day 3 p2 - security
Post on 19-Oct-2014
557 views
DESCRIPTION
TRANSCRIPT
©2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice
HP Enterprise Security
Aarij M Khan
Director of Product Marketing
HP Enterprise Security Products
The Problem
3
Mega trends
Changing Workforce
Technology Advancements
Evolving Business Models
IT architectures are evolving rapidly….
Transparent
Abstracted New architecture create security challenges
Security protection must focus on users and applications
Physical
Network
IaaS
O/S
Platform
Application
O/S
Platform
Application
PaaS
Application
Mobile Backend
Application
Users Users Users Users
Threat and risks are expanding in frequency and intensity
Cyber crime is increasing…
And traditional security solutions are falling short!
Multiple Technologies Lots of Information No Intelligence
Bolted On Architecture-Specific Lacking Automation
Limited Context
Application Scanning Firewall IPS SIEM Anti-X Web
Technology
End Point Applications
Network Scanners Compliance
User IT Operations
Information
Bolted On Architecture-Specific Lacking Automation
Limited Context
Traditional Solutions
Attack surface has grown as control & visibility have declined
SECURITY IS A MAJOR CIO CHALLENGE
7 © Copyright 2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.
26% more pressing than closest challenge for cloud adoption
The Solution
Using Security Intelligence Platform
HP Business Risk Management Strategy
9
Business Risk management & compliance
Security IT Rollup to security
intelligence
Mobile
Virtu
al
Clo
ud
Unify the security layers
Users
Applications
Data
Systems
Networks
Applications
Data
Systems
Networks
Users
Integrate Security & IT management
HP Enterprise Security • 1,500 security professionals from ArcSight, Fortify and TippingPoint teams
• 1,500 security professionals in HP Enterprise Security Services
• Top five security company by market share (leader in SIEM, Log Mgt, AppSec, Network Security)
Magic Quadrant for Network Intrusion Prevention Systems December 2010.
=HP
The Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from HP.
Magic Quadrant for Static and Dynamic Application Security Testing December 2010 and December 2011.
Magic Quadrant for Security Information and Event Management May 2011.
HP has the only security intelligence platform that gives clients the insight to proactively manage their specific enterprise threats and risks.
The only security intelligence platform that gives clients the insight to proactively manage
their specific enterprise security threats and risks
HP Security Intelligence Platform
12
Establish complete visibility
across all applications and
systems
Analyze vulnerabilities in
applications and operations
to understand risk
Respond adaptively to
build defenses against the
exploitation of vulnerabilities
Measure security effectiveness
and risk across people, process,
and technology to improve over
time
Information
Security Intelligence Platform
ENTERPRISE SECURITY SERVICES
IT PERFORMANCE SUITE
Operations Application
Contextual Information
Complete Visibility
Research-Backed
Automated, Proactive &
Adaptive
Hybrid
(Physical/Virtual/Cloud)
Information
Enterprise Security – HP Confidential
ESP Security Solutions
Universal Log Management
Regulatory Compliance
Proactive Network Security
Insider Threat Intelligence
Advanced Threat Intelligence
Privacy Breach Intelligence
Data Leakage Monitoring
Application Security
The Product Solutions
14 Enterprise Security – HP Confidential
INDUSTRY LEADING HP SECURITY SOLUTIONS
1
5 © Copyright 2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.
Magic Quadrant for Network Intrusion Prevention Systems 6 December 2010.
=HP
The Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from HP.
Magic Quadrant for Static Application Security Testing 13 December 2010.
Magic Quadrant for Security Information and Event Management 13 May 2011.
HP ArcSight Solution Architecture
Establish complete visibility
Analyze events in real time to deliver insight
Respond quickly to prevent loss
Measure security effectiveness across people, process, and technology to improve over time
Event Correlation
Log Management
App Monitoring
Controls Monitoring
User Monitoring
Fraud Monitoring
Data Capture
A comprehensive platform for monitoring modern threats and risks, augmented by services expertise and the most advanced security user community, Protect724
Information
HP TippingPoint Network Defense System
Scalable Infrastructure to address current and future security deployment models (NG IPS/FW)
Dynamic Analytics and policy deployment with real time (NG Mgmt) Predictive Intelligence to proactively address current and future threat activity (DV Labs)
Next Gen IPS Next Gen Firewall
DVLabs Research
Next Gen Mgmt
Netwrk
A complete set of security solutions that address today's advanced security threats at the perimeter and core of your business.
Network Defense System
Applications Operations
HP Fortify Software Security Center
Enterprise Security – HP Confidential
Identifies and eliminates risk in existing applications and prevents the introduction of risk during application development, in-house or from vendors.
Protects business critical applications from advanced cyber attacks by removing security vulnerabilities from software
Accelerates time-to-value for achieving secure applications
Increases development productivity by enabling security to be built into software, rather than added on after it is deployed
Delivers risk intelligence from application development to improve operational security
In-house Outsourced
Commercial Open source
Applications
A real world example: RSA
19 Enterprise Security – HP Confidential
What happened in the RSA breach?
Finance person receives a junk email
Opens to see 2012 Recruitment plan with .xls file
RAT program installed utilizing Adobe Flash vulnerability
Split file, encrypt, ftp to good.mincesur.com
RSA is in the headlines Collect data over a
period of time
Poison Ivy malware is initiated NMAP scan of network to
collect sensitive information
What if RSA was using HP ESP solutions?
Finance person receives a junk email
Opens to see 2012 Recruitment plan with .xls file
RAT program installed utilizing Adobe Flash vulnerability
Split file, encrypt, ftp to good.mincesur.com
RSA is in the headlines Collect data over a
period of time
Poison Ivy malware is initiated NMAP scan of network to
collect sensitive information
Security model is broken with bolted on security at every layer
1
Use HP TippingPoint solutions to block malicious payload at the perimeter
4
Use HP ArcSight solutions to correlate roles and responsibilities against tasks
5
Use HP ArcSight solutions to monitor your users, applications, and
infrastructure
6 Use HP TippingPoint to block traffic to malicious domain and HP ArcSight to correlate login/logout with network access
7
Use HP Fortify solutions to eliminate vulnerabilities in applications
3 2
Use HP TippingPoint solutions to block traffic from malicious senders
Effective Enterprise
Security!
8
Intelligent ESP Integrations
22 Enterprise Security – HP Confidential
Fortify intelligence integrated with HP ALM and HP Quality Center
• Software Security Center or WebInspect submits
security vulnerabilities to HP Application Life Cycle
Management (ALM) or HP Quality Center as defects
• Security Vulnerabilities can then be managed as
software defects by development teams
• Software Security Center remains the system of
record for security vulnerabilities
– Enables development teams to manage security
vulnerabilities just like any other defect
– Formalizes workflow for addressing security
vulnerabilities
– Improves security assurance for applications
Secure Application Lifecycle Management
Correlation Zone
1) Connection activity is
reported by FW. ESM
correlates coms to C&C
via RepDV to internal
private IP and user ID’s
1
Updates to ESM via ThreatLinQ
IPS IPS
Policy Mgmt
(SMS)
Enforcement Zone
3 3
3) SMS sends action set to IPS.
Endpoints are now blocked and
quarantined for remediation
2
2) ESM instructs SMS to quarantine
internal endpoints for remediation
4) Identity based reporting
provides visibility to endpoint
infection by dept/groups
4
RepDV LightHouse Events Filters Malware Analysis
ThreatLinQ
1
Identify bots and quarantine devices for remediation
Reputation Security Monitor
Adaptive technology to protect web applications
• What it is
– Advanced web application scanning to uncover
vulnerabilities combined with adaptive IPS response
– WebInspect information passed to WebAppDV to auto-
generate IPS filters for virtual vulnerability patch
• Benefits
– Protection for custom and commercial web applications
– Inspection of encrypted and non-encrypted traffic (ideal for
web commerce apps)
– Elimination of tuning required by legacy WAFs
Adaptive Web Application Firewall (WAF) Technology HP WebInspect Scan
Vulnerability Report
Vulnerability Page and Parameter
Internet
2
1
3
4
SSL
IPS
Why HP Enterprise Security Products
27
• Industry-leading, automated security solutions and visibility
– ArcSight, Fortify, TippingPoint all MQ Leaders/Best in Class
– Security intelligence delivered in context
– Trusted, proactive and automated action
– Cloud-ready
• Worlds best research for security intelligence and risk management
– Best in class application security and network security research
– Discovers more vulnerabilities than the rest of the market combined
• Integrated with leading IT operations solutions – Universal Log Management tied to Systems Event Management
– Enhanced asset and threat modeling
– A key component of the HP IT Performance Suite
THANK YOU
28 Enterprise Security – HP Confidential