stay out of headlines for non compliance or data breach

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11

Stay out of headlinesfor non-compliance or security breach

Gant Redmon Sridhar KarnamCo3 Systems, General Counsel HP Enterprise Security Product Management

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

“If you know the enemy and know yourself, you need not fear the result of a hundred battle”Sun Tzu, The Art of War

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Security and Compliance becoming the same thing

- PCI, HIPAA, GLB

“75% of CISOs who experience publicly disclosed security breaches and lack documented, tested response plans will be fired”

- Gartner: July 2012

“It’s about the response … with all hands on deck in a coordinated manner.”

- Gant:January 2014

expediency v. accuracy


Breach ResponseTrack 1: Focus on cause analysis, remediation and customer communication

Track 2: Legal compliance, communication with authorities, corporate filings

Companies often do Track 1 and then Track 2

But these tracks don’t have to be separate.

Incident response plans need to cover more that closing the vulnerability

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

How much does privacy cost?


How much do hackers pay? $499$499$499$399$33$55$99$88$99


Security is a board level discussion

Security is a bigger than just an IT problem

CISO

Cyber threat 56% of organizations have been the target of a cyber attack

Data Breach 94% of the data breaches were reported by third-parties

Financial loss $8.6M average cost associated with data breach

Cost of protection 11% of total IT budget spent on security

Reputation damage 30% market cap reduction due to recent events

Reactive vs. proactive 97% of data breaches could have been avoided


Compliance landscapeAnnual cost of SOX compliance: $1.8M or equivalent cost of roughly 14.4 employees!

• Any similarities in compliance activities?• User management• Access control/authorization• Change management• Security operations • Differences is mainly in interpretation

• Leverage similarities to increase efficiencies and reduce costs

• Consistent themes across regulations

ISO 27001

ISO 17799

COSO

SOX

PCI

SAS 70 NIST

Basel II

ITIL

CobiT

FFIEC

HIPAA

GLBA

FISMA

FERC/NERC

J-SOXUS Patriot Act

CA-1386

SEC

DITSCAP

PIPEDA

NY Privacy

NIACAP

FDPA

DATA

FTC

OCC


Expensive…each regulation needs

resources and budget

Compliance Problem

Too complex… policies and controls

change often

Silo’d products… don’t learn or share

information

Big data…too much data to process

and understand the

pattern


Security Operations

IncidentManagement

Access / Authorization

User Management

SOX

FISMA

OperationsManagement

HIPAA

PCI

CobiT

NIST

70% similarities between compliance & security

IT Security

NIST

SOX

CobiT

PCI

FISMA

HIPAA


Why use multiple tools then?

Text Common challenges

ComplianceSecurity

Operations


Best Practices


Vision: Consolidated view

• Prioritization• Heat map of risk to

business services

Single view of IT security, IT operations, and IT GRC

Heat map Asset mapping Risk indicators Continuous compliance

• Quick isolation of incidents and threats

• Vulnerability score and intelligence

• Aggregation of multiple risk sources

• Risk reporting and trending

• Continuous monitoring

• Compliance analytics


Seamless integration of security and compliance tools – No point-solutions

Strategy: Centralized approach

UnderstandContext

ActProactive

Risk management

SECURITYUser ProvisioningIdentity & Access MgmtDatabase EncryptionAnti-Virus, EndpointFirewall, Email Security

See Everything

COMPLIANCEUser ManagementAuditing and audit logsDashboard and ReportingControls monitoringDisclosure

SeeEverything


• Collection complete visibility

• Analyze events in real time to deliver insight

• Search quickly to simplify IT

• IT GRC & Security in a single tool

• Reporting on log data

• IT operations through monitoring & alerting

Machine Data

Monitoring & alerting

Log Collection

Search

AnalysisDashboard

IT GRC

Security information and event management (SIEM) approach to continuously and comprehensively monitor and correlate data across the organization

Best Practice 1: Continuous monitoring


Correlation of all the data 24/7

Best Practice 2: Assess controls

Real-time, cross-device correlation of logs and events across IT

• Correlation = Establishing relationships• Connect roles, responsibilities, identities, history,

and trends to detect business risk violations• Pattern recognition• Anomaly detection • The more you collect, the smarter it gets

Hardware

Software People

Process


Convert all machine data into common format for search, report, and retention

Best Practice 3 : Unify data across IT

Benefit: Single data for searching, indexing, reporting, and archiving

Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outsideJun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49

Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outsideJun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49

Raw machine data

Unified data

Time (Event Time)

name Device

Vendor DeviceProduct

CategoryBehavior

CategoryDeviceGroup

CategoryOutcome

CategorySignificance

6/17/2009 12:16:03

Deny Cisco PIX /Access /Firewall /Failure /Informational/

Warning

6/17/2009 14:53:16

Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/

Warning


IntegratedPolicy

Next Gen FW

Security Management System• Centralized

management console across NGIPS and NGFW

Digital Vaccine Labs• Delivers zero-day

coverage

Next-Generation Firewall• Granular application

visibility and control

Next-Generation IPS• 99.99999% of

network uptime track record

Monitor network activities for malicious activity through IPS and log management

Best Practice 4: Next-Generation Network Security


Develop immunity for threats right through development of applications

Best Practice 5: Think security from the begining

Automated code testing

Testing of code during development

App runtime testing

Security testing of 3rd party

Manual review

Security experts


Readiness to validate and respond the incidents

Best Practice 6: Incident Response

Assess & report ManagePrepare


Incident Response FrameworkPREPARE

Improve Organizational Readiness

• Assign response team• Describe environment• Simulate events and incidents• Focus on organizational gaps

REPORT

Document Results and Track Performance

• Document incident results• Track historical performance• Demonstrate organizational

preparedness• Generate audit/compliance reports

ASSESS

Quantify Potential Impact, Support Privacy Impact Assessments

• Track events• Scope regulatory requirements• See $ exposure• Send notice to team• Generate PIAs

MANAGE

Easily Generate Detailed Incident Response Plans

• Escalate to complete IR plan• Oversee the complete plan• Assign tasks: who/what/when• Notify regulators and clients• Monitor progress to completion


Best practices from Co3 Systems’ technologies

One Alewife Center, Suite 450

Cambridge, MA 02140

WWW.CO3SYS.COM

“Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”

PC MAGAZINE, EDITOR’S CHOICE

“One of the hottest products at RSA…”

NETWORK WORLD

“an invaluable weapon when responding to security incidents.”

GOVERNMENT COMPUTER NEWS

“Adding the Security Module... to this otherwise fine suite of services, Co3 has done better than a home-run...it has knocked one out of the park.”

SC MAGAZINE

Gant Redmon

General Counsel

EMAIL [email protected]

PHONE 617.300.8136


Automated Complianc

e

Up to 90%

Reduction in incident managementReduces 3,000 incidents per day to fewer than 200 per day

Huge cost savingsAverage cost savings of $1,000,000 per quarter from SOX compliance packs

Resource optimizationAutomation helps to process 4x more events 24x7 resulting in better utilization of resources

$1,000,000

400%

Reduction in compliance auditsAutomating these compliance is one time task and saves 90% of time every quarter from each audit90%

NIST, ISO, PCI, SOX combined with securityBetter visibility, high productivity, fewer compliance violations, simple audits, consistent controls and processes

Simple Audits


managed cloud

Saa

SS

tora

ge

Apps

●●

Continuous compliance

in-house/legacycustom apps

SIEMlog management

Ap

pli

cati

on

s

350+ CEF partners

Big

Dat

a

Cloud security

Insi

der

thre

ats

Sec

uri

ty A

nal

ytic

s

Mobile Monitoring

Sec

urity

Virtual

IT operations

Systems Monitoring

Thank you

stay out of headlines for non compliance or data breach

Technology