Post on 19-May-2020
transcript
Managing risk in today’s digital enterprise
Rapid transformation of enterprise IT
Shift to hybrid Mobile connectivityBig data explosion
Cost and complexity of regulatory pressures
CompliancePrivacy
Data protection
Increasingly sophisticated cyber attacksMore sophisticated
More frequent More damaging
© Copyright 2016 Hewlett Packard Enterprise Development LP 2
Worldwide security trends and implications
• Security is a Board of Directors’ concern.
• Security leadership is under immense pressure.• There is a need for greater visibility
of business risks and to make sound security investment choices.
Key points
New Threat Landscape
median time to detect breach205 days
to respondto a breach*
46days
average cost of breach*$7.7M
Sources: Mandiant M-Trends 2015 Report, 2013 Ponemon Cost of Data Breach Study
Protect your digital enterprise
6
Protect Detect & Respond Recover
Build it inIdentify the threats you face, assess your organization’s capabilities to protect your enterprise,
Harden your applications, protect your users, and encrypt your most important data
Proactively detect and manage breachesHelp reduce time-to-breach-resolution with a tight coupling of analytics, correlation, and orchestration.
Establish situational awareness to find and shut down threats at scale
Safeguard continuityand complianceDrive resilience and business continuity across your IT environments, systems, and applications.
Reduce risk with enterprise-wide governance, risk & compliance strategies
© Copyright 2016 Hewlett Packard Enterprise Development LP
Today’s digital Enterprise needs a new style of protection
Ultimate State • Impregnable
Messaging • Fear, Uncertainty, Doubt
Business Proximity • None
Accountability& Leadership • IT / Risk department
Focus • Perimeter & Information
Approach • Complicate, obstruct, say no
SOC Focus • Regional. Isolated. Servers,network & security devices
Traditional Protect your digital enterprise• Assume a state of compromise. Digital Resilience• Stop exfiltration and business disruption. • Detect early. Quick and effective response
• Confidence, assurance, visibility, prepared to respond
• Enabler. Provider of business outcomes.
• Board, CEO, business
• Protect your most critical assets and the interactions between them, regardless of device or location
• Use a risk based approach to address cyber maturity gaps.
• Includes value chain and value creation ecosystem
• Lean, agile. Maximize interaction opportunities at lowest risk
• Full cyber situational awareness• Global, sharing threat intelligence• All devices
USERS
APPS DATA
7
Developing world class Digital Resilient solutions
8
Unique experience in implementing and
managing world-class solutions
Leading Threat Research
Infrastructure thru Applications
Digital Resilient solutions ready to tackle emerging
security challenges
© Copyright 2016 Hewlett Packard Enterprise Development LP
Security Resilient Architecture (SRA)
Cyber Defense (CD)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Strategy,Leadership
& Governance (SLG)
Physical Security (PS)
Identity & Access
Management (IAM)
Infrastructure & Network
Security (INS)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Security & Operations Management (SOM)
Operational & Technical Security (OTS)
HPE Cyber Reference Architecture - Structured in Domains
Highly Structured and Granular
HPE Differentiator§ Unique level of detail in the Operational & Technical
Security (OTS) domain
9
Physical Security (PS)
Security Resilient Architecture (SRA)
Cyber Defense (CD)
Identity & Access
Management (IAM)
Infrastructure & Network
Security (INS)Applications Security (AS)
Data Protection &
Privacy (DPP)
Converged Security (CS)
Risk & Compliance Management (RCM)
Resilient Workforce (RW)
Security & Operations Management (SOM)
Strategy,Leadership
& Governance (SLG)
12 in total
63 in total
345 in total
Domain
Sub-domain
CapabilitySub-domain
Capability
Capability
Capability
© Copyright 2016 Hewlett Packard Enterprise Development LP
Cyber Reference ArchitectureDomains & Sub-Domains
© Copyright 2016 Hewlett Packard Enterprise Development LP 10
Strategy,Leadership &
Governance (SLG)
Audit Management
Security Resilient Architecture (SRA)
Risk & Compliance Management (RCM)
Security & Operations
Management (SOM)Cyber Defense (CD)Resilient Workforce
(RW)Identity & Access
Management (IAM)Infrastructure &
Network Security (INS)
Physical Security (PS)
Applications Security (AS)
Data Protection & Privacy (DPP)
Converged Security (CS)
Business Objectives
Critical Business Processes& Assets
Key Business Risks
Security Strategy
Security Governance & Organization
Security Policy
Asset Management
Information Security Management System
Risk Management Framework
Security Metrics
Third Party Management
Framework
Legal & Regulatory Compliance
Privacy Compliance
Standard & Industry Compliance
Enterprise Security Architecture
Security Architecture Assurance
Security Architecture Single Domain
blueprints
Security Architecture Multi Domain
blueprints
Security Standards
Business Continuity
Solution Architecture
Security Awareness Program
Communications & Marketing
Embedded Security Culture
Empowered Workforce
Security Information & Event Management
Security Incident Response &
Remediation Mngt.
Digital Investigation & Forensics
Threat Intelligence & Profiling
Vulnerability Management
Security Analytics
Forensic & Incident Response Tooling
Security Process Measurement
Security Operations Management
Identity Lifecycle Management
Authentication Management
Strong Authentication
Access Management
Directory Management
Privileged Account Management
Rule-based Security Policy Enforcement
Infrastructure Security Enforcement
Known Threat Detection & Prevention
Unknown Threat Detection & Prevention
Software Assurance Lifecycle Maturity
Application Security Requirements
Security Architecture, Design &
Development
Application Security Testing
Security Training for Software
Development
Application Maintenance
Data Discovery & Classification
Data Assurance
Data Protection
Data Security Lifecycle
Management
Certificate & Key Management
Industrial Controls Systems Security
Internet of Things Security
Vehicle Security
Datacenter Security
Office Security
Cyber Defense Sub-Domains
Security Information &
Event Management
Collecting, consolidating and correlating security event logs in order to automatically generate security alerts based on known attack scenario / use cases. Monitor security alerts and incidents as they occur in a the environment. Provide evidence in case of investigations and to support Incident Response management.
Security Incident Response & Remediation Management
Validate, classify and analyze security incidents (understand what happened, how and why) to ensures adequate and prompt remediation or recovery activities. (Incident Response level 1 and 2).
Digital Investigation &
Forensics
Identifying, processing and analyzing digital states and events to find evidence as to how, why and by whom a computing resource was compromised, and collecting, processing and reviewing data in the event of legal action (Incident Response level 3).
Threat Intelligence &
Profiling
Changing the security model from reactive to proactive by understanding your adversaries and so developing tactics to combat current attacks and plan for future threats. Accurate, complete and actionable information allowing for threat modeling, planning and remediation activities to occur. Such information may come from inside sources such as a CMDB or external providers of such information. The key is to create “actionable” steps to further protect the enterprise. Processes and plans for establishing, maintaining and testing resilient IT service capabilities in the event of environmental, man-made or technical failures in ICT infrastructure and applications.
12© Copyright 2016 Hewlett Packard Enterprise Development LP
Forensic & Incident
Response Tooling
Endpoint and Network incident response and forensics tooling, with collecting, recording, detection, investigation, containment, remediation and threat disruption capabilities.
13© Copyright 2016 Hewlett Packard Enterprise Development LP
Vulnerability Management
The cyclical practice of policy definition, baselining, assessing, prioritizing, shielding, remediating and monitoring of exploitable security vulnerabilities in software and firmware in endpoints, infrastructure and other IP addressable assets, including root cause analysis and elimination.
Security Analytics
Analytics to allow processing of large volume of unstructured and structured data in order to efficiently identifying, detecting and alerting in real-time of Anomalies or other abnormal events or transactions that are not conforming to expected patterns.
Cyber Defense Domains
Digital Investigation &
Forensics
Security Incident Response & Remediation Management
Security Information &
Event Management
Cyber Defense Capabilities
Security Analytics
Vulnerability Management
Threat Intelligence &
Profiling
Forensic & Incident
Response Tooling
14© Copyright 2016 Hewlett Packard Enterprise Development LP
• LogsØ Policy Definition, Generation, Collection, Consolidation, and CorrelationØ Storage, Retrieval, Retention, and Integrity
• Use Case Management• Monitoring and Alerting• Queries and Reporting• Knowledge Management
Digital Investigation &
Forensics
Security Incident Response & Remediation Management
Security Information &
Event Management
Security Analytics
Vulnerability Management
Threat Intelligence &
Profiling
Forensic & Incident
Response Tooling
• Triage, Validation, Classification, and Analysis• Communication, and Communication• Root Cause Analysis• Remediation, Recovery, and Reporting• Knowledge Management and Lessons Learned
Cyber Defense Capabilities
15© Copyright 2016 Hewlett Packard Enterprise Development LP
• Identifying, Processing and Analyzing States And Events To Find Evidence About How, Why, and Whom• Collecting, Preserving, Processing, And Reviewing Data Supporting Legal Processes
• Triage, Validation, Classification, and Analysis• Investigate and Understand Security Trends• Profile Threat Actors• Remediation, Recovery, and Reporting• Actively Hunt Threats
Digital Investigation &
Forensics
Security Incident Response & Remediation Management
Security Information &
Event Management
Security Analytics
Vulnerability Management
Threat Intelligence &
Profiling
Forensic & Incident
Response Tooling
Digital Investigation &
Forensics
Security Incident Response & Remediation Management
Security Information &
Event Management
Security Analytics
Vulnerability Management
Threat Intelligence &
Profiling
Forensic & Incident
Response Tooling
Cyber Defense Capabilities
16© Copyright 2016 Hewlett Packard Enterprise Development LP
• Static and Dynamic Code Analysis Focusing on Security Vulnerabilities• “Gold Disks” – Hardened OS/Apps• Penetration Testing/Red Teams• Vulnerability Scanning and Remediation• Patch Management• Research and Vendor Notification• Periodic Health Assessments (C&A, ST&E)
• Big Data Security Analytics• Baseline Normal Behavior (User, Application, System, Network)• Anomaly Detection• Behavior Analysis• Privileged Threat Analytics – Malicious Activity And Actionable Intel To Disrupt/Respond To Attacks• Social Media Analysis• DNS Analytics – Anomalous DNS Communications, Known Bad Domains
Digital Investigation &
Forensics
Security Incident Response & Remediation Management
Security Information &
Event Management
Security Analytics
Vulnerability Management
Threat Intelligence &
Profiling
Forensic & Incident
Response Tooling
Digital Investigation &
Forensics
Security Incident Response & Remediation Management
Security Information &
Event Management
Security Analytics
Vulnerability Management
Threat Intelligence &
Profiling
Forensic & Incident
Response Tooling
Cyber Defense Capabilities
17© Copyright 2016 Hewlett Packard Enterprise Development LP
• Full Packet Capture For Analytics And Forensics• Endpoint Forensic Tooling – Ex. Disk, Processes, Memory, Registry• Endpoint Containment For Isolation When Compromised• Endpoint Remediation – Return To Known Good State• Network Forensic Tooling To Perform Analytics And Forensics• Graphical Case Deconstruction To Show Exactly What Happened• Real-Time Query & Alerting• Offline Malware Analysis
Digital Investigation &
Forensics
Security Incident Response & Remediation Management
Security Information &
Event Management
Security Analytics
Vulnerability Management
Threat Intelligence &
Profiling
Forensic & Incident
Response Tooling
The adversary attack ecosystem
Discovery
Research
Your enterprise
Their ecosystem
Infiltration
Capture
Exfiltration
Build a capability to disrupt the market
Discovery
Research
Your enterprise
Their ecosystem
Infiltration
Capture
Exfiltration
Protecting the target asset
Finding them
Educating usersCounterintelligence
Blocking access
Planning damage mitigation
Security Technology Solutions: Disrupting the adversary
HPE Security Technology Solutions: Market-leading IP and global expertise in delivering services and support across a variety of security technologies from leading global security vendors to help you integrate your environment and optimize your investments
Network intelligenceSecurity intelligence Application security
22
HPE teams with FireEye
HPE EXPANDS ITS IT SECURITY ARSENAL
5 Ways HPE-FireEye Deal Will Raise Security Services Bar
HPE Teams With FireEye To Mount Fortune 1000 Security Offensive
HPE And FireEye Join Breach-Fighting Forces
23
Answers the most important question for every enterprise - whether or not they have been breached.
Investigate and assess, and resolve cyber-security events ranging from single-system compromises to enterprise-wide intrusions by advanced attack groups
24/7 security monitoring and management of cyber-attacks that bypassed traditional technology defenses, with expert threat investigation and proactive attacker hunting
Global Incident Response from HP and FireEye
Advanced Compromise Assessment from HP and FireEye
Managed Advanced Threat Protection Services from HP and FireEye
HPE and FireEye/Mandient
24
Find and remove active and lurking threats
Advanced Compromise Assessment
• Leverages industry-leading technology from FireEye• Local deployment, threat discovery, analysis and assessment• Detailed report with major findings and next-step recommendations
Features
• Exposes current and past attacker activity within the network• Uncovers evidence of compromised assets• Validates security environment and highlights improvements
Problems it solves
• No capital expenditure • Rapid deployment and minimized business disruption• Gain understanding of current state of threat risk
Benefits
25
Threat visibility, confidence of protection, reduced risk
Advanced threat detection 24/7
• Leverages industry-leading technology from HP and FireEye• 24/7/365 systems operational management and maintenance• Rapid detection of threats, alert investigation, malware analysis, and mitigation
recommendations from Federal SOC• Proactive hunt of attackers and personalized threat intelligence
Features
• Alleviates internal resource constraints• Optimizes threat detection, mitigation, and response capabilities• Preempts attacks and minimizes exposure
Problems it solves
• Expanded operational support and expert threat analyst team• Visibility and contextual awareness of active threats • Reduced business risk of security compromise—faster containment• Confidence of protection against targeted threats and advanced malware
Benefits
26
Rapid response when threats become realityGlobal Incident Response
• Rapid deployment of industry leading incident response teams to client site• Cleared resources when required• Full enterprise visibility through proprietary tools and techniques purpose
built for large scale incident response• Expertise, methodologies and IP from HP and FireEye
Features
• Reduces the damage caused by advanced, targeted attacks• Engages experienced teams with deep domain expertise• Minimizes downtime and establishes ongoing response plans
Problems it solves
• Stops prolonged exposure to minimize financial and reputation damages• Addresses legal and regulatory evidence requirements• Relieves overburdened staff in reactive environments
Benefits
While this may not suffice for US Federal customers, enough demandcan facilitate standing up a dedicated federal response team
HPE Security global footprint
Internal Use Only 27
Managed SecurityDevices
1.8m+HPE Secured
User Accounts
47mHPE MSS
Customers
1000+HPE Security
Software Customers
10k+HPE SecurityProfessionals
5000+
SecurityOperationsCenters10
Texas
Virginia
Toronto
Costa Rica
GermanyUK
Bulgaria
India
Malaysia
Australia
Global SOC Regional SOC
HPE next-gen SOCs provide 24*7*365 monitoring and management
Features of Security Operations Centers (SOCs) and HPE MSS• 24*7*365 monitoring and management capability• Local knowledge for regional regulatory support• Integration into a global threat profile with collaboration and communication
across SOCs• Targeted Threat Intelligence via the HPE MSS Portal
Client benefits• Alleviated burden on constrained resources• Improved intelligence sharing and response to
threats• Better identification and faster response to
incidents• Quicker restoration time and reduced impact
on the organization
30
Cyber Risk Report for 2016• HPE researches and publishes the Cyber Risk Report
annually.• Report is shareable to HPE customers, partners, and others. • Broad view of the threat landscape, from industry-wide data to
a focused look at technologies, including open source, mobile, and Internet of Things.
• Provides vendor-agnostic information to better understand the threat landscape, and to identify resources that minimize security risk.
31
Cyber Risk Report for 2016Highlights for 2015:• Mobile devices and broad inter-connectivity are
attracting attackers and expanding the threat landscape.
• 10,000 new Android threats daily - 153 percent year-over-year.
• Malware attacks on Apple iOS grew 235 percent.• 80% of OSS and commercial software contain
security vulnerabilities.• Windows remained the dominant attack target.• The most exploited vulnerability in 2015 had patches
available since 2014.