SlideShare a Scribd company logo

Top 10 tips for effective SOC/NOC collaboration or integration

Download as PPTX, PDF
Sridhar Karnam
Sridhar Karnam

Top 10 tips for effective SOC/NOC collaboration or integration. In 5 years the security operation center and IT operation center will integrate and bring more context to security events and help to search, store, and analyze machine data for operational intelligence

Technology
1 of 26
Top 10 Tips for Achieving Effective Security + Operations Collaboration Sridhar Karnam Amy Feldman Security Product Marketing Operations Product Marketing HP Enterprise Security HP Software © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Agenda • Is SOC/ NOC collaboration a big deal? • Challenges • Top 10 Tips for effective SOC/ NOC collaboration • Summary © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Is SOC/ NOC collaboration a big deal? © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security awareness at board level Organizational and security leadership is under immense pressure CYBER THREAT 56% ORGANIZATIONS SIMPLE CONTROLS 97% OF DATA BREACHES HAVE BEEN THE TARGET OF NATION-STATE CYBER ATTACK COULD HAVE BEEN AVOIDED CISO INCREASING COST PRESSURES 11% OF TOTAL IT BUDGET SPENT ON SECURITY Chief Information Security Officer sits at heart of the enterprise security response © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Threat landscape Riskier enterprises + advanced attackers = more attacks New technologies Cloud Virtualization 24 millions Mobile/BYOD Attacks 40 millions 95 millions 101 millions 130 millions Hactivists Anonymous State funded © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. LulzSec
The IT operations problem Breaches continue… Silo’d products… Limited context… No effective way… even though they have hundreds of security solutions available don’t learn or share information a gap between IT operations and security constrains potential actions to understand and prioritize risk © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
SOC/NOC collaboration Unified data with context from security, operations, service, and risk - Align business with IT - Secure IT Operations - IT GRC, SIEM, ITIL - Optimize resources © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
SOC/NOC collaboration challenges • Centralized approach • Consolidated view • Comprehensive log management • Manual correlation of security threats • 360° secure network defense • Change management without risk • Secure applications • Unified data • Simplify un-structured data • Resource optimization © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Top 10 tips for better SOC/NOC collaboration © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Tip 1: Consolidated view Single view of security, operations, and IT GRC © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Tip 2: Centralized approach Seamless integration of security and IT operation tools – no point solutions SECURITY User Provisioning Identity & Access Mgmt Database Encryption Anti-Virus, Endpoint Firewall, Email Security See everything Understand context IT OPERATIONS User Management App Lifecycle Mgmt Information Mgmt Operations Mgmt Network Mgmt See everything © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Act Proactive risk reduction
Tip 3: Comprehensive log management Log management approach to unify collection, search, and reporting of machine data • Collection complete visibility Monitoring & alerting Dashboard • Analyze events in real time to deliver insight Analysis Machine Data IT GRC • IT GRC & Security in a single tool Search Log Collection • Search quickly to simplify IT • Reporting on log data • IT operations through monitoring & alerting © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Tip 4: Event correlation Cross-correlation of events provide security context and avoids false positives Correlation: • Connect roles, responsibilities, identities, hist ory, and trends to detect business risk violations • Pattern recognition • Anomaly detection • The more you collect, the smarter it gets Software Hardware © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. People Process
Tip 5: 360 secure network defense and management Monitor network activities for malicious activity through IPS and log management Log data IPS data • Dynamic analytics and policy deployment with real time network management data Network Defense System Network events • IPS (Intrusion prevention system) protects your vulnerable applications and data from harmful attacks Plug-nplay • Network events and log analysis to proactively address threats © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Tip 7: Confidently deliver secure applications Develop immunity for threats right through development of applications Automated code testing App runtime testing Manual review Testing of code during development for security vulnerability Security testing of 3rd party or open source applications Security experts 44 4 • Automated testing • Part of SDLC • Test any apps • Threat detection without source code © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. • Manual expert audit • Reduce false positives
Tip 6: Change management without risk Add digital vaccination to prevent against new and zero-day threats APP APP APP • Digital vaccination against threats through IPS • Reputation database of known threats © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. • Advanced security intelligence
Tip 8: Unified data Convert all machine data into common format for search, report, and retention Raw machine data Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outside Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Unified data Time (Event Time) name Device Vendor DeviceProduct Category Behavior Category DeviceGroup Category Outcome Category Significance 6/17/2009 12:16:03 Deny Cisco PIX /Access /Firewall /Failure /Informational/ Warning 6/17/2009 14:53:16 Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/ Warning Benefit: Single data for searching, indexing, reporting, and archiving © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Tip 9: Simplify un-structured data Simplify searching, reporting, forensics, and correlation through search tool • • • • • © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Simplify forensics and investigation through a search tool Easily search and report on historical data Retention of logs as per regulatory compliance Pre-packaged content for security and GRC Feed unified data into event correlation engine
Tip 10: Resource optimization Collaboration enables resource optimization, rotation, and sharing for faster ROI Shared tools Shared Knowledge Shared talent pool • Seamlessly integrated tools • Bi-directional information • Job rotation • Single vendor as opposed to multiple point solutions • Unified and contextual data • Process focused • Efficient operation • Empowered IT practitioners • Enhanced user experience Distribute investment across SOC and NOC to realize faster ROI © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Summary © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How we help our customers (SOC/NOC integration) 3 days to generate IT GRC report through logs Now with HP, get a consolidated view of IT GRC, security, and operations in 2 minutes giving a 99% improvement 32 weeks to run a IT audit Now with HP, audit ready log data can be searched within 2 days giving a 99+% improvement 8 hours to fix a new IT incident Now with HP, search years worth of log data with annotations in 5 minutes to find resolution giving 99% improvement 10 days to investigate and respond to a data breach Now with HP, forensics takes less than 5 minutes giving a 99+% improvement 3 weeks to fix a threat vulnerability Now with HP, built threat immune and respond to new threats in 2 minutes giving a 99+% improvement © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Download HP ArcSight Logger trial software HP.COM/GO/LOGGER • • • • • Free downloadable software Collect up to 750 MB of log data per day Store up to 500 GB of uncompressed logs Access to most enterprise features for a full 12 months Standard HP ArcSight community support (Protect 724) © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP.COM/GO/LOGGER © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Las Vegas (On-Demand…NOW) Frankfurt (4-6 December 2012) Watch recordings of: Join over 10,000 enterprise IT leaders • • • • General Sessions Track Sessions Breakout Sessions Press Conferences • • • • Breakthrough innovations Emerging trends New best practices Key IT and business strategies Dedicated HP Software track sessions, HP and partner exhibits, demos, and keynotes © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Additional resources A recording of today’s event may be viewed in our “Library of On-Demand Events”: www.hp.com/go/it Participate in HP Software’s “Community of IT Professionals”: www.hp.com/go/swcommunity Join HP Software’s “LinkedIn group”: www.hp.com/go/linkedin © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank You! If you have any additional comments or questions, or would like to receive a .pdf copy of today’s presentation, please contact: Scott Armanini Executive Producer, HP Software Web Events Scott.Armanini@HP.com www.hp.com/go/IT © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Recommended

Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Soc
SocSoc
SocMukesh Chaudhari
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 

Recommended

Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Soc
SocSoc
SocMukesh Chaudhari
 
Stay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachStay out of headlines for non compliance or data breach
Stay out of headlines for non compliance or data breachSridhar Karnam
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Building a SOC - hackmiami 2018
Building a SOC - hackmiami 2018Building a SOC - hackmiami 2018
Building a SOC - hackmiami 2018Jose Hernandez
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSightSridhar Karnam
 
Big data security
Big data securityBig data security
Big data securityCloudBees
 

More Related Content

What's hot

Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
Building a SOC - hackmiami 2018
Building a SOC - hackmiami 2018Building a SOC - hackmiami 2018
Building a SOC - hackmiami 2018Jose Hernandez
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Brian Andrzejewski
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 

What's hot (20)

Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
Building a SOC - hackmiami 2018
Building a SOC - hackmiami 2018Building a SOC - hackmiami 2018
Building a SOC - hackmiami 2018
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
Exercise Your SOC: How to run an effective SOC response simulation (BSidesCha...
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced ScorecardHow to Build Your Own Cyber Security Framework using a Balanced Scorecard
How to Build Your Own Cyber Security Framework using a Balanced Scorecard
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 

Similar to Top 10 tips for effective SOC/NOC collaboration or integration

Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSightSridhar Karnam
 
Big data security
Big data securityBig data security
Big data securityCloudBees
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityInnoTech
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Sridhar Karnam
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Italia
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security programCloudBees
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Dark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File AnalysisDark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File AnalysisCraig Adams
 
Primendi Visiooniseminar 2014 - Kuidas lahendada võrgu turvalisus mobiilses k...
Primendi Visiooniseminar 2014 - Kuidas lahendada võrgu turvalisus mobiilses k...Primendi Visiooniseminar 2014 - Kuidas lahendada võrgu turvalisus mobiilses k...
Primendi Visiooniseminar 2014 - Kuidas lahendada võrgu turvalisus mobiilses k...Primend
 
How to Protect Your Oracle Database from Hackers
How to Protect Your Oracle Database from HackersHow to Protect Your Oracle Database from Hackers
How to Protect Your Oracle Database from HackersJeff Kayser
 
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...Prolifics
 
IT Management for the Successful Enterprise
IT Management for the Successful EnterpriseIT Management for the Successful Enterprise
IT Management for the Successful EnterpriseHP Enterprise Italia
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityTapan Biswas
 

Similar to Top 10 tips for effective SOC/NOC collaboration or integration (20)

Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSight
 
Big data security
Big data securityBig data security
Big data security
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud Security
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for you
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security program
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Dark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File AnalysisDark Data Discovery & Governance with File Analysis
Dark Data Discovery & Governance with File Analysis
 
Primendi Visiooniseminar 2014 - Kuidas lahendada võrgu turvalisus mobiilses k...
Primendi Visiooniseminar 2014 - Kuidas lahendada võrgu turvalisus mobiilses k...Primendi Visiooniseminar 2014 - Kuidas lahendada võrgu turvalisus mobiilses k...
Primendi Visiooniseminar 2014 - Kuidas lahendada võrgu turvalisus mobiilses k...
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
How to Protect Your Oracle Database from Hackers
How to Protect Your Oracle Database from HackersHow to Protect Your Oracle Database from Hackers
How to Protect Your Oracle Database from Hackers
 
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
The Power of 3 - IBM PureApplications, SoftLayer and General Operational Eff...
 
IT Management for the Successful Enterprise
IT Management for the Successful EnterpriseIT Management for the Successful Enterprise
IT Management for the Successful Enterprise
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Top 10 tips for effective SOC/NOC collaboration or integration

  • 1. Top 10 Tips for Achieving Effective Security + Operations Collaboration Sridhar Karnam Amy Feldman Security Product Marketing Operations Product Marketing HP Enterprise Security HP Software © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 2. Agenda • Is SOC/ NOC collaboration a big deal? • Challenges • Top 10 Tips for effective SOC/ NOC collaboration • Summary © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 3. Is SOC/ NOC collaboration a big deal? © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 4. Security awareness at board level Organizational and security leadership is under immense pressure CYBER THREAT 56% ORGANIZATIONS SIMPLE CONTROLS 97% OF DATA BREACHES HAVE BEEN THE TARGET OF NATION-STATE CYBER ATTACK COULD HAVE BEEN AVOIDED CISO INCREASING COST PRESSURES 11% OF TOTAL IT BUDGET SPENT ON SECURITY Chief Information Security Officer sits at heart of the enterprise security response © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 5. Threat landscape Riskier enterprises + advanced attackers = more attacks New technologies Cloud Virtualization 24 millions Mobile/BYOD Attacks 40 millions 95 millions 101 millions 130 millions Hactivists Anonymous State funded © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. LulzSec
  • 6. The IT operations problem Breaches continue… Silo’d products… Limited context… No effective way… even though they have hundreds of security solutions available don’t learn or share information a gap between IT operations and security constrains potential actions to understand and prioritize risk © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 7. SOC/NOC collaboration Unified data with context from security, operations, service, and risk - Align business with IT - Secure IT Operations - IT GRC, SIEM, ITIL - Optimize resources © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 8. SOC/NOC collaboration challenges • Centralized approach • Consolidated view • Comprehensive log management • Manual correlation of security threats • 360° secure network defense • Change management without risk • Secure applications • Unified data • Simplify un-structured data • Resource optimization © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 9. Top 10 tips for better SOC/NOC collaboration © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 10. Tip 1: Consolidated view Single view of security, operations, and IT GRC © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 11. Tip 2: Centralized approach Seamless integration of security and IT operation tools – no point solutions SECURITY User Provisioning Identity & Access Mgmt Database Encryption Anti-Virus, Endpoint Firewall, Email Security See everything Understand context IT OPERATIONS User Management App Lifecycle Mgmt Information Mgmt Operations Mgmt Network Mgmt See everything © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Act Proactive risk reduction
  • 12. Tip 3: Comprehensive log management Log management approach to unify collection, search, and reporting of machine data • Collection complete visibility Monitoring & alerting Dashboard • Analyze events in real time to deliver insight Analysis Machine Data IT GRC • IT GRC & Security in a single tool Search Log Collection • Search quickly to simplify IT • Reporting on log data • IT operations through monitoring & alerting © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 13. Tip 4: Event correlation Cross-correlation of events provide security context and avoids false positives Correlation: • Connect roles, responsibilities, identities, hist ory, and trends to detect business risk violations • Pattern recognition • Anomaly detection • The more you collect, the smarter it gets Software Hardware © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. People Process
  • 14. Tip 5: 360 secure network defense and management Monitor network activities for malicious activity through IPS and log management Log data IPS data • Dynamic analytics and policy deployment with real time network management data Network Defense System Network events • IPS (Intrusion prevention system) protects your vulnerable applications and data from harmful attacks Plug-nplay • Network events and log analysis to proactively address threats © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 15. Tip 7: Confidently deliver secure applications Develop immunity for threats right through development of applications Automated code testing App runtime testing Manual review Testing of code during development for security vulnerability Security testing of 3rd party or open source applications Security experts 44 4 • Automated testing • Part of SDLC • Test any apps • Threat detection without source code © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. • Manual expert audit • Reduce false positives
  • 16. Tip 6: Change management without risk Add digital vaccination to prevent against new and zero-day threats APP APP APP • Digital vaccination against threats through IPS • Reputation database of known threats © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. • Advanced security intelligence
  • 17. Tip 8: Unified data Convert all machine data into common format for search, report, and retention Raw machine data Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outside Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49 Unified data Time (Event Time) name Device Vendor DeviceProduct Category Behavior Category DeviceGroup Category Outcome Category Significance 6/17/2009 12:16:03 Deny Cisco PIX /Access /Firewall /Failure /Informational/ Warning 6/17/2009 14:53:16 Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/ Warning Benefit: Single data for searching, indexing, reporting, and archiving © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 18. Tip 9: Simplify un-structured data Simplify searching, reporting, forensics, and correlation through search tool • • • • • © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Simplify forensics and investigation through a search tool Easily search and report on historical data Retention of logs as per regulatory compliance Pre-packaged content for security and GRC Feed unified data into event correlation engine
  • 19. Tip 10: Resource optimization Collaboration enables resource optimization, rotation, and sharing for faster ROI Shared tools Shared Knowledge Shared talent pool • Seamlessly integrated tools • Bi-directional information • Job rotation • Single vendor as opposed to multiple point solutions • Unified and contextual data • Process focused • Efficient operation • Empowered IT practitioners • Enhanced user experience Distribute investment across SOC and NOC to realize faster ROI © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 20. Summary © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 21. How we help our customers (SOC/NOC integration) 3 days to generate IT GRC report through logs Now with HP, get a consolidated view of IT GRC, security, and operations in 2 minutes giving a 99% improvement 32 weeks to run a IT audit Now with HP, audit ready log data can be searched within 2 days giving a 99+% improvement 8 hours to fix a new IT incident Now with HP, search years worth of log data with annotations in 5 minutes to find resolution giving 99% improvement 10 days to investigate and respond to a data breach Now with HP, forensics takes less than 5 minutes giving a 99+% improvement 3 weeks to fix a threat vulnerability Now with HP, built threat immune and respond to new threats in 2 minutes giving a 99+% improvement © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 22. Download HP ArcSight Logger trial software HP.COM/GO/LOGGER • • • • • Free downloadable software Collect up to 750 MB of log data per day Store up to 500 GB of uncompressed logs Access to most enterprise features for a full 12 months Standard HP ArcSight community support (Protect 724) © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 23. HP.COM/GO/LOGGER © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 24. Las Vegas (On-Demand…NOW) Frankfurt (4-6 December 2012) Watch recordings of: Join over 10,000 enterprise IT leaders • • • • General Sessions Track Sessions Breakout Sessions Press Conferences • • • • Breakthrough innovations Emerging trends New best practices Key IT and business strategies Dedicated HP Software track sessions, HP and partner exhibits, demos, and keynotes © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 25. Additional resources A recording of today’s event may be viewed in our “Library of On-Demand Events”: www.hp.com/go/it Participate in HP Software’s “Community of IT Professionals”: www.hp.com/go/swcommunity Join HP Software’s “LinkedIn group”: www.hp.com/go/linkedin © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 26. Thank You! If you have any additional comments or questions, or would like to receive a .pdf copy of today’s presentation, please contact: Scott Armanini Executive Producer, HP Software Web Events Scott.Armanini@HP.com www.hp.com/go/IT © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Editor's Notes

  1. Yes, we are under attack now, your organization is under attack, your personal computer and mobile devices are under attack now. Your data is no longer secure. Your privacy may be breached.Security is a board level discussion now. The Chief Information Security Officer sits at the heart of the response to the growing threat. They have increased budgets now to address the growing threat and to keep the IT organizations safe. 56% ORGANIZATIONS HAVE BEEN THE TARGET OF NATION-STATE CYBER ATTACK – so there is a 50% chance that your organization may be attacked97% OF DATA BREACHES COULD HAVE BEEN AVOIDED through simple controls – so IT operations can no longer say security is not their concern11% OF TOTAL IT BUDGET SPENT ON SECURITY. It was 4% only ten years agoAlso,In 2011, Gartner survey of Enterprise CIO’s the 5 biggest challenges that enterprise faced in Security and risk were: Managing RiskReduce CAPEXFill Security GapsOptimize security gapsAdapt to changing regulations
  2. The emergence of Enterprise 2.0 with social, mobile, local, and cloud applications within the enterprise have increased IT operational challenges. Other trends such as Bring your own device (BYOD) are adding new dimensions that are challenging for IT Operations due to diversified form, OS, vendors, etc. Your employees are demanding an open platform to collaboration better with your customers and partners. However, your IT operations may not be in position to support Enterprise 2.0 or BYOD due to security challenges or resource constraints. So, how do you align your business requirements and IT resources, while keeping it secure? If you look at those trends, they challenge the traditional notions of enterprise security. The traditional approach in IT security was to establish strong perimeters around the network and around a company’s computers that could keep bad guys out and let good guys in. Then set strict rules about what people allowed access can do. The bad guys are getting better, but as we change our IT environment we’re giving them more surface area from which to launch these attacks.The Data Breach Investigation Report (DBIR) of 2012 conducted by Verizon, states that 98% of the data breaches come from external agents. 97% of those breaches were avoidable through simple controls .In all of these breaches studied, 92% of them were reported by third parties. This is an embarrassment to organizations that did not even detect a breach in their internal IT systems.Cyber-threats have become more sophisticated, persistent, low, deep, and unpredictable. New research conducted on behalf of HP showed that the volume and complexity of security threats have continued to escalate. More than 50 percent of CEOssurveyed believed that security breaches within their organizations have increased during the past year alone.
  3. As IT adopts cloud mobile and other services, assuring the performance and availability of these services becomes increasingly complex. IT Operators rely on various techniques such as a single consolidated/correlation engines but often times they have disparate monitoring that limits either the breadth or depth of data collection to only machine data from business critical applications. The data collected is typically un-structured and only kept for a short term, and there are no efficient tools to search any events or logsThis short retention of data limits the intelligence in the system as events that were fixed and annotated few months ago may not be stored to retrieve.From a security perspective, the perimeter of today's enterprise is porous, putting enormous pressure on customers’ risk and compliance systemsAnd leaving IT exposed.
  4. The convergence of IT operations and security operations has been an ongoing effort in most of the dynamic enterprises. The benefits of this convergence is clear to many organizations that need to optimize resources, lower cost, increase efficiency in both groups, and deliver an open and secure platform for communication and collaboration.Collaborationbetween SOC/NOC facilitates a deeper understanding of roles, risks, threats, and security vulnerabilities enabling faster time to resolution through clear communication and comprehensive view of security health. This collaboration is effective when implemented through industry-leading enterprise tools that integrate and automate key IT operations and security operations functions.
  5. However the Security and IT Operations groups are traditionally silo’ed teams with their own tools and information. This presents various challenges when trying to foster collaboration. Often times there is a lack of a single consolidated view that presents both security, business and IT operational key performance indicators. Additionally there is no unified data nor collaboration to ensure that networks and applications are secure and performing at optimal service levels.
  6. During this webcast we will address these challenges with 10 tips to improve collaboration between Security and IT operations. Sri, if I’m an IT organization looking to start down the path of collaboration, where should I start?
  7. This approach makes a lot of sense but IT and Security organizations have very different views on key IT performance and security data. How can I see everything?
  8. Great! So now I have the ability to Collect bordless data from across my IT real estate to be able to see everythingBy integrating this into my event correlation engines now give me the ability to prioritize events based on business impact, end-user impact and now security impact.With this I also have an additional layer of details that complements my IT information providing me the necessary information to find the root cause of the issues faster, assign them to the right people, resolve issue timely and overall improve my service levels to the business.But IT is complex, I have adaptive virtual networks, new applications that are on-boarding regularly and an infrastructure that is constantly needing updates and changes. How can I roll out new technologies and manage all my services AND not introduce any security risk to the business?
  9. I think I’m starting to see the value of collaborating between security and IT Operations. By sharing information I can deploy a better performing AND secure application, by using an automated secure network management tool, I can reduce outages and risk. And by sharing valueable configuration management information I can make changes without introducing risk and also make sure what I have is secure.However, this sounds like a lot of data. I don’t have the time or resources to spend analyzing and deciphering data not to mention go to different tools to find the security and performance data. What can I do to easily find and analyze both security and performance data?
  10. Over the years I have had the opportunity to work with several customers that have gone through IT transformations. And what’s common across these transformations is taking a step back to look at the people process and tools needed to successfully change the way IT does business. The same is true when looking at unifying security and IT operation groups. Look at the tools being used by these groups and determine how you can utilize a tool set that fosters integration and a single view into both security and IT Operational data. These tools must also encourage sharing of knowledge with bi-directional information for unified and contextual views into the data that supports both collaboration as well as their own job functions. Finally the most important aspect are the people. Encourage job rotations, understand processes of each role and define new processes that encourage collaboration.
  11. Adopting a new culture that encourages collaboration across two organizations that have been traditionally siloed will take time but the pays are worth the investment. Sri will cover how some of our customers have realized the value of unifying Security and IT operations and give you a first step you can take in the journey.