310 likes | 581 Views
HP Enterprise Security. Josef Meier Manager Solution Architects Central Europe meier@hp.com. Rise of the cyber threat. 2012. 2011. 2010. 2009. - LinkedIn 6,5 million records - Zappos 24 million records - Global Payments Inc. 1,5 million card details stolen. 2007.
E N D
HP Enterprise Security Josef Meier Manager Solution Architects Central Europe meier@hp.com
Rise of the cyber threat 2012 2011 2010 2009 - LinkedIn 6,5 million records - Zappos 24 million records- Global Payments Inc. 1,5 million card details stolen 2007 - DigiNotar Out-Of-Busiess - UBS Kweku Adoboi $2.3billion fraud 2005 - RSA Token Vulnerability 40 million tokens ... - Sony Playstation Network 101.6 million records lost - WikileaksMastercard Backlash - 13.9 million card details stolen - HMRC 25 million records lost - Heartland Payments 130 million records lost - TJXInc. 95 million CC #s lost Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENTin the history of information.
DATALOSSdb Stats Data Loss Incidents over Time / Incidents by Breach “DataLossDBis a research project aimed at documentingknown and reported data loss incidents world-wide.” Source: http://datalossdb.org/statistics
DATALOSSdb Stats Incidents by Vector Inside: 37% Outside: 56% Source: http://datalossdb.org/statistics
Where Vulnerabilities Exist • On average, initial scans of static applications uncovered 4.6 vulnerabilitiesper 1,000 lines of code. • Of the three languages counted, PHP was the most vulnerable programming language, with 13.1 vulns/1000 lines, followed by .Net at 7.7. Java was the most secure, at 4.1. • Of The Applications Scanned: 69% have SQL Injection vulnerabilities 42% have CSS vulnerabilities 37% have header manipulations vulnerabilities
2012 Cost of Cyber Crime Study: Germany Source: http://www.hpenterprisesecurity.com/news/download/2012-cost-of-cyber-crime-study-germany
Customers struggle to manage the security challenge Primary Challenges 1 • Nature & Motivation of Attacks • (Fame fortune, market adversary) A new market adversary Research Infiltration Discovery Capture Exfiltration
Customers struggle to manage the security challenge Primary Challenges 1 1 • Nature & Motivation of Attacks • (Fame fortune, market adversary) • Nature & Motivation of Attacks • (Fame fortune, market adversary) Delivery Traditional DC Private Cloud Managed Cloud Public Cloud 2 • Transformation of Enterprise IT • (Delivery and consumption changes) Network Storage Servers Consumption Virtual Desktops Notebooks Tablets Smart phones
Customers struggle to manage the security challenge Primary Challenges 1 • Nature & Motivation of Attacks • (Fame fortune, market adversary) Policies & Regulations 2 2 • Transformation of Enterprise IT • (Delivery and consumption changes) • Transformation of Enterprise IT • (Delivery and consumption changes) Basel III 3 • Regulatory Pressures • (Increasing cost and complexity) DoD 8500.1
Problem with existing approach 1000+ Security Vendors Too much dataToo many securitysolutionsNO integrated intelligence Cloud Virtual Physical
An Example: XYZ Breach – March 2011 8:31 AM 8:30 AM 5:00 AM Finance person receives a spearphishing email RAT program downloaded utilizing Adobe Flash vulnerability Opens to see 2012 Recruitment plan with .xls file NEXT DAY / 12:01AM 8:32 AM NMAP scan to identify and classify network resources Poison Ivy RAT is initiated OVER THE NEXT 10 DAYS 11TH DAY / 12:05 AM 12TH DAY Collect data over a period of time Encrypts, ftp’s file to good.mincesur.com XYZdiscovers the breach
The Impact is Real… March 17, 2011 XYZ Hit By Advanced Persistent Threat Breaches Are Costly • XYZ announced cost of breach at $66 million • Negative press. Loss of business and loss of trust. XYZ has been breached and sensitive token key information from more than 40 million end users may have been compromised. May 31, 2011 Lockheed Martin Suffers Massive Cyberattack The Stakes Are High “Significant and tenacious” attack targeted multiple defense contractors and involved hack of SecurIDSystem. • Intellectual property loss could compromise national security
The Impact is Real… Which is the original?
A new approach is needed A risk-based, adversary-centric approach
A new approach: Risk based, adversary-centric Research Capture Infiltration Exfiltration Discovery Their ecosystem Our enterprise Educate users / use counter intelligence Plan to mitigate damage Secure the important asset Find and remove adversary Block adversary access
We need a new way to reduce risk Proactive Risk Reduction • IT SECURITY • User Provisioning • Identity & Access Mgmt • Database Encryption • Anti-Virus, Endpoint • Firewall, Email Security #1 SEE EVERYTHING • #3 Act Appropriately • Proactive • Risk Reduction #2 Provide Context • IT OPERATIONS • User Management • App Lifecycle Mgmt • Information Mgmt • Operations Mgmt • Network Mgmt #1 SEE EVERYTHING
A Security Intelligence and Risk Management platform COMPLIANCE AND POLICY VULNERABILITY MANAGEMENT ASSET PROFILING RISK MANAGEMENT Security Intelligence and Risk Management Platform HP EnterpriseView Security Intelligence Network Security Application Security &FSRG ThreatResearch
How do we do this? • Harden the attack surface • Identify, improve and reduce the vulnerability profile of enterprise applications and systems • Improve risk management • Turn information to intelligence and more quickly see, find and stop known and unknown threats • Proactively protect information • Proactively find, understand and protect sensitive information across the enterprise Network Security Security Intelligence Application Security
HP ArcSightSecurity Intelligence A comprehensive platform for monitoring modern threats and risks, augmented by services expertise and the most advanced security user community, Protect724 Automatic response Event correlation • Establish complete visibility • Analyze events in real time to deliver insight • Respond quickly to prevent loss • Measure security effectiveness across people, process, and technology Data capture Controls monitoring • Usermonitoring App • Fraud monitoring • App monitoring • Log management
HP Fortify Software Security Center Identifies and eliminates risk in existing applications and prevents the introduction of risk during application development, in-house, or from vendors • Protectbusiness critical applications from advanced cyber attacks by removing security vulnerabilities from software • Acceleratetime-to-value for achieving secure applications • Increasedevelopment productivity by enabling security to be built into software, rather than added on after it is deployed • Deliverrisk intelligence from application development to improve operational security Commercial In-house Open source Outsourced
HP TippingPoint Network Defense System A complete set of network security solutions that address today’s advanced threats • Scalableinfrastructure to address current and future security deployment models (NGIPS) • Dynamicanalytics and policy deployment with real time management (NG Mgmt) • Predictiveintelligence to proactively address current and future threat activity (DVLabs) Next gen IPS Reputation feeds Network Defense System DVLabs research Next gen mgmt
Example: Protection Against Advanced Targeted Attacks Phishing Email Blocked By Content Filters. RepDV Blocks Malicious Sender. 8:31 AM 8:30 AM 5:00 AM 3 2 1 RAT program downloaded utilizing Adobe Flash vulnerability Opens to see 2012 Recruitment plan with .xls file Finance person receives a spearphishing email Vulnerability filters protect Adobe Flash application from exploit. Identifies and blocks hostile Poison Ivy RAT download. Content filters identify and block malicious attachments 8:32 AM NEXT DAY / 12:01AM 5 4 NMAP scan to identify and classify network resources Detects NMAP scan (reconnaissance). Correlates infected host with user ID. Quarantine system and notify user. Detects and blocks Poison Ivy communications. Rep DV detects communications with known bad host. Poison Ivy RAT is initiated OVER THE NEXT 10 DAYS 11TH DAY / 12:05 AM 12TH DAY HP TP NGIPS provides nine countermeasures. Rep DV blocks IP leakage to malicious domain or unexpected geolocation. Attack hits the headlines Collect data over a period of time Encrypt and ftp file to good.mincesur.com 6 Use HP ArcSight ESM solution to monitor your users, applications and infrastructure. 8 7
Security solutions backed by global security research • SANS, CERT, NIST, OSVDB, software & reputation vendors • 1650+ Researchers • 2000+ Customers sharing data Ecosystem Partner • Leading security research • Continuously finds more vulnerabilities than the rest of the market combined HP Global Research FSRG • Collaborative effort of market leading teams: DV Labs, ArcSight, Fortify, HPLabs, Application Security Center • Collect network and security data from around the globe ESS
Leading security research Discovers 4-6 times more software vulnerabilities than other IPS, NGFW vendors Focused on security research with real-world application *Compiled from publicly available data on Adobe and Microsoft advisory pages.
Recognized security research leader Frost & Sullivan Market Share Leadership Award for Vulnerability Research – 3 years in a row! At any time, 200 to 300 zero day vulnerabilities only HP knows about Analysis of vulnerabilities by severity (continued)Key takeaway: HP TippingPoint continues to lead in critical0severity vulnerability disclosures. Note: All figures are rounded. The base year is CY 2011. Source: Frost & Sullivan analysis
Industry leading HP security solutions Magic Quadrant for Static Application Security Testing. 13 December 2010. Magic Quadrant for Security Information and Event Management. 13 May 2010. Magic Quadrant for Network Intrusion Prevention Systems. 6 December 2010. =HP The Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from HP.