3. Mega trends
Evolving Business
Models
Technology
Advancements
Changing
Workforce
3
4. IT architectures are evolving rapidly….
Users Users Users Users
Application Application Application Application
Platform Platform
O/S O/S
Network
Mobile
Physical IaaS PaaS
Backend
New architecture create security challenges Transparent
Abstracted
Security protection must focus on users and
applications
5. Cyber crime is increasing…
Threat and risks are expanding in frequency and intensity
6. And traditional security solutions are falling short!
Technology Information
Application Scanning End Point
Firewall Applications
IPS Network Scanners
SIEM Compliance
Anti-X User
Web IT Operations
Traditional Solutions Bolted On
Architecture-Specific
Lacking Automation
Bolted On Limited Context
Architecture-Specific
Lacking Automation
Limited Context
Multiple Technologies Lots of Information No Intelligence
9. HP Business Risk Management Strategy
Using Security Intelligence Platform
Business
Risk management & compliance
Security IT
Mobile
Users Rollup to Users
security
intelligence
Applications Applications
Virtual
Unify the
security Data Data
layers
Integrate Systems
Systems
Cloud
Security & IT
management
Networks Networks
9
10. HP Enterprise Security
• 1,500 security professionals from ArcSight, Fortify and TippingPoint teams
• 1,500 security professionals in HP Enterprise Security Services
• Top five security company by market share (leader in SIEM, Log Mgt, AppSec, Network Security)
Magic Quadrant for Network Intrusion Magic Quadrant for Static and Dynamic Magic Quadrant for Security Information
Prevention Systems Application Security Testing and Event Management
December 2010. December 2010 and December 2011. May 2011.
=HP
The Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from HP.
11. HP has the only security intelligence
platform that gives clients the insight to proactively
manage their specific enterprise threats and risks.
12. HP Security Intelligence Platform
The only security intelligence platform that gives clients the insight to proactively manage
their specific enterprise security threats and risks
Establish complete visibility
Security Intelligence Platform
IT PERFORMANCE SUITE across all applications and
systems
Information
Information
Contextual Information Analyze vulnerabilities in
applications and operations
Complete Visibility to understand risk
Research-Backed Respond adaptively to
build defenses against the
Automated, Proactive &
Adaptive
Operations Application exploitation of vulnerabilities
Measure security effectiveness
Hybrid
(Physical/Virtual/Cloud) and risk across people, process,
and technology to improve over
time
ENTERPRISE SECURITY SERVICES
12 Enterprise Security – HP Confidential
16. Information
HP ArcSight Solution Architecture
A comprehensive platform for monitoring modern threats and risks, augmented by
services expertise and the most advanced security user community, Protect724
Establish complete visibility Event
Correlation
Analyze events in real time to deliver insight
User Controls
Respond quickly to prevent loss Monitoring Monitoring
Data
Capture
Measure security effectiveness across Fraud App
people, process, and technology to improve Monitoring Monitoring
over time
Log
Management
17. HP TippingPoint Network Defense System
Operations Applications
A complete set of security solutions that address today's advanced security
threats at the perimeter and core of your business.
Scalable Infrastructure to address
current and future security deployment Next Gen IPS Next Gen Firewall
models (NG IPS/FW)
Dynamic Analytics and policy Net
Network
Defense
deployment with real time (NG Mgmt) System
wrk
Predictive Intelligence to proactively
address current and future threat activity DVLabs
Next Gen Mgmt
(DV Labs) Research
18. HP Fortify Software Security Center
Applications
Identifies and eliminates risk in existing applications and prevents the introduction
of risk during application development, in-house or from vendors.
Protects business critical applications from
advanced cyber attacks by removing security
vulnerabilities from software
In-house Outsourced Accelerates time-to-value for achieving secure
applications
Increases development productivity by enabling
security to be built into software, rather than
added on after it is deployed
Delivers risk intelligence from application
development to improve operational security
Commercial Open source
Enterprise Security – HP Confidential
19. A real world example: RSA
Enterprise Security – HP Confidential
19
20. What happened in the RSA breach?
Finance person receives Opens to see 2012 Recruitment RAT program installed utilizing
a junk email plan with .xls file Adobe Flash vulnerability
NMAP scan of network to
collect sensitive information Poison Ivy malware is initiated
Collect data over a Split file, encrypt, ftp to
RSA is in the headlines
period of time good.mincesur.com
21. What if RSA was using HP ESP solutions?
1 2 3
Finance person receives
Security model is broken with Use HP TippingPoint Recruitment
Opens to see 2012 solutions to UseRAT program installed to eliminate
HP Fortify solutions utilizing
bolted on a junk email
security at every layer block traffic from malicious senders
plan with .xls file Adobe Flash vulnerability
vulnerabilities in applications
5 4
Use HP ArcSightof network to
NMAP scan solutions to correlate Use HP TippingPoint solutions to block
roles and responsibilities against tasks
collect sensitive information malicious Ivy malware is initiated
Poison payload at the perimeter
6 Use HP ArcSight solutions to monitor
Collect data over a and 7 Use HP TippingPoint HPblock traffic to
to
Split file, encrypt, ftp to to 8 Effective Enterprise
your users, applications, malicious domain and ArcSight RSA is in the headlines
Security!
period of time
infrastructure correlate good.mincesur.com access
login/logout with network
23. Secure Application Lifecycle Management
Fortify intelligence integrated with HP ALM and HP Quality Center
• Software Security Center or WebInspect submits
security vulnerabilities to HP Application Life Cycle
Management (ALM) or HP Quality Center as defects
• Security Vulnerabilities can then be managed as
software defects by development teams
• Software Security Center remains the system of
record for security vulnerabilities
– Enables development teams to manage security
vulnerabilities just like any other defect
– Formalizes workflow for addressing security
vulnerabilities
– Improves security assurance for applications
24. Reputation Security Monitor
Identify bots and quarantine devices for remediation
ThreatLinQ
RepDV LightHouse Events Filters Malware Analysis
1) Connection activity is Updates to ESM via ThreatLinQ
reported by FW. ESM
correlates coms to C&C 3) SMS sends action set to IPS.
via RepDV to internal 1 Endpoints are now blocked and
private IP and user ID’s quarantined for remediation
2) ESM instructs SMS to quarantine
internal endpoints for remediation
2 Policy Mgmt
(SMS)
3 3
1
4
4) Identity based reporting
IPS IPS
provides visibility to endpoint
Correlation Zone infection by dept/groups Enforcement Zone
25. Adaptive Web Application Firewall (WAF) Technology
Adaptive technology to protect web applications HP WebInspect Scan 1
• What it is
Internet
– Advanced web application scanning to uncover 3
vulnerabilities combined with adaptive IPS response
– WebInspect information passed to WebAppDV to auto- SSL
generate IPS filters for virtual vulnerability patch 4
IPS
• Benefits 2
– Protection for custom and commercial web applications Vulnerability Report
– Inspection of encrypted and non-encrypted traffic (ideal for
web commerce apps)
– Elimination of tuning required by legacy WAFs
Vulnerability Page and Parameter
26. Why HP Enterprise Security Products
• Industry-leading, automated security solutions and visibility
– ArcSight, Fortify, TippingPoint all MQ Leaders/Best in Class
– Security intelligence delivered in context
– Trusted, proactive and automated action
– Cloud-ready
• Worlds best research for security intelligence and risk management
– Best in class application security and network security research
– Discovers more vulnerabilities than the rest of the market combined
• Integrated with leading IT operations solutions
– Universal Log Management tied to Systems Event Management
– Enhanced asset and threat modeling
– A key component of the HP IT Performance Suite
27