 Off site (cloud/outsourced) Protect your most business-critical digital assets and their interactions, regardless of location device Off site (cloud/outsource d) BIG DATA IaaS SaaS PaaS BYOD On site
  12. 12. Protect your digital enterprise • Design a cyber resilient and compliant environment • Build protection into the fabric of your enterprise Build it In Stop it Now Recover it Fast • Rapidly detect & manage breaches • Monitor critical digital assets regardless of location or device • Execute flawless recoveries • Safeguard continuity with minimal downtime and no damage or loss Prevent Detect & Respond Recover
  13. 13. •Breathing fire into ArcSight’s belly! 13
  14. 14. Forward Looking Statements & Confidentiality This document contains forward looking statements This document contains forward looking statements regarding future operations, product development, product capabilities and availability dates. This information is subject to substantial uncertainties and is subject to change at any time without prior notification. Statements contained in this document concerning these matters only reflect Hewlett Packard Enterprise's predictions and / or expectations as of the date of this document and actual results and future plans of Hewlett-Packard Enterprise may differ significantly as a result of, among other things, changes in product strategy resulting from technological, internal corporate, market and other changes. This is not a commitment to deliver any material, code or functionality and should not be relied upon in making purchasing decisions. This document contains HPE confidential information If you have a valid Confidential Disclosure Agreement with HPE, disclosure of the Roadmap is subject to that CDA. If not, it is subject to the following terms: for a period of 3 years after the date of disclosure, you may use the Roadmap solely for the purpose of evaluating purchase decisions from HPE and use a reasonable standard of care to prevent disclosures. You will not disclose the contents of the Roadmap to any third party unless it becomes publically known, rightfully received by you from a third party without duty of confidentiality, or disclosed with HPE’s prior written approval.
  15. 15. The goal of security operations is to reduce the time to detection and response 15 • Security Operations Centers face an increasing amount of information to process • Effectiveness depends on narrowing the funnel, and accelerating the throughput • Lower false positives and less noise allows analysts to focus on the critical events and IOCs # logs & events increases exponentially Alerts identified Increase speed to detection Speed up investigation Logs & Events Alert s Incidents Investigatio n Hunt IOCs Cloud Users Network Endpoint s Servers & Workloa ds Apps IoT
  16. 16. As SOCs mature, there are 3 distinct use cases that drive detection and response 16 • Processing increasing number of events • Real-time correlation against IOCs • Reduced number of false positives Real-time Monitoring • Ability to custom query across environment and timeframes • Construct blast zone analysis and remediate Investigation • Hunt for unknown threats with deep analytics and machine learning • Identify new IOCs to improve monitoring Hunt Increasinglevelofmaturity Logs & Events Alert s Incidents Investigati on Real-time Correlation Engine Intelligence Feeds (Threat Central, others) Correlation Database Data Lake Hunt Team Security Analysts Level 1 Security Analysts Level 2 Analytics drive hunt for unknown threats Investigation Queries IOCs SOC Workflow IOCs
  17. 17. Reduced response times and increased productivity requires tuning the technology to the environment: a real example 17 • Do it right the first time to avoid rework and inefficiencies • Continually measure and improve by eliminating repetitive work through intelligent analysis and empowered staff • Focus on what’s important by minimizing noise • Maximize your investment and improve ROI across all SOC technologies
  18. 18. ArcSight is custom built for security operations. 18 Correlation with Context Out of the box tailoring for your environment Updated analytics architecture for investigation & hunt 1 2 3 • ArcSight maintains contextual information, allowing for real-time correlation and prioritization. • Reduces time to detection with efficient processing. • Improves Analytical function with normalized and enriched data, speeding investigation and hunt • Highly configurable, with hundreds of connectors, built-in filters and templates to quickly tailor to your environment and workflow. • Tailoring identifies specific IOCs an analyst needs to look at, reducing false positives. • New event broker architecture feeds virtual data warehouse along with correlation engine • Advanced querying and analytics on big data architecture • UI design that exposes multiple apps including analytics workbench tied together with workflow and reporting(Coming soon)
  19. 19. Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 19 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 1
  20. 20. Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 20 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 2 2 2 2
  21. 21. Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 21 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer Phase 3 : Scale Out ESM • ESM Scale Out • New User Interface v2 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 3 2 2 2 3 23
  22. 22. Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 22 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer Phase 3 : Scale Out ESM • ESM Scale Out • New User Interface v2 Phase 4 : Hunt • Hunt use case • New User Interface v3 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 3 2 2 2 3 4 4 23 Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics
  23. 23. Discussion of Application Security 23
  24. 24. Here’s the problem… • Only 6% of Information Security budgets go on application security! • > 70% still goes on network security!!! 24 • 84% of breaches are due to application vulnerabilities • Typical developers are not measured on security • The security perimeter of your organisation is really IN YOUR POCKET
  25. 25. 25
  26. 26. We convince & pay the developer to fix it 4 We are breached or pay someone to tell us our code is insecure 3 Today’s approach > expensive, reactive IT deploys the insecure software 2 Somebody builds insecure software 1
  27. 27. 30X 15X 10X 5X 2X Why it doesn’t work 30x more costly to secure in production –After an application is released into Production, it costs 30x more than during design. Cost Source: NIST ProductionSystem testing Integration/ component testing CodingRequirements
  28. 28. Software Security Assessment Automatically detect vulnerabilities in existing code 1 Software Security Assurance Detect vulnerabilities AS CODE IS written! 2 OPEN SOURCEOUTSOURCED COMMERCIALIN-HOUSE Runtime Application Self-Protection Monitor and protect software running in Production 3 IMPROVE Software Development Life Cycle(SDLC) POLICIES The right approach > systematic, proactive This is Software Security Assurance Performance Metric Improvement Vulnerabilities per application From 100s to 10s Average time to fix a vulnerability From 1 to 2 weeks to 1 to 2 hours Percentage of repeat vulnerabilities From 80% to 0% Compliance and penetration testing effort From ~$500k to ~$250k Time-to-market delays due to vulnerabilities From 4+ incidents (30 days each) per year to none) Mainstay ROI Research 2013 – Does Application Security Pay?
  29. 29. 293 Transform to a hybrid infrastructure Enable workplace productivity Empower the data-driven organization Protect your digital enterprise Proactively protect the interactions between users, applications and data across any location or device. HPE-Security Solutions at-a-glance • HPE Fortify Software Security Assurance • HPE Data Security Continuous data protection • HPE Threat Central Cyber threat intelligence • HPE Adallom Accelerating cloud adoption while enabling security governance • HPE Incident Response and Breach Recovery • HPE ArcSight Threat monitoring, analytics & response • HPE User Behavior Analytics – mitigating insider threats • HPE DNS Malware Analytics – detecting breaches before damage occurs • HPE Aruba ClearPass Ensuring trusted connectivity • HPE Managed Services – instant experts to help you achieve time to value
  30. 30. Together with our partners HPE Security have World Class information services and technologies to enable our customers to protect their digital assets Security Technology Security Consulting Managed Security Services Offerings to strengthen security posture, proactively manage incidents, and extend security capabilities Expertise to help clients understand, manage and reduce business and security risks Help clients disrupt their adversaries
  31. 31. More information… 2015 Cyber Risk Report and Executive Summary: http://www8.hp.com/us/en/software-solutions/cyber-risk-report-security- vulnerability Ponemon Institute Cost of Cyber Crime Study: http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security- report/ HP Security Research: hp.com/go/HPSR and hp.com/go/hpsrblog HP Enterprise Security: hp.com/go/SIRM
  32. 32. Thank you Email: stephlam@hpe.com Twitter: @actionlamb

×