The document provides an overview of Micro Focus' security, risk, and governance portfolio including products for data governance, application security, identity and access management, endpoint security, security operations, information archiving, and analytics. It discusses specific Micro Focus products that can help with various regulatory requirements. ArcSight is presented as a next-generation security operations platform that utilizes threat intelligence, machine learning, and crowdsourced defenses. Fortify is described as enabling application security throughout the development lifecycle. NetIQ is highlighted as providing zero-trust identity and access management solutions based on principles of least privilege, identity assurance, and leveraging context without assuming trust.
11. Secure
Electronic
Banking
Cyber Shield
Secure ATM
Cyber Shield
Secure
Payment
Processing
Cyber Shield
Secure Point of
Sales
Cyber Shield
MITRE ATT&CK
Bake off
Financial Services
Go to Market
Exchange
Go to Market
Oil and Gas
Go to Market
Retail
Go to Market
Long Arc
15. FIN7 is the most known Finance-targeting Threat Actor on the planet
Taken from Nationwide’s “Using Threat Intelligence to Focus ATT&CK Activities” presentation @ MITRE ATTACK Con 2.0 – October 29, 2019
Billy the Kid
(1870’s)
Photo credit: www.rogerebert.com
FIN7 Threat Actor
(2015 - ?)
Photo credit: FireEye
16. FIN7 is the most known Finance-targeting Threat Actor on the planet
Taken from Nationwide’s “Using Threat Intelligence to Focus ATT&CK Activities” presentation @ MITRE ATTACK Con 2.0 – October 29, 2019
17. Carbanak – the Greatest Heist of the Century: $1 bln stolen
22. Where do you begin?
• Find and fix vulnerabilities
early in the development
process
• Identify and prioritize
vulnerabilities in existing
applications
• Automate security testing
Plan/Govern
Operate/Monitor Deploy/Release
Develop/Test
Agile Development
Continuous Integration
Continuous Delivery
Product
23. • Find and fix vulnerabilities
early in the development
process
• Identify and prioritize
vulnerabilities in existing
applications
• Automate security testing
Micro Focus can help
25. DigiTrans develops their own
applications
One of the attacks used
vulnerabilities in their web
applications
The CISO wants to:
Find potential vulnerabilities and
fix them before deployment
Identify any other vulnerabilities
within applications
33. Where do you begin?
• Implement Multi-Factor
Authentication
• Ensure authorized access
• Establish appropriate roles
• Move the organization toward
a least privilege model of
access
34. Challenge
‒ Prevent data and intellectual
property loss by establishing data
recognition capabilities
‒ GDPR, KVKK, CCCPA
Names
Date of Birth
Postal Code
Addresses
Telephone Number
Passport Number
Driving License Number
National ID Number
TIN (Tax Identification
Number)
National Healthcare ID
number
Health/Medical Terms &
Conditions
Business IDs
Additionally PHI, PCI and PSI
34
Entity extraction and Classification - DLP, PII, DSAR
Result
‒ Helps eliminates 90% of data risk
and fosters user behavior
changes
‒ Allows organizations to classify
and guard their valuable data
assets, which enhances their
reputations and trustworthiness
‒ Strengthens organizations’
security risk profiles and security
return on investment
‒ Enables analysis of structured
and unstructured data and
risk/trend reporting to prevent
data and intellectual property
loss
“If you want to protect your data, you must know what comprises
your inventory of important assets. We rely heavily on the IDOL
technology for helping us classify data. Our IDOL solution is a key
part of the data protection puzzle.”
MARCUS BROWN
Vice President of Corporate Business Development
Digital Guardian