Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (7)
Similar to Security and Policing event presentation by Steve lamb from hewlett packard enterprise
Similar to Security and Policing event presentation by Steve lamb from hewlett packard enterprise (20)
Recently uploaded
Recently uploaded (20)
Security and Policing event presentation by Steve lamb from hewlett packard enterprise
- 1. Protect your Digital Enterprise Steve Lamb Regional Manager for EMEA, Enterprise Security Products stephlam@hpe.com @actionlamb
- 2. Hewlett Packard Enterprise’s Cyber Risk Report 2016 80%Open source apps w/security feature vulns +153%YoY growth Android threats +14%Increase in use of Open source components The threat landscape 75%Mobile apps w/critical vulns 8/10Exploited vulnerabilities >3 years old 100KBanking Trojans detected
- 3. 84% of breaches are due to application vulnerabilities 3 Only 6% of IT Security budget goes on application security 205 days before breaches are discovered!
- 4. 3 Transform to a hybrid infrastructure Enable workplace productivity Protect your digital enterprise Empower the data-driven organization HPE Transformation Areas
- 5. Protecting the digital enterprise has become an asymmetric problem We are spending more than ever*… …but we are unable to stem the tide of attacks $83bn 8x +$7bn Security Spend in 2016 Additional spend every year +13% Growth in security testing spend +15% Growth in security outsourcing spend * Gartner Forecast Analysis: Information Security, Worldwide, 3Q15 Update 175% 82% health records breached in 2015 vs. 2014 Increase in annual # of data breaches in the US over the past 3 years Annual increase in cost of cyber crime over past 6 years
- 6. The new normal Enterprise IT will continue to transform Regulatory costs and complexity will continue to rise Cyber attacks will increase in sophistication
- 7. Today’s digital Enterprise needs a new style of protection IaaS SaaS PaaS BYOD On Premises Off site Protect what matters most - your users, applications, data and the interactions between them, regardless of location or device Users DataApps critical digital assets Off site BIG DATA
- 8. Protect your digital enterprise • Design a cyber resilient and compliant environment • Build protection into the fabric of your enterprise Build it In Stop it Now Recover it Fast • Rapidly detect & manage breaches • Monitor critical digital assets regardless of location or device • Execute flawless recoveries • Safeguard continuity with minimal downtime and no damage or loss Prevent Detect & Respond Recover
- 9. Texas UK Australia Toronto Virginia Costa Rica Germany Bulgaria Malaysia India 10 managed global SOCs 42 business continuity & recovery centers 200PB data protected managed devices 1.8M lines of code scanned 1.5B incident responders 400+4500+ security professionals Enterprise customers 10k Hewlett Packard Enterprise has unprecedented scale and visibility Global Footprint Unparalleled Visibility
- 10. HPE Security has a comprehensive set of services and technologies to support your security operations build out Security Technology Security Consulting Managed Security Services Offerings to strengthen security posture, proactively manage incidents, and extend security capabilities Expertise to help clients understand, manage and reduce business and security risks HPE and vendor security solutions help clients disrupt their adversaries
- 11. Thank you Email: stephlam@hpe.com Twitter: @actionlamb Slides are here
Editor's Notes
- [Opening if using this as the only or first slide] The annual Cyber Risk Report from HPE Security Research provides organizations with a better understanding of the threat landscape and supplies resources that can aid in minimizing security risk. This year’s report features perspectives drawn from advanced data analysis and takes a focused look at multiple technologies, including open source, mobile, and the Internet of Things Applications are an increasing threat to enterprises, with mobile application vulnerabilities growing rapidly. Approximately 75 percent of the mobile applications scanned in the study exhibited at least one critical or high-severity security vulnerability, compared to 35 percent of non-mobile applications. More than 10,000 new Android threats are discovered daily, reaching a total year-over-year increase of 153 percent. The industry learned nothing about patching in 2015. 8 out of the top 10 exploited vulnerabilities are more than 3 years old; all have been patched by the respective vendors. The monetization of malware is the new focus of attackers. Banking Trojans continued to be problematic despite protection efforts. More than 100,000 of these were detected in 2015. Increasing the attack surface with open source. With the continued trend towards the use of open source components – up 14% in 2015 – new attack vectors are introduced into the digital enterprise. 80% of the open source applications scanned are vulnerable to security feature issues. .
- 4
- Our digital world is radically changing the risk landscape. New threats emerging from hybrid and mobile are dissolving the traditional perimeter, scattering our data everywhere and creating new exposures across the internet of things. The security landscape has never been more active. You read it in the headlines on a daily basis… All of the focus on security is understandable… companies are experiencing attacks more and more… and the cost of those threats are impressive. $7.7M is the average cost of cybercrime per company in 2015 Companies hardest hit experienced $65M in loss. Attacks by malicious insiders are the most costly at $144,542. Attacks are frequent. Organizations experience 1.9 successful attacks per week 48 - Average number of days to resolve incidents: 229% increase in 6 years But interestingly enough, the battle is asymmetrical… (next slide) Background breach stats from the Ponemon study: 7.7M Average cost of cybercrime per company in 2015 Companies hardest hit experienced $65M in loss. Attacks by malicious insiders are the most costly at $144,542. 48 - Average number of days to resolve incidents: 229% increase in 6 years Attacks by malicious insiders take an average of 54 days to resolve. 99 - Number of successful attacks per year per company: 46% increase in 4 years Attacks are frequent. Organizations experience 1.9 successful attacks per week
- Managing risk in today’s digital environment becomes even more critical. Threats are growing exponentially, the bad guys are getting smarter: We live in a world of ever-more-complex security threats. They can be external or internal in nature or they can represent malicious or unintentional actions, but more and more they are a result of cybercriminals that have created an adversary market place that has become more specialized, more efficient and more lucrative. The criminal marketplace has advanced beyond basic capabilities innovating and changing tactics every day. They are getting smarter and more collaborative and highly motivated to gain access to information for profit, politics & corporate espionage. Regulatory pressures: Conflicting regulatory drivers, sovereignty challenges and industry specific issues mean there is no clear path for organizations to achieve regulatory success. Growing stakeholder demands, and increasing public scrutiny mean Security & Risk officers are grappling with ever more complex regulatory issues including compliance regulations, privacy rulings and data protection mandates. Organizations often fall foul of the regulators in the event of a breach, being hit with hefty fines as a result of non- compliance. The Transformation of Enterprise IT is driving innovation and accelerating growth. Today, mobile & hybrid computing are representative of such shifts offering great value, but that create new risks, threats & vulnerabilities to our enterprise. Adopting the new style of IT has distributed our data everywhere creating new exposures and attack surfaces. Therefore, today’s digital enterprise needs a new style of protection.
- Organizations must embrace the opportunities that cloud and mobile bring to increase time to value, enhance customer experiences & improve workforce productivity. Not that long ago organizations deployed security strategies focused on blocking and securing the perimeter, locking down users, access and data. The new style of business has dissolved the perimeter. Your users are interacting with your data & applications in the cloud, on mobile devices & within your network. To protect your digital enterprise you must secure the interactions between your business critical digital assets, securing the free-flow of information throughout your enterprise across your customers, employees, partners & suppliers.
- New Add: In talk track, say flawless recoveries from cyber breaches Hewlett Packard Enterprise advocates an integrated approach to security, one that starts with a comprehensive approach to risk across the enterprise, and builds resilience into your enterprise operating model, mitigating your exposure to risk by continuously evolving your risk management strategy and architecture. Although, we know that everything in an organization can never be completely secure, by focusing on your critical digital assets and the interactions between them and by integrating your security capabilities you can implement the most more proactive and effective pan-enterprise approach to security and risk management, accelerating the speed with which you can implement the latest research into cyber security threats, establishing the best possible preemptive protection. HPE Security advocates 3 core principles to protecting your organization PREVENT – by building it in. Organizations must stop treating security as an after- thought and ensure that security is built into the very fabric of their business. Designing a resilient operating model requires an integrated security architecture that spans users, infrastructure, data, applications and end-to-end processes. By understanding your risk posture and assessing and enhancing your cyber capability maturity - in line with your business priorities - security risk & IT teams can safeguard their operations and ensure they don’t fall foul of compliance, data protection and privacy regulations. Every enterprise needs to becomes a digital enterprise and every digital enterprise needs cyber resilience and must identify their business critical information and assets and focus on protecting them against known and unknown threats. DETECT & RESPOND -To effectively respond to today’s advanced threats organizations must establish and maintain the best possible preemptive protection capabilities. This not only requires monitoring security operations 24*7*365 , but proven success in hunting and shutting down threats before they wreak havoc. The best security organizations today take advantage of integrated powerful analytics tools to ensure rapid detection, like ArcSight, our industry leading SIEM solution, combined with Threat Central, our threat intelligence platform, that together detect known and unknown threats allowing teams to pre-empt the latest threats and respond instantly and effectively at scale to mitigate identified risk. RECOVER- If the worst happens it is paramount you ensure business continuity which today requires the constant availability of your IT environments, critical systems & applications, in the event of a natural disaster, cyber attack or system failure. Organizations must be able to perform flawless system recovery & restoration and ensure users, data and applications experience minimum downtime, no damage or loss
- To wrap up, HPE has the scale and breadth of expertise to protect global enterprise and governments. We help you disrupt your adversaries, we position you to thwart adversary attacks with real-time threat disruption like self-healing security technology based on expert, crowd-sourced security intelligence. We have 5,000 security specialists that will help you understand, manage, and reduce risks through security assessments, security transformation programs and full environment management. Our scale also gives us a unique understanding of your legal and regulatory requirements—so we have the services you need to stay in compliance. And by extending your capabilities through our managed security services, you get ahead of threats and avoid costly non-compliance consequences. In fact, 92% of our clients’ major incidents are resolved within 2 hours of identification with HPE Managed Security Services. Hewlett Packard Enterprise Security is uniquely positioned to help you protect your digital enterprise. We look forward to talking with you soon! Thank you for your time today.
- To help you disrupt your adversaries, we position you to hinder adversary attacks with real-time threat disruption like self-healing security technology based on expert, crowd-sourced security intelligence. This increases your security’s effectiveness and protects data from external and internal theft. To help you understand, manage, and reduce risks, HP security consulting has 5,000 security industry specialists, providing initial security assessments, security transformation programs and full environment management. HP’s scale also gives us a unique understanding of your legal and regulatory requirements—so we always have the services you need to stay in compliance. And by extending your capabilities through our managed security services, you get ahead of threats and avoid costly non-compliance consequences. In fact, 92% of our clients’ major incidents are resolved within 2 hours of identification with HP Managed Security Services.
- Thank you.