1 / 17

CYBER DEFENSE

CYBER DEFENSE. Alexandar Alexandrov. Cyber security.

arion
Download Presentation

CYBER DEFENSE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CYBER DEFENSE Alexandar Alexandrov

  2. Cyber security “Our technological advantage is a key …. But our defense and military networks are under constant attack. .... Indeed, in today's world, acts of terror could come not only from a few extremists …but from a few key strokes on the computer -- a weapon of mass disruption. ... it's now clear that this cyber threat is one of the most serious economic and national security challenges we face as a nation.” President Barack Obama, May 29, 2009

  3. Public Value national security PUBLIC VALUE IN NATIONAL SECURITY: CYBERSECURITY ULTIMATE BUSINESS GOAL EXECUTIVE KPI(Direction) CORE FINANCIAL KPI(Direction) TRUST OUTCOMES --------- INFORMATION ASSURANCE EFFICIENCY --------------- • Citizen’s Trust: • Privacy • Civil Liberties • Protection / Security • Gov’t Transparency • Strengthen Security and Resilience at Home • Secure Cyberspace • Critical Infrastructure Protection • Services delivered quickly • Agencies operate within budgets • Leverage Technology • Incidents / Attacks Prevented • Infrastructure Protection • Access to Services • Coordinate with Emergency Mgt., Public Safety / Justice Agencies Capital Investment Management Budget, Labor, Operating Cost Management BUSINESSINITIATIVES(Strategy/Priority Language) Develop Intelligence Capabilities Increase IT Efficiency and Effectiveness Reduce Network Intrusions/ Internet Crime Improve Incident Response OPERATING KPIs--------------------------------PROCESS/FUNCTION Reduce Network Attacks / Internet Crime Rates Risk Assessments / Awareness _______________ Forensics / Law Enforcement Improve Incident Response ______________ Detection, Response, Recovery Prevent Critical System Intrusions __________ Cyber Security Intelligence Reduce IT Operating Costs ______________ Budget, Capital, HR, Procurement, Training HP SOLUTION: Cybersecurity Business Continuity / Recovery Security Operations Network / Datacenter Security Identity / Access Management Risk Management / Compliance Application / Data Security

  4. The Threat Stakeholders The Source of the Threat What’s at Risk Military, Intelligence, Homeland Security Federal, state, local and tribal governments Businesses & Consumers Nation states Ideological Movements Organized Criminal Elements Fame Seekers Industry Competitors Insiders Merely Curious Economic security National security Competitive Advantage Public safety Personal Information, intellectual property, privacy Critical infrastructure (e.g. power grids, transportation)

  5. Delivering on your mission with confidence HP Security Services Cyber Dominance Mission Integration Situational Awareness Cyber Control to Achieve Mission Cyber/Network Analytics & Prediction Informed Decision Making

  6. Identify & Access Management Research & Development Comprehensive Cyber Security services portfolio Data & Content Security Proven integrated building blocks Application Security Business Continuity & Recovery Security Operations Risk Mgmt& Compliance Datacenter Security Network Security Endpoint Security Research & Development

  7. HP Security Services Portfolio End Point Threat Mgmt (AV, AS, HIDS, Personal F/W) End Point Application & Device Control Host Intrusion Detection & Prevention Services Mobile Device Security Application Penetration Testing Application and Code Testing/Scanning Web Application Security Assessments Web Application Penetration Testing Web Application Firewalls SOA Security SAP Security Middleware & Mainframe Security Midrange/Server Security Application Security Content Security Data Security Endpoint Security Network Security Data Center Security Network Intrusion Detection & Prevention Services Adaptive Network Architecture Managed Firewall VPN, UTM Network Access Control Wireless Security Managed Proxy / Cache / Filtering Web Content Filtering Email Security Disk/File Encryption Database Security Data Loss Prevention Enterprise Rights Management PKI Key Management Server Threat Management Storage Security Virtualization Security Cloud Computing Security Fusion Center

  8. HP Security Services Portfolio IT Governance, Risk & Compliance (GRC) eDiscovery & Archiving Customer Specific Training and Awareness Operational Risk and Exceptions to Policy Account Delivery Continuity ISO 27001 Certification Information Risk Advisory Service PCI Compliance Scanning PCI Managed Compliance C & A: NIST SP 800-37 C & A: DIACAP SCADA/Process Control System Security Assessment NERC CIP Design, Audit and Implementation IV&V Test and Evaluation Compliance Assessments Threat & Risk Assessments MCSS Capabilities PKI Management Token Management Managed Remote Access Directory Services Meta & Virtual Directory Active Directory User administration IDAM - Current State Assessment IDAM - Architecture Blueprint IDAM Design & Implement Web SSO Federation Provisioning E-SSO Risk Based Authentication PAM Management Risk Mgmt & Compliance Identity & Access Mgmt

  9. HP Security Services Portfolio Research, Development, Test & Evaluation services DARPA, IARPA and Military Department research agency opportunity DOE National Labs support NMCI Research & Analysis capabilities and support Large comprehensive cyber security pursuits Enterprise Security Information & Event Management Log Management Compliance Management Security Dashboard System Hardening Services Security Incident Response Forensics Threat Monitoring & Alerting Live Network Service Vulnerability Scanning Vulnerability Detection & Management Services Security Configuration Management Global Security Operations Centers (GSOC) Mainframe Platform/OS Security Midrange/Server Platform/OS Security Security Operations Research & Development

  10. Vulnerability Assessment Services • Network Assessments (Internet & Intranet) • Network Vulnerability Scanning (State of Art Tools) • Network Penetration Testing • System and Host Vulnerability Testing (White Box & Black Box) • Wireless Network Surveys and Penetration Testing Network Security Application Security • Application Assessments (COTS and Custom) • Application Development Life Cycle Security Gap Analysis • Application Development/Design Training • Application Code Analysis (From C to Cobol) • Application Cyber Red Team • Application Automated Vulnerability Scanning (Web & Database) • Application Regression Testing • Independent Validation and Verification (IV&V)

  11. HP’s industry-leading highly efficient and effective security quality assessment. This service is designed to greatly reduce the problem of latent security defects reducing TCO. HP Comprehensive Applications Threat Analysis Application Security • Fast Facts: • 40,000 vulnerabilities in National Vulnerabilities Database • Estimate 800,000 vulnerabilities not yet exploited • Vulnerabilities patched late cost some 30X more that those patched early • “70%+ of all successful attacks have exploited application vulnerabilities” (Gartner, Microsoft) • Typical security audits find ~20 issues, uncovering dozens or hundreds of vulnerabilities • One action which avoids a single data breach pays for itself 100 fold • Services & Solutions: • Security Requirements Gap Analysis • Architectural Threat Analysis Building security in, not merely testing it

  12. HP Assured IdentityTMPlus Services End-to-end Security Solutions Run Business Readiness Workshop Strategy & Roadmap Detailed Design & Architecture Implementation Identity & Access Management Assured Identity ManagementTM Assessment Service Fed SecureTM Services Offered Audit Compliance & Validation Assured Identity TM Gate SecureTM Strategic & Technology Partnerships Industry Frameworks

  13. HP Assured IdentityTMPlus Identity & Access Management • Assured Identity™ • Credential Enrollment • Credential Issuance • FIPS 201 Compliance • PIV.XX Support • Assured Identity Management™ • Life Cycle Management • User Provisioning • Workflow • Delegated Admin • Self-Service • Fed Secure™ • Federation in a Box • Cross Credentialing • Federation Broker • Access Management Services • Gate Secure™ • Physical Security • Automated PACS provisioning system • New, single use, common credentials across multiple agencies Consulting Services Managed Security Services

  14. Cross Industry Experience • Deep HP Security experience in all industries • Industry focused security consultants Consumer Industries and Retail Energy Financial Services Communications, Media & Entertainment Manufacturing Transportation Government Healthcare We serve/manage critical cyber infrastructures across all US Critical Infrastructure/Key Resource sectors

  15. HP Personnel Dedicated to Cyber Security • Over 2,500 cyber security professionals worldwide • Includes specialists for advisory and consulting engagements • Certified security staff with CISSP, CISM, CAP, CIS, CSSLP or GSEC

  16. Spanning all Tiers of Government in 83 countries with >3,500 government accounts Global Reach and Support US Dept. of Defense US Government Comptroller of the Currency Defense Logistics Agency US Dept. of Agriculture US Dept of Justice US Dept. of Education US Dept. of Energy US Dept. of Health & Human Services US Dept. of Homeland Security US Dept. of Housing & Urban Development NHIC/ Medicare US Dept. of Treasury Dept. of the Army Dept. of the Navy Dept . Of Veterans Affairs DFAS DISA US Postal Food & Drug Administration Social Security Administration US Dept. of State Top 50 Accounts Alberta Sustainable Resource Div. BC Ministry of Labour BC Ministry of Provincial Revenue & Citizen Services Edmonton Delivery PWGSC – Pension Modernization Government of Manitoba Sweden Post Ministry of the Flemish Gov’t. INAIL IPZS Minesterio di Grazia e Guist Ministro Pubblica Intruzione State of California City of Anaheim State of Michigan State of Ohio Commonwealth of Pennsylvania European Space Agency Federal Reserve World Bank IDA of Singapore Consulting ATP UK Ministry of Defence UK Dept. For Work & Pensions UK Justice & Offender Management Tax Administration Service of Mexico (SAT) Israel Ministry of Justice South Australian Government

  17. Q&A

More Related