© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Criminal Education Lessons from the Criminals and Their Methods

Rob Greer Vice President & General Manager HP Network Security Products

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

© Copyright 1969 Twentieth Century Fox Film Corporation

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Bank Hack Results in Stunning $45 Million ATM Heist

Experts Marvel At How Cyberthieves Stole $45 Million

Global Network of Hackers Steal $45 Million From ATMs

In Hours, Thieves Took $45 Million in A.T.M. Scheme

The Circuit: Hackers took $45 million in ATM heist

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

$45M stolen …in a matter of hours

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

but planned over a number of years…

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

—Sun Tzu, The Art of War

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

I follow ISO, PCI and other security standards

Our predictability is well known

I work within budget cycles

I stitch technology together across functions

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Cloud Big Data Mobile

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Market with distinct process

Actors organize and specialize

Intelligence is bought and sold

Defining the adversary

Cybercrime

Nation state Hacktivist

The

adversary

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Using what we know about them to create a more effective response

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Discovery

Organize our capability to disrupt the market

Research

Our enterprise

Their ecosystem

Infiltration

Capture

Exfiltration

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Discovery

Rethink our capability investments

Research

Our enterprise

Their ecosystem

Exfiltration

Capture

5X 1X

Infiltration

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Discovery

Organize our capability to disrupt the market

Research

Our enterprise

Their ecosystem

Infiltration

Capture

Exfiltration

Educating users Counter intel

Blocking access

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

84% of breaches occur at the application layer

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

68% Increase in mobile application vulnerability disclosures

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Discovery

Organize our capability to disrupt the market

Research

Our enterprise

Their ecosystem

Infiltration

Capture

Exfiltration

Finding them

Educating users Counter intel

Blocking access

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

of breaches are reported by a 3rd party 94%

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

average time to detect breach 416 days

2012 January February March April May June July August September October November December 2013 January February March April

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Discovery

Organize our capability to disrupt the market

Research

Our enterprise

Their ecosystem

Infiltration

Capture

Exfiltration Planning damage mitigation

Protecting the target asset

Finding them

Educating users Counter intel

Blocking access

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

71% Since 2010, time to resolve an attack has grown

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Discovery

How Does HP Security Help You Improve Your Capabilities?

Research

Our enterprise

Their ecosystem

Infiltration

Capture

Exfiltration Planning damage mitigation

Protecting the target asset

Finding them

Educating users Counter intel

Blocking access

Make it matter.