gépi tanulás az it biztonságban · arcsight ecosystem security open data platform smart/flex...

Többet (mesterséges) ésszel, mint erővel Gépi tanulás az IT-biztonságban

Hargitai Zsolt

Üzletfejlesztési igazgató

zsolt.hargitai@microfocus.com

YEARS40

COBOL Content Manager

Network Management

Data Protector

Micro Focus TodayBuilt on stability, innovation and delivering for customers over the long term

3

Comprehensive security for the enterprise

ENDPOINTSECURITY

▪ Lifecycle management▪ Patching & containerization▪ Application virtualization▪ Mobile & server management

IDENTITY& ACCESS

▪ Adaptive Identity governance▪ Adaptive access management▪ Adaptive privileged management

APPSECURITY

▪ Static, Dynamic, & Runtime application testing

▪ Application security-as-a-service

DATASECURITY

▪ Data de-identification (encryption/tokenization)

▪ Key management▪ Hardware-based trust assurance▪ Messaging security

ANALYTICS & MACHINE LEARNING

SECURITYOPERATIONS

▪ Real-time detection▪ Workflow automation▪ Open source data ingestion▪ Hunt and investigation

4

SecurityVoltage

Fortify

NetIQ

ZENworks

ArcSight &Sentinel

Vertica

Machine learning in cybersecurity

6

7

8

9

10

11

12

13

14

15

16

ArcSight Ecosystem

SECURITY OPEN DATA PLATFORM

SMART/FLEX CONNECTORSInformation collection, enrichment and normalization

MANAGEMENT CENTERSuite management and administration

TRANSFORMATION HUBInformation delivery

LOGGERCompliance, search & reporting

ESMIncident monitoring & management

INVESTIGATEHunting and investigation

UEBAEntity behaviour analytics

CONTENTUnified, actionable & insightful

WEB CONSOLEAccessible monitoring and platform management

DSAD

CIP

LB

TI

17

ArcSight UEBA MissionUse Cases and Customer Requirements

We detect Insider Threats and Outsider Threatswith insider characteristics.

TYPE DESCRIPTION

Account CompromiseUnauthorized account usage by anyone other than the account holder. For example, an outsider who has spearfished an executive in order to obtain and use those credentials to further infiltrate an organization.

Account MisuseUnauthorized account usage by an account holder. For example, a manager in the Finance department who downloads executive salary information for all executives in the company.

Data Staging/ExfiltrationUnauthorized transfer of data from a computer. Such a transfer may be manual and carried out by someone with physical access to a computer or it may be automated and carried out through malicious programming over a network

Infected HostEvidence that a network resource has been compromised and is behaving differently than expected. For example, communicating over unexpected network applications, protocols, etc.

Insider FraudIntentional act of deception involving financial and prescription transactions for purpose of personal gain. This may be performed by professional attackers, organized crime, insiders, or customers. The goal of financial fraud is the illegal acquisition of assets such as money for personal use or profit. Prescription fraud is the illegal acquisition of prescription drugs for personal use or profit.

Internal ReconAttempt to gain information about targeted computers or networks that can be used as a preliminary step toward a further attack seeking to exploit the target system.

Lateral Movement

Unauthorized movement from system to system within an environment. Common lateral movement methods include accessing network shares, using the Windows Task Scheduler to execute programs, using remote access tools such as PsExec, or using remote desktop clients such as Remote Desktop Protocol (RDP), DameWare, or Virtual Network Computing (VNC) to interact with target systems using a graphical user interface.

THREAT COVERAGE

18©2019 Micro Focus

19

SecurityVoltage

Fortify

NetIQ

ZENworks

ArcSight &Sentinel

Vertica

Kahoot.it

20

Thank you.

www.microfocus.com/solutions/security