Security Operation Centre 5th generation transition• “The TippingPoint IPS products have a broad...

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Security Operation Centre – 5th generation

transition

Cezary Prokopowicz

Regional Manager SEE

HP Enterprise Security Products

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.





Challenges you are facing

Nature and motivation of attacks(Fame to fortune, market adversary)1

Research Infiltration Discovery Capture Exfiltration

Transformation of enterprise IT(Delivery and consumption changes)2 Consumption

Traditional DC Private cloud Managed cloud Public cloud

Virtual desktops Notebooks Tablets Smart phones

Regulatory pressures(Increasing cost and complexity)3

ISO 27001


HACKTIVIST


ORGANIZE

SPECIALIZE

MONETIZE



© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11

HP Security Research

Ecosystem

Partner

FSRG

ESS

• SANS, CERT, NIST, OSVDB, software & reputation vendors

• 2650+ Researchers

• 2000+ Customers sharing data

• www.hp.com/go/HPSRblog

• 6X the Zero Days than the next 10 competitors combined.

• Top security vulnerability research organization for the past three

years —Frost & Sullivan

• HP Security Research Teams: DV Labs, ArcSight, Fortify,

HPLabs, Application Security Center and Enterprise Security

Services

• Collect network and security data from around the globe

HP Global Research

http://www.hp.com/go/HPSRblog



HP TippingPoint protects users, apps and data

with market leading network security

Reliable

NGIPS with

99.99999%

network uptime

track record

Simple

Easy-to-use,

configure and install

with centralized

management

Effective

Industry leading

security intelligence

with weekly DVLabs

updates


• HP TippingPoint has been in the

leadership quadrant 9 years in a

row!

• “The TippingPoint IPS products

have a broad model range of

purpose-built appliances, and are

known for low latency and high

throughput.”

• “Customers often cite ease of

installation as a positive in

product evaluations, especially for

deployments with many devices.”

Gartner Leadership Quadrant 2013


―After a rigorous open bid

process with lab tests utilizing

our own network traffic, we

selected the HP TippingPoint

Next Generation IPS 7500NX.

We searched for an IPS with

minimal administrative effort,

and this solution allows us to

protect our network

infrastructure using

TippingPoint’s easy-to-use but

powerful security policies.‖

—Erwin Jud, Lead Engineer for IPS Project

Swiss Federal Railways


84%of breaches occur at the

application layer

9/10 mobile applications are

vulnerable to attack


Assess

Find security

vulnerabilities in any type

of software

Assure

Fix security flaws in source

code before it ships

Protect

Fortify applications against

attack in production

Software

security assurance

Application

assessment

Application

protection

HP Fortify helps you protect your applications

In-house

Outsourced

Commercial

Open source


HP Fortify named leader in Gartner AST MQ

Once again, Gartner not only

acknowledged Fortify’s years of successful

market execution but also called out

several areas in which HP is leading in

delivering on new technologies to stay

ahead of the bad guys.

Strengths:

· Comprehensive SAST capabilities - the most

broadly adopted SAST tool in the market.

· Evolved AST to address iOS and Android mobile

apps.

· Innovative IAST capabilities

· Early innovator with runtime application self-

protection (RASP) technology.

2014 Gartner Magic Quadrant for Application Security Testing


Enterprise software

SAP

Client outcome

• Significantly enhanced the security of SAP

software, with increased number of security

patches since 2010

• Met board requirements for product security

• Protected revenue-generating applications

and customer reputation

http://www.sap.com/index.epx



Transform Big Data

into actionable

security intelligence

Cyber forensics, fix

what matters most first

AnalyzeCollect Prioritize

HP ArcSight, act with laser clarity against

threats that matter

Real-time correlation of

data across devices to

find threats


HP ArcSight named leader in Gartner SIEM MQ

2013

• HP ArcSight named a leader in

the Gartner Magic Quadrant for

Security Information and Event

Management (SIEM), 10 years in

a row.

• The most visionary product in

the Gartner SIEM MQ


VodafoneTelecommunications

―We receive 550 million events per

week from our security systems.

Due to the aggregation and

correlation capabilities of HP

ArcSight ESM, those events are

reduced to about 50,000

prioritized events. That’s an

efficiency factor of 1 to 11,000!‖

— Manfred Troeder, Head of Global Security

Operations Center


HP Confidential, © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Encrypt and protect keys

and data in public, hybrid,

and private clouds

Embed security at the

point of creation for

sensitive enterprise data

Cloud and Data

Security

Information

Protection &

Control

HP Atalla helps you secure your sensitive

information

Secure payments and

transacting systems

Payments

security

HP Confidential, © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

―As the largest processor of Visa debit transactions

globally, Visa Debit Processing Services is

responsible for securing more than 23 billion debit

transactions in the U.S. and prepaid transactions in

the U.S. and Canada on an annual basis. HP Atalla

is a critical piece of our enterprise IT portfolio,

delivering innovative security solutions with the

operational excellence, performance and reliability

that helps Visa DPS enable secure access to

business-critical payment processing data.‖

Chris James, Senior Vice President

Product Development, Issuer Processing, Visa Inc.

Visa



of breaches

are reported

by a 3rd party94%


average time to detect

breach

3days

2014 January February March April May June July August September October November December 2015

24


130

%

Since 2009, time to resolve an attack has grown


3

1


Cyber Defense Center (CDC)

Security Operations Center (SOC)

Threat Operations Center (TOC)

Security Defense Center (SDC)

Cyber Security Intelligence

Response Center (C-SIRC)

Threat Management Center (TMC)

Security Intelligence and

Operations Center (SIOC)

Security Intelligence and

Threat Handlers (SITH)

Security Threat and Intelligence Center

(STIC)



SOC Concept of Ops

Technology

Process

Network & System Owners

Incident Handler

Case closed

EscalationPeople

Firewall

Network

ID/PS

Web server

Proxy

ESM server

3

4

5

6

Level 1 Level 2

Engineer

21

Business

7

Intel / Threat


SOC Common Elements


Drive to higher ROI / Vision

Data

Analysis•Correlate

Technologies

•Analyze Forensic

Evidence

•Create

Automated

Reporting

Near Time

Alerting•Streamline Event

Feeds

•High fidelity

correlation

•Custom Reporting

Log

Management•Centralize Logs

•Retain Data

•Comply with

Regulations

Real Time

Analysis &

Incident

Response•Monitor Events in

Real-time

• CIRT - Integrated

Workflow

•Minimize Response

Time

•Continual tuning

Security

Intelligence

•Analysis in depth

•Hunters as well as

Defenders

•Information Fusion

•Uncovering new

threats

• Advanced Use Cases


SOC Maturity Assessment

0.00

0.50

1.00

1.50

2.00

2.50SOMM Level

Business

PeopleProcess

Tech

Company A

Average

Maturity

AssessmentScore Comments

Business 2.44Mission 1.86

Accountability 1.21

Sponsorship 2.18

Relationship 2.15

Deliverables 3.00

Vendor Engagement 2.67

Facilities 1.27

People 1.82General 1.98

Training 2.61

Certifications 1.58

Experience 2.00

Skill Assessments 0.88

Career Path 1.92

Leadership 1.50

Process 0.63General 2.01

Operational Process 1.67

Analytical Process 0.00

Business Process 0.00

Technology Process 0.00

Technology 2.60Architecture 1.54

Data Collection 3.69

Monitoring 1.50

Correlation 1.37

General 2.13

Overall SOM Level 1.69

Current Phase 1 Phase 2 Phase 3

Timeline 6 mos 1 yr 2 yr

SOMM

Target

1.6 2.0 2.5 3.0

Use Cases Logging Perimeter,

compliance

Insider Threat,

APT

Application

Monitoring

Staffing Ad hoc 4 x L1, 1x

L2

8 x L1, 2x L2 12 x L1, 2x L2, 2x

L3

Coverage 8x5 8x5 12x7 24x7





93 assessments

69 discrete

SOCs

13 countries



2/5 on maturity continuum

24% fail to meet security

requirements

70% fail to meet compliance


Security for the New

Reality

5G SOC

Ph

oto

© S

ch

mid

t P

ete

rso

n M

oto

rsp

ort

s


5G/SOCAcknowledge security threats are driven by human adversaries

Assume compromise

Anti-fragile enterprise – led by intelligence, not vulnerabilities

Interaction with peers; organizations readily share information

Hunt teams search large data sets to find threats and attack patterns

we did not know about previously

Convergence of IT Security and IT Operations tools to facilitate better visibility

Data visualization drives how anomalies are discovered and researched

The SOC must align to the business and demonstrate meaningful value


Get data from all sources

HP ArcSight - #1 real time security correlation

platform


Collection Consolidation Correlation Collaboration




HP ArcSight differentiates on four key

capabilities Collection

• Collect events from any system or application

• Add context for assets, users, and business processes

• Extend to new data types easily

Correlation

• Pattern recognition and anomaly detection to identify modern advanced threats

• Analyze roles, identities, histories and trends to detect business risk violations

• The more you collect, the smarter it gets

Collaboration

• Incorporates application security from HP Fortify

• Integrates reputation data from HP DVLabs

• Cloud Connections Program to get visibility into cloud data in addition to physical

and virtual layers

• Bi-directional integration with HP IT management, Autonomy, Vertica and Hadoop

Consolidation

• Universal Log Management of any data to support IT

operations, security, compliance and application development

• Search + report on years’ of data to investigate outages and incidents quickly and

easily


HP’s industry-leading scale

Monthly security events

2.3billion

HP Secured User Accounts

47mHP Security Professionals

5000+

10 out of 10Top telecoms

9

out

of

10

Major banks

Global Security

Operations

Centers

8 Global SOCPlanned regional SOC

HP managed security customers

900+

All major branchesUS Department of Defense

9 out of 10Top software companies


Thank you

86% of budget spent on blocking

31% greater ROI

$4,000,000 saved


Date post:	13-May-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

Security Operation Centre 5th generation transition• “The TippingPoint IPS products have a broad...

Documents