Solution overview

Protect what mattersSecurity Breach Management Solution

2

Solution overview | Security Breach Management Solution

Cyber breaches come from a variety of sources. Some are subtle; some are not. A majority go undetected until a third party notifies the enterprise. Then the impact can be enormous.

It’s difficult to prevent a security breach. Mobility and cloud threats are increasingly sophisticated, persistent, and unpredictable. You’re dealing with complex technology crossing hybrid environments and diverse geographies. And despite your efforts, business dynamics, technology, and evolving threats are a continuous challenge and can often result in unforeseen events.

Breaches can also come from a growing variety of sources: IT system attacks and intrusions, unauthorised system activity, malicious software, advanced persistent threats, and any other access, manipulation, or deletion of information and data. Many breaches are so subtle in nature that the overwhelming majority go undetected until a third party notifies the enterprise.

Their impact can be enormous: They can cripple normal operations and damage relationships with customers and investors. The organisation may be subject to steep financial penalties and breach notification laws in specific industries or locations where they do business. In fact, the average breach event is likely to cost several million dollars in staff time, productivity, and legal restitution. The damage to the company’s reputation can be incalculable.

But you can’t lock everything down. Securing enterprise information means something completely different in a world where you share, collaborate, and openly exchange data in a complex technical environment. Today’s enterprise security must be flexible enough to enable high volumes of interaction. It also must mitigate risk and ensure compliance. Organisations will need to enable secure access to the correct information in the context of each decision. This means advanced security tools covering exchanges inside and outside of the enterprise. When technology is evolving fast, this sophisticated and evolving protection can be a major IT undertaking.

HP can help you establish the processes and procedures for an optimal end-to-end approach to breach management. Whether you’ve had a breach or want to create an effective response capability, we rapidly deploy a highly skilled and experienced cyber security team and our progressive technology to your enterprise. We’ll collaborate with you to establish visibility, remediate issues, and put tactics into place that guard against future incidents.

We provide full lifecycle solutions that let you confidently implement forward-thinking ideas and get better results. You’ll also move beyond risk reduction and compliance to plans that enable your enterprise to achieve more, exceed expectations, and embrace innovative technology.

Define. Detect. Defend. Deter.There are four primary requirements for effective breach management. These should form the core of your strategy and are the abilities you must develop as a secure organisation.

DefineEnterprises need to define an overall strategy and security lifecycle to be prepared to detect and defend against attacks. This should address planning, risk assessment, policy creation, and controls. Robust business and technical architecture can greatly add to the level of resilience required to withstand a concerted attack. By building security into this architecture, organisations can know they are as prepared as can be for breaches.

Breaches come from a growing variety of sources:• IT system attacks and intrusions

• Unauthorised system activity

• Malicious software

• Advanced persistent threats

• Other access, manipulation, or deletion of information and data

Four primary requirements for effective breach management• Define

• Detect

• Defend

• Deter

HP delivers flexible choices:• Forensic Readiness Services

• Managed Security Information and Event Management (SIEM)

• Security Incident Response Services

• Digital Forensics Services

• E-Disclosure/e-Discovery Services

• Data Recovery Services

3

DetectEarly detection limits the damage caused by an attack. After an organisation has a clear and defined strategy, it is critical to ensure there is an ability to monitor and detect potential activity. Understanding baseline environment volumes, types, and performance is essential to knowing types of attacks, points of attacks, and the attack vector used. It takes a combination of people, process, and technology to develop a method for gaining situational awareness and actionable security intelligence, which will help you prepare for rapid alerting of attacks.

DefendThere are no fail-safe measures available to prevent attacks; however, HP recommends protecting your critical services and information through defined strategies. Your defensive strategy should reduce risk through threat removal, closure of the vulnerability, and control of the impact. A strong approach is a multilayered defence that helps you identify a breach faster, react quicker, minimise impact better, and reduce ongoing exposure. This results in a cost reduction, greater control, and declining risk exposure over time.

DeterCollaboration and sharing of security intelligence enable organisations to identify and overcome many attack methods and sources. With robust mechanisms in place for tracking, logging, and auditing security breaches, there is support for legal pursuits against attackers.

Review flexible choicesHP can integrate existing technologies and services into an overall security breach management solution from a tactical, remedial, or strategic perspective. Our portfolio enables you to leverage our services as an integrated approach or for a specific need. Relevant services include:

• Forensic Readiness Services—Specialised consulting and assessment are used to create a proactive plan to identify valid changes within your IT environment. This lets you trace a forensic trail and produce the best possible digital evidence in the event of a security incident, diminishing disruption and cost to the business.

• Managed Security Information and Event Management (SIEM) —Services provide a designed, built, and managed system to collect and correlate masses of information and transform it into comprehensive dashboard displays and management reports, and actionable alerts. With SIEM, you can detect fraud, expose internal and external threats, and spotlight weaknesses in security enforcement. These services also demonstrate government regulations and policies compliance.

• Security Incident Response and Breach Response Services— Expert monitoring is always available 24x7x365, providing detection and countermeasures through rapid, predetermined incident response. In the event of a breach, we dispatch a team of security experts to your location for immediate breach containment plus assessment, investigation, and recommendations to reduce future vulnerability. HP can send this team as a one-time activity or as part of a regular service based on retainer/contracted hours. Featuring HP ArcSight, SIEM technology, and Breach Response Services, and leveraging our teams’ expertise around the clock, we ensure incidents are escalated and processed quickly and efficiently when they arise.

Solution overview | Security Breach Management Solution

Our approach

Event monitoring Programme maturity

Security controls Posture analysis

DetectDefine Defend Deter

Breach management

Corrective measures

• Comprehensive visibility

• Situational awareness

• Threat analysis

• Forensic interrogation

Read

ines

s

Rate this documentShare with colleagues

Sign up for updates hp.com/go/getupdated

This is an HP Indigo digital print.

• Digital Forensics Services—Security experts and HP technology locate, secure, and interpret data to determine the outcome of high-stakes investigations. This may include historical and real-time analysis, centralised forensic services, and implementation of compensating controls to expose and isolate sophisticated threats.

• E-Disclosure/e-Discovery Services—Specialists in military and law enforcement backgrounds develop tight processes for accurate data capture, logging, and audit trail reporting for use in legal and regulatory investigations following an incident.

• Data Recovery Services—Mitigate data loss or deletion consequences by designing and implementing processes for backup and recovery. Experienced security services teams are on call 24x7 to act as your virtual team or as an extension to your team.

Meet your needsWhen it comes to security breach management, security requirements and expectations differ dramatically from one enterprise to another. That’s why HP provides flexible services, all in tune with your specific enterprise, industry, and geographic needs.

We deliver what you need the most, including:

• 24x7x365 rapid response from a highly experienced and industry-certified global security incident response team

• Global and multilingual support to help you wherever you are located

• Less downtime through a fast and experienced response

• Experience with compliance and regulatory requirements

• Our efforts ensure that operational integration is tightened amongst security incident response services, SIEM services, host- or network-based intrusion detection services, or other protective monitoring solutions and technologies.

Expect expertiseAcross the security spectrum and throughout your operations, HP delivers the solutions that protect what matters. Incorporating HP Labs and the capabilities of our industry partnerships, we deliver cutting-edge technologies to help you securely manage the appropriate sharing of information and capture opportunities.

Our capabilities across traditional IT and hybrid environments include:

• Security consulting and technology

• Managed security services

• Security governance

• Risk and compliance services

Our highly experienced team includes:

• Over 3,000 security and privacy professionals worldwide

• Sworn law officers and former law agents experienced in case tracking, investigation, and resolution

• Consultants with a variety of global IT and security certifications, including CHECK, CLAS, CISSP, CISM, CISA, CLEF, IISP, ISO 27001 Lead Auditor, PCI QSA, and more

Learn more athp.com/services/security-breach-management

Solution overview | Security Breach Management Solution

© Copyright 2012, 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

4AA4-4441EEW, January 2013, Rev. 1