micro focus presentation template...66% of consumers will stop doing business with a company that...
TRANSCRIPT
#MicroFocusCyberSummit
#MicroFocusCyberSummit
Preparing for When Your Organization Will be Breached: Prioritizing and Protecting
Paulo Veloso
Shogo Cottrell
98% companies were victims of cyber attack in the year 2016. Ponemon Institute Study
What’s happening in the market?
3
“Approximately 40,000 Tesco Bank accounts were compromised in a cyberattack” November 2016
66% of consumers will stop doing business with a company that has suffered a cyber breach. Study by Centrify
4
The World is Feeling the Economic PressuresWorld Economic Forum – 2018 Global Risk Report
2015Attack on Ukraine’s power
grid shut down 30 substations, interrupting power to 230,000 people
2016SWIFT attack led to the
theft of US$81 million from the central bank of
Bangladesh
TodayEuropean Aviation Safety Agency has stated their
systems are subject to an average of 1,000 attacks
each month
Global interconnectedness continues to expand the attack surface
Top 10 risks in terms of likelihood
#3 – Cyber attacks
90% CFOs claim cyber-security concerns as the primary reason to implement new software security tools BDO Survey, 2015
40% increase in data breach last year
- Identity Theft Resource Center
Cost of breach as high as
$74 million - Ponemon Institute study
5
What is the Impact?
6
Cyber Risk Increased
The new battlefield Patch or perish Monetization of malware
Vanishing perimeter
Perimeter in your pocket
Defending interactions between users, apps, and data
Back to the basics
Unintended consequences
Vendor transparency
Ransomware
ATM-malware
Banking Trojans
Cycle of Security – Breaking the Cyber Kill Chain
8
Security Focus Areas –What to Prioritize and Protect
9
ANALYTICS & MACHINE LEARNING
APPSECURITY
DATASECURITY
SECURITYOPERATIONS
IDENTITY& ACCESS
ENDPOINTSECURITY
• Data de-identification (encryption/tokenization)
• Key management• Hardware-based trust assurance• Messaging security
• Static, Dynamic, & Runtime application testing
• Application security-as-a-service
• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management
• Adaptive Identity governance• Adaptive access management• Adaptive privileged users
• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigationGOVERNANCE,
RISK &COMPLIANCE
• eDiscovery & Classification• Information Management
Security Focus Areas – What to Prioritize and Protect
10
ANALYTICS & MACHINE LEARNING
APPSECURITY
IDENTITY& ACCESS
• Static, Dynamic, & Runtime application testing
• Application security-as-a-service
• Adaptive Identity governance• Adaptive access management• Adaptive privileged users
DATASECURITY
• Data de-identification (encryption/tokenization)
• Key management• Hardware-based trust assurance• Messaging security
SECURITYOPERATIONS
• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation
ENDPOINTSECURITY
• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management
Identity Powers the Future of IT
AccessIdentity Insight
Governance
Provisioning
Privileged Identity
Self Service
Social Registration
Unified Identity
Roles
Analytics
Data Security
Risk Based Access
SSO
Privileged Access
Federation
Multi-Factor
Mobile
Social Access
Analytics
Data Security
SIEM
File Integrity
Privileged Monitoring
Configuration Monitoring
Change Monitoring
Analytics
Data Security
Users
Devices
Things
Services
Cloud
On-Premise
Hybrid
SalesforceWorkdayOffice365SAP…
AzureAWS…
Identity Manager
Identity Governance
Self Service Password Reset
Identity, Governance & Administration
Identity Management
Identity Self Services
Governance &Compliance
Identity PoweredSecurity
Secure Login
Access Manager
Access
WebAccess
Enterprise Access
Identity PoweredSecurity
Advanced Authentication
Authentication
Identity PoweredSecurity
Privileged Account Manager
Directory & Resource Administrator
Group Policy Administrator
Security
Secure Administration
Privileged Accounts
Identity PoweredSecurity
Sentinel
Change Guardian
Reporting and Logging
SIEM
Activity Monitoring
Identity PoweredSecurity
SIEM
Secure Login
Identity Manager
Advanced Authentication
Identity Governance
Privileged Account Manager
Self Service Password Reset
Access Manager
Directory & Resource Administrator
Group Policy Administrator
Access
WebAccess
Enterprise Access
Identity, Governance & Administration
Identity Management
Identity Self Services
Governance &Compliance
Authentication
Reporting and Logging
SIEM
Activity Monitoring
Security
Secure Administration
Privileged Accounts
Identity PoweredSecurity
Security Focus Areas – What to prioritize and protect
18
ANALYTICS & MACHINE LEARNING
DATASECURITY
SECURITYOPERATIONS
IDENTITY& ACCESS
ENDPOINTSECURITY
• Data de-identification (encryption/tokenization)
• Key management• Hardware-based trust assurance• Messaging security
• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management
• Adaptive Identity governance• Adaptive access management• Adaptive privileged users
• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation
APPSECURITY
• Static, Dynamic, & Runtime application testing
• Application security-as-a-service
19
Best Approach: Build It InThe only way to keep up is to build security into your processes and tools
Source: 1U.S. Department of Homeland Security’s U.S. Computer Emergency Response Team (US-CERT) 22017 Application Security Research Update” by the HPE Software Security Research team, 2017
Business requires an increasing number of applications and faster release cycles – hard for security to keep up
Development and security teams are not integrated Tools across different teams are not standardized
Key Concerns
90%
Percentage of security incidents from exploits against defects in the design or code of software.1
Percentage of applications containing at least one critical or high vulnerability.280%
20
Best Approach: Build It InThe only way to keep up is to build security into your processes and tools
Source: 12017 Ponemon Institute Cost of Data Breach Study2National Institute of Standards & Technology (NIST)
Solution Discussion
The average cost of a security breach is $3.62M1
The key to effective application security is to build it in to the development process
− Vulnerabilities found in the production/post-release phase are 30 times more costly to fix than vulnerabilities found earlier in the lifecycle.2
21
The Only Way to Keep Up is to “Build It In”
Source: “10 Things to Get Right for Successful DevSecOps,” Gartner, Inc., 2017
DevSecOpsStatic Code Analysis
Static Code Analyzer (SCA)
Dynamic ApplicationSecurity Testing
Real-time Application Self Protection
Create Plan
Verify Preprod
Prevent Detect
Predict Respond
ContinuousIntegration
ContinuousMonitoring
Monitoringand
Analytics
Monitoringand
Analytics
ContinuousImprovement
ContinuousDeployment
ContinuousConfiguration
ContinuousLearning
Continuous Delivery
Dev Ops
21
22
Implementing an End-to-End AppSec Strategy
Web Dynamic Testing(DAST)
Runtime Protection(RASP)
Static Code Analysis(SAST)
Production
App Defender
Application Development
Test, Integration &
StagingCodeDesign
IT Operations
WebInspect
Management Console
Static Code Analyzer (SCA)
Security Focus Areas – What to prioritize and protect
23
ANALYTICS & MACHINE LEARNING
DATASECURITY
SECURITYOPERATIONS
IDENTITY& ACCESS
• Data de-identification (encryption/tokenization)
• Key management• Hardware-based trust assurance• Messaging security
• Adaptive Identity governance• Adaptive access management• Adaptive privileged users
• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation
APPSECURITY
• Static, Dynamic, & Runtime application testing
• Application security-as-a-service
ENDPOINTSECURITY
• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management
Service Desk, Mobile Workspace, Desktop Containers
24
Endpoint SecuritySecuring the digital workspace
Automation | configuration
Single pane of glass
Security
Compliance
User self-services
USER WORKSPACE
Self-services
Data
BYOD Apps
Devices
Self-services
Data
BYOD Apps
Devices
User Based
Configuration Management, Endpoint Security, Mobile Workspace, Service Desk, Patch Management, Desktop Containers, Asset Management
The ZENworks Control Center / Common End User Portal
Asset Management, Patch Management, FDE, Endpoint Security
Full Disk Encryption, Endpoint Security, Mobile Workspace, Desktop Containers, Patch Management
Security Focus Areas – What to prioritize and protect
25
ANALYTICS & MACHINE LEARNING
DATASECURITY
IDENTITY& ACCESS
ENDPOINTSECURITY
• Data de-identification (encryption/tokenization)
• Key management• Hardware-based trust assurance• Messaging security
• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management
• Adaptive Identity governance• Adaptive access management• Adaptive privileged users
APPSECURITY
• Static, Dynamic, & Runtime application testing
• Application security-as-a-service
SECURITYOPERATIONS
• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation
Security OperationsModular, Open, Intuitive
Workbench Investigation
Real Time Correlation
Event Prioritization
Detection Analytics
minutes 30 days
7 years
Reporting& Compliance
7 years
Message Bus
Connectors
Hunt Exploration Engines
30-180 days
R ML BI Tools
3rd PartyBI Tools
Shar
ed c
on
ten
t
UEBA
Data Lake
IT | OT | IOT | Cloud | Physical | Flow Vuln | Intel | Asset | Users
Data Sources Temporal Enrichment
Workbench Investigation,
integration, case management
Workbench Investigation
Risk Prioritization
Archive, Search
Data Sources(Structured & Unstructured)
+ Control points
Security Operations(On-prem & Managed)
Users
Cloud
Apps
Servers & Workloads
Network
Endpoints
IoT
Security AnalystsLevel 1
Security AnalystsLevel 2
Hunt Team
From Data Chaos to Security Insight
SIEM
Hadoop
UBA
Advanced Analytics
Hunt
Visualization
OT
IOT
Physical
ITSIEM
Hadoop
UBA
Advanced Analytics
Hunt
Visualization
OT
IOT
Physical
IT
Event Broker
Traditional N : 1 Architecture Open N : M Architecture
More Use Cases
More Secure
More Sources
Intelligent SOC Solution
Security Focus Areas – What to Prioritize and Protect
29
ANALYTICS & MACHINE LEARNING
SECURITYOPERATIONS
IDENTITY& ACCESS
ENDPOINTSECURITY
• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management
• Adaptive Identity governance• Adaptive access management• Adaptive privileged users
• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation
APPSECURITY
• Static, Dynamic, & Runtime application testing
• Application security-as-a-service
DATASECURITY
• Data de-identification (encryption/tokenization)
• Key management• Hardware-based trust assurance• Messaging security
30
New Best Practice: “Data-centric” Security
Data-centric Security
End
-to
-en
d P
rote
ctio
n
30
Threats toData
Traditional IT Infrastructure Security
Security Gaps
Malware,Insiders
SQL injection,Malware
TrafficInterceptors
Malware,Insiders
CredentialCompromise
Disk encryption
Database encryption
SSL/TLS/firewalls
SSL/TLS/firewalls
AuthenticationManagement
Dat
a se
curi
ty c
ove
rage
DataEcosystem
Data and applications
Middleware
Databases
File systems
Storage
Security gap
Security gap
Security gap
Security gap
Protect your data by using FPE
Live data capture & protection at source
Controlled granular access to sensitive
data by policy
Useful pseudonymiseddata in applications, storage, analytics…
Governance & Use - central policy controlled granular data access and auditDiscovery, Classification, Conversion, Protection
32
Secure Stateless Tokenization (SST)
Stateless - redundancy, failover, scalability are easy
Customized token formats
Token multiplexing
Credit Card
4171 5678 8765 4321
SST 8736 5533 4678 9453
Partial SST 4171 5633 4678 4321
Obvious SST 4171 56AZ UYTZ 4321
BIN Mapping 1236 5533 4678 4321
Guaranteed referential integrity or fully randomized output by policy
Enables data protection and data de-identification from one framework
− Can be used to generate test data for QA, training, etc.
Data Protection with FPE and SSTName SS# Credit Card # Street Address Customer ID
James Potter 385-12-1199 3712 3456 7890 1001 1279 Farland Avenue G8199143
Ryan Johnson 857-64-4190 5587 0806 2212 0139 111 Grant Street S3626248
Carrie Young 761-58-6733 5348 9261 0695 2829 4513 Cambridge Court B0191348
Brent Warner 604-41-6687 4929 4358 7398 4379 1984 Middleville Road G8888767
Anna Berman 416-03-4226 4556 2525 1285 1830 2893 Hamilton Drive S9298273
Name SS# Credit Card # Street Address Customer ID
Kwfdv Cqvzgk 161-82-1292 3712 3486 3545 1001 2890 Ykzbpoi Clpppn S7202483
Veks Iounrfo 200-79-7127 5587 0856 7634 0139 406 Cmxto Osfalu B0928254
Pdnme Wntob 095-52-8683 5348 9209 2367 2829 1498 Zejojtbbx Pqkag G7265029
Eskfw Gzhqlv 178-17-8353 4929 4333 0934 4379 8261 Saicbmeayqw Yotv G3951257
Jsfk Tbluhm 525-25-2125 4556 2545 6223 1830 8412 Wbbhalhs Ueyzg B6625294
FPE
FPE
FPE
FPE
SST
Name SS# Credit Card # Street Address Customer ID
Anna Berman 416-03-4226 4556 2525 1285 1830 2893 Hamilton Drive S9298273
Secured data access under strict policy controls
34
ANALYTICS & MACHINE LEARNING
APPSECURITY
DATASECURITY
SECURITYOPERATIONS
IDENTITY& ACCESS
ENDPOINTSECURITY
• Data de-identification (encryption/tokenization)
• Key management• Hardware-based trust assurance• Messaging security
• Static, Dynamic, & Runtime application testing
• Application security-as-a-service
• Lifecycle management• Patching & containerization• Application virtualization• Mobile & server management
• Adaptive Identity governance• Adaptive access management• Adaptive privileged users
• Real-time detection• Workflow automation• Open source data ingestion• Hunt and investigation
Thank You.
#MicroFocusCyberSummit
#MicroFocusCyberSummit