Решения hp по информационной...
TRANSCRIPT
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Решения HP по информационной безопасности
Евгений Нечитайло[email protected]: +380 67 464 0218
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Challenges you are facing
Nature and motivation of attacks(Fame to fortune, market adversary)1 Research
Infiltration Discovery
CaptureExfiltration
Transformation of enterprise IT(Delivery and consumption changes)2 Consumption
Traditional DC Private cloud Managed cloud Public cloud
Virtual desktops Notebooks Tablets Smart phones
Delivery
Regulatory pressures(Increasing cost and complexity)3 Basel III
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HACKTIVIST
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
HP Security Research
Ecosystem Partner
FSRG
ESS
• SANS, CERT, NIST, OSVDB, software & reputation vendors• 2650+ Researchers• 2000+ Customers sharing data
• www.hp.com/go/HPSRblog• 6X the Zero Days than the next 10 competitors combined. • Top security vulnerability research organization for the past three
years —Frost & Sullivan
• HP Security Research Teams: DV Labs, ArcSight, Fortify, HPLabs, Application Security Center and Enterprise Security Services
• Collect network and security data from around the globe
HP Global Research
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Threat Central
HP Confidential. This information is not to be shared without the approval from HP.
Feeds
Open Source
Threat DB
Private TC
Forum
Threat Central
HP Security Research
TC Portal
Private Community
Sector Community
Global Community
InQuest
Partners
Threat Central
Threat Central enables• Bi-directional collaboration • Actionable and Automated• Standards-based open
sharing• Integrated directly with
ArcSight and TippingPoint
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
HP TippingPoint – Neutralize Patient Zero
IntegratedPolicy
Next-Generation Firewall• NGIPS with enterprise firewall• Granular application visibility and
control
In-line Threat Protection with Next-Generation Intrusion Prevention (NGIPS)• Inspects network traffic and blocks
against known vulnerabilities• Reliable network uptime track record
Advanced Threat Appliance (ATA)• Static, dynamic and behavioral
detection• Enhanced defense against “patient
zero” infection and subsequent lateral d
Security Management System• Centralized management across
NGIPS and NGFW• Single console to deploy devices and
policies
Digital Vaccine Labs• Industry-leading security intelligence• Delivers zero-day coverage
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
• HP TippingPoint has been in the leadership quadrant 9 years in a row!
• “The TippingPoint IPS products have a broad model range of purpose-built appliances, and are known for low latency and high throughput.”
• “Customers often cite ease of installation as a positive in product evaluations, especially for deployments with many devices.”
Gartner Leadership Quadrant 2013
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
84%of breaches occur at the application layer
9/10 mobile applications are vulnerable to attack
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
AssessFind security vulnerabilities in any type of software
AssureFix security flaws in source code before it ships
ProtectFortify applications against attack in production
Software security assurance
Application assessment
Application protection
HP Fortify helps you protect your applications
In-houseOutsourcedCommercialOpen source
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
HP Application Defender – Application Security Simplified
ProtectionStop attacks from inside the application.
HP Application Defender
SimplicityInstall quickly and easily with a three-step deployment, get protection up and running in minutes
1,2,3VisibilityActionable information
through interactive
dashboards and alerts
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
HP Fortify named leader in Gartner AST MQ
Once again, Gartner not only acknowledged Fortify’s years of successful market execution but also called out several areas in which HP is leading in delivering on new technologies to stay ahead of the bad guys.
Strengths:· Comprehensive SAST capabilities - the most broadly adopted SAST tool in the market.· Evolved AST to address iOS and Android mobile apps.· Innovative IAST capabilities· Early innovator with runtime application self-protection (RASP) technology.
2014 Gartner Magic Quadrant for Application Security Testing
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
average time to detect breach
229days2013 January February March April May June July August September October November December 2014 January February
March April
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
Transform Big Data into actionable security intelligence
Cyber forensics, fix what matters most first
AnalyzeCollect Prioritize
HP ArcSight, act with laser clarity against threats that matter
Real-time correlation of data across devices to find threats
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
Comprehensive solution for data collection from 350+ log generating sources
The #1 real time security correlation platform
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
Gartner SIEM MQ 2014
• ArcSight is named a leader again for 11th year in a row
• ArcSight continues to be very visible in competitive evaluations of SIEM technologies
• Significant enhancements in ArcSight has been validated by Gartner through reference customers
• HP ArcSight is the only vendor that is #1 in all use cases that matters most to customers
• Early breach discovery requires effective user activity, data access and application activity monitoring. ArcSight is the only vendor that does all 3 effectively
HP ArcSight is named a leader for SIEM in the Gartner MQ 2014
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Confidential, © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Encrypt and protect keys and data in public, hybrid,
and private clouds
Embed security at the point of creation for
sensitive enterprise data
Cloud and Data Security
Information Protection &
Control
HP Atalla helps you secure your sensitive information
Secure payments and transacting systems
Payments security
HP Confidential, © Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“As the largest processor of Visa debit transactions globally, Visa Debit Processing Services is responsible for securing more than 23 billion debit transactions in the U.S. and prepaid transactions in the U.S. and Canada on an annual basis. HP Atallais a critical piece of our enterprise IT portfolio, delivering innovative security solutions with the operational excellence, performance and reliability that helps Visa DPS enable secure access to business-critical payment processing data.”
Chris James, Senior Vice PresidentProduct Development, Issuer Processing, Visa Inc.
Visa
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26
HP HAVEn helps you monitor the assets that matterHP ArcSight with IDOL
IDOL
ESM
People generate data
Machines generate data
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28
130%Since 2009, time to resolve an attack has grown
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29
HP Services provides quick, effective breach response
Get deep visibility and take action to address and stop
attacks
Integration with Breach Response Services
Deploy remediating products fast
EnterpriseSecurityServices
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
3
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.31
Disrupt the adversary, manage risk, and extend your capabilities
HP Security
Disrupt the adversary
Security technology
Reduce cost & complexityAdvisory &
management
5000+
Manage riskRisk & compliance
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.32
HP Security’s industry-leading scale
HP managed security customers900+
Monthly security events23bn
HP Secured User Accounts47m
HP Security Professionals5000+
All major branchesUS Department of Defense
9 out of 10Top software companies
10 out of 10Top telecoms
9 out of 10Major banks
8SecurityOperationsCenters
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Спасибо за внимание!