SlideShare a Scribd company logo

Big Data Security with HP ArcSight

Download as PPTX, PDF
Sridhar Karnam
Sridhar Karnam

Big Data Security with HP ArcSight

TechnologyBusiness
1 of 12
Big Data Security Sridhar Karnam Product Marketing Manager HP EnterpriseSecurity.com Hewlett-Packard Company © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Threat landscape Riskier enterprises + advanced attackers = more attacks New technologies Cloud Virtualizatio n 24 millions Mobile/BYO D Attacks 40 millions 95 millions 101 millions 130 millions Hactivists 2 Anonymou s State funded © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. LulzSec
Problem with existing approach Cloud Virtual Too many security solutions Physica l 3 Too much data No integrated intelligence © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1000+ security vendors
Big data security challenges • Consolidated view • Centralized approach • Comprehensive log management • Correlation of security events • Network security • Change management • Secure applications • Unified data • Simplify un-structured data • Resource optimization 4 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Consolidated view Single view of security, operations, and IT GRC 5 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Centralized approach Seamless integration of security and IT operation tools – no point solutions SECURITY User Provisioning Identity & Access Mgmt Database Encryption Anti-Virus, Endpoint Firewall, Email Security IT OPERATIONS User Management App Lifecycle Mgmt Information Mgmt Operations Mgmt Network Mgmt 6 See everything Understand context See everything © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Act Proactive risk reduction
Comprehensive log management Log management approach to unify collection, search, and reporting of machine data • Collection complete visibility Monitoring & alerting Dashboard • Analyze events in real time to deliver insight Analysis Machine Data IT GRC 7 • IT GRC & Security in a single tool Search Log Collection • Search quickly to simplify IT • Reporting on log data • IT operations through monitoring & alerting © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Unified data Convert all machine data into common format for search, report, and retention Raw machine data Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outside Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Unified data Time (Event Time) name Device Vendor DeviceProduct Category Behavior Category DeviceGroup Category Outcome Category Significance 6/17/2009 12:16:03 Deny Cisco PIX /Access /Firewall /Failure /Informational/ Warning 6/17/2009 14:53:16 Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/ Warning Benefit: Single data for searching, indexing, reporting, and archiving 8 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Simplify un-structured data Simplify searching, reporting, forensics, and correlation through search tool • • • • • 9 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Simplify forensics and investigation through a search tool Easily search and report on historical data Retention of logs as per regulatory compliance Pre-packaged content for security and GRC Feed unified data into event correlation engine
How we help our customers 3 days to generate IT GRC report through 8 hours to fix a new IT incident logs Now with HP, search years worth of log data Now with HP, get a consolidated view of IT with annotations in 5 minutes to find resolution GRC, security, and operations in 2 minutes giving 99% improvement giving a 99% improvement 32 weeks to run a IT audit 10 days to investigate and Now with HP, audit ready log data respond to a data breach can be searched within 2 days Now with HP, forensics takes less giving a 99+% improvement than 5 minutes giving a 99+% improvement 3 weeks to fix a threat vulnerability Now with HP, built threat immune and respond to new threats in 2 minutes giving a 99+% improvement 10 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Download HP ArcSight Logger trial software HP.COM/GO/LOGGER • • • • • 11 Free downloadable software Collect up to 750 MB of log data per day Store up to 500 GB of uncompressed logs Access to most enterprise features for a full 12 months Standard HP ArcSight community support (Protect 724) © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
hp.com/go/logger © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Recommended

HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solutionrickkaun
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMAnton Goncharov
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfProtect724v2
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Bryan Borra
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight Mohamed Zohair
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 

Recommended

HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solutionrickkaun
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMAnton Goncharov
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfProtect724v2
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Bryan Borra
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight Mohamed Zohair
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewbrty_ngtglobal
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0Protect724
 
Architecture
ArchitectureArchitecture
ArchitectureShiva Chunduru
 
ArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment GuideArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment GuideProtect724gopi
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolutionStijn Vande Casteele
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMichael Nickle
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforcesreenivas1591
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enoughCloudAccess
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESMPinewood
 
SIEM
SIEMSIEM
SIEMNapier University
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) ArkhipovaOWASP Russia
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Sridhar Karnam
 

More Related Content

What's hot

Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewbrty_ngtglobal
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
 
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0Protect724
 
ArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment GuideArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment GuideProtect724gopi
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Jay Steidle
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMichael Nickle
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enoughCloudAccess
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESMPinewood
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) ArkhipovaOWASP Russia
 

What's hot (20)

Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewb
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
 
Architecture
ArchitectureArchitecture
Architecture
 
ArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment GuideArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment Guide
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation final
 
SIEM evolution
SIEM evolutionSIEM evolution
SIEM evolution
 
Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15Gartner_Critical Capabilities for SIEM 9.21.15
Gartner_Critical Capabilities for SIEM 9.21.15
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM Implementation
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM2012-12-12 Seminar McAfee ESM
2012-12-12 Seminar McAfee ESM
 
SIEM
SIEMSIEM
SIEM
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
 

Similar to Big Data Security with HP ArcSight

Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Sridhar Karnam
 
Building Confidence in Big Data - IBM Smarter Business 2013
Building Confidence in Big Data - IBM Smarter Business 2013 Building Confidence in Big Data - IBM Smarter Business 2013
Building Confidence in Big Data - IBM Smarter Business 2013 IBM Sverige
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityInnoTech
 
Unlocking the Intelligence in Big Data
Unlocking the Intelligence in Big DataUnlocking the Intelligence in Big Data
Unlocking the Intelligence in Big DataIntel IT Center
 
Big Data Monitoring Cockpit
Big Data Monitoring CockpitBig Data Monitoring Cockpit
Big Data Monitoring CockpitStefan Bergstein
 
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Italia
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityTapan Biswas
 
Big data security
Big data securityBig data security
Big data securityCloudBees
 
HPE-Security update talk presented in Vienna to partners on 15th April 2016
HPE-Security update talk presented in Vienna to partners on 15th April 2016HPE-Security update talk presented in Vienna to partners on 15th April 2016
HPE-Security update talk presented in Vienna to partners on 15th April 2016SteveAtHPE
 
Why Infrastructure Matters for Big Data & Analytics
Why Infrastructure Matters for Big Data & AnalyticsWhy Infrastructure Matters for Big Data & Analytics
Why Infrastructure Matters for Big Data & AnalyticsRick Perret
 
Automatizzare il percorso verso il cloud
Automatizzare il percorso verso il cloudAutomatizzare il percorso verso il cloud
Automatizzare il percorso verso il cloudHP Enterprise Italia
 
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, RubrikVMUG IT
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePodGaret Keller
 
Comment déployer une stratégie microsoft en mode appliance
Comment déployer une stratégie microsoft en mode applianceComment déployer une stratégie microsoft en mode appliance
Comment déployer une stratégie microsoft en mode applianceMicrosoft Ideas
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big riskIBM Sverige
 

Similar to Big Data Security with HP ArcSight (20)

Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
 
Building Confidence in Big Data - IBM Smarter Business 2013
Building Confidence in Big Data - IBM Smarter Business 2013 Building Confidence in Big Data - IBM Smarter Business 2013
Building Confidence in Big Data - IBM Smarter Business 2013
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud Security
 
Unlocking the Intelligence in Big Data
Unlocking the Intelligence in Big DataUnlocking the Intelligence in Big Data
Unlocking the Intelligence in Big Data
 
Big Data Monitoring Cockpit
Big Data Monitoring CockpitBig Data Monitoring Cockpit
Big Data Monitoring Cockpit
 
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for you
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Big data security
Big data securityBig data security
Big data security
 
HPE-Security update talk presented in Vienna to partners on 15th April 2016
HPE-Security update talk presented in Vienna to partners on 15th April 2016HPE-Security update talk presented in Vienna to partners on 15th April 2016
HPE-Security update talk presented in Vienna to partners on 15th April 2016
 
Why Infrastructure Matters for Big Data & Analytics
Why Infrastructure Matters for Big Data & AnalyticsWhy Infrastructure Matters for Big Data & Analytics
Why Infrastructure Matters for Big Data & Analytics
 
Automatizzare il percorso verso il cloud
Automatizzare il percorso verso il cloudAutomatizzare il percorso verso il cloud
Automatizzare il percorso verso il cloud
 
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
 
#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod#GDPR Compliance - Data Minimization via ArchivePod
#GDPR Compliance - Data Minimization via ArchivePod
 
Comment déployer une stratégie microsoft en mode appliance
Comment déployer une stratégie microsoft en mode applianceComment déployer une stratégie microsoft en mode appliance
Comment déployer une stratégie microsoft en mode appliance
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 

Recently uploaded

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Big Data Security with HP ArcSight

  • 1. Big Data Security Sridhar Karnam Product Marketing Manager HP EnterpriseSecurity.com Hewlett-Packard Company © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. Threat landscape Riskier enterprises + advanced attackers = more attacks New technologies Cloud Virtualizatio n 24 millions Mobile/BYO D Attacks 40 millions 95 millions 101 millions 130 millions Hactivists 2 Anonymou s State funded © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. LulzSec
  • 3. Problem with existing approach Cloud Virtual Too many security solutions Physica l 3 Too much data No integrated intelligence © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1000+ security vendors
  • 4. Big data security challenges • Consolidated view • Centralized approach • Comprehensive log management • Correlation of security events • Network security • Change management • Secure applications • Unified data • Simplify un-structured data • Resource optimization 4 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 5. Consolidated view Single view of security, operations, and IT GRC 5 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 6. Centralized approach Seamless integration of security and IT operation tools – no point solutions SECURITY User Provisioning Identity & Access Mgmt Database Encryption Anti-Virus, Endpoint Firewall, Email Security IT OPERATIONS User Management App Lifecycle Mgmt Information Mgmt Operations Mgmt Network Mgmt 6 See everything Understand context See everything © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Act Proactive risk reduction
  • 7. Comprehensive log management Log management approach to unify collection, search, and reporting of machine data • Collection complete visibility Monitoring & alerting Dashboard • Analyze events in real time to deliver insight Analysis Machine Data IT GRC 7 • IT GRC & Security in a single tool Search Log Collection • Search quickly to simplify IT • Reporting on log data • IT operations through monitoring & alerting © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 8. Unified data Convert all machine data into common format for search, report, and retention Raw machine data Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outside Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Unified data Time (Event Time) name Device Vendor DeviceProduct Category Behavior Category DeviceGroup Category Outcome Category Significance 6/17/2009 12:16:03 Deny Cisco PIX /Access /Firewall /Failure /Informational/ Warning 6/17/2009 14:53:16 Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/ Warning Benefit: Single data for searching, indexing, reporting, and archiving 8 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 9. Simplify un-structured data Simplify searching, reporting, forensics, and correlation through search tool • • • • • 9 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Simplify forensics and investigation through a search tool Easily search and report on historical data Retention of logs as per regulatory compliance Pre-packaged content for security and GRC Feed unified data into event correlation engine
  • 10. How we help our customers 3 days to generate IT GRC report through 8 hours to fix a new IT incident logs Now with HP, search years worth of log data Now with HP, get a consolidated view of IT with annotations in 5 minutes to find resolution GRC, security, and operations in 2 minutes giving 99% improvement giving a 99% improvement 32 weeks to run a IT audit 10 days to investigate and Now with HP, audit ready log data respond to a data breach can be searched within 2 days Now with HP, forensics takes less giving a 99+% improvement than 5 minutes giving a 99+% improvement 3 weeks to fix a threat vulnerability Now with HP, built threat immune and respond to new threats in 2 minutes giving a 99+% improvement 10 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 11. Download HP ArcSight Logger trial software HP.COM/GO/LOGGER • • • • • 11 Free downloadable software Collect up to 750 MB of log data per day Store up to 500 GB of uncompressed logs Access to most enterprise features for a full 12 months Standard HP ArcSight community support (Protect 724) © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 12. hp.com/go/logger © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Editor's Notes

  1. This webinar is designed to understand the type of data and its context that these two groups collect and analyze. In many organizations, security operations work in siloes to IT Operations. As a result, security vulnerabilities have to be handled twice: once by the SOC groups or security teams; and secondly by the IT Operations team who could not initially identify the issue. Consequently, you cannot establish any automation for information sharing or event correlation between security vulnerabilities and performance issues. Let us see how some of these automation challenges can be addressed between security and IT Operations. A good starting point is to understand the tools available to manage the data comprehensively from security, risk, compliance, and operations viewpoint, and integrate them with the existing IT operations
  2. The emergence of Enterprise 2.0 with social, mobile, local, and cloud applications within the enterprise have increased IT operational challenges. Other trends such as Bring your own device (BYOD) are adding new dimensions that are challenging for IT Operations due to diversified form, OS, vendors, etc. Your customers and employees are demanding an open platform to facilitate better collaboration. However, your IT operations may not be in position to support Enterprise 2.0 or BYOD due to security challenges or resource constraints. So, how do you align your business requirements and IT resources, while keeping it secure? Cyber-threats have become more sophisticated, persistent, slow, deep, and unpredictable. New research conducted on behalf of HP showed that the volume and complexity of security threats has continued to escalate. More than 50 percent of senior business and technology executives surveyed believe that security breaches within their organizations have increased during the last year.
  3. If you look at those trends, they challenge the traditional notions of enterprise security. The traditional approach in IT security was to establish strong perimeters around the network and around a company’s computers that could keep bad guys out and let good guys in, and then setting strict rules about what people allowed access can do.The bad guys are getting better, but as we change our IT environment we’re giving them more surface area from which to launch these attacksThe Data Breach Investigation Report (DBIR) of 2012 conducted by Verizon, states that 98% of the data breaches come from external agents. 97% of those breaches were avoidable through simple controls .In all of these breaches studied, 92% of them were reported by third parties. This is an embarrassment to organizations that did not even detect a breach in their internal IT systems.
  4. "You can't secure it if you can't see it,In a world where perimeter security is no longer enough, businesses need this holistic approach to securing their networks, applications and sensitive data.