compliance and insights: combine analytics and security · compliance landscape annual cost of sox...
TRANSCRIPT
© Copyright 2013 Vivit Worldwide
Compliance and Insights:
Combine Analytics and Security November 21, 2013
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2
© Copyright 2013 Vivit Worldwide
Brought to you by
• Vivit Security & Privacy Special Interest Group
(SIG)
Leader: Jason Kennedy
• Vivit US Federal Special Interest Group (SIG)
Leader: Jim Haskins
© Copyright 2013 Vivit Worldwide
Hosted by
Jim Copio
Vivit Leader
Carolinas Chapter
Business Service Management SIG
© Copyright 2013 Vivit Worldwide
Today’s Presenter
Sridhar Karnam
Product Marketing Manager
HP Enterprise Security
© Copyright 2013 Vivit Worldwide
Housekeeping
• This “LIVE” session is being recorded
Recordings are available to all Vivit members
• Session Q&A:
Please type questions in the Questions Pane
© Copyright 2013 Vivit Worldwide
Webinar Control Panel
Toggle View Window between
Full screen/window mode.
Questions
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8
Poll Question 1
Text
What is your primary focus?
a. Compliance
b. Security
c. IT operations
d. IT risk
e. Youtube/ Facebook/ Gmail
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Compliance & Insights
Sridhar Karnam, HP Security Product Management
[email protected], @Sri747
By combining Security & ops
analytics
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11
Poll Question 2
Text
Were you breached at least once in the last 12
months?
a. Yes
b. No
c. Don’t know/ can’t say
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
—Sun Tzu, The Art of War
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13
How much do hackers pay?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14
Security is a board level discussion
Security is a bigger than just an IT problem
CISO
Cyber threat 56% of organizations have
been the target of a cyber attack
Data Breach 94% of the data breaches
were reported by third-parties
Financial loss $8.6M average cost
associated with data breach
Cost of protection 11% of total IT budget spent
on security
Reputation damage 30% market cap reduction due
to recent events
Reactive vs. proactive 97% of data breaches could
have been avoided
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15
Expensive…
each regulation needs
resources and budget
Compliance Problem
Changes
often…
policies and controls
change often
Repetitive…
don’t learn or share
information
Big data…
too much data to process
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16
Compliance Landscape
Annual cost of SOX compliance:
$1.8M or equivalent cost of roughly
14.4 employees!
• Any similarities in compliance activities?
• User management
• Access control/authorization
• Change management
• Security operations
• Differences is mainly in interpretation
• Leverage similarities to increase efficiencies
and reduce costs
• Consistent themes across regulations
ISO 27001
ISO 17799
COSO
SOX
PCI
SAS 70 NIST
Basel II
ITIL
CobiT
FFIEC
HIPAA
GLBA
FISMA
FERC/NERC
J-SOX US Patriot Act
CA-1386
SEC
DITSCAP
PIPEDA
NY Privacy
NIACAP
FDPA
DATA
FTC
OCC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17
Security
Operations Incident
Management
Access /
Authorization
User
Management
SOX
FISMA
Operations
Management
HIPAA
PCI
CobiT
NIST
70% similarities between compliance & security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18
Why use multiple tools then?
Text
Common
challenges
Compliance Security
Operations
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19
SOC and NOC Challenges
Network/ Apps/ Info security
Compliance & Audit Management
Vulnerability Management
Big data security analytics
User management/ authentication
Op
era
tio
na
l A
na
lyti
cs
ITIL
fra
mew
ork
Ch
an
ge M
an
ag
em
en
t
Rep
ort
ing
Rem
ed
iati
on
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Best Practices
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21
Vision: Consolidated view
• Prioritization
• Heat map of risk to
business services
Single view of IT security, IT operations, and IT GRC
Heat map Asset mapping Risk indicators Continuous compliance
• Quick isolation of
incidents and threats
• Vulnerability score and
intelligence
• Aggregation of
multiple risk sources
• Risk reporting and
trending
• Continuous monitoring
• Compliance analytics
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22
Seamless integration of security and Operations tools – No point-solutions
Strategy: Centralized approach
Understand
Context
Act Proactive and
continuous monitoring
SECURITY User Provisioning
Identity & Access Mgmt
Database Encryption
Anti-Virus, Endpoint
Firewall, Email Security
See Everything
OPERATIO
NS User Management
Auditing and audit logs
Dashboard and Reporting
Controls monitoring
Disclosure
See Everything
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23
• Collection complete visibility
• Analyze events in real time to deliver insight
• Search quickly to simplify IT
• IT GRC & Security in a single tool
• Reporting on log data
• IT operations through monitoring & alerting
Machine
Data
Monitoring
& alerting
Log
Collection
Search
Analysis Dashboar
d
IT GRC
Security information and event management (SIEM) approach to continuously
and comprehensively monitor and correlate data across the organization
Best Practice 1: Continuous monitoring
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Continuous monitoring
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25
“Information Security Continuous Monitoring (ISCM) for Federal Information
Systems and Organizations”
The Federal Drive: NIST 800-137
• Maintaining situational awareness of all
systems across the organization;
• Maintaining an understanding of threats and
threat activities;
• Assessing all security controls;
• Collecting, correlating, and analyzing
security-related information;
• Providing actionable communication of
security status across all tiers of the
organization;
• Active management of risk by organizational
officials.
Define
Establish
Implement
Analyze & Report
Respond
Review & Update
Continuously
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26
Correlation = Establishing relationships
Best Practice 2: Assess controls
Real-time, cross-device
correlation of logs and events
across IT
• Connect roles, responsibilities, identities, history, and
trends to detect business risk violations
• Pattern recognition
• Anomaly detection
• The more you collect, the smarter it gets
Hardware
Software People
Process
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 27
Integrated
Policy
Next Gen FW
Security Management System
• Centralized management console across NGIPS and NGFW
Digital Vaccine Labs
• Delivers zero-day coverage
Next-Generation Firewall
• Granular application visibility and control
Next-Generation IPS
• 99.99999% of network uptime track record
Monitor network activities for malicious activity through IPS and log
management
Best Practice 3: Next-Generation Network Security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 28
Develop immunity for threats right through development of applications
Best Practice 4: Think security from the beginning
Automated code
testing Testing of code during
development for security
vulnerability
App runtime testing
Security testing of 3rd party or
open source applications
• Automated testing
• Part of SDLC
• Test any apps
• Threat detection without
source code
Manual review
• Manual expert audit
• Reduce false positives
Security experts
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 29
Add digital vaccination to prevent against zero-day threats
Best Practice 5: Preventing new and future incidents
• Reputation database of
known threats
• Advanced security
intelligence
APP APP
APP
• Reputation database of
known threats
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 30
Convert all machine data into common format for search, report, and retention
Best Practice 6 : Unify data across IT
Benefit: Single data for searching, indexing, reporting, and archiving
Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on
interface outside
Jun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service
ms-sql-m proto udp rule 49
Raw machine data
Unified data
Time (Event
Time) name
Device
Vendor DeviceProduct
Category
Behavior
Category
DeviceGroup
Category
Outcome
Category
Significance
6/17/2009
12:16:03 Deny Cisco PIX /Access /Firewall /Failure
/Informational/
Warning
6/17/2009
14:53:16 Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure
/Informational/
Warning
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 31
Seamlessly integrated tools with reporting capabilities can generate audit-quality reports & logs with a click
Best Practice 7: Automate Audit reports
Common Tools
• Seamlessly integrated
tools
• Single vendor as
opposed to multiple
point solutions
• Enhanced user
experience
Knowledge Share
• Bi-directional information
• Unified and contextual
data
• Efficient operation
Building Talent
Pool
• Job rotation
• Process focused
• Empowered IT
practitioners
Distributed investment between compliance and security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 32
Simplify searching, reporting, forensics, and correlation through search tool
Best Practice 8: Simplify IT
• Simplify forensic and
investigation through a full-
text search tool
• Easily search and report on
real-time & historical data
• Retention of logs as per
each regulatory
compliance
• Pre-packaged content for
security and GRC
• Feed unified data into
event correlation engine
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 33
“Bolt-on” is not a solution
Problems need solutions,
not products
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 33
Too many point products
• Mountains of useless data
• Lack of integration = Lack of visibility
• Acquisitions don’t focus on customer value
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 34
HP: Better together
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 34
Integration
=
Solutions Text
Hardware
Software
Services
Consulting
SOC/NOC
IT GRC
ITIL
Compliance Security
Operations
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 35
HP Enterprise Security Momentum
HP Security SaaS
2.5B lines of code
under SaaS
subscription
HP ESP Customers
900+
Customers
All Major Branches US Department of Defense
9 out of 10 Major banks
9 out of 10 Top software companies
10 of 10 Top telecoms
35
New Products
Released in
the last 12
months
HP Security Technology
#1 In all markets we
play in #2 10000+
Managed
Security
Services
© Copyright 2013 Vivit Worldwide
Thank you
• Complete the short survey and opt-in for
more information from HP.
www.vivit-worldwide.org
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you