The Cyber Security C2 Solution enables situational awareness across large network environments, providing command and control capabilities for cyber security threat response. The solution rapidly processes large volumes of disparate data across the enterprise and delivers near realtime network operational insight for decision-makers to intervene, mitigate risks and determine impact to mission operations.

1. Cyber Security Command and Control (C2) Solution
Detects and responds to cyber security threats in near real-time.
Provides network situational awareness and mission visibility to act on
security breaches with confidence.
At-A-Glance
The Cyber Security C2 Solution enables situational awareness across
large network environments, providing command and control capabilities
for cyber security threat response. The solution rapidly processes large
volumes of disparate data across the enterprise and delivers near real-
time network operational insight for decision-makers to intervene, mitigate
risks and determine impact to mission operations.
Your business challenges • Map enterprise events to event models defining
The best time to stop an attack is before it happens and relationships between applications, services and
causes significant damage to the mission. To proactively servers – the infrastructure used to accomplish the
enable action in a 24x7 mission-critical environment, a mission
solution needs to implement best practices with known • Apply rule sets to enable pattern recognition and
results quickly across the enterprise to protect the data correlation based on current and historical
network in case of an attack. events
Governments and businesses use large, geographically • Provide consulting services to assist in achieving
distributed networks to perform their missions. Mission enterprise outcomes
success depends on timely event detection, correlation Features
and rapid responses with known results. Existing • Enables near-real-time visibility across the enterprise
monitoring and security systems help components of the
• Uses leading threat-detection algorithms to identify
enterprise achieve success, but they generate enormous
complex, stealth cyber attacks
volumes of data in various formats and locations. In
many cases, the context of this information is limited to • Correlates mission impact to prioritize responses in a
what the operator knows. As a result, both commanders multi-threat environment
and operators are increasingly challenged or • Enables predictive analytics to see the cyber storm
overwhelmed by the sequences of manually integrated coming before it hits
tasks needed to communicate, share and understand • Features a streamlined, operator-friendly console to
their risk posture at a particular moment. simplify monitoring network health and respond to
What we offer incidents with quick action
The Cyber Security C2 Solution provides a focused, • Incorporates scalable design to support enterprises
user-definable view into the status and health of of all sizes
sophisticated network environments and the missions • Uses extendible interfaces to handle custom systems
they support. Using a combination of complex event as well as standard monitoring platforms
processing, event correlation and information fusion
technologies, the solution dramatically improves • Leverages existing investments in systems and training
situational awareness across the enterprise to give Benefits
commanders and operational decision-makers near • Provides near real-time operational intelligence for
real-time insight to cyber threats or attacks. The networks and missions
solution builds on existing investments in monitoring
• Enables predictive threat analyses to respond before
and detection systems to:
the attacks impact mission operations
• Collect, filter and correlate seemingly unrelated
event patterns to identify disparate cyber attack • Identifies threats that go undetected by typical systems
signatures • Makes log data actionable, enabling operators to
concentrate on the mission, not on mechanics of
• Identify both technical and mission impacts of an
incident and recommend immediate courses of action situational awareness
• Provides scalable design to overcome limitations with
• Put correlating events into context of other events,
processes and best practices point solutions to address data sets of all sizes

2. Business outcomes Monitor and manage — Uses an incident dashboard
• Allows decision-makers to react to actual threats in to show complex incidents, along with impact level,
seconds, before the damage is done incident type, a unique identifier for that specific
• Enables shared understanding of network operations incident, incident status, the primary individual who
from a single, user-definable operational picture has been tasked with management of the incident
(UDOP) along with the time of last update, and the name
of the last person to update information about the
• Provides proactive command and control capability
complex incident. To the right, more details are
for near real-time situational network operation
described regarding the impact of whichever complex
• Uses rule sets based on best-practice threat detection incident is selected from the pane.
to warn operators of significant events
Locate and respond — Displays information about
• Aggregates data sources, detects anomalies and
individual contributing events that make up a single
provides actionable recommendations to the
complex incident along with details for each event.
operator
Geographic information related to the complex
• Enables both human intervention and automated incident are displayed on a map, which can provide
responses to address cyber intrusion incidents overlay information about how effects on cyber assets
• Leverages existing network investments to display impact kinetic operations. Recommended courses of
past, present and potential future cyber security action, based on best practices, guide the operator
threats and enable a high-performing cyber security team.
Visibility into the enterprise network Analyze activity — Shows modules that can be
configured to display any one of a number of different
data outputs. In this case, summary statistics on the
types of security events being detected at the current
point in time are shown, along with trending data
to indicate rising or falling trends. News feeds from
various open sources are shown on the right side.
For more information
To read more about Cyber Security Command and
Control, go to www.hp.com/go/cybersecurity
or contact: Sam Chun at samuel.chun@hp.com
The user-defined operational picture (UDOP) enables
rapid event processing by operators and commanders
and has three main sections aligned with typical activities:
Technology for better business outcomes
To learn more, visit www.hp.com
© Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
change without notice. The only warranties for HP products and services are set forth in the express warranty
statements accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
USPS808301,Nov 2009