Your business challengesThe best time to stop an attack is before it happens and causes significant damage to the mission. To proactively enable action in a 24x7 mission-critical environment, a solution needs to implement best practices with known results quickly across the enterprise to protect the network in case of an attack.

Governments and businesses use large, geographically distributed networks to perform their missions. Mission success depends on timely event detection, correlation and rapid responses with known results. Existing monitoring and security systems help components of the enterprise achieve success, but they generate enormous volumes of data in various formats and locations. In many cases, the context of this information is limited to what the operator knows. As a result, both commanders and operators are increasingly challenged or overwhelmed by the sequences of manually integrated tasks needed to communicate, share and understand their risk posture at a particular moment.

What we offerThe Cyber Security C2 Solution provides a focused, user-definable view into the status and health of sophisticated network environments and the missions they support. Using a combination of complex event processing, event correlation and information fusion technologies, the solution dramatically improves situational awareness across the enterprise to give commanders and operational decision-makers near real-time insight to cyber threats or attacks. The solution builds on existing investments in monitoring and detection systems to:• Collect, filter and correlate seemingly unrelated

event patterns to identify disparate cyber attack signatures

•Identify both technical and mission impacts of an incident and recommend immediate courses of action

•Put correlating events into context of other events, processes and best practices

•Map enterprise events to event models defining relationships between applications, services and servers – the infrastructure used to accomplish the mission

•Apply rule sets to enable pattern recognition and data correlation based on current and historical events

•Provide consulting services to assist in achieving enterprise outcomes

Features• Enables near-real-time visibility across the enterprise

• Uses leading threat-detection algorithms to identify complex, stealth cyber attacks

• Correlates mission impact to prioritize responses in a multi-threat environment

• Enables predictive analytics to see the cyber storm coming before it hits

• Features a streamlined, operator-friendly console to simplify monitoring network health and respond to incidents with quick action

• Incorporates scalable design to support enterprises of all sizes

• Uses extendible interfaces to handle custom systems as well as standard monitoring platforms

• Leverages existing investments in systems and training

Benefits•Provides near real-time operational intelligence for

networks and missions

•Enables predictive threat analyses to respond before the attacks impact mission operations

•Identifies threats that go undetected by typical systems

•Makes log data actionable, enabling operators to concentrate on the mission, not on mechanics of situational awareness

•Provides scalable design to overcome limitations with point solutions to address data sets of all sizes

The Cyber Security C2 Solution enables situational awareness acrosslarge network environments, providing command and control capabilitiesfor cyber security threat response. The solution rapidly processes largevolumes of disparate data across the enterprise and delivers near real-time network operational insight for decision-makers to intervene, mitigate risks and determine impact to mission operations.

Cyber Security Command and Control (C2) SolutionDetects and responds to cyber security threats in near real-time. Provides network situational awareness and mission visibility to act on security breaches with confidence.

At-A-Glance

Business outcomes• Allows decision-makers to react to actual threats in

seconds, before the damage is done

• Enables shared understanding of network operations from a single, user-definable operational picture (UDOP)

• Provides proactive command and control capability for near real-time situational network operation

• Uses rule sets based on best-practice threat detection to warn operators of significant events

• Aggregates data sources, detects anomalies and provides actionable recommendations to the operator

• Enables both human intervention and automated responses to address cyber intrusion incidents

• Leverages existing network investments to display past, present and potential future cyber security threats

Visibility into the enterprise network

The user-defined operational picture (UDOP) enables rapid event processing by operators and commanders and has three main sections aligned with typical activities:

Monitor and manage — Uses an incident dashboard to show complex incidents, along with impact level, incident type, a unique identifier for that specific incident, incident status, the primary individual who has been tasked with management of the incident along with the time of last update, and the name of the last person to update information about the complex incident. To the right, more details are described regarding the impact of whichever complex incident is selected from the pane.

Locate and respond — Displays information about individual contributing events that make up a single complex incident along with details for each event. Geographic information related to the complex incident are displayed on a map, which can provide overlay information about how effects on cyber assets impact kinetic operations. Recommended courses of action, based on best practices, guide the operator and enable a high-performing cyber security team.

Analyze activity — Shows modules that can be configured to display any one of a number of different data outputs. In this case, summary statistics on the types of security events being detected at the current point in time are shown, along with trending data to indicate rising or falling trends. News feeds from various open sources are shown on the right side.

For more informationTo read more about Cyber Security Command and Control, go to www.hp.com/go/cybersecurityor contact: Sam Chun at samuel.chun@hp.com

Technology for better business outcomes

To learn more, visit www.hp.com© Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

USPS808301,Nov 2009