Increasing Visibility and Security Across your Network: The HP Arcsight and AcessData CIRT...
-
Upload
immixgroup -
Category
Technology
-
view
492 -
download
0
description
Transcript of Increasing Visibility and Security Across your Network: The HP Arcsight and AcessData CIRT...
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Enterprise SecurityInnovative Platforms for AdvancedCyber Solutions
Rob Roy ([email protected]) Federal Chief Technology Officerhttp://hp.com/security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
What’s so significant about these numbers?
9
4
7
1
41
6
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
of breaches are reported by a 3rd party94%
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
71
%
Since 2010, time to resolve an attack has grown
average time to detect breach416days
2012 January February March April May June July August September October November December 2013
January February March April
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Better Intelligence Utilization
Network Security
Application Security
SecurityIntelligence
HP Enterprise Security Product Pillars
ATALLA
HP Enterprise Security Products
Introducing
Cyber Intelligence & Response Technology
(CIRT)
Jason MicalVice President of Cyber Security
www.accessdata.com
Detection and Response Times are a Joke
*Source: 2013 Verizon Data Breach Investigations Report
Top 3 Reasons You Struggleto Defend Your Domain
1. Inherently handicapped toolsSignature-based tools (IDS, antivirus, etc.) and DLP solutions only catch what you tell them to look for
3. Disparate teams that don’t collaborate with each otherComputer forensics, information compliance, malware, network security
2. Juggling several disparate productsNetwork analysis, computer analysis, malware analysis, log analysis…
Who Your Focus Should Be…
Faster Response and Remediation
Detecting Unknown Threats IDS, Antivirus, DLP Miss
Automating Incident Response•Two-way communication between SIEM/SIM and IR platform•Ability to customize auto-response tasks
Integrated AnalysisReveals whole picture in minutes, not hours, not days… packet capture, hard drive, memory/RAM, malware disassembly
Real-Time CollaborationNetSec, Forensics, Malware, IA teams all using single platform
Built-in Batch Remediation
Eliminating blind spots through integrated visibility into the following through single pane of glass…
Network Communications•Whether target machines are logged onto your network or not
Host•Disk•Volatile/RAM
Malware Disassembly to Extract Functions without Sandbox
Removable MediaWhat is uploaded and downloaded
2013 DBIR: Lessons Learned that CIRT Enables
Eliminate unnecessary data; keep tabs on what’s left.
Without deemphasizing prevention, focus on better and faster detection through a blend of people, processes, and technology
Collect, analyze and share incident data to create a rich data source that can drive security program effectiveness.
Collect, analyze, and share tactical threat intelligence, especially Indicators of Compromise (IOCs), that can greatly aid defense and detection.
Regularly measure things like “number of compromised systems” and “mean time to detection” in networks. Use them to drive security practices.
Evaluate the threat landscape to prioritize a treatment strategy. Don’t buy into a “one-size fits all” approach to security.
Traditional Model vs Integration/Automation/Collaboration
Many DisparateTools
1 Agent.1 Database.Real-time
Collaboration
IDS
/IP
S/A
nti
viru
s
DL
P
FIR
EW
AL
L
Detect threats your prevention and
alerting tools miss, even on nodes outside of your
network.
AUTOMATED RESPONSE
Host Network RemovableMedia
Malware Remediation
1Web
Interface
Multi-Team Collaboration for Improved Emergency Response
Incident Response
Team
Information Assurance
Team
Network Security
Team
Compliance Team
Computer Forensics
Team
Malware Team
CIRT Business Value
Incident ResponseData Spillage & PII /PCI Reporting
Removable Media Monitoring
Malware Triage & Analysis
Regulatory & Standards
Compliance
Mitigate Brand & Shareholder
Exposure
Enterprise Risk Posture
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
Optimizing Reactive Operations: SIEM–CIRT Integration
Automatically and systematically respond to security incidents leveraging two-way communication between
SIEM / SIM and AccessData CIRT.
Details:• Easy setup; no lengthy configuration process• SIEM alerts trigger automated incident response operations by CIRT,
or…• Manually execute CIRT response/analysis operations from the SIEM
interface• Results can be automatically sent to SIEM in CEF (Common Event
Format) or stored for future analysis• Full analysis of results can be performed within the SIEM or CIRT
interfaces• 11 pre-programmed response templates• Quickly create new response templates or modify existing ones.
All Functionality on a Single Agent
A Look at the Components…
Host Forensics w/Volatile Data Analysis
Data Audit
Network & Host-based Packet Capture
Removable Media Monitoring
Malware Analysis
SSL Decryption
SIEM / SIM Integration Batch
Remediation
CIRT Fills Your Cyber Security Gaps
CIRT augments your cyber security infrastructure to address
the two most prevalent weaknesses plaguing organizations
today—response times and detection capabilities.
You will be able to perform a broad range of operations that
are otherwise not possible, taking a more comprehensive
approach to risk mitigation and dramatically reducing the cost
of incident response.
Detect threats & spillage missed by alerting tools.
Automate rapid response.
Determine behavior & intent
in minutes.
Enforce security policies.
Synchronize with real-time collaboration.
Stop the bleeding fast.
Questions
Tom Delellis [email protected] 571-405-2947
Rob Roy [email protected] 703-623-7743
Jason Mical [email protected]