More Related Content Similar to Are your Cloud Services Secure and Compliant today? (20) More from Sridhar Karnam (6) Are your Cloud Services Secure and Compliant today?1. Are your cloud services
secure and compliant?
Delivering security through cloud service automation
Sridhar Karnam,
Sr. Manager, Product Marketing
HP Software
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2. How much do hackers pay?
2
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
$499
$499
$499
$399
$33
$55
$99
$88
$99
3. Threat landscape
Cloud enables large surface area for attackers
Cloud
Providers
Attacks
24 Million
Hactivists
3
Anonymo
us
Infrastructure
40 Million
95 Million
State funded
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Consumer
s
101 Million
130 Million
LulzSec
4. Current solutions are not enough
Providers
Infrastructur
e
Consumers
4
Too much data
Too many
solutions
Too perimeter
focused
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1000+ Security vendors
5. The result
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
6. 243
days
average time to detect
breach
2012 January February March April May June July August September October November December 2013 January February
March April
6
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
7. Security is a bigger than just an IT problem
Security is a board level discussion
Cyber threat
Data Breach
CISO
56% of organizations have
94% of the data breaches
Financial loss
Reputation damage
been the target of a cyber attack
were reported by third-parties
$8.6M average cost
associated with data breach
30% market cap reduction due
to recent events
Cost of protection
Reactive vs. proactive
7
11% of total IT budget spent
97% of data breaches could
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
on security
have been avoided
8. 97%
8
of the breaches could
be prevented through
simple controls such
as log management
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
9. Compliance landscape
Annual cost of SOX compliance:
$1.8M or equivalent cost of roughly
14.4 employees!
•
•
•
•
•
User management
Access control/authorization
Change management
Security operations
Differences is mainly in interpretation
• Leverage similarities to increase efficiencies
and reduce costs
• Consistent themes across regulations
9
NIST
SAS 70
ISO 27001
NIACAP
FISMA
FTC
SEC
• Any similarities in compliance activities?
SOX
OCC
CobiT
FERC/NERC
ISO 17799
PIPEDA
COSO
NY Privacy
J-SOX
US Patriot Act
DITSCAP
GLBA
FFIEC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
DATA
HIPAA
ITIL
Basel II
PCI
CA-1386
FDPA
10. 70% similarities between compliance & security
User
Management
Access /
Incident
Authorization Management
SOX
FISMA
HIPAA
PCI
NIST
CobiT
10
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security
Operations
Management Operations
11. Why use multiple tools then?
Security
Compliance
Common
Text
challenges
Cloud services
11
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
12. Who is responsible for cloud security?
IaaS
PaaS
SaaS
• Increasing security responsibilities at
the information, application & user
layers
• Reducing visibility into
O/S, network, and physical layers
User
Application
Application
Information
Information
SaaS
O/S
O/S
image
PaaS
• Examples:
• IaaS: Amazon EC2
• PaaS: Heroku, Google Apps
Application
Network
IaaS
Physical
• SaaS: SalesForce.com
Consumer responsible
12
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Provider responsible
13. Transform your IT with HP Hybrid Cloud
Greater flexibility, simpler operations and more comprehensive end-to-end solutions
Management
Choice: Open, extensible architecture offers greater
flexibility with support for industry standards, open APIs
and integration with 3rd party products and services
Confidence: Complete management across
traditional IT and cloud offers lower cost and simplifies
operations
Consistency: Comprehensive, end-to-end solution
allow you to meet business SLAs with secure, compliant
cloud services
13
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
14. Here is how HP ArcSight
helps you secure your
cloud…
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
15. Comprehensive & continuous monitoring of
cloud
Competitive advantage in the digital universe
Massive amounts of useful data are getting lost
% of data that would
be potentially useful
IF tagged and
analyzed
23%
3%
0.5%
¹Source: IDC The Digital Universe in 2020, December 2012
15
% of the Digital Universe that
actually is being tagged and
analyzed
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
% actually being
tagged for Big Data
Value (will grow to
33% by 2020)
16. What we do?
HP ArcSight Log management and SIEM solution
Collect
16
Store
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Analyze
17. What is ArcSight?
4 hours to respond to a breach
10 minutes to fix an IT incident
ArcSight enables forensic investigation
and a quick response to a data breach
that otherwise would take 24 days
Full-text searching of any data enables
incident resolution that otherwise would take
8 hours
5 minutes to generate IT GRC
report
ArcSight content generates IT GRC reports
that otherwise would take 4 weeks
2 days to fix a threat vulnerability
3 days to run an IT audit
ArcSight builds threat immune that otherwise
would take 3 weeks
Search results yield audit-quality logs that
otherwise would take 6 weeks
17
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
18. How do we do it?
Feature
Benefit
Collect
Collect logs from any device, any source, and in any format
at high speed
Enrich
Machine data is unified into a single format through
normalization and categorization
Search
?
Simple text-based search tool for logs and events without
the need of domain experts
Store
Correlate
18
Archive years’ worth of unified machine data through high
compression ratios
Automate the analysis, reporting, and alerting of machine
data for IT security, IT operations, and IT GRC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
19. HP ArcSight & Cloud services deliver
Universal
log
managemen
t
Advanced
persistent
threat
remediation
19
Compliance &
risk
management
Mobile
security
Perimeter, data
center & network
security
Data privacy
& data loss
prevention
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Insider
threat
mitigation
Application
&
transaction
monitoring
20. Deploy Logger within CSA in
three simple steps
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
21. Modular packaging designed for cloud
Get started quickly with HP Cloud and Automation Ultimate Suite
transformation
HP Cloud and Automation Ultimate Suite
Service lifecycle
management
Automation and
Orchestration
Compliance
IaaS, PaaS, Sa
aS
Resource/Capaci
ty management
Security: Access
Mgmt
HP Products: HP Cloud Service Automation, HP Server Automation, HP Operations
Orchestration, HP Database and Middleware Automation, UCMDB, ArcSight Logger, HP
SiteScope
Application Perf. Mgmt
DevOps
Backup
HP Business Service Mgmt
HP Continuous Delivery
Auto.
Asset Management
Application Security
Help Desk
HP Asset Manager
HP Fortify
Service Performance Mgmt
Business Management
HP Executive Scorecard
Portfolio Management
HP Product and Portfolio
Mgmt
HP Data Protector
Network Security
HP Tipping Point
Add optional features as needed
21
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Note: HP ArcSight
Logger’s 6 months trial
available through HP
Cloud Service Automation
Ultimate Suite .
Alternatively, download a
copy of the HP ArcSight
Logger Trial Software
from:
www.hp.com/go/hplogger
22. Deployment step 1:
HP ArcSight Logger Service Design
Log into a CSA consumer portal and select HP ArcSight Logger
22
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
23. Deployment step 2:
Supply the required information, to complete the request for the subscription
23
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
24. Deployment step 3:
Once completed, you can look at the subscription, and access HP ArcSight within HP
CSA
24
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
25. managed
in-house/legacy
custom apps Apps
cloud
Systems Monitoring
25
Virtual
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Applications
Security
SIEM
log management
Cloud
security
Insider threats
Mobile Monitoring Continuous
compliance
SaaS
350+ CEF
partners
Big Data
IT operations
Storage
Security Analytics
Thank you
26. Additional resources
HP Cloud Management: hp.com/go/cloudmanagement
HP Cloud Service Automation: hp.com/go/csa
HP Software’s premier customer event: hp.com/go/discover
HP Software’s Community of IT Professionals: hp.com/go/swcommunity
HP Software Education Services: hp.com/software/education
HP Software Support Services: hp.com/go/hpswsupport
HP Software Professional Services: hp.com/go/hpswprofessionalservices
For more information: HPSWebEvents@hp.com
26
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.