SlideShare una empresa de Scribd logo

Retail security-services--client-presentation

Joseph Schorr
Joseph Schorr

This document discusses Hewlett-Packard's Enterprise Security Services which provide consulting, managed security services, and threat intelligence to help organizations address security risks and the growing cyber threat landscape. It summarizes an HP presentation which outlines the retail security breach environment, lessons learned from recent high-profile retail breaches, and HP's portfolio of security services including rapid incident response, perimeter compromise checks, and threat intelligence from HP's global security operations centers and researchers.

Tecnología
1 de 20
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Evolveyour approachto retail security Enterprise Security Services
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 Name: Joseph Schorr Role: Strategic Security Architect Key Solution Area: Strategy, Health & Retail Industries Location: Largo, FL Contact Details: Joe.Schorr@hp.com +1 (727) 433-5018 Summary of Experience: Joe Schorr has over 17 years professional services and industry experience in Information Technology and Information Security. Before joining HP, Joe was the Principal Security Strategist and directed the InfoSec Practice for a Symantec Platinum Partner. As part of that role he was a full-time Resident working as a Product Manager at Symantec. Previously, as Managing Consultant for the British Telecom (BT) Ethical Hacking Center of Excellence he led an 11,000 hour PCI Compliance test for a large telco and led a dedicated Red Team that tested over 100 Web Apps per year for a Top 5 global bank. Prior to that, Joe was the CIO of a major non-profit for several years. He has performed many social engineering, physical security and network assessments over the years. Joe has been published and also presented on a range of topics including HIPAA, APTs, attacker mindset, social engineering, penetration testing, wireless security, enterprise risk management and security awareness at DefCON, GrrCon, DerbyCon and a number of other venues. Specific Technology or Solution Skills: • Advanced Threats Defense • ‘Offensive Security’ • Vulnerability and Risk Assessment • Cyber Warfare and Crime • Compliance Auditing and Remediation • Virtual CISO
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 Agenda The Retail Threat Environment Breach Detection /Imminent Threat Response Security Consulting Managed Security Services Threat Intelligence and Research
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Discovery The adversary attack ecosystem Research Retail Enterprises Their ecosystem Infiltration Capture Exfiltration
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 0010110111 0001001101 Anatomy of the Retailer (Target) Breach Hacker researches target Selects HVAC vendor for phishing attack Steal passwords via Citadel Access Target’s internal servers & network via web portals using stolen credentials Use SQLi to deliver Malware to POS systems and servers CC data scraped using BlackPOS and sent to ‘owned’ internal staging server Data exported to external ‘Dump Server’ Credit cards ‘Dumps’ sold for $26 - $44 per credit card
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 Lessons Learned The growing attack surface allows for multiple avenues for compromise Respect the underground marketplace of ideas & weapons available to those willing to pay Expect to be compromised - have your incident response plans & processes been tested between all relevant stakeholders & groups? Integration between threat data, security events and intelligence is critical to making informed decisions How are the risks in your partner community measured and governed?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 Discovery HP builds the capability to disrupt the market Research Retail Enterprises Their ecosystem Infiltration Capture Exfiltration Protecting the target asset Finding them Vendor Security Counter intel Blocking access Damage mitigation
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 HP ESS Perimeter Compromise Check Let’s find them Hybrid Service & Technology: • Two HP Security experts for two weeks onsite • Industry-leading hw/sw tools used inline on ingress/egress point to detect compromised hosts • Consultants focus on interviews and discussions with client to discuss security architecture, initiatives and response/mitigation strategies Internet DNS Proxy Infected Devices Firewall/Egress Point HP Sensor
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 HP Rapid Incident Response (RIR) Respond in real-time The challenge lies in effectively obtaining and applying the skills of experienced security incident responders in order to minimize the impact. This obstacle to success is only exacerbated by a lack of in-depth experience and the inability to gather and action threat data points as they are being created.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 average time to detect breach243 days
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 RIR-enabled Solution DIS specialists become the driving point of threat detection, data collection, analysis, and remediation driving down time to mitigation and remediation and resultant impact.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 HP RIR RIR / Proof of Concept DIS onsite demonstration of service and technologies • Less than a week on site • Limited scope of engagement • Used to − Identify “low hanging fruit” − Demonstrate HP hardware, software, and services − Demonstrate reduced time of response / investigation / resolution − Implementation of remediation • Single ‘box’ ready to deploy solution Active Threat Response Ad-hoc engagement of DIS team driving RIR technologies to affect a meaningful, timely resolution to a full breach • HP’s premier consulting service in real-world scenario with immediate client benefit • Single ‘box’ ready to deploy solution Deployed as Service DIS driving a fully configured and steady state deployment of services, hardware, and software • Fully solutioned service − DIS – Staffing, response, custom tuning − DIS – Monitoring and tuning − Threat intelligence – means of integrating new intel into operations • Implemented for full, multi- network coverage • Ability to scale to meet any size client One team solving many problems
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 How HP addresses the attacker ecosystem Disrupt the adversary• #1 in identifying security vulnerabilities and threats (Rated by Frost & Sullivan, top security vulnerability research organization) • Continuously finds more vulnerabilities than the rest of the market combined Manage risk & compliance • On average 92% of major incidents are resolved within 2 hours of identification with HP Managed Security Services - get ahead of threats & avoid costly non-compliance consequences. • Supplier Compliance Management (SCM) to mitigate common vendor-based breaches such a the recent retail breaches • HP Security has 5,000 security industry specialists, providing initial security assessments, security transformation programs and full environment management • HP’s scale gives unique understanding of legal, regulatory and compliance requirements . Threat Intelligence Security Consulting Managed Security Services Know the Adversary Manage Risk & Compliance Extend your Capabilities Services to strengthen security posture, proactively manage incidents and extend security capabilities Expertise to help clients understand, manage and reduce business and security risks. Actionable security intelligence through published reports, threat briefings and enhancements to the HP security portfolio
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Appendix
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Comprehensive threat intelligence and research • ~3000 researchers • 2000+ customers sharing data • 7000+ managed networks globally • Crowd sourced security intelligence • Leading security research • Continuously finds more vulnerabilities than the rest of the market combined • Tangible awareness of potential threats • Collaborative effort of market leading teams: DV Labs, ArcSight, Fortify, HPLabs, HPSR, Application Security Center • Collect network and security data from around the globe Ecosystem partners ESS HP Global Research
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Providing enterprise-level, security-focused expertise Expertise to help clients understand, manage and reduce business and security risks. Security Consulting HP Security Consulting Advisory & Assessment Architecture & Design Security Transformation Programs Security Solution Integration
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 HP MSS and Security Operations Offerings to strengthen security posture, proactively manage incidents and extend security capabilities Managed Security Services
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 Industry leading scale Global Security Operations Centers Global SOC Planned regional SOC 8 Brazil China Japan MEMA India Australia Texas Costa Rica Virginia UK Malaysia Bulgaria Spain Philippines HP secured user accounts 47m Monthly security events 23b5000+ HP security professionals 10000+ HP Security customers
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 Enterprise Security Services Global Security Scale # 2 Trusted Brand 8 Global Cyber Centers 5000+ Professionals Innovative Security Solutions Governance, Risk & Compliance Security Breach Managed Security Services Leading Security Intelligence Actionable security intelligence through published reports, threat briefings and enhancements to the HP security portfolio DISRUPT- MANAGE - EXTEND

Recomendados

Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapRetail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapTripwire
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and ResponseDigital Transformation EXPO Event Series
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
 
Pivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsPivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsEMC
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityJoel Cardella
 

Recomendados

Retail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapRetail Security: Closing the Threat Gap
Retail Security: Closing the Threat GapTripwire
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and ResponseDigital Transformation EXPO Event Series
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
 
Pivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsPivotal Data Lake Architecture & its role in security analytics
Pivotal Data Lake Architecture & its role in security analyticsEMC
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityJoel Cardella
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepEnterpriseGRC Solutions, Inc.
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached Dell EMC World
 
Ht t17
Ht t17Ht t17
Ht t17SelectedPresentations
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
DLP
DLPDLP
DLPsaurabh.sood
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPUL Transaction Security
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityInnoTech
 

Más contenido relacionado

La actualidad más candente

Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached Dell EMC World
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 

La actualidad más candente (20)

Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
 
Ht t17
Ht t17Ht t17
Ht t17
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
DLP
DLPDLP
DLP
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
 

Similar a Retail security-services--client-presentation

Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityInnoTech
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber DefenseEnergySec
 
To Serve and Protect: Making Sense of Hadoop Security
To Serve and Protect: Making Sense of Hadoop Security To Serve and Protect: Making Sense of Hadoop Security
To Serve and Protect: Making Sense of Hadoop Security Inside Analysis
 
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Italia
 
Big data security
Big data securityBig data security
Big data securityCloudBees
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksImperva
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016SteveAtHPE
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
Professional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptxProfessional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptxssusercc05cf
 
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
It's Behind You! Managing Insider Threats to Digital Security with RES Software
It's Behind You! Managing Insider Threats to Digital Security with RES SoftwareIt's Behind You! Managing Insider Threats to Digital Security with RES Software
It's Behind You! Managing Insider Threats to Digital Security with RES SoftwareRES
 
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Marco Casassa Mont
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThreatConnect
 

Similar a Retail security-services--client-presentation (20)

Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
Protecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud SecurityProtecting What Matters...An Enterprise Approach to Cloud Security
Protecting What Matters...An Enterprise Approach to Cloud Security
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
 
To Serve and Protect: Making Sense of Hadoop Security
To Serve and Protect: Making Sense of Hadoop Security To Serve and Protect: Making Sense of Hadoop Security
To Serve and Protect: Making Sense of Hadoop Security
 
HP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for youHP Enterprise Software: Making your applications and information work for you
HP Enterprise Software: Making your applications and information work for you
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Big data security
Big data securityBig data security
Big data security
 
Detect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted AttacksDetect & Remediate Malware & Advanced Targeted Attacks
Detect & Remediate Malware & Advanced Targeted Attacks
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 
Professional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptxProfessional Services for Cyber Recovery .pptx
Professional Services for Cyber Recovery .pptx
 
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEnWCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
WCIT 2014 Rohit Tandon - Big Data to Drive Business Results: HP HAVEn
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
SDNs for the Enterprise
SDNs for the EnterpriseSDNs for the Enterprise
SDNs for the Enterprise
 
It's Behind You! Managing Insider Threats to Digital Security with RES Software
It's Behind You! Managing Insider Threats to Digital Security with RES SoftwareIt's Behind You! Managing Insider Threats to Digital Security with RES Software
It's Behind You! Managing Insider Threats to Digital Security with RES Software
 
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
 

Más de Joseph Schorr

Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Joseph Schorr
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing DefenseJoseph Schorr
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Joseph Schorr
 
CBI Threat Landscape Webinar
CBI Threat Landscape WebinarCBI Threat Landscape Webinar
CBI Threat Landscape WebinarJoseph Schorr
 
FETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedFETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedJoseph Schorr
 
Information Security - The Basics
Information Security - The BasicsInformation Security - The Basics
Information Security - The BasicsJoseph Schorr
 

Más de Joseph Schorr (8)

Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing Defense
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11
 
APT Webinar
APT WebinarAPT Webinar
APT Webinar
 
CBI Threat Landscape Webinar
CBI Threat Landscape WebinarCBI Threat Landscape Webinar
CBI Threat Landscape Webinar
 
FETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedFETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons Learned
 
HIPAA Preso
HIPAA PresoHIPAA Preso
HIPAA Preso
 
Information Security - The Basics
Information Security - The BasicsInformation Security - The Basics
Information Security - The Basics
 

Último

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Último (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Retail security-services--client-presentation

  • 1. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Evolveyour approachto retail security Enterprise Security Services
  • 2. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 Name: Joseph Schorr Role: Strategic Security Architect Key Solution Area: Strategy, Health & Retail Industries Location: Largo, FL Contact Details: Joe.Schorr@hp.com +1 (727) 433-5018 Summary of Experience: Joe Schorr has over 17 years professional services and industry experience in Information Technology and Information Security. Before joining HP, Joe was the Principal Security Strategist and directed the InfoSec Practice for a Symantec Platinum Partner. As part of that role he was a full-time Resident working as a Product Manager at Symantec. Previously, as Managing Consultant for the British Telecom (BT) Ethical Hacking Center of Excellence he led an 11,000 hour PCI Compliance test for a large telco and led a dedicated Red Team that tested over 100 Web Apps per year for a Top 5 global bank. Prior to that, Joe was the CIO of a major non-profit for several years. He has performed many social engineering, physical security and network assessments over the years. Joe has been published and also presented on a range of topics including HIPAA, APTs, attacker mindset, social engineering, penetration testing, wireless security, enterprise risk management and security awareness at DefCON, GrrCon, DerbyCon and a number of other venues. Specific Technology or Solution Skills: • Advanced Threats Defense • ‘Offensive Security’ • Vulnerability and Risk Assessment • Cyber Warfare and Crime • Compliance Auditing and Remediation • Virtual CISO
  • 3. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 Agenda The Retail Threat Environment Breach Detection /Imminent Threat Response Security Consulting Managed Security Services Threat Intelligence and Research
  • 4. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Discovery The adversary attack ecosystem Research Retail Enterprises Their ecosystem Infiltration Capture Exfiltration
  • 5. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 0010110111 0001001101 Anatomy of the Retailer (Target) Breach Hacker researches target Selects HVAC vendor for phishing attack Steal passwords via Citadel Access Target’s internal servers & network via web portals using stolen credentials Use SQLi to deliver Malware to POS systems and servers CC data scraped using BlackPOS and sent to ‘owned’ internal staging server Data exported to external ‘Dump Server’ Credit cards ‘Dumps’ sold for $26 - $44 per credit card
  • 6. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 Lessons Learned The growing attack surface allows for multiple avenues for compromise Respect the underground marketplace of ideas & weapons available to those willing to pay Expect to be compromised - have your incident response plans & processes been tested between all relevant stakeholders & groups? Integration between threat data, security events and intelligence is critical to making informed decisions How are the risks in your partner community measured and governed?
  • 7. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 Discovery HP builds the capability to disrupt the market Research Retail Enterprises Their ecosystem Infiltration Capture Exfiltration Protecting the target asset Finding them Vendor Security Counter intel Blocking access Damage mitigation
  • 8. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 HP ESS Perimeter Compromise Check Let’s find them Hybrid Service & Technology: • Two HP Security experts for two weeks onsite • Industry-leading hw/sw tools used inline on ingress/egress point to detect compromised hosts • Consultants focus on interviews and discussions with client to discuss security architecture, initiatives and response/mitigation strategies Internet DNS Proxy Infected Devices Firewall/Egress Point HP Sensor
  • 9. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 HP Rapid Incident Response (RIR) Respond in real-time The challenge lies in effectively obtaining and applying the skills of experienced security incident responders in order to minimize the impact. This obstacle to success is only exacerbated by a lack of in-depth experience and the inability to gather and action threat data points as they are being created.
  • 10. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 average time to detect breach243 days
  • 11. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 RIR-enabled Solution DIS specialists become the driving point of threat detection, data collection, analysis, and remediation driving down time to mitigation and remediation and resultant impact.
  • 12. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 HP RIR RIR / Proof of Concept DIS onsite demonstration of service and technologies • Less than a week on site • Limited scope of engagement • Used to − Identify “low hanging fruit” − Demonstrate HP hardware, software, and services − Demonstrate reduced time of response / investigation / resolution − Implementation of remediation • Single ‘box’ ready to deploy solution Active Threat Response Ad-hoc engagement of DIS team driving RIR technologies to affect a meaningful, timely resolution to a full breach • HP’s premier consulting service in real-world scenario with immediate client benefit • Single ‘box’ ready to deploy solution Deployed as Service DIS driving a fully configured and steady state deployment of services, hardware, and software • Fully solutioned service − DIS – Staffing, response, custom tuning − DIS – Monitoring and tuning − Threat intelligence – means of integrating new intel into operations • Implemented for full, multi- network coverage • Ability to scale to meet any size client One team solving many problems
  • 13. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 How HP addresses the attacker ecosystem Disrupt the adversary• #1 in identifying security vulnerabilities and threats (Rated by Frost & Sullivan, top security vulnerability research organization) • Continuously finds more vulnerabilities than the rest of the market combined Manage risk & compliance • On average 92% of major incidents are resolved within 2 hours of identification with HP Managed Security Services - get ahead of threats & avoid costly non-compliance consequences. • Supplier Compliance Management (SCM) to mitigate common vendor-based breaches such a the recent retail breaches • HP Security has 5,000 security industry specialists, providing initial security assessments, security transformation programs and full environment management • HP’s scale gives unique understanding of legal, regulatory and compliance requirements . Threat Intelligence Security Consulting Managed Security Services Know the Adversary Manage Risk & Compliance Extend your Capabilities Services to strengthen security posture, proactively manage incidents and extend security capabilities Expertise to help clients understand, manage and reduce business and security risks. Actionable security intelligence through published reports, threat briefings and enhancements to the HP security portfolio
  • 14. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
  • 15. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Appendix
  • 16. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 Comprehensive threat intelligence and research • ~3000 researchers • 2000+ customers sharing data • 7000+ managed networks globally • Crowd sourced security intelligence • Leading security research • Continuously finds more vulnerabilities than the rest of the market combined • Tangible awareness of potential threats • Collaborative effort of market leading teams: DV Labs, ArcSight, Fortify, HPLabs, HPSR, Application Security Center • Collect network and security data from around the globe Ecosystem partners ESS HP Global Research
  • 17. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 Providing enterprise-level, security-focused expertise Expertise to help clients understand, manage and reduce business and security risks. Security Consulting HP Security Consulting Advisory & Assessment Architecture & Design Security Transformation Programs Security Solution Integration
  • 18. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 HP MSS and Security Operations Offerings to strengthen security posture, proactively manage incidents and extend security capabilities Managed Security Services
  • 19. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 Industry leading scale Global Security Operations Centers Global SOC Planned regional SOC 8 Brazil China Japan MEMA India Australia Texas Costa Rica Virginia UK Malaysia Bulgaria Spain Philippines HP secured user accounts 47m Monthly security events 23b5000+ HP security professionals 10000+ HP Security customers
  • 20. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 Enterprise Security Services Global Security Scale # 2 Trusted Brand 8 Global Cyber Centers 5000+ Professionals Innovative Security Solutions Governance, Risk & Compliance Security Breach Managed Security Services Leading Security Intelligence Actionable security intelligence through published reports, threat briefings and enhancements to the HP security portfolio DISRUPT- MANAGE - EXTEND

Notas del editor

  1. A debit card processing company was breached in India.  To breach into these companies, it is likely that profiles were developed on key employees…  There are experts who build profiles I want to attack company X. I find out who the top execs are. I might go on LinkedIn. I look at their Facebook posts. I know his friends. Places he’s been. Restaurants he checks into. Find out what he likes to do. It makes the victim easy to attack because the profiler know things about him or her that not many people should know. If you are an expert profiler, you can build these profiles and sell them on the black market, i.e, the internet to the highest bidder. I have 10 profiles from company X. Who wants them? Hackers buy these profiles because it is more efficient than doing the profiling themselves. It will take way less time to buy them than build them myself. These hackers then breached the company.  They might have used a phishing attack and installed malware to break into the network and use the employee’s credentials. They may build their own toolkits. Or go online and rent bot.net networks for $18/day. Or buy a Zeus kit for $7K or so. They only had to be right once.  It could be likely that after these companies were breached that these hackers raised their hand and sold these breach points to the highest bidder. I have 50 access points. Who wants to buy that? After the breach, we don’t know how long the adversary was there.  It could have been months… years?  Then the person who’s really good at using those access points, figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create this map… They raise their hand. Sell it on the Internet and sell it to the next person. Eventually they criminals were able to access some critical databases and change the account profile including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party.  And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.   This information is monetized and feeds this entire ecosystem. Are there vertically integrated bad guys? Yes. Nation states, large criminal organizations. But is someone is more efficient and more effective at doing one of those stages, why wouldn’t you just buy it? When talking about cyber security, we focus too much on the specific actors, whether state-sponsored, a “hacktivist” or a cyber criminal. We need to focus on the full marketplace in which these actors participate. The market organizes these actors around the market processes for breach, enabling disparate parties to collaborate. As actors specialize in this marketplace – in order to make more money – innovation is extraordinary. This criminal ecosystem is much more efficient at creating, sharing and acting on the security intelligence than the ecosystem that exists to defend our customers.  The standardization of Security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary. No framework discussed in committee will be able to evolve as fast as a marketplace. We need to build our response in a way that disrupts the adversary at every step of their process.
  2. Hacker researches target Selects hvac vendor for phishing attack Steals passwords via Citadel Access Target internal servers/network with stolen credentials Use SQLi to deliver Malware to POS systems CC data scraped and sent to internal server Data exported to external dump server Credit cards ‘Dumps’ sold for $26 - $44 each
  3. We need to look at solutions that help us determine that something is afoot. In building out the capabilities for disrupting the discovery and capture stages, Big data and the ability to process large data sets in real time and at scale is powerful. We need to look at the data that you have in your organization to find something that is unusual. If a verified employee, i.e., the individual who’s profile was hacked, starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off. Now, what these criminals are looking for is your critical data. IP, customer information, etc.  What are you doing to protect your critical data? Is it encrypted? You should know when it is being moved. Accessed inappropriately or being sent outside the organization in an email, a post on a Facebook account or stored on cloud storage. The increase in the types of information that can be correlated from all over the enterprise and from data outside the enterprise is phenomenal. Organizations are monitoring the cyber black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders. Finally, the adversary will beat us at some point. What capabilities do we have for responding after they have won.
  4. But no one knows this better than you. You deal with it every day. So none of these statistics really surprise you. And you know, all too well, that it’s not really a question of “if” you will face these challenges, but “when” and, more importantly…”HOW” will you deal with them. For instance, one number that really jumps out at me is that 94% of breaches are reported to organizations by a third party. In the US, there was a famous case of a credit card processer was hacked at a cost of $140M. They were told by a partner. And in the case of some of the largest breaches in the last several years, they found out via social media. Does your organization have a plan for that sort of thing? And how can we manage these things better? As we talk about the trends and solutions, I hope you come away with three big ideas. First, security has to be elevated to a board of directors level of concern. It has to be central to your objectives and strategy. Second, you’re facing more pressure and more aggressive security challenges than ever before—and this requires a different, proactive approach to ensure your organization’s security. Third, you need full visibility into the risks you face so that you have the information to make wise investments choices.
  5. How CIRT transitions response and forensics actions and effort to a real-time, remotely managed model. In brief, anything with Purple accent is either directly or remotely influenced by the capabilities of CIRT and therefore manageable by DIS
  6. HP Security products and services help you disrupt the adversary, manage risk and extend your security capabilities to better protect your enterprise, allowing you to support your organization’s innovation requirements. HP also believes that we as security professionals need to do more - to better share and collaborate with each other to beat the bad guys and respond to imminent threats more quickly and effectively. HP advocates an integrated approach to security, one that starts with a single, comprehensive view of risk across the extended enterprise, and driven by your enterprise priorities and goals. Although, we know that everything in an organization can never be completely secure, you can implement a more proactive and effective pan-enterprise approach to information security and risk management. HP Security is designed with 3 principles in mind. DISRUPT. HP Security -Next generation security solutions to disrupt the adversary market place Enterprise security must evolve as the adversary market place has become more specialized and efficient. Enterprises must have real-time threat disruption capabilities. Instead of solely focusing on keeping the adversary out, HP advocates a security approach that involves disrupting the entire lifecycle of an attack, by investing more in prevention and detection from the application to bios layers. HP’s services, products, research and unparalleled experience provide real-time threat disruption; self-healing technology integrated with crowd sourced security intelligence to disrupt the adversary. HP ‘s Zero Day Initiative, DV Labs and Threat Exchange find, disrupt and eliminate threats and vulnerabilities as they occur. HPs approach to disrupt the adversary market place will ultimately reduce your exposure time and increase your effectiveness in protecting your data from external and internal theft.    MANAGE Although organizations are increasing spend on cyber security, CIOs and CISOs are faced with the challenge of identifying, retaining, and educating security professionals. Quite simply there are not enough resources to go around. HP Security provides expertise to extend your capabilities and complement your existing resources. HP’s experience across the entire IT landscape, from data centers through the cloud across hybrid infrastructures and on any device gives us the unique ability to offer the industry expertise and skills you need to help you reduce the cost and complexity of securing your infrastructure. HP gives you access to 5,000 security industry specialists with a combined experience of over 657 million hours! We work with you from an initial security assessment through a security transformation program to full management of your environment. And, in the event a breach does occur, HP’s security incident response services give you access to industry experts who will work with you to remediate and respond quickly to minimize the impact and exposure of a breach to your organization. HP has forensic, litigation and data recovery services with 24*7 monitoring capabilities, underpinned by rapid detection technologies in HP ArcSight to better respond and manage the effect of a data breach on your organization HP Security consultants help navigate new business models, as well as understand the ever-changing legal and regulatory landscape, to better protect your enterprise. EXTEND HP Security- Security solutions to better manage risk and compliance.  Internal security teams are struggling to cope as the nature and volume of attacks on our organizations increase, and the regulatory landscape becomes even more challenging, HP Managed Security Services detect intrusions within 11.8 minutes1 of their arrival and resolve 92% of major incidents within 2 hours of identification, significantly reducing your risk exposure and avoiding fines as a result of non- compliance. HP Managed Security Services (MSS) teams have extensive, industry specific knowledge of legal, regulatory and standard developments, HP teams have ISO270001 certification and work to international standards for information security management giving you the tools, teams and process you need to comply with (amongst others) PCI, SOX, HIPPA and EU Data Privacy laws. EXTEND. HP Security – Extend your capabilities with HP
  7. Your security effectiveness is only as good as the security research behind it and DVLabs has been the industry leader for years. In addition to our own in-house security researchers, DVLabs manages Zero Day Initiative (ZDI) which is a global organization of researchers constantly looking for new application vulnerabilities: 3000+ researchers registered Typical profile: male, teen to mid twenties, hobbyist 3,400+ 0-day vulnerabilities submitted by these researchers 1100+ 0-day vulnerabilities purchased (30+%) Plus, over 2000 customers leverage and contribute information to our ThreatLinQ security portal. ThreatLinQ houses up to the minute security information from around the globe that customers have access to 24 hours a day, 7 days a week. We also partner with other leading research organizations like SANS, CERT and NIST to consolidate security intelligence resulting in the most advanced intelligence network anywhere in the world. But nothing beats the actual experience gained in the day-to-day defense of client networks. Through our work managing and monitoring some of the largest, global networks, HP collects and analyzes vast amounts of threat information to identify not just the issue at hand, but to anticipate the next attack. That makes threat intelligence applicable and a powerful weapon our clients can use now. The sheer volume of data and security events flowing through our operations centers gives us tangible experience to not just address today’s attack, but prepare for tomorrow’s innovation: HP monitors more than 8 billion data log entries monthly through our global operations centers, identifying more than 2 billion security events every month that require review. (Source: HP internal data). Studies indicate that more than 2 Billion devices will be in circulation in 2014 (Source: Gartner). HP currently monitors and manages more than 2.5 million enterprise endpoints and devices in 65 countries, and more than 40 million user accounts. (Source: HP internal data) HP monitors and manages traffic across more than 7,000 enterprise and government networks globally. (Source: HP Internal Data)
  8. For our consulting portfolio, it is vital to offer our clients a comprehensive portfolio(which is end to end, led from GRC-down and vendor agnostic) Our service encompasses advisory and assessment, architecture, implementation, assurance and testing Requirement that our consultants have deep knowledge of the complex security controls in any environment to offer you independent advise Need to be agnostic - HP tech solutions + Partners Need to be industry aligned given the threats facing industries are very different (as are the risk/compliance landscapes) Our big investment area is scale and consistency across the globe; feedback has been when we provide this capability it is market leading/first class