hpe security overview

8/18/2019 HPE Security Overview

http://slidepdf.com/reader/full/hpe-security-overview 1/54

HPE SecurityPortfolio Overview



© Copyright 2015 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice.

MonetizationData Sold on Black Market

Attack Life Cycle

Research Potential TargetsResearch

InfiltrationPhishing Attack and Malware

.

Exfiltrate/Destroy Stolen Data

Exfiltration/DamageExfiltrate/Destroy Stolen Data

Obtain datCaptur





HPSR: HP Security ResearchThreat Central

Attack Life Cycle

Threat IntelligenceHP Security Research



.

Exfiltrate/Destroy Stolen Data

Exfiltration/DamageExfiltrate/Destroy Stolen Data

Obtain datCaptur






Attack Life Cycle




.

Exfiltrate/Destroy Stolen DataExfiltration/DamageExfiltrate/Destroy Stolen Data

Obtain datCaptur

Note: Industry Leading Security Research and Threa

Source:

http://hpsw.co/i6GDq82

http://hpsw.co/i6GDq82






Attack Life Cycle




.


Obtain datCaptur

Note: Automated Intelligence Sharing via Threat Cen






Attack Life Cycle



RASP: Runtime Application Self ProtectionDAST: Dynamic Application Security TestingSAST: Static Application Security Testing

Block Adversary• HP Fortify


.


Obtain datCaptur





HPSR: HP Security ResearchDVLabs: Digital Vaccine LabsZDI: Zero Day InitiativeThreat Central

Attack Life Cycle






.


Note:

Obtain datCaptur






Attack Life Cycle






.


Note: Industry Leading Software Security Assurance Portfolio

Obtain datCaptur






Attack Life Cycle






SIEMLoggeUBA:IT GRDMA

.

DH


Obtain datCaptur

Note: Industry Leading Security Analytics and Correlation Portfolio






Attack Life Cycle



NGIPS: Next Generation IPSNGFW: Next Generation FirewallATA: Advanced Threat ApplianceRASP: Runtime Application Self ProtectionDAST: Dynamic Application Security TestingSAST: Static Application Security Testing

Block Adversary• HP TippingPoint• HP Fortify


.



DH

Note: Industry Leading Security Analytics and Correlation Portfolio

Obtain datCaptur






Attack Life Cycle






.


Note: Find Insider Threats and APTs with User Behavior Analytics


DH

Obtain datCaptur






Attack Life Cycle






.



DH

Note: Find Insider Threats and APTs with DNS Malware Analytics

Obtain datCaptur






Attack Life Cycle






.



DH

Note: Runtime Application Self Protection – and Monitoring

Obtain datCaptur






Attack Life Cycle






.



DH

Note: Actionable Risk Intelligence with the ESM module: Risk Insight

Obtain datCaptur






Attack Life Cycle



RASP: Runtime Application Self Protection

DAST: Dynamic Application Security TestingSAST: Static Application Security Testing



.



DH

Note: End-To-End Data Protection with HP Voltage

934-753-2356

ESKM: Enterpr. SNSP: Network SDLP: Data LossFPE, Tokenization: Secure Email

Protect DatHP Atalla, H

Obtain datCaptur






Attack Life Cycle



NGIPS: Next Generation IPS

NGFW: Next Generation FirewallATA: Advanced Threat ApplianceRASP: Runtime Application Self ProtectionDAST: Dynamic Application Security TestingSAST: Static Application Security Testing



.


Note: Protection Data at every stage of its lifecycle with Atalla IPC


DH



Obtain datCaptur






Attack Life Cycle



NGIPS: Next Generation IPS

NGFW: Next Generation FirewallATA: Advanced Threat ApplianceRASP: Runtime Application Self ProtectionDAST: Dynamic Application Security TestingSAST: Static Application Security Testing



.


Note: Industry Leading Data Protection Portfolio


DH



Obtain datCaptur




Action

HP Breach Response Services



Attack Life Cycle



RASP: Runtime Application Self Protection

DAST: Dynamic Application Security TestingSAST: Static Application Security Testing



.

ESKM: Enterpr. SNSP: Network SFPE, Tokenization: Secure Email


Obtain datCaptur



DH



HPE ArcSightSecurity Information & Event Management

HPEE ArcSight



Act with Instant Clarity against threats that matter

HPEE ArcSight

Transform Big Datainto actionablesecurity intelligence

Automatecompliance obox

AnalyzeCollect Automa

Real-time correlation ofdata across devices tofind threats

How do we do it?



How do we do it?

?

Collect Collect logs from any device, any source, aat high speed

Enrich Machine data is unified into a single formanormalization and categorization

Search Simple text-based search tool for logs and e

the need of domain expertsStore Archive years’ worth of unified machine data

compression ratios

Correlate Automate the analysis, reporting, and alertidata for IT security, IT operations, and IT G

Approach Benefit

HPE ArcSight: Market Leading S olution



Analyst RecognitiCompany Background

HPE ArcSight: Market Leading S olution

• Founded May 2000

• 3000+ customers (~50 MSSP’s)• Offices worldwide (170+ countries)

• Acquired by HPE, Oct 2010

#1 In-usand Log

#1 in MaLast thre

SIEM Le10 years i

Industry Recognition

HPE Architecture Overview



HPE Architecture Overview

Logger Tier

ArcSight Connector

ArcSight Logger HA – If Needed

ArcSight Express/ESMReal time Correlation Tier

For aggregation and noise filtering

Admin

Collection Tier

Admin

HPE ArcSight: A Leader in SIEM (2011-2015 Gartner Quadrant)



g ( Q )

2014

Indonesia Customer Refference



Financial Industries / BankingTelco IndustriesGovernment

Private Company



Forensic Analysis

Are we compromised?

Are we compromised?



Firewall log analysis – Sorted Count of Denials-spanning-two-minutes

p

HPE ArcSight Correlation



gEnabling Complete Visibility

COLLECT CONSOLIDATE

• Sophisticated correlation technologies

• Pattern recognition and anomaly detection to identifymodern known and unknown threats

• The more you collect, the smarter it gets



ArcSight ESM Features

SIEM

Detection Analysis Al

!!

Out of the Box Content for Common Use Cases



Understand Network Usage• Top Bandwidth Users• Top Protocols• Top Domains and Zones

Prevent Viruses• Top Infected Systems• All AV Errors• AV Signature Update Stats

Protect Your Data• Database Errors and Warnings• Database Successful and Failed Logins• Database Configuration Changes

Prevent Intrusions• Top Attackers and Internal Targets• IPS / IDS Alert Metrics• Intrusion Alert Counts• Top Alert Sources and Destinations• Top Attackers and Internal TargetsControl User Access• User Authentication Across Hosts• Authentication Success and Failures•

User Administration Configuration Changes

Control Network Devices• Network Device Errors and Critical Events• Network Device Status and “Down” Notifications• Configuration Changes by User and Chang• Successful and Failed Logins

Monitor VPN / Remote Access• VPN Authentication Errors• Connection Counts• Connection Durations• Connections Accepted

and Denied

Monitor Privileged Users• Privileged User Administration• Successful and Failed Logins• User Session Monitoring

Guard the Perimeter• Firewall Monitoring• Denied Inbound Connections• Denied Outbound Connections• Successful / Failed Login Activity

• Top External Destinations• Top External Sources

• Success• Top Con• Top Ban• VPN Co

• Consoli•

AV Con

Correlated Rule Name Description



p

Failed Login to a default account This rule detects a failed login attempt to a servers default out of the box account (such as admin,cisco)

Successful Login to a default account This rule detects a successful login attempt to a servers default out of the box account (such asadmin, cisco)

Failed Logins of Single User toMultiple Destinations

This rule detects suspicious user behaviour where a single user account has attempted to login tomultiple servers unsuccessfully

Brute Force Login Attempt Tracks multiple failed logins to the same user account on the same server. When the threshold isreached it will trigger the rule

Multiple Failed Logins followed by aSuccess Tracks multiple failed logins to the same user account on the same server.

Port Scan DetectedThis Rule is triggered when ESM detects Multiple Reconnaissance Connections where the Target

Address is the same but the Target Port and Attacker Addresses are unique.

High Number of IDS Alerts for DOSThis rule will fire when multiple IDS Alerts are seen which have been classified as Denial ofService Attacks

IDS High DOS This rule will trigger when an IDS Event classified as DOS with a High Priority is seen. IDS/

SYN Flood Detected by IDS orFirewall This rule looks for SYN flood alerts from Intrusion Detection Systems (IDS) or firewalls. ID

IDS High Inappropriate UsageThis rule will trigger when an IDS Event c lassified as 'Inappropriate Usage' with a High Priority isseen.

IDS Medium Inappropriate UsageThis rule will trigger when multiple IDS Events classified as 'Inappropriate Usage' with a MediumPriority are seen.

IDS Medium Malicious CodeThis rule will trigger when multiple IDS Events classified as 'Malicious Code' with a MediumPriority are seen.

Real-Time Alerting and Notifications



• Alerting• Proactive threat, risk, and compliance alerting

• Escalation• Priority based escalation and workflow

• Notifications• Email, SMS, pager, SNMP

• Customizable templates

g

A l d I ti t



Analyze and Investigate



HPE FortifyStatic & Dynamic Application Testing



On-Premise and On-Demand

HP Fortify – Software Security Testing

Static Analysis – Fortify SCA

Source CodeMgt. System

Static Analysis ViaBuild Integration

Dynamic Analysis – WebInspect

Dynamic Testingin QA or

Production

Application ProtectionHP Application Defender

Real-time Protection ofRunning Application

Vulnerability Management

Normalization(Scoring, Guidance)

Correlation(Static, Dynamic, Runtime)

Threat Intelligence RulesManagement

VulnerabilityDatabase

Remediation

IDE Plug-ins(Eclipse, VisualStudio, etc.)

Developers(onshore or

offshore)

Correlate TargetVulnerabilities

with CommonGuidance andScoring

Defects, Metricsand KPIs Used to

Measure Risk

Applicati

Lifecyc

DevelopmeProject an

ManagemeStakeholde

Software Security Center Fortify on Demand



Static analysis – find and fix security issues in your code during developmenHP Fortify Static Code Analyzer (SCA)

Features:

• Automate static application security testing to identifysecurity vulnerabilities in application source codeduring development

• Pinpoint the root cause of vulnerabilities with line ofcode details and remediation guidance

• Prioritize all application vulnerabilities by severity andimportance

• Supports 22 languages, 832,000+ APIs and 688vulnerability categories



Broadest Technology Support

Static analysis supports 22 languages and

growing

• ABAP• C#• Classic ASP• Cold Fusion• HTML• JavaScript/AJAX• Objective C• PL/SQL• T-SQL• VB6• XML

API Support

• More than 832,000 commonly used Aunderstood and supported by SCA

• ASP .NET• C/C++• COBOL• Flex• Java• JSP• PHP• Python• VB.NET• VBScript• Ruby

Mobile application security solution co• Objective C

• Android• Blackberry• Microsoft

Vulnerabilities• Detects over 689 unique categories o

vulnerabilities



DeveloperSource Code Repository

Build/Scan Server

SSC Server

SCA

Auditor

Sample Work FlowCheck-in new code

Scheduled Check-out,build and scan

Scan Results uploadedAuditor ReviewsResults

AuditoSecuriBug T

Developerbug and writ

HP W bI



Dynamic analysis – find critical security issues in running applicationsHP WebInspect

Features:

• Quickly identify risk in existing applications

• Automate dynamic application security testingof any technology, from development throughproduction

• Validate vulnerabilities in running applications,prioritizing the most critical issues for root-cause analysis

• Streamline the process of remediatingvulnerabilities



© 2011 Hewlett-PackarThe information contained herein is subj

Dynamic Application Security TestingQuickly find and validate exploitable vulnerabilities

<script>alert(“attack”)</script>

“<script>alert(“attack”)</script>

‘<script>alert(“attack”)</script>

<img src =“ javascript : alert(“attack”)”/>

/><body onload =“alert(‘attack’)”/>

NO

NO

NO

NO

NO

> (greater than)

“ (double quote)

%3e (encoded >)

%3Cscript%3Ealert(“attack”)%3C/script%3E

NO

INTERESTING

EVEN BETTER

ATTACK!

Live Scan Visualization



Live Scan VisualizationStart remediation of vulnerabilities immediately Live Scan

Dashboard

Site tree

Vulnerabilitiesfound in application

Excluded and Allowed Hosts

Section

Detailed AtTable

On Demand – Fortify on Demand



On Demand Fortify on Demand

Quickest Time toResults Centralized Por

Global DataCenters

Managed SecurityServices

HP Fortifyo n D e m a n d

A Si ht ESM ith A li ti Vi



OS, databases, storage

Servers, IAM, networking

IPS, routers, switches, firewalls,DLP

Applications IT SO

HP Application ViewKnow your apps. Know your users. Know your da

• Retro-fits applications with security event logs• No change to application required• Out-of-box ready for ArcSight ESM

ArcSight ESM with Application View

HP Fortify key advantages



Only app sec providerto cover SAST, DAST,

IAST and RASP

Comprehensive

Over a decade ofsuccessful deployments

backed by the largestsecurity research team

Proven

Available on prand on dem

Flexib

HP Fortify key advantages

Application Security Market



Application Security Market



HPE SecureMail

The HP Security Voltage Unique Advantage



HP Identity-based Encryption (IBE) and Stateless Architecture

• 60-80% lower cost of operations, 75% less infrastructure

• Simple user experience across desktop, Web, and mobile

• Seamlessly integrates with email and enterprise ecosystem

HP Identity-based Encryption (IBE): How it Works



HP Identity based Encryption (IBE): How it Works

HP SecureMailKey Server

BobAlice

Bob’s Private Key

[email protected]

2

3

Alice Sends Email to Bob

One Solution for Desktop, Web, and Mobile



p, ,

DMZ InternetCorporate Network

HP SecureMail Appliance

DLP / AVAS / MTA

HPSecureMailKey Server

Archive

HP SecureMailApplications

(REST API)

Mail Server &Mobile Server

Native Apps

Native Apps

SMTP /HTTPS

HP SecureMail

Encryption Client

HP S ecureMail

Encryption Client

HP SecureMail

Encryption Client

External Encryption



yp

DMZ InteCorporate Network

MailServer

HP SecureMailFront-EndServices

HPSecureMailEncryptionGateway

Any Devic Any Emai

ClientNative orBrowser

Same solution forinternal and external

DLP / AV / AS / MTA

Internal Encryption



yp

Mail Server

HPSecureMailKey Server

HardwareSecurity Module

ActiveDirectory

Corporate Network

HP SecureMailManagement

Console

Same solution forinternal and external



Thank you

hpe security overview

Documents