SlideShare a Scribd company logo

HPE-Security update talk presented in Vienna to partners on 15th April 2016

Download as PPTX, PDF
S
SteveAtHPE

I covered the General Data Protection Regulation(GDPR), HPE-Security's strategy, ArcSight's roadmap and application security

Technology
1 of 32
HPE Security – update session Steve Lamb Head of Security Technology thought leadership, EMEA stephlam@hpe.com @actionlamb
Our focus for the next 60 minutes • What are our customers up against from a security perspective? • General Data Protection Law(GDPR) • Our strategy • Breathing fire into ArcSight’s belly! • Major upgrades to ArcSight • How to beat Splunk & IBM NOW • Discussion of application-security Note: Data-security is covered in other sessions 2
What are our customers up against from a security perspective? 3
The new normal Enterprise IT will continue to transform Regulatory costs and complexity will continue to rise Cyber attacks will increase in sophistication
53 Research: Top concerns for IT executives Risk associated with more consumption of apps/IT services across public, private & hybrid cloud Source: HP 20:20 CIO Report, 2012 Focus: Security Breach Management Focus: Security Intelligence Focus: Cloud Security Focus: Integrated GRC Lack of skilled resources to effectively manage security Risk associated with more consumption of apps/IT services Data privacy and information breaches
Worldwide security trends & implications Cyber threat 56% of organizations have been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $7.7m average Global cost associated with data breach Cost of protection 8% of total IT budget spent on security Reputation damage 30% market cap reduction due to recent events Source: HP internal data, Forrester Research, Ponemon Institute, Coleman Parkes Research Key Points • Security is a board of directors concern • Security leadership is under immense pressure • Need for greater visibility of business risks and to make sound security investment choices Reactive vs. proactive 60% of enterprises spend more time and money on reactive measures vs. proactive risk mgmt In US $15.4m & UK £4.1m average cost of a data breach.
What IS The General Data Protection Regulation aka GDPR? Slide 1 of 3“…is a Regulation in the making by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) from 1995.” Wikipedia 7
What IS The General Data Protection Regulation aka GDPR? Slide 2 of 3“The scale and severity of fines (Parliament suggests fines of up to €100 million or 5% of annual global turnover, whichever is greater, while the Commission proposes fines of up €1 million or 2% of annual global turnover) for noncompliance with the GDPR, as well as the ensuing reputational damage, present a risk that will reach the board level. Mandatory breach notifications remove any notion of hiding noncompliance. This increased visibility of risk will drive behaviour and, more importantly, budget.” IDC 8
What IS The General Data Protection Regulation aka GDPR? Slide 3 of 3 “The GDPR is remarkably light on the subject of security. Of the 91 articles in the regulation, only three relate to security — two of which cover breach notification. “ IDC - The third article refers to encryption As it currently stands GDPR does not prescribe specific security controls – it’s outcome oriented – don’t get breached, if the worst happens you have to disclose and my face a significant fine. 9
Our Strategy 10
USERS APPS DATA Today’s digital Enterprise needs a new style of protection 11 Off site (cloud/outsourced) Protect your most business-critical digital assets and their interactions, regardless of location device Off site (cloud/outsource d) BIG DATA IaaS SaaS PaaS BYOD On site
Protect your digital enterprise • Design a cyber resilient and compliant environment • Build protection into the fabric of your enterprise Build it In Stop it Now Recover it Fast • Rapidly detect & manage breaches • Monitor critical digital assets regardless of location or device • Execute flawless recoveries • Safeguard continuity with minimal downtime and no damage or loss Prevent Detect & Respond Recover
•Breathing fire into ArcSight’s belly! 13
Forward Looking Statements & Confidentiality This document contains forward looking statements This document contains forward looking statements regarding future operations, product development, product capabilities and availability dates. This information is subject to substantial uncertainties and is subject to change at any time without prior notification. Statements contained in this document concerning these matters only reflect Hewlett Packard Enterprise's predictions and / or expectations as of the date of this document and actual results and future plans of Hewlett-Packard Enterprise may differ significantly as a result of, among other things, changes in product strategy resulting from technological, internal corporate, market and other changes. This is not a commitment to deliver any material, code or functionality and should not be relied upon in making purchasing decisions. This document contains HPE confidential information If you have a valid Confidential Disclosure Agreement with HPE, disclosure of the Roadmap is subject to that CDA. If not, it is subject to the following terms: for a period of 3 years after the date of disclosure, you may use the Roadmap solely for the purpose of evaluating purchase decisions from HPE and use a reasonable standard of care to prevent disclosures. You will not disclose the contents of the Roadmap to any third party unless it becomes publically known, rightfully received by you from a third party without duty of confidentiality, or disclosed with HPE’s prior written approval.
The goal of security operations is to reduce the time to detection and response 15 • Security Operations Centers face an increasing amount of information to process • Effectiveness depends on narrowing the funnel, and accelerating the throughput • Lower false positives and less noise allows analysts to focus on the critical events and IOCs # logs & events increases exponentially Alerts identified Increase speed to detection Speed up investigation Logs & Events Alert s Incidents Investigatio n Hunt IOCs Cloud Users Network Endpoint s Servers & Workloa ds Apps IoT
As SOCs mature, there are 3 distinct use cases that drive detection and response 16 • Processing increasing number of events • Real-time correlation against IOCs • Reduced number of false positives Real-time Monitoring • Ability to custom query across environment and timeframes • Construct blast zone analysis and remediate Investigation • Hunt for unknown threats with deep analytics and machine learning • Identify new IOCs to improve monitoring Hunt Increasinglevelofmaturity Logs & Events Alert s Incidents Investigati on Real-time Correlation Engine Intelligence Feeds (Threat Central, others) Correlation Database Data Lake Hunt Team Security Analysts Level 1 Security Analysts Level 2 Analytics drive hunt for unknown threats Investigation Queries IOCs SOC Workflow IOCs
Reduced response times and increased productivity requires tuning the technology to the environment: a real example 17 • Do it right the first time to avoid rework and inefficiencies • Continually measure and improve by eliminating repetitive work through intelligent analysis and empowered staff • Focus on what’s important by minimizing noise • Maximize your investment and improve ROI across all SOC technologies
ArcSight is custom built for security operations. 18 Correlation with Context Out of the box tailoring for your environment Updated analytics architecture for investigation & hunt 1 2 3 • ArcSight maintains contextual information, allowing for real-time correlation and prioritization. • Reduces time to detection with efficient processing. • Improves Analytical function with normalized and enriched data, speeding investigation and hunt • Highly configurable, with hundreds of connectors, built-in filters and templates to quickly tailor to your environment and workflow. • Tailoring identifies specific IOCs an analyst needs to look at, reducing false positives. • New event broker architecture feeds virtual data warehouse along with correlation engine • Advanced querying and analytics on big data architecture • UI design that exposes multiple apps including analytics workbench tied together with workflow and reporting(Coming soon)
Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 19 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 1
Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 20 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 2 2 2 2
Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 21 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer Phase 3 : Scale Out ESM • ESM Scale Out • New User Interface v2 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 3 2 2 2 3 23
Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 22 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer Phase 3 : Scale Out ESM • ESM Scale Out • New User Interface v2 Phase 4 : Hunt • Hunt use case • New User Interface v3 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 3 2 2 2 3 4 4 23 Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics
Discussion of Application Security 23
Here’s the problem… • Only 6% of Information Security budgets go on application security! • > 70% still goes on network security!!! 24 • 84% of breaches are due to application vulnerabilities • Typical developers are not measured on security • The security perimeter of your organisation is really IN YOUR POCKET
25
We convince & pay the developer to fix it 4 We are breached or pay someone to tell us our code is insecure 3 Today’s approach > expensive, reactive IT deploys the insecure software 2 Somebody builds insecure software 1
30X 15X 10X 5X 2X Why it doesn’t work 30x more costly to secure in production –After an application is released into Production, it costs 30x more than during design. Cost Source: NIST ProductionSystem testing Integration/ component testing CodingRequirements
Software Security Assessment Automatically detect vulnerabilities in existing code 1 Software Security Assurance Detect vulnerabilities AS CODE IS written! 2 OPEN SOURCEOUTSOURCED COMMERCIALIN-HOUSE Runtime Application Self-Protection Monitor and protect software running in Production 3 IMPROVE Software Development Life Cycle(SDLC) POLICIES The right approach > systematic, proactive This is Software Security Assurance Performance Metric Improvement Vulnerabilities per application From 100s to 10s Average time to fix a vulnerability From 1 to 2 weeks to 1 to 2 hours Percentage of repeat vulnerabilities From 80% to 0% Compliance and penetration testing effort From ~$500k to ~$250k Time-to-market delays due to vulnerabilities From 4+ incidents (30 days each) per year to none) Mainstay ROI Research 2013 – Does Application Security Pay?
293 Transform to a hybrid infrastructure Enable workplace productivity Empower the data-driven organization Protect your digital enterprise Proactively protect the interactions between users, applications and data across any location or device. HPE-Security Solutions at-a-glance • HPE Fortify Software Security Assurance • HPE Data Security Continuous data protection • HPE Threat Central Cyber threat intelligence • HPE Adallom Accelerating cloud adoption while enabling security governance • HPE Incident Response and Breach Recovery • HPE ArcSight Threat monitoring, analytics & response • HPE User Behavior Analytics – mitigating insider threats • HPE DNS Malware Analytics – detecting breaches before damage occurs • HPE Aruba ClearPass Ensuring trusted connectivity • HPE Managed Services – instant experts to help you achieve time to value
Together with our partners HPE Security have World Class information services and technologies to enable our customers to protect their digital assets Security Technology Security Consulting Managed Security Services Offerings to strengthen security posture, proactively manage incidents, and extend security capabilities Expertise to help clients understand, manage and reduce business and security risks Help clients disrupt their adversaries
More information… 2015 Cyber Risk Report and Executive Summary: http://www8.hp.com/us/en/software-solutions/cyber-risk-report-security- vulnerability Ponemon Institute Cost of Cyber Crime Study: http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security- report/ HP Security Research: hp.com/go/HPSR and hp.com/go/hpsrblog HP Enterprise Security: hp.com/go/SIRM
Thank you Email: stephlam@hpe.com Twitter: @actionlamb

Recommended

HP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
HP Mobility Perspective at the Mobile World Congress 2014 in BarcelonaHP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
HP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
Pronq by HP
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solution
rickkaun
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
Sridhar Karnam
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
Mohamed Zohair
 
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Protect724
 
ArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment GuideArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment Guide
Protect724gopi
 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSight
Sridhar Karnam
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
Allot Communications
 

Recommended

HP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
HP Mobility Perspective at the Mobile World Congress 2014 in BarcelonaHP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
HP Mobility Perspective at the Mobile World Congress 2014 in Barcelona
Pronq by HP
 
HP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM SolutionHP ArcSight Demonstrating ROI For a SIEM Solution
HP ArcSight Demonstrating ROI For a SIEM Solution
rickkaun
 
Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?Are your Cloud Services Secure and Compliant today?
Are your Cloud Services Secure and Compliant today?
Sridhar Karnam
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
Mohamed Zohair
 
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Standard Content Guide for ArcSight Express w/ CORR-Engine v3.0
Protect724
 
ArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment GuideArcSight Enterprise View Deployment Guide
ArcSight Enterprise View Deployment Guide
Protect724gopi
 
Big Data Security with HP ArcSight
Big Data Security with HP ArcSightBig Data Security with HP ArcSight
Big Data Security with HP ArcSight
Sridhar Karnam
 
Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬Network Security‬ and Big ‪‎Data Analytics‬
Network Security‬ and Big ‪‎Data Analytics‬
Allot Communications
 
MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM Implementation
Michael Nickle
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
IBM Security
 
Architecture
ArchitectureArchitecture
Architecture
Shiva Chunduru
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Anton Goncharov
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdf
Protect724v2
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
ReliaQuest
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Bryan Borra
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
Splunk
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING Bank
Splunk
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
Enterprise Technology Management (ETM)
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
Christian Have
 
Webinar: 5 Key Trends That Could Challenge Your Data Protection Plan in 2018
Webinar: 5 Key Trends That Could Challenge Your Data Protection Plan in 2018Webinar: 5 Key Trends That Could Challenge Your Data Protection Plan in 2018
Webinar: 5 Key Trends That Could Challenge Your Data Protection Plan in 2018
Storage Switzerland
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
Precisely
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM Solution
JK Tech
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewb
rty_ngtglobal
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
DATA SECURITY SOLUTIONS
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016
SteveAtHPE
 
Dell future workforce_global_report-_summary_final
Dell future workforce_global_report-_summary_finalDell future workforce_global_report-_summary_final
Dell future workforce_global_report-_summary_final
Bankir_Ru
 

More Related Content

What's hot

Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Bryan Borra
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
Enterprise Technology Management (ETM)
 
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
Precisely
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Sirius
 

What's hot (20)

MISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM ImplementationMISTI Infosec 2010- SIEM Implementation
MISTI Infosec 2010- SIEM Implementation
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...How to Choose the Right Security Information and Event Management (SIEM) Solu...
How to Choose the Right Security Information and Event Management (SIEM) Solu...
 
Architecture
ArchitectureArchitecture
Architecture
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
 
ESM_101_6.9.0.pdf
ESM_101_6.9.0.pdfESM_101_6.9.0.pdf
ESM_101_6.9.0.pdf
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
Tips and tricks for MSSPs leveraging HPE Security ArcSight ESM to win proof o...
 
Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017Softcat Splunk Discovery Day Manchester, March 2017
Softcat Splunk Discovery Day Manchester, March 2017
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Delivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING BankDelivering business value from operational insights at ING Bank
Delivering business value from operational insights at ING Bank
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
 
Webinar: 5 Key Trends That Could Challenge Your Data Protection Plan in 2018
Webinar: 5 Key Trends That Could Challenge Your Data Protection Plan in 2018Webinar: 5 Key Trends That Could Challenge Your Data Protection Plan in 2018
Webinar: 5 Key Trends That Could Challenge Your Data Protection Plan in 2018
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
Integrating IBM Z and IBM i Operational Intelligence Into Splunk, Elastic, an...
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM Solution
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
Hp arcsight services 2014 ewb
Hp arcsight services 2014 ewbHp arcsight services 2014 ewb
Hp arcsight services 2014 ewb
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 

Viewers also liked

Dell future workforce_global_report-_summary_final
Dell future workforce_global_report-_summary_finalDell future workforce_global_report-_summary_final
Dell future workforce_global_report-_summary_final
Bankir_Ru
 
2016 06 VMEx - intro (russian)
2016 06 VMEx - intro (russian)2016 06 VMEx - intro (russian)
2016 06 VMEx - intro (russian)
Andrey Karpov
 
HPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 DecemberHPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 December
at MicroFocus Italy ❖✔
 
HPE Agile Manager and ALM Overview
HPE Agile Manager and ALM OverviewHPE Agile Manager and ALM Overview
HPE Agile Manager and ALM Overview
Jeffrey Nunn
 
Application Performance Management 9.30 HPE whats new | 360 View
Application Performance Management 9.30 HPE whats new | 360 ViewApplication Performance Management 9.30 HPE whats new | 360 View
Application Performance Management 9.30 HPE whats new | 360 View
Jeffrey Nunn
 

Viewers also liked (17)

HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016
 
Dell future workforce_global_report-_summary_final
Dell future workforce_global_report-_summary_finalDell future workforce_global_report-_summary_final
Dell future workforce_global_report-_summary_final
 
Резервное копирование и оптимизация хранения данных
Резервное копирование и оптимизация хранения данныхРезервное копирование и оптимизация хранения данных
Резервное копирование и оптимизация хранения данных
 
HPE Presentation on Internet of Things at IoT World 2016 - Dubai
HPE Presentation on Internet of Things at IoT World 2016 - DubaiHPE Presentation on Internet of Things at IoT World 2016 - Dubai
HPE Presentation on Internet of Things at IoT World 2016 - Dubai
 
Directi Case Study Contest - Singles 360 by Team Awesome from IIM A
Directi Case Study Contest - Singles 360 by Team Awesome from IIM ADirecti Case Study Contest - Singles 360 by Team Awesome from IIM A
Directi Case Study Contest - Singles 360 by Team Awesome from IIM A
 
HPE ProLiant DL300 - serwery rackowe
HPE ProLiant DL300 - serwery rackoweHPE ProLiant DL300 - serwery rackowe
HPE ProLiant DL300 - serwery rackowe
 
2016 06 VMEx - intro (russian)
2016 06 VMEx - intro (russian)2016 06 VMEx - intro (russian)
2016 06 VMEx - intro (russian)
 
HPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 DecemberHPE Software at Discover 2016 London 29 November—1 December
HPE Software at Discover 2016 London 29 November—1 December
 
HPE Agile Manager and Project and Portfolio Management PPM overview
HPE Agile Manager and Project and Portfolio Management PPM overview HPE Agile Manager and Project and Portfolio Management PPM overview
HPE Agile Manager and Project and Portfolio Management PPM overview
 
HPE Keynote Hadoop Summit San Jose 2016
HPE Keynote Hadoop Summit San Jose 2016HPE Keynote Hadoop Summit San Jose 2016
HPE Keynote Hadoop Summit San Jose 2016
 
"From Big Data To Big Valuewith HPE Predictive Analytics & Machine Learning",...
"From Big Data To Big Valuewith HPE Predictive Analytics & Machine Learning",..."From Big Data To Big Valuewith HPE Predictive Analytics & Machine Learning",...
"From Big Data To Big Valuewith HPE Predictive Analytics & Machine Learning",...
 
OpenStack Days Tokyo 2016 HPE Presentation
OpenStack Days Tokyo 2016 HPE PresentationOpenStack Days Tokyo 2016 HPE Presentation
OpenStack Days Tokyo 2016 HPE Presentation
 
HPE Agile Manager and ALM Overview
HPE Agile Manager and ALM OverviewHPE Agile Manager and ALM Overview
HPE Agile Manager and ALM Overview
 
Application Performance Management 9.30 HPE whats new | 360 View
Application Performance Management 9.30 HPE whats new | 360 ViewApplication Performance Management 9.30 HPE whats new | 360 View
Application Performance Management 9.30 HPE whats new | 360 View
 
HPE IDOL Technical Overview - july 2016
HPE IDOL Technical Overview - july 2016HPE IDOL Technical Overview - july 2016
HPE IDOL Technical Overview - july 2016
 
Smart Cities, Smart Cars, Smart Living
Smart Cities, Smart Cars, Smart LivingSmart Cities, Smart Cars, Smart Living
Smart Cities, Smart Cars, Smart Living
 
NFV evolution towards 5G
NFV evolution towards 5GNFV evolution towards 5G
NFV evolution towards 5G
 

Similar to HPE-Security update talk presented in Vienna to partners on 15th April 2016

ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
PECB
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
Ulf Mattsson
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
Ulf Mattsson
 

Similar to HPE-Security update talk presented in Vienna to partners on 15th April 2016 (20)

Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech Applications
 
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to knowISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
GDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistGDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation Checklist
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
 
The Five Essential IoT Requirements and How to Achieve Them
The Five Essential IoT Requirements and How to Achieve ThemThe Five Essential IoT Requirements and How to Achieve Them
The Five Essential IoT Requirements and How to Achieve Them
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

HPE-Security update talk presented in Vienna to partners on 15th April 2016

  • 1. HPE Security – update session Steve Lamb Head of Security Technology thought leadership, EMEA stephlam@hpe.com @actionlamb
  • 2. Our focus for the next 60 minutes • What are our customers up against from a security perspective? • General Data Protection Law(GDPR) • Our strategy • Breathing fire into ArcSight’s belly! • Major upgrades to ArcSight • How to beat Splunk & IBM NOW • Discussion of application-security Note: Data-security is covered in other sessions 2
  • 3. What are our customers up against from a security perspective? 3
  • 4. The new normal Enterprise IT will continue to transform Regulatory costs and complexity will continue to rise Cyber attacks will increase in sophistication
  • 5. 53 Research: Top concerns for IT executives Risk associated with more consumption of apps/IT services across public, private & hybrid cloud Source: HP 20:20 CIO Report, 2012 Focus: Security Breach Management Focus: Security Intelligence Focus: Cloud Security Focus: Integrated GRC Lack of skilled resources to effectively manage security Risk associated with more consumption of apps/IT services Data privacy and information breaches
  • 6. Worldwide security trends & implications Cyber threat 56% of organizations have been the target of a cyber attack Extended supply chain 44% of all data breach involved third-party mistakes Financial loss $7.7m average Global cost associated with data breach Cost of protection 8% of total IT budget spent on security Reputation damage 30% market cap reduction due to recent events Source: HP internal data, Forrester Research, Ponemon Institute, Coleman Parkes Research Key Points • Security is a board of directors concern • Security leadership is under immense pressure • Need for greater visibility of business risks and to make sound security investment choices Reactive vs. proactive 60% of enterprises spend more time and money on reactive measures vs. proactive risk mgmt In US $15.4m & UK £4.1m average cost of a data breach.
  • 7. What IS The General Data Protection Regulation aka GDPR? Slide 1 of 3“…is a Regulation in the making by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) from 1995.” Wikipedia 7
  • 8. What IS The General Data Protection Regulation aka GDPR? Slide 2 of 3“The scale and severity of fines (Parliament suggests fines of up to €100 million or 5% of annual global turnover, whichever is greater, while the Commission proposes fines of up €1 million or 2% of annual global turnover) for noncompliance with the GDPR, as well as the ensuing reputational damage, present a risk that will reach the board level. Mandatory breach notifications remove any notion of hiding noncompliance. This increased visibility of risk will drive behaviour and, more importantly, budget.” IDC 8
  • 9. What IS The General Data Protection Regulation aka GDPR? Slide 3 of 3 “The GDPR is remarkably light on the subject of security. Of the 91 articles in the regulation, only three relate to security — two of which cover breach notification. “ IDC - The third article refers to encryption As it currently stands GDPR does not prescribe specific security controls – it’s outcome oriented – don’t get breached, if the worst happens you have to disclose and my face a significant fine. 9
  • 11. USERS APPS DATA Today’s digital Enterprise needs a new style of protection 11 Off site (cloud/outsourced) Protect your most business-critical digital assets and their interactions, regardless of location device Off site (cloud/outsource d) BIG DATA IaaS SaaS PaaS BYOD On site
  • 12. Protect your digital enterprise • Design a cyber resilient and compliant environment • Build protection into the fabric of your enterprise Build it In Stop it Now Recover it Fast • Rapidly detect & manage breaches • Monitor critical digital assets regardless of location or device • Execute flawless recoveries • Safeguard continuity with minimal downtime and no damage or loss Prevent Detect & Respond Recover
  • 13. •Breathing fire into ArcSight’s belly! 13
  • 14. Forward Looking Statements & Confidentiality This document contains forward looking statements This document contains forward looking statements regarding future operations, product development, product capabilities and availability dates. This information is subject to substantial uncertainties and is subject to change at any time without prior notification. Statements contained in this document concerning these matters only reflect Hewlett Packard Enterprise's predictions and / or expectations as of the date of this document and actual results and future plans of Hewlett-Packard Enterprise may differ significantly as a result of, among other things, changes in product strategy resulting from technological, internal corporate, market and other changes. This is not a commitment to deliver any material, code or functionality and should not be relied upon in making purchasing decisions. This document contains HPE confidential information If you have a valid Confidential Disclosure Agreement with HPE, disclosure of the Roadmap is subject to that CDA. If not, it is subject to the following terms: for a period of 3 years after the date of disclosure, you may use the Roadmap solely for the purpose of evaluating purchase decisions from HPE and use a reasonable standard of care to prevent disclosures. You will not disclose the contents of the Roadmap to any third party unless it becomes publically known, rightfully received by you from a third party without duty of confidentiality, or disclosed with HPE’s prior written approval.
  • 15. The goal of security operations is to reduce the time to detection and response 15 • Security Operations Centers face an increasing amount of information to process • Effectiveness depends on narrowing the funnel, and accelerating the throughput • Lower false positives and less noise allows analysts to focus on the critical events and IOCs # logs & events increases exponentially Alerts identified Increase speed to detection Speed up investigation Logs & Events Alert s Incidents Investigatio n Hunt IOCs Cloud Users Network Endpoint s Servers & Workloa ds Apps IoT
  • 16. As SOCs mature, there are 3 distinct use cases that drive detection and response 16 • Processing increasing number of events • Real-time correlation against IOCs • Reduced number of false positives Real-time Monitoring • Ability to custom query across environment and timeframes • Construct blast zone analysis and remediate Investigation • Hunt for unknown threats with deep analytics and machine learning • Identify new IOCs to improve monitoring Hunt Increasinglevelofmaturity Logs & Events Alert s Incidents Investigati on Real-time Correlation Engine Intelligence Feeds (Threat Central, others) Correlation Database Data Lake Hunt Team Security Analysts Level 1 Security Analysts Level 2 Analytics drive hunt for unknown threats Investigation Queries IOCs SOC Workflow IOCs
  • 17. Reduced response times and increased productivity requires tuning the technology to the environment: a real example 17 • Do it right the first time to avoid rework and inefficiencies • Continually measure and improve by eliminating repetitive work through intelligent analysis and empowered staff • Focus on what’s important by minimizing noise • Maximize your investment and improve ROI across all SOC technologies
  • 18. ArcSight is custom built for security operations. 18 Correlation with Context Out of the box tailoring for your environment Updated analytics architecture for investigation & hunt 1 2 3 • ArcSight maintains contextual information, allowing for real-time correlation and prioritization. • Reduces time to detection with efficient processing. • Improves Analytical function with normalized and enriched data, speeding investigation and hunt • Highly configurable, with hundreds of connectors, built-in filters and templates to quickly tailor to your environment and workflow. • Tailoring identifies specific IOCs an analyst needs to look at, reducing false positives. • New event broker architecture feeds virtual data warehouse along with correlation engine • Advanced querying and analytics on big data architecture • UI design that exposes multiple apps including analytics workbench tied together with workflow and reporting(Coming soon)
  • 19. Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 19 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 1
  • 20. Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 20 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 2 2 2 2
  • 21. Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 21 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer Phase 3 : Scale Out ESM • ESM Scale Out • New User Interface v2 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 3 2 2 2 3 23
  • 22. Ingestion 1 Phase 1 : Enable Data Science • New event broker • Updated connector architecture ArcSight’s architecture is actively evolving beyond traditional SIEM to support the Intelligent SOC 22 Phase 2 : Investigation • Investigation use case • New User Interface v1 • Updated Data Warehouse, Data Model & Analytics Layer Phase 3 : Scale Out ESM • ESM Scale Out • New User Interface v2 Phase 4 : Hunt • Hunt use case • New User Interface v3 User Interface Correlation & Analytics Services Connectors Threat Intelligence Event Streams Event Broker Security Data Warehouse Real-time Correlation engine (ESM) Dashboards | Reports Workflow | Case Management | Runbooks Machine Learning + Analytics modules Marketplace External Information 2 1 3 2 2 2 3 4 4 23 Real-time Monitoring Investigation Hunt Search Entity Profiling Linked Data Analytics SIEM Alerts User Behavior Analytics DNS Malware Analytics App Defender Analytics Other Analytics
  • 24. Here’s the problem… • Only 6% of Information Security budgets go on application security! • > 70% still goes on network security!!! 24 • 84% of breaches are due to application vulnerabilities • Typical developers are not measured on security • The security perimeter of your organisation is really IN YOUR POCKET
  • 25. 25
  • 26. We convince & pay the developer to fix it 4 We are breached or pay someone to tell us our code is insecure 3 Today’s approach > expensive, reactive IT deploys the insecure software 2 Somebody builds insecure software 1
  • 27. 30X 15X 10X 5X 2X Why it doesn’t work 30x more costly to secure in production –After an application is released into Production, it costs 30x more than during design. Cost Source: NIST ProductionSystem testing Integration/ component testing CodingRequirements
  • 28. Software Security Assessment Automatically detect vulnerabilities in existing code 1 Software Security Assurance Detect vulnerabilities AS CODE IS written! 2 OPEN SOURCEOUTSOURCED COMMERCIALIN-HOUSE Runtime Application Self-Protection Monitor and protect software running in Production 3 IMPROVE Software Development Life Cycle(SDLC) POLICIES The right approach > systematic, proactive This is Software Security Assurance Performance Metric Improvement Vulnerabilities per application From 100s to 10s Average time to fix a vulnerability From 1 to 2 weeks to 1 to 2 hours Percentage of repeat vulnerabilities From 80% to 0% Compliance and penetration testing effort From ~$500k to ~$250k Time-to-market delays due to vulnerabilities From 4+ incidents (30 days each) per year to none) Mainstay ROI Research 2013 – Does Application Security Pay?
  • 29. 293 Transform to a hybrid infrastructure Enable workplace productivity Empower the data-driven organization Protect your digital enterprise Proactively protect the interactions between users, applications and data across any location or device. HPE-Security Solutions at-a-glance • HPE Fortify Software Security Assurance • HPE Data Security Continuous data protection • HPE Threat Central Cyber threat intelligence • HPE Adallom Accelerating cloud adoption while enabling security governance • HPE Incident Response and Breach Recovery • HPE ArcSight Threat monitoring, analytics & response • HPE User Behavior Analytics – mitigating insider threats • HPE DNS Malware Analytics – detecting breaches before damage occurs • HPE Aruba ClearPass Ensuring trusted connectivity • HPE Managed Services – instant experts to help you achieve time to value
  • 30. Together with our partners HPE Security have World Class information services and technologies to enable our customers to protect their digital assets Security Technology Security Consulting Managed Security Services Offerings to strengthen security posture, proactively manage incidents, and extend security capabilities Expertise to help clients understand, manage and reduce business and security risks Help clients disrupt their adversaries
  • 31. More information… 2015 Cyber Risk Report and Executive Summary: http://www8.hp.com/us/en/software-solutions/cyber-risk-report-security- vulnerability Ponemon Institute Cost of Cyber Crime Study: http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security- report/ HP Security Research: hp.com/go/HPSR and hp.com/go/hpsrblog HP Enterprise Security: hp.com/go/SIRM