micro focus presentation template · •rapid search •reporting real time alerting &...
TRANSCRIPT
#MicroFocusCyberSummit
#MicroFocusCyberSummit
Global Protection and Awareness through Data Analytics, Threat Detection and Pattern RecognitionCharles Clawson, ArcSight Marketing Manager
Steven Riley, ArcSight Technical Marketing Manager
Log Management
Data Analysis
Real time alerting & monitoring
Security Analytics
Intelligent Security Operations
Visual Agenda
Discover Micro Focus Security strategy Intelligent SecOps use case & Maturity roadmap
ArcSight Marketplace
ArcSight ESM
ArcSight Data Platform
ArcSight Investigate 3rd partySecurity Analytics
Activate Use caseThreat Intel
Company Discover the New
Network Management/
Data ProtectorCOBOL
The New Combined Company: Micro FocusBuilt on stability, acquisition and innovation
Years Years
$7.1
$5.1 $4.9 $4.4 $4.0$3.4 $3.3 $3.2 $3.1
$2.5 $2.5 $2.4 $2.3 $2.1 $2.1 $2.0 $2.0 $1.9 $1.9 $1.8 $1.7 $1.7 $1.4 $1.3 $1.2 $1.1
Mic
roso
ft
Ora
cle
SAP
Sale
sfo
rce
Ad
ob
e
Sym
ante
c
HP
E SW
/ M
F
CA
Ge
mal
to
Cit
rix
Das
sau
lt
SAS
HP
E SW
Info
r
Ver
itas
Au
tod
esk
Syn
op
sys
CD
K G
lob
al
Red
Hat
Ass
eco
BM
C
Nu
ance
Co
nst
ella
tio
n
Op
en T
ext
Cad
ence
Ch
eck
Po
int
Mic
rofo
cus
Wo
rkd
ay
Serv
iceN
ow
Info
rmat
ica
Combined Micro Focus: An Industry Shaper
#12
HP
E SW
HP
E SW
/ M
F#7
Mic
ro F
ocu
s
#26
4 Focus AreasFour Focus Areas
DevOps Hybrid ITManagement
Security & Data Management
Predictive Analytics
Users
AppsData
SecurityAnalytics
Protecting
What MattersMost
One of the Worlds Most Powerful Security Portfolios
ArcSight EmpowersIntelligent Security Operations
Click icon to add picture
Decrease impacts of security events
Detect and stop security threats
Reduce business downtime and
non-compliance
What Are the Top CISO Priorities
Challenges to the Security Operations Center
Increasing rate of data
Limited detection and
response tools
Complex and slow investigation capabilities
Intelligent Security Operations Increase Speed, Simplicity and Effectiveness Across Entire Workflow
Visibility Without Boundaries
Comprehensive Detection
Intuitive Investigation
ArcSight Drives Business Profits
Open architecture
Reduce data and licensing
costs
Comprehensivedetection
Minimize risk and data loss
Intuitive investigation
Reduce time and human
struggle
Security & Risk management
IT operations Compliance & Legal Line of Business
All Departments Benefit
Proven, Accurate and Fast
ArcSight Investigate
ArcSight ESM
ArcSight ADP
Open, Relevant and Intuitive
ArcSight Investigate
Investigation | Security Analytics
ArcSight ESM
Real-time correlation | Alerting | Workflow
ArcSight Data Platform
Connectors | Event Broker | Management | Logger
Security Operations Use Cases & Maturity Roadmap
Intelligent Security Operations – Use case Roadmap
Log Management
• Centralize Logs
• Retain data
• Compliance
Data Analysis
• Forensics
• Rapid Search
• Reporting
Real time alerting & monitoring
• Detect & identify
• Respond in time
• Build workflow
Security Analytics
• Behavior Profiling
• Threat detection
• Know the unknown
Intelligent Security Operations
• Integrated monitoring
• People & Process & Technology
• Efficiency & Resilience
Intelligent Security Operations – Capability Roadmap
Log Management
• Centralize Logs
• Retain data
• Compliance
Data Analysis
• Forensics
• Rapid Search
• Reporting
Real time alerting & monitoring
• Detect & identify
• Respond in time
• Build workflow
Security Analytics
• Behavior Profiling
• Threat detection
• Know the unknown
Intelligent Security Operations
• Integrated monitoring
• People & Process & Technology
• Efficiency & ResilienceArcSight Data Platform
ArcSight ESM
ArcSight Investigate
Analytics & SIOC
ArcSight Data PlatformExpand the visibility of your data
Visibility Without Boundaries
Faster detection with business optics
Real-time security context
Keep up with growing environments
Scalability through variety and velocity
Integrate data lakes with security apps
Open architecture to maximize usage
ArcSight Security Technology Partners
Partners
DDoS
GRC
SIEM
Application
Security
Threat
Intelligence
Technology
ArcSight Data Platform in Nutshell
Collect Enrich Distribute Retain Search Report
Connector
Event Broker
Logger
Arcsight Management Console
Cost-effective universal log management
Unifies searching, reporting and analysis
Scale
1M EPS in a 100 peers architecture
100 Concurrent search
Performance
Search speed improvements by 50-200%
10:1 compression ration to store up to 1200 TB
Security
Data at rest encryption on ADP appliances
Data Retention (Logger)
Management Console – End to End Monitoring
Topology view for consolidated overview
Display device information on hover
Sort devices by region / groups
Instant Connector Deployment ArcMC 2.70, Connectors 7.70
Capability:
• Connector deployment on remote hosts through ArcSight UI
• In-context deployment View UI
• Re-usable deployment templates with configuration values for source and destination
• Many Connectors to a single host
• Centralized management of long running deployment jobs
45
Benefit: Improve security administrator productivity by providing a quick and easy deployment option so that they onboard new data sources or readjust connectors deployment layout quickly with ease.
Enhanced Topology View ArcMC 2.70, Event Broker 2.10
Capability:
• View Event Broker topics in Topology view on ArcMC
• Get visibility into consumer connectivity through ArcMC
47
Benefit: Improve analyst productivity by giving them a centralized monitoring tool so that they can optimize their time and do more with ease.
Logger 6.5 Updates
Capability:
• Create Reports from Logger Queries
• Archives will include Indexes
• ADP Logger standalone mode: both for appliances and software
• Complete support for SHA-2: receivers and forwarders, archiving, SSL signatures
• Complete support for TLS 1.2: peer communications, on-board connector
• Dark Theme for Logger
48
Benefit: Easy to use Logger reporting tools with an enhanced UI help optimize analyst time and generate comprehensive reports and dashboards for compliance and other use cases
Data De-identification for Privacy (GDPR, health..)Format Preserving Encryption by Voltage embedded
SourceEvent data
LoggerESM
3rd party
ArcSightConnector
[email protected] [email protected] sensitive data
ArcSight ESMComprehensive Detection
54
ArcSight ESM in Nutshell
Enrichment
•Asset Model
•Network Model
•Vulnerability
Rules Engine
•Real-time rules
•Data Monitors
•Prioritization
Active Channel
•Rich news feeds
•Drill down
•Visuals
Context
•Enrichment
•Baselines/ trends
•Lists
•Search
3rd party action
• Integration Commands
•Action Connectors
•Partners
Case Management
•Annotations
•Stages and impact
• Integration
Detection Investigation
250 Ready Made, Tested and Documented Use Cases
Activate use case configurator
Value for Everyone
• Actionable Output
• Structured event handling
• Community
• Components & Solutions
• Methodology
• Increase TTV via Marketplace content
• SOC Workflow Efficiency
• Content Maintainability
• Reduced Training Cost
• Detailed data source configuration information
• Categorization + Product Packages
EngineerSOC
Manager
AnalystContent Author
Openness
4x more with same headcount
ESM & Activate adoption increased SOC efficiency 4x
Activate Content Layers
ArcSight ESM with Fresh & Relevant Content
Activate example: Wanna Cry Dashboard released in few hours Market-leading Real-time Correlation
Threat Lifecycle
Tailored use cases
Central integration point for the SOC process
Integrated SOC platform
70
Secure the New
ArcSightSecurity Operations
VoltageData Security
NetIQIdentity
FortifyApp Security
Enriched Data Powerful Correlation Quick Detection Multi-tenancy
ArcSight Enterprise Security Manager (ESM) Summary
Threat Intelligence
Threat Intel context is the king!
Whois behind this?
Whereis it comming from?
Howbad is it?
Dowe know them?
Isit related to ..?
75
But what Threat Intel?
ArcSight Threat Intelligence Program
Reputation Security Monitor Activate Threat Intelligence
Currated list of malicious IPs and domains Open TI program for Activate use case
0 Ingest
1 Populate
2 Context
3 Track
Activate TI Data Fusion Model
78
Threat Intel Activity Dashboard
ArcSight Investigate
What Do We Need to Address These Challenges?Intelligent Threat Investigation Solution
Act faster Work smarter Reach further
ArcSight Investigate
Analytics optimized and robust engine
Guided natural language search box
Modern and intuitive data manipulations
Powerful built-in analytics modules
Reach Further
Confidently hunt across all of your data
Seamless view
Accross Investigate and Hadoop
Optimize storage
Short term in Investigate
Long term in Hadoop
VerticaEvent Broker
Store data
Search & Analyze
Hadoop/HDFS
Investigateapplication
Data flow
Data lake
Connectors
HPE CONFIDENTIAL
Act Faster to Identify and Respond to Threats
Decrease the impact of security incidents
Minimize downtime by uncovering hidden threats
Work Smarter with an Intuitive Solution
Be productive from “Day 1”
Reduce response time to advanced attacks
Reach Further by Leveraging Data Lakes
Reduce risk by expanding the scope of investigation
Lower TCO by optimizing data management cost
92
ArcSight Investigate Benefits
HPE CONFIDENTIAL
Capability:
Ready made security-centric visuals out of the box
Graphs include field assignments without input from analyst
Retool visualizations to your needs
Categories available- Authentication Activity, Source Activity, Destination Activity & others
94
Built-in Security Analytics
Benefit: Increase analyst efficiency and provide ease of use with pre-defined visuals defined for specific use cases and removes guess work from the security investigation process
Capability:
Perform database table join
Query the Investigate database to determine if anyone in the environment established a connection with a host on the malicious IP address list
95
Lookup List (Joins) Feature
Benefit: Security practitioners can now run searches and add additional context information while importing a list for data enrichment purposes.
Capability:
Instantly identify the users impacted by a security event
96
Find the User
Benefit: Ability to search for and find the authenticated user for a particular event or incident helps analysts save time finding who was impacted and speed up incidence response.
Capability:
Ready made security-centric visuals out of the box
Graphs include field assignments without input from analyst
Retool visualizations to your needs
Categories available- Authentication Activity, Source Activity, Destination Activity & others
98
Built-in Security Analytics
Benefit: Increase analyst efficiency and provide ease of use with pre-defined visuals defined for specific use cases and removes guess work from the security investigation process
Investigate: Quick Security Insights (pre-defined viz)
Login by usernameLogin by User
Unresolved Malware – Infected Host InvestigationPivoting from search results to enable intuitive investigations.
100
101
Time-chart Based Hunting – Detect the OutliersDNS Domain Analysis over Time
102
Outlier Detection to Assist SOC Analyst
103
User Behavior Analytics – Peer Comparison
104
Search to Detection in Seconds – Complete Visibiliy
Detected the C2 server (fansfootball.com)
Detected a compromised account (Luke)
Detected lateral movement
Detected an additional compromised host (10.100.1.8)
Found indication of data exfiltration (bytes out through SSH)
Established the attack timeline
105
Value Proposition & Key Benefits
Thank You.
#MicroFocusCyberSummit
#MicroFocusCyberSummit