micro focus presentation template...66% of consumers will stop doing business with a company that...

#MicroFocusCyberSummit


Preparing for When Your Organization Will be Breached: Prioritizing and Protecting

Paulo Veloso

Shogo Cottrell

98% companies were victims of cyber attack in the year 2016. Ponemon Institute Study

What’s happening in the market?

3

“Approximately 40,000 Tesco Bank accounts were compromised in a cyberattack” November 2016

66% of consumers will stop doing business with a company that has suffered a cyber breach. Study by Centrify

http://peninsulapress.com/2015/03/31/cybersecurity-jobs-growth/

4

The World is Feeling the Economic PressuresWorld Economic Forum – 2018 Global Risk Report

2015Attack on Ukraine’s power

grid shut down 30 substations, interrupting power to 230,000 people

2016SWIFT attack led to the

theft of US$81 million from the central bank of

Bangladesh

TodayEuropean Aviation Safety Agency has stated their

systems are subject to an average of 1,000 attacks

each month

Global interconnectedness continues to expand the attack surface

Top 10 risks in terms of likelihood

#3 – Cyber attacks

90% CFOs claim cyber-security concerns as the primary reason to implement new software security tools BDO Survey, 2015

40% increase in data breach last year

- Identity Theft Resource Center

Cost of breach as high as

$74 million - Ponemon Institute study

5

What is the Impact?

6

Cyber Risk Increased

The new battlefield Patch or perish Monetization of malware

Vanishing perimeter

Perimeter in your pocket

Defending interactions between users, apps, and data

Back to the basics

Unintended consequences

Vendor transparency

Ransomware

ATM-malware

Banking Trojans

Cycle of Security – Breaking the Cyber Kill Chain

Security Focus Areas –What to Prioritize and Protect

9

ANALYTICS & MACHINE LEARNING

APPSECURITY

DATASECURITY

SECURITYOPERATIONS

IDENTITY& ACCESS

ENDPOINTSECURITY

• Data de-identification (encryption/tokenization)

• Key management• Hardware-based trust assurance• Messaging security

• Static, Dynamic, & Runtime application testing

• Application security-as-a-service

• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management

• Adaptive Identity governance• Adaptive access management• Adaptive privileged users

• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigationGOVERNANCE,

RISK &COMPLIANCE

• eDiscovery & Classification• Information Management

Security Focus Areas – What to Prioritize and Protect

10


APPSECURITY

IDENTITY& ACCESS




DATASECURITY



SECURITYOPERATIONS

• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation

ENDPOINTSECURITY


Identity Powers the Future of IT

AccessIdentity Insight

Governance

Provisioning

Privileged Identity

Self Service

Social Registration

Unified Identity

Roles

Analytics

Data Security

Risk Based Access

SSO

Privileged Access

Federation

Multi-Factor

Mobile

Social Access

Analytics

Data Security

SIEM

File Integrity

Privileged Monitoring

Configuration Monitoring

Change Monitoring

Analytics

Data Security

Users

Devices

Things

Services

Cloud

On-Premise

Hybrid

SalesforceWorkdayOffice365SAP…

AzureAWS…

Identity Manager

Identity Governance

Self Service Password Reset

Identity, Governance & Administration

Identity Management

Identity Self Services

Governance &Compliance

Identity PoweredSecurity

Secure Login

Access Manager

Access

WebAccess

Enterprise Access


Advanced Authentication

Authentication


Privileged Account Manager

Directory & Resource Administrator

Group Policy Administrator

Security

Secure Administration

Privileged Accounts


Sentinel

Change Guardian

Reporting and Logging

SIEM

Activity Monitoring


SIEM

Secure Login

Identity Manager

Advanced Authentication

Identity Governance

Privileged Account Manager

Self Service Password Reset

Access Manager

Directory & Resource Administrator

Group Policy Administrator

Access

WebAccess

Enterprise Access

Identity, Governance & Administration

Identity Management

Identity Self Services

Governance &Compliance

Authentication

Reporting and Logging

SIEM

Activity Monitoring

Security

Secure Administration

Privileged Accounts


Security Focus Areas – What to prioritize and protect

18


DATASECURITY

SECURITYOPERATIONS

IDENTITY& ACCESS

ENDPOINTSECURITY






APPSECURITY



19

Best Approach: Build It InThe only way to keep up is to build security into your processes and tools

Source: 1U.S. Department of Homeland Security’s U.S. Computer Emergency Response Team (US-CERT) 22017 Application Security Research Update” by the HPE Software Security Research team, 2017

Business requires an increasing number of applications and faster release cycles – hard for security to keep up

Development and security teams are not integrated Tools across different teams are not standardized

Key Concerns

90%

Percentage of security incidents from exploits against defects in the design or code of software.1

Percentage of applications containing at least one critical or high vulnerability.280%

20

Best Approach: Build It InThe only way to keep up is to build security into your processes and tools

Source: 12017 Ponemon Institute Cost of Data Breach Study2National Institute of Standards & Technology (NIST)

Solution Discussion

The average cost of a security breach is $3.62M1

The key to effective application security is to build it in to the development process

− Vulnerabilities found in the production/post-release phase are 30 times more costly to fix than vulnerabilities found earlier in the lifecycle.2

21

The Only Way to Keep Up is to “Build It In”

Source: “10 Things to Get Right for Successful DevSecOps,” Gartner, Inc., 2017

DevSecOpsStatic Code Analysis

Static Code Analyzer (SCA)

Dynamic ApplicationSecurity Testing

Real-time Application Self Protection

Create Plan

Verify Preprod

Prevent Detect

Predict Respond

ContinuousIntegration

ContinuousMonitoring

Monitoringand

Analytics

Monitoringand

Analytics

ContinuousImprovement

ContinuousDeployment

ContinuousConfiguration

ContinuousLearning

Continuous Delivery

Dev Ops

21

22

Implementing an End-to-End AppSec Strategy

Web Dynamic Testing(DAST)

Runtime Protection(RASP)

Static Code Analysis(SAST)

Production

App Defender

Application Development

Test, Integration &

StagingCodeDesign

IT Operations

WebInspect

Management Console

Static Code Analyzer (SCA)


23


DATASECURITY

SECURITYOPERATIONS

IDENTITY& ACCESS





APPSECURITY



ENDPOINTSECURITY


Service Desk, Mobile Workspace, Desktop Containers

24

Endpoint SecuritySecuring the digital workspace

Automation | configuration

Single pane of glass

Security

Compliance

User self-services

USER WORKSPACE

Self-services

Data

BYOD Apps

Devices

Self-services

Data

BYOD Apps

Devices

User Based

Configuration Management, Endpoint Security, Mobile Workspace, Service Desk, Patch Management, Desktop Containers, Asset Management

The ZENworks Control Center / Common End User Portal

Asset Management, Patch Management, FDE, Endpoint Security

Full Disk Encryption, Endpoint Security, Mobile Workspace, Desktop Containers, Patch Management


25


DATASECURITY

IDENTITY& ACCESS

ENDPOINTSECURITY





APPSECURITY



SECURITYOPERATIONS


Security OperationsModular, Open, Intuitive

Workbench Investigation

Real Time Correlation

Event Prioritization

Detection Analytics

minutes 30 days

7 years

Reporting& Compliance

7 years

Message Bus

Connectors

Hunt Exploration Engines

30-180 days

R ML BI Tools

3rd PartyBI Tools

Shar

ed c

on

ten

t

UEBA

Data Lake

IT | OT | IOT | Cloud | Physical | Flow Vuln | Intel | Asset | Users

Data Sources Temporal Enrichment

Workbench Investigation,

integration, case management

Workbench Investigation

Risk Prioritization

Archive, Search

Data Sources(Structured & Unstructured)

+ Control points

Security Operations(On-prem & Managed)

Users

Cloud

Apps

Servers & Workloads

Network

Endpoints

IoT

Security AnalystsLevel 1

Security AnalystsLevel 2

Hunt Team

From Data Chaos to Security Insight

SIEM

Hadoop

UBA

Advanced Analytics

Hunt

Visualization

OT

IOT

Physical

ITSIEM

Hadoop

UBA

Advanced Analytics

Hunt

Visualization

OT

IOT

Physical

IT

Event Broker

Traditional N : 1 Architecture Open N : M Architecture

More Use Cases

More Secure

More Sources

Intelligent SOC Solution

Security Focus Areas – What to Prioritize and Protect

29


SECURITYOPERATIONS

IDENTITY& ACCESS

ENDPOINTSECURITY




APPSECURITY



DATASECURITY



30

New Best Practice: “Data-centric” Security

Data-centric Security

End

-to

-en

d P

rote

ctio

n

30

Threats toData

Traditional IT Infrastructure Security

Security Gaps

Malware,Insiders

SQL injection,Malware

TrafficInterceptors

Malware,Insiders

CredentialCompromise

Disk encryption

Database encryption

SSL/TLS/firewalls

SSL/TLS/firewalls

AuthenticationManagement

Dat

a se

curi

ty c

ove

rage

DataEcosystem

Data and applications

Middleware

Databases

File systems

Storage

Security gap

Security gap

Security gap

Security gap

Protect your data by using FPE

Live data capture & protection at source

Controlled granular access to sensitive

data by policy

Useful pseudonymiseddata in applications, storage, analytics…

Governance & Use - central policy controlled granular data access and auditDiscovery, Classification, Conversion, Protection

32

Secure Stateless Tokenization (SST)

Stateless - redundancy, failover, scalability are easy

Customized token formats

Token multiplexing

Credit Card

4171 5678 8765 4321

SST 8736 5533 4678 9453

Partial SST 4171 5633 4678 4321

Obvious SST 4171 56AZ UYTZ 4321

BIN Mapping 1236 5533 4678 4321

Guaranteed referential integrity or fully randomized output by policy

Enables data protection and data de-identification from one framework

− Can be used to generate test data for QA, training, etc.

Data Protection with FPE and SSTName SS# Credit Card # Street Address Customer ID

James Potter 385-12-1199 3712 3456 7890 1001 1279 Farland Avenue G8199143

Ryan Johnson 857-64-4190 5587 0806 2212 0139 111 Grant Street S3626248

Carrie Young 761-58-6733 5348 9261 0695 2829 4513 Cambridge Court B0191348

Brent Warner 604-41-6687 4929 4358 7398 4379 1984 Middleville Road G8888767

Anna Berman 416-03-4226 4556 2525 1285 1830 2893 Hamilton Drive S9298273

Name SS# Credit Card # Street Address Customer ID

Kwfdv Cqvzgk 161-82-1292 3712 3486 3545 1001 2890 Ykzbpoi Clpppn S7202483

Veks Iounrfo 200-79-7127 5587 0856 7634 0139 406 Cmxto Osfalu B0928254

Pdnme Wntob 095-52-8683 5348 9209 2367 2829 1498 Zejojtbbx Pqkag G7265029

Eskfw Gzhqlv 178-17-8353 4929 4333 0934 4379 8261 Saicbmeayqw Yotv G3951257

Jsfk Tbluhm 525-25-2125 4556 2545 6223 1830 8412 Wbbhalhs Ueyzg B6625294

FPE

FPE

FPE

FPE

SST

Name SS# Credit Card # Street Address Customer ID

Anna Berman 416-03-4226 4556 2525 1285 1830 2893 Hamilton Drive S9298273

Secured data access under strict policy controls

34


APPSECURITY

DATASECURITY

SECURITYOPERATIONS

IDENTITY& ACCESS

ENDPOINTSECURITY








Thank You.


micro focus presentation template...66% of consumers will stop doing business with a company that...

Documents