+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
HPE-Security update talk presented in Vienna to partners on 15th April 2016
1. HPE Security – update
session
Steve Lamb
Head of Security Technology thought leadership, EMEA
stephlam@hpe.com
@actionlamb
2. Our focus for the next 60 minutes
• What are our customers up against from a security perspective?
• General Data Protection Law(GDPR)
• Our strategy
• Breathing fire into ArcSight’s belly!
• Major upgrades to ArcSight
• How to beat Splunk & IBM NOW
• Discussion of application-security
Note: Data-security is covered in other sessions
2
3. What are our customers up
against from a security
perspective?
3
4. The new normal
Enterprise IT will continue
to transform
Regulatory costs and
complexity will continue to
rise
Cyber attacks will increase
in sophistication
5. 53
Research: Top concerns for IT executives
Risk associated with more
consumption of apps/IT
services across public, private
& hybrid cloud
Source: HP 20:20 CIO Report, 2012
Focus: Security Breach
Management
Focus: Security Intelligence
Focus: Cloud Security
Focus: Integrated GRC
Lack of skilled
resources to effectively
manage security
Risk associated with more
consumption of apps/IT
services
Data privacy
and information
breaches
6. Worldwide security trends & implications
Cyber threat 56% of organizations have been
the target of a cyber attack
Extended supply chain
44% of all data breach involved
third-party mistakes
Financial loss $7.7m average Global cost
associated with data breach
Cost of protection 8% of total IT budget
spent on security
Reputation damage 30% market cap reduction due to
recent events
Source: HP internal data, Forrester Research, Ponemon Institute, Coleman Parkes Research
Key Points
• Security is a board of
directors concern
• Security leadership is
under immense pressure
• Need for greater visibility of
business risks and to
make sound security
investment choices
Reactive vs. proactive
60% of enterprises spend more time
and money on reactive measures vs.
proactive risk mgmt
In US $15.4m & UK £4.1m
average cost of a data breach.
7. What IS The General Data Protection Regulation aka GDPR? Slide
1 of 3“…is a Regulation in the making by which the European
Commission intends to strengthen and unify data protection
for individuals within the European Union (EU). It also
addresses export of personal data outside the EU. The
Commission's primary objectives of the GDPR are to give
citizens back the control of their personal data and to
simplify the regulatory environment for international business
by unifying the regulation within the EU. When GDPR takes
effect it will replace the data protection directive (officially
Directive 95/46/EC) from 1995.” Wikipedia
7
8. What IS The General Data Protection Regulation aka GDPR? Slide
2 of 3“The scale and severity of fines (Parliament suggests fines
of up to €100 million or 5% of annual global turnover,
whichever is greater, while the Commission proposes fines
of up €1 million or 2% of annual global turnover) for
noncompliance with the GDPR, as well as the ensuing
reputational damage, present a risk that will reach the board
level. Mandatory breach notifications remove any notion
of hiding noncompliance. This increased visibility of risk will
drive behaviour and, more importantly, budget.” IDC
8
9. What IS The General Data Protection Regulation aka GDPR? Slide
3 of 3
“The GDPR is remarkably light on the subject of security.
Of the 91 articles in the regulation, only three relate to
security — two of which cover breach notification. “ IDC
- The third article refers to encryption
As it currently stands GDPR does not prescribe specific
security controls – it’s outcome oriented – don’t get
breached, if the worst happens you have to disclose and my
face a significant fine.
9
11. USERS
APPS DATA
Today’s digital Enterprise needs a new style of protection
11
Off site
(cloud/outsourced)
Protect your most business-critical
digital assets and their interactions,
regardless of location device
Off site
(cloud/outsource
d)
BIG DATA
IaaS
SaaS
PaaS
BYOD
On site
12. Protect your digital enterprise
• Design a cyber resilient
and compliant
environment
• Build protection into the
fabric of your enterprise
Build it In Stop it Now Recover it Fast
• Rapidly detect & manage
breaches
• Monitor critical digital assets
regardless of location or device
• Execute flawless recoveries
• Safeguard continuity with
minimal downtime and no
damage or loss
Prevent Detect & Respond Recover
14. Forward Looking Statements & Confidentiality
This document contains forward looking statements
This document contains forward looking statements regarding future operations, product development,
product capabilities and availability dates. This information is subject to substantial uncertainties and is
subject to change at any time without prior notification. Statements contained in this document concerning
these matters only reflect Hewlett Packard Enterprise's predictions and / or expectations as of the date of
this document and actual results and future plans of Hewlett-Packard Enterprise may differ significantly as a
result of, among other things, changes in product strategy resulting from technological, internal corporate,
market and other changes. This is not a commitment to deliver any material, code or functionality and should
not be relied upon in making purchasing decisions.
This document contains HPE confidential information
If you have a valid Confidential Disclosure Agreement with HPE, disclosure of the Roadmap is subject to
that CDA. If not, it is subject to the following terms: for a period of 3 years after the date of disclosure, you
may use the Roadmap solely for the purpose of evaluating purchase decisions from HPE and use a
reasonable standard of care to prevent disclosures. You will not disclose the contents of the Roadmap to
any third party unless it becomes publically known, rightfully received by you from a third party without duty
of confidentiality, or disclosed with HPE’s prior written approval.
15. The goal of security operations is to reduce the time to detection
and response
15
• Security Operations
Centers face an increasing
amount of information to
process
• Effectiveness depends on
narrowing the funnel, and
accelerating the
throughput
• Lower false positives and
less noise allows analysts
to focus on the critical
events and IOCs
# logs &
events
increases
exponentially
Alerts
identified
Increase
speed to
detection
Speed up
investigation
Logs &
Events
Alert
s
Incidents
Investigatio
n
Hunt
IOCs
Cloud
Users
Network
Endpoint
s
Servers
&
Workloa
ds
Apps
IoT
16. As SOCs mature, there are 3 distinct use cases that drive detection
and response
16
• Processing increasing number
of events
• Real-time correlation against
IOCs
• Reduced number of false
positives
Real-time Monitoring
• Ability to custom query across
environment and timeframes
• Construct blast zone analysis
and remediate
Investigation
• Hunt for unknown threats with
deep analytics and machine
learning
• Identify new IOCs to improve
monitoring
Hunt
Increasinglevelofmaturity
Logs &
Events
Alert
s
Incidents
Investigati
on
Real-time
Correlation
Engine
Intelligence
Feeds
(Threat Central,
others)
Correlation
Database Data Lake
Hunt Team
Security Analysts
Level 1
Security Analysts
Level 2
Analytics drive hunt
for unknown threats
Investigation
Queries
IOCs
SOC
Workflow
IOCs
17. Reduced response times and increased productivity requires
tuning the technology to the environment: a real example
17
• Do it right the first time to avoid rework
and inefficiencies
• Continually measure and improve by
eliminating repetitive work through
intelligent analysis and empowered staff
• Focus on what’s important by minimizing
noise
• Maximize your investment and improve
ROI across all SOC technologies
18. ArcSight is custom built for security operations.
18
Correlation
with Context
Out of the box
tailoring for your
environment
Updated analytics
architecture for
investigation & hunt
1
2
3
• ArcSight maintains contextual information, allowing for real-time correlation
and prioritization.
• Reduces time to detection with efficient processing.
• Improves Analytical function with normalized and enriched data, speeding
investigation and hunt
• Highly configurable, with hundreds of connectors, built-in filters and templates
to quickly tailor to your environment and workflow.
• Tailoring identifies specific IOCs an analyst needs to look at, reducing false
positives.
• New event broker architecture feeds virtual data warehouse along with
correlation engine
• Advanced querying and analytics on big data architecture
• UI design that exposes multiple apps including analytics workbench tied
together with workflow and reporting(Coming soon)
19. Real-time Monitoring Investigation Hunt
Search Entity
Profiling
Linked Data
Analytics
SIEM
Alerts
User
Behavior
Analytics
DNS
Malware
Analytics
App
Defender
Analytics
Other
Analytics
Ingestion
1
Phase 1 : Enable Data
Science
• New event broker
• Updated connector architecture
ArcSight’s architecture is actively evolving beyond traditional
SIEM to support the Intelligent SOC
19
User
Interface
Correlation
& Analytics
Services
Connectors
Threat Intelligence
Event Streams
Event Broker
Security Data Warehouse
Real-time
Correlation engine (ESM)
Dashboards | Reports
Workflow | Case Management | Runbooks
Machine Learning +
Analytics modules
Marketplace
External Information
1
20. Real-time Monitoring Investigation Hunt
Search Entity
Profiling
Linked Data
Analytics
SIEM
Alerts
User
Behavior
Analytics
DNS
Malware
Analytics
App
Defender
Analytics
Other
Analytics
Ingestion
1
Phase 1 : Enable Data
Science
• New event broker
• Updated connector architecture
ArcSight’s architecture is actively evolving beyond traditional
SIEM to support the Intelligent SOC
20
Phase 2 : Investigation
• Investigation use case
• New User Interface v1
• Updated Data Warehouse, Data
Model & Analytics Layer
User
Interface
Correlation
& Analytics
Services
Connectors
Threat Intelligence
Event Streams
Event Broker
Security Data Warehouse
Real-time
Correlation engine (ESM)
Dashboards | Reports
Workflow | Case Management | Runbooks
Machine Learning +
Analytics modules
Marketplace
External Information
2
1
2
2
2
2
21. Real-time Monitoring Investigation Hunt
Search Entity
Profiling
Linked Data
Analytics
SIEM
Alerts
User
Behavior
Analytics
DNS
Malware
Analytics
App
Defender
Analytics
Other
Analytics
Ingestion
1
Phase 1 : Enable Data
Science
• New event broker
• Updated connector architecture
ArcSight’s architecture is actively evolving beyond traditional
SIEM to support the Intelligent SOC
21
Phase 2 : Investigation
• Investigation use case
• New User Interface v1
• Updated Data Warehouse, Data
Model & Analytics Layer
Phase 3 : Scale Out ESM
• ESM Scale Out
• New User Interface v2
User
Interface
Correlation
& Analytics
Services
Connectors
Threat Intelligence
Event Streams
Event Broker
Security Data Warehouse
Real-time
Correlation engine (ESM)
Dashboards | Reports
Workflow | Case Management | Runbooks
Machine Learning +
Analytics modules
Marketplace
External Information
2
1
3
2
2
2
3
23
22. Ingestion
1
Phase 1 : Enable Data
Science
• New event broker
• Updated connector architecture
ArcSight’s architecture is actively evolving beyond traditional
SIEM to support the Intelligent SOC
22
Phase 2 : Investigation
• Investigation use case
• New User Interface v1
• Updated Data Warehouse, Data
Model & Analytics Layer
Phase 3 : Scale Out ESM
• ESM Scale Out
• New User Interface v2
Phase 4 : Hunt
• Hunt use case
• New User Interface v3
User
Interface
Correlation
& Analytics
Services
Connectors
Threat Intelligence
Event Streams
Event Broker
Security Data Warehouse
Real-time
Correlation engine (ESM)
Dashboards | Reports
Workflow | Case Management | Runbooks
Machine Learning +
Analytics modules
Marketplace
External Information
2
1
3
2
2
2
3
4
4
23
Real-time Monitoring Investigation Hunt
Search Entity
Profiling
Linked Data
Analytics
SIEM
Alerts
User
Behavior
Analytics
DNS
Malware
Analytics
App
Defender
Analytics
Other
Analytics
24. Here’s the problem…
• Only 6% of Information Security budgets go on application security!
• > 70% still goes on network security!!!
24
• 84% of breaches are due to application vulnerabilities
• Typical developers are not measured on security
• The security perimeter of your organisation is really IN YOUR POCKET
26. We convince &
pay the developer
to fix it
4
We are breached or
pay someone to tell
us our code is
insecure
3
Today’s approach > expensive, reactive
IT deploys the
insecure
software
2
Somebody builds
insecure software
1
27. 30X
15X
10X
5X
2X
Why it doesn’t work
30x more costly to secure in production
–After an application is released into Production, it costs 30x more than during design.
Cost
Source: NIST
ProductionSystem
testing
Integration/
component testing
CodingRequirements
28. Software Security
Assessment
Automatically detect
vulnerabilities in existing
code
1
Software Security
Assurance
Detect vulnerabilities AS
CODE IS written!
2
OPEN SOURCEOUTSOURCED COMMERCIALIN-HOUSE
Runtime Application
Self-Protection
Monitor and protect software
running in Production
3
IMPROVE Software Development Life Cycle(SDLC)
POLICIES
The right approach > systematic, proactive
This is Software Security Assurance
Performance Metric Improvement
Vulnerabilities per application From 100s to 10s
Average time to fix a vulnerability From 1 to 2 weeks to 1 to 2 hours
Percentage of repeat vulnerabilities From 80% to 0%
Compliance and penetration testing effort From ~$500k to ~$250k
Time-to-market delays due to vulnerabilities From 4+ incidents (30 days each) per year to none)
Mainstay ROI Research 2013 – Does Application
Security Pay?
29. 293
Transform
to a hybrid
infrastructure
Enable
workplace
productivity
Empower
the data-driven
organization
Protect your
digital enterprise
Proactively protect the
interactions between
users, applications and
data across any location
or device.
HPE-Security Solutions at-a-glance
• HPE Fortify
Software Security
Assurance
• HPE Data Security
Continuous data
protection
• HPE Threat Central
Cyber threat
intelligence
• HPE Adallom
Accelerating cloud
adoption while
enabling security
governance
• HPE Incident
Response and
Breach Recovery
• HPE ArcSight
Threat monitoring,
analytics & response
• HPE User Behavior
Analytics – mitigating
insider threats
• HPE DNS Malware
Analytics – detecting
breaches before
damage occurs
• HPE Aruba ClearPass
Ensuring trusted
connectivity
• HPE Managed
Services – instant
experts to help you
achieve time to value
30. Together with our partners HPE Security have World Class information
services and technologies to enable our customers to protect their
digital assets
Security
Technology
Security
Consulting
Managed
Security Services
Offerings to strengthen
security posture, proactively
manage incidents, and extend
security capabilities
Expertise to help clients
understand, manage and reduce
business and security risks
Help clients disrupt their
adversaries
31. More information…
2015 Cyber Risk Report and Executive Summary:
http://www8.hp.com/us/en/software-solutions/cyber-risk-report-security-
vulnerability
Ponemon Institute Cost of Cyber Crime Study:
http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security-
report/
HP Security Research:
hp.com/go/HPSR and hp.com/go/hpsrblog
HP Enterprise Security:
hp.com/go/SIRM