compliance and insights: combine analytics and security · compliance landscape annual cost of sox...

© Copyright 2013 Vivit Worldwide

Compliance and Insights:

Combine Analytics and Security November 21, 2013


Brought to you by

• Vivit Security & Privacy Special Interest Group

(SIG)

Leader: Jason Kennedy

• Vivit US Federal Special Interest Group (SIG)

Leader: Jim Haskins


Hosted by

Jim Copio

Vivit Leader

Carolinas Chapter

Business Service Management SIG


Today’s Presenter

Sridhar Karnam

Product Marketing Manager

HP Enterprise Security


Housekeeping

• This “LIVE” session is being recorded

Recordings are available to all Vivit members

• Session Q&A:

Please type questions in the Questions Pane


Webinar Control Panel

Toggle View Window between

Full screen/window mode.

Questions


Poll Question 1

Text

What is your primary focus?

a. Compliance

b. Security

c. IT operations

d. IT risk

e. Youtube/ Facebook/ Gmail

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Compliance & Insights

Sridhar Karnam, HP Security Product Management

[email protected], @Sri747

By combining Security & ops

analytics

mailto:[email protected]


Poll Question 2

Text

Were you breached at least once in the last 12

months?

a. Yes

b. No

c. Don’t know/ can’t say

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

—Sun Tzu, The Art of War


How much do hackers pay?


Security is a board level discussion

Security is a bigger than just an IT problem

CISO

Cyber threat 56% of organizations have

been the target of a cyber attack

Data Breach 94% of the data breaches

were reported by third-parties

Financial loss $8.6M average cost

associated with data breach

Cost of protection 11% of total IT budget spent

on security

Reputation damage 30% market cap reduction due

to recent events

Reactive vs. proactive 97% of data breaches could

have been avoided


Expensive…

each regulation needs

resources and budget

Compliance Problem

Changes

often…

policies and controls

change often

Repetitive…

don’t learn or share

information

Big data…

too much data to process


Compliance Landscape

Annual cost of SOX compliance:

$1.8M or equivalent cost of roughly

14.4 employees!

• Any similarities in compliance activities?

• User management

• Access control/authorization

• Change management

• Security operations

• Differences is mainly in interpretation

• Leverage similarities to increase efficiencies

and reduce costs

• Consistent themes across regulations

ISO 27001

ISO 17799

COSO

SOX

PCI

SAS 70 NIST

Basel II

ITIL

CobiT

FFIEC

HIPAA

GLBA

FISMA

FERC/NERC

J-SOX US Patriot Act

CA-1386

SEC

DITSCAP

PIPEDA

NY Privacy

NIACAP

FDPA

DATA

FTC

OCC


Security

Operations Incident

Management

Access /

Authorization

User

Management

SOX

FISMA

Operations

Management

HIPAA

PCI

CobiT

NIST

70% similarities between compliance & security


Why use multiple tools then?

Text

Common

challenges

Compliance Security

Operations


SOC and NOC Challenges

Network/ Apps/ Info security

Compliance & Audit Management

Vulnerability Management

Big data security analytics

User management/ authentication

Op

era

tio

na

l A

na

lyti

cs

ITIL

fra

mew

ork

Ch

an

ge M

an

ag

em

en

t

Rep

ort

ing

Rem

ed

iati

on


Best Practices


Vision: Consolidated view

• Prioritization

• Heat map of risk to

business services

Single view of IT security, IT operations, and IT GRC

Heat map Asset mapping Risk indicators Continuous compliance

• Quick isolation of

incidents and threats

• Vulnerability score and

intelligence

• Aggregation of

multiple risk sources

• Risk reporting and

trending

• Continuous monitoring

• Compliance analytics


Seamless integration of security and Operations tools – No point-solutions

Strategy: Centralized approach

Understand

Context

Act Proactive and

continuous monitoring

SECURITY User Provisioning

Identity & Access Mgmt

Database Encryption

Anti-Virus, Endpoint

Firewall, Email Security

See Everything

OPERATIO

NS User Management

Auditing and audit logs

Dashboard and Reporting

Controls monitoring

Disclosure

See Everything


• Collection complete visibility

• Analyze events in real time to deliver insight

• Search quickly to simplify IT

• IT GRC & Security in a single tool

• Reporting on log data

• IT operations through monitoring & alerting

Machine

Data

Monitoring

& alerting

Log

Collection

Search

Analysis Dashboar

d

IT GRC

Security information and event management (SIEM) approach to continuously

and comprehensively monitor and correlate data across the organization

Best Practice 1: Continuous monitoring


Continuous monitoring


“Information Security Continuous Monitoring (ISCM) for Federal Information

Systems and Organizations”

The Federal Drive: NIST 800-137

• Maintaining situational awareness of all

systems across the organization;

• Maintaining an understanding of threats and

threat activities;

• Assessing all security controls;

• Collecting, correlating, and analyzing

security-related information;

• Providing actionable communication of

security status across all tiers of the

organization;

• Active management of risk by organizational

officials.

Define

Establish

Implement

Analyze & Report

Respond

Review & Update

Continuously


Correlation = Establishing relationships

Best Practice 2: Assess controls

Real-time, cross-device

correlation of logs and events

across IT

• Connect roles, responsibilities, identities, history, and

trends to detect business risk violations

• Pattern recognition

• Anomaly detection

• The more you collect, the smarter it gets

Hardware

Software People

Process


Integrated

Policy

Next Gen FW

Security Management System

• Centralized management console across NGIPS and NGFW

Digital Vaccine Labs

• Delivers zero-day coverage

Next-Generation Firewall

• Granular application visibility and control

Next-Generation IPS

• 99.99999% of network uptime track record

Monitor network activities for malicious activity through IPS and log

management

Best Practice 3: Next-Generation Network Security


Develop immunity for threats right through development of applications

Best Practice 4: Think security from the beginning

Automated code

testing Testing of code during

development for security

vulnerability

App runtime testing

Security testing of 3rd party or

open source applications

• Automated testing

• Part of SDLC

• Test any apps

• Threat detection without

source code

Manual review

• Manual expert audit

• Reduce false positives

Security experts


Add digital vaccination to prevent against zero-day threats

Best Practice 5: Preventing new and future incidents

• Reputation database of

known threats

• Advanced security

intelligence

APP APP

APP

• Reputation database of

known threats


Convert all machine data into common format for search, report, and retention

Best Practice 6 : Unify data across IT

Benefit: Single data for searching, indexing, reporting, and archiving

Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on

interface outside

Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service

ms-sql-m proto udp rule 49

Raw machine data

Unified data

Time (Event

Time) name

Device

Vendor DeviceProduct

Category

Behavior

Category

DeviceGroup

Category

Outcome

Category

Significance

6/17/2009

12:16:03 Deny Cisco PIX /Access /Firewall /Failure

/Informational/

Warning

6/17/2009

14:53:16 Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure

/Informational/

Warning


Seamlessly integrated tools with reporting capabilities can generate audit-quality reports & logs with a click

Best Practice 7: Automate Audit reports

Common Tools

• Seamlessly integrated

tools

• Single vendor as

opposed to multiple

point solutions

• Enhanced user

experience

Knowledge Share

• Bi-directional information

• Unified and contextual

data

• Efficient operation

Building Talent

Pool

• Job rotation

• Process focused

• Empowered IT

practitioners

Distributed investment between compliance and security


Simplify searching, reporting, forensics, and correlation through search tool

Best Practice 8: Simplify IT

• Simplify forensic and

investigation through a full-

text search tool

• Easily search and report on

real-time & historical data

• Retention of logs as per

each regulatory

compliance

• Pre-packaged content for

security and GRC

• Feed unified data into

event correlation engine


“Bolt-on” is not a solution

Problems need solutions,

not products


Too many point products

• Mountains of useless data

• Lack of integration = Lack of visibility

• Acquisitions don’t focus on customer value


HP: Better together


Integration

=

Solutions Text

Hardware

Software

Services

Consulting

SOC/NOC

IT GRC

ITIL

Compliance Security

Operations


HP Enterprise Security Momentum

HP Security SaaS

2.5B lines of code

under SaaS

subscription

HP ESP Customers

900+

Customers

All Major Branches US Department of Defense

9 out of 10 Major banks

9 out of 10 Top software companies

10 of 10 Top telecoms

35

New Products

Released in

the last 12

months

HP Security Technology

#1 In all markets we

play in #2 10000+

Managed

Security

Services


Thank you

• Complete the short survey and opt-in for

more information from HP.

www.vivit-worldwide.org

http://www.vivit-worldwide.org/




Thank you

compliance and insights: combine analytics and security · compliance landscape annual cost of sox...

Documents