stay out of headlines for non compliance or data breach
DESCRIPTION
Tight alignment between compliance and security capabilities can make each component stronger than it would be by itself. Organizations that blend the two not only more effectively combat targeted attacks and data breaches, but also more easily meet compliance requirements and avoid expensive fines. Learn how leading organizations are leveraging continuous monitoring and incident response management to achieve a more secure and compliant enterprise.TRANSCRIPT
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
Stay out of headlinesfor non-compliance or security breach
Gant Redmon Sridhar KarnamCo3 Systems, General Counsel HP Enterprise Security Product Management
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“If you know the enemy and know yourself, you need not fear the result of a hundred battle”Sun Tzu, The Art of War
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security and Compliance becoming the same thing
- PCI, HIPAA, GLB
“75% of CISOs who experience publicly disclosed security breaches and lack documented, tested response plans will be fired”
- Gartner: July 2012
“It’s about the response … with all hands on deck in a coordinated manner.”
- Gant:January 2014
expediency v. accuracy
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Breach ResponseTrack 1: Focus on cause analysis, remediation and customer communication
Track 2: Legal compliance, communication with authorities, corporate filings
Companies often do Track 1 and then Track 2
But these tracks don’t have to be separate.
Incident response plans need to cover more that closing the vulnerability
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How much does privacy cost?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
How much do hackers pay? $499$499$499$399$33$55$99$88$99
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
Security is a board level discussion
Security is a bigger than just an IT problem
CISO
Cyber threat 56% of organizations have been the target of a cyber attack
Data Breach 94% of the data breaches were reported by third-parties
Financial loss $8.6M average cost associated with data breach
Cost of protection 11% of total IT budget spent on security
Reputation damage 30% market cap reduction due to recent events
Reactive vs. proactive 97% of data breaches could have been avoided
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
Compliance landscapeAnnual cost of SOX compliance: $1.8M or equivalent cost of roughly 14.4 employees!
• Any similarities in compliance activities?• User management• Access control/authorization• Change management• Security operations • Differences is mainly in interpretation
• Leverage similarities to increase efficiencies and reduce costs
• Consistent themes across regulations
ISO 27001
ISO 17799
COSO
SOX
PCI
SAS 70 NIST
Basel II
ITIL
CobiT
FFIEC
HIPAA
GLBA
FISMA
FERC/NERC
J-SOXUS Patriot Act
CA-1386
SEC
DITSCAP
PIPEDA
NY Privacy
NIACAP
FDPA
DATA
FTC
OCC
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
Expensive…each regulation needs
resources and budget
Compliance Problem
Too complex… policies and controls
change often
Silo’d products… don’t learn or share
information
Big data…too much data to process
and understand the
pattern
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Security Operations
IncidentManagement
Access / Authorization
User Management
SOX
FISMA
OperationsManagement
HIPAA
PCI
CobiT
NIST
70% similarities between compliance & security
IT Security
NIST
SOX
CobiT
PCI
FISMA
HIPAA
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
Why use multiple tools then?
Text Common challenges
ComplianceSecurity
Operations
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Best Practices
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
Vision: Consolidated view
• Prioritization• Heat map of risk to
business services
Single view of IT security, IT operations, and IT GRC
Heat map Asset mapping Risk indicators Continuous compliance
• Quick isolation of incidents and threats
• Vulnerability score and intelligence
• Aggregation of multiple risk sources
• Risk reporting and trending
• Continuous monitoring
• Compliance analytics
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
Seamless integration of security and compliance tools – No point-solutions
Strategy: Centralized approach
UnderstandContext
ActProactive
Risk management
SECURITYUser ProvisioningIdentity & Access MgmtDatabase EncryptionAnti-Virus, EndpointFirewall, Email Security
See Everything
COMPLIANCEUser ManagementAuditing and audit logsDashboard and ReportingControls monitoringDisclosure
SeeEverything
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
• Collection complete visibility
• Analyze events in real time to deliver insight
• Search quickly to simplify IT
• IT GRC & Security in a single tool
• Reporting on log data
• IT operations through monitoring & alerting
Machine Data
Monitoring & alerting
Log Collection
Search
AnalysisDashboard
IT GRC
Security information and event management (SIEM) approach to continuously and comprehensively monitor and correlate data across the organization
Best Practice 1: Continuous monitoring
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
Correlation of all the data 24/7
Best Practice 2: Assess controls
Real-time, cross-device correlation of logs and events across IT
• Correlation = Establishing relationships• Connect roles, responsibilities, identities, history,
and trends to detect business risk violations• Pattern recognition• Anomaly detection • The more you collect, the smarter it gets
Hardware
Software People
Process
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17
Convert all machine data into common format for search, report, and retention
Best Practice 3 : Unify data across IT
Benefit: Single data for searching, indexing, reporting, and archiving
Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outsideJun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49
Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outsideJun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49
Raw machine data
Unified data
Time (Event Time)
name Device
Vendor DeviceProduct
CategoryBehavior
CategoryDeviceGroup
CategoryOutcome
CategorySignificance
6/17/2009 12:16:03
Deny Cisco PIX /Access /Firewall /Failure /Informational/
Warning
6/17/2009 14:53:16
Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/
Warning
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18
IntegratedPolicy
Next Gen FW
Security Management System• Centralized
management console across NGIPS and NGFW
Digital Vaccine Labs• Delivers zero-day
coverage
Next-Generation Firewall• Granular application
visibility and control
Next-Generation IPS• 99.99999% of
network uptime track record
Monitor network activities for malicious activity through IPS and log management
Best Practice 4: Next-Generation Network Security
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19
Develop immunity for threats right through development of applications
Best Practice 5: Think security from the begining
Automated code testing
Testing of code during development
App runtime testing
Security testing of 3rd party
Manual review
Security experts
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20
Readiness to validate and respond the incidents
Best Practice 6: Incident Response
Assess & report ManagePrepare
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.21
Incident Response FrameworkPREPARE
Improve Organizational Readiness
• Assign response team• Describe environment• Simulate events and incidents• Focus on organizational gaps
REPORT
Document Results and Track Performance
• Document incident results• Track historical performance• Demonstrate organizational
preparedness• Generate audit/compliance reports
ASSESS
Quantify Potential Impact, Support Privacy Impact Assessments
• Track events• Scope regulatory requirements• See $ exposure• Send notice to team• Generate PIAs
MANAGE
Easily Generate Detailed Incident Response Plans
• Escalate to complete IR plan• Oversee the complete plan• Assign tasks: who/what/when• Notify regulators and clients• Monitor progress to completion
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.22
Best practices from Co3 Systems’ technologies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23
Best practices from Co3 Systems’ technologies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24
Best practices from Co3 Systems’ technologies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25
Best practices from Co3 Systems’ technologies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26
Best practices from Co3 Systems’ technologies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27
Best practices from Co3 Systems’ technologies
One Alewife Center, Suite 450
Cambridge, MA 02140
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“One of the hottest products at RSA…”
NETWORK WORLD
“an invaluable weapon when responding to security incidents.”
GOVERNMENT COMPUTER NEWS
“Adding the Security Module... to this otherwise fine suite of services, Co3 has done better than a home-run...it has knocked one out of the park.”
SC MAGAZINE
Gant Redmon
General Counsel
EMAIL [email protected]
PHONE 617.300.8136
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29
Automated Complianc
e
Up to 90%
Reduction in incident managementReduces 3,000 incidents per day to fewer than 200 per day
Huge cost savingsAverage cost savings of $1,000,000 per quarter from SOX compliance packs
Resource optimizationAutomation helps to process 4x more events 24x7 resulting in better utilization of resources
$1,000,000
400%
Reduction in compliance auditsAutomating these compliance is one time task and saves 90% of time every quarter from each audit90%
NIST, ISO, PCI, SOX combined with securityBetter visibility, high productivity, fewer compliance violations, simple audits, consistent controls and processes
Simple Audits
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30
managed cloud
Saa
SS
tora
ge
Apps
●●
Continuous compliance
in-house/legacycustom apps
SIEMlog management
Ap
pli
cati
on
s
350+ CEF partners
Big
Dat
a
Cloud security
Insi
der
thre
ats
Sec
uri
ty A
nal
ytic
s
Mobile Monitoring
Sec
urity
Virtual
IT operations
Systems Monitoring
Thank you