HP Security Services

HP Security Services
Svetlana Stepanova/ November 7th, 2014
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Presentation
HP Services Solution Architect
• More then 10 years in HP
• Strong technical background with onsite technical support as an engineer and Account Support Manager
• ITIL v3 Expert and Certified EXIN Instructor
• ISO/IEC 27001 Lead Auditor
• TOGAF 9 Certified
• HP, Microsoft product certifications
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP’s Approach to Information
Security is in the top 5 IT Technology Priorities
Security
Challenges enterprises and governments are facing
Infiltration
1
Nature and motivation of attacks
Research
Discovery
(Fame to fortune, market adversary)
Exfiltration
Capture
Delivery
2
Transformation of enterprise IT
(Delivery and consumption changes)
Traditional DC Private cloud Managed cloud Public cloud
Consumption
Virtual desktops Notebooks
3
Regulatory pressures
(Increasing cost and complexity)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Basel III
Tablets Smart phones
HP Holistic security approach InformationSecurityServiceManagement (ISSM)
Methodology
Security is more than just technology and products
P
1
People
Determines if the right staff are performing the correct roles to oversee security
P
2
P
3
P
4
P
5
Policy & Procedures
Determines if the right set of policies and procedures are in place to govern the security and
continuity
Processes
Determines if the proper security / continuity process models are in place to safeguard the
transference of data between consumers and providers
Products
Determines if appropriate defense-in-depth technologies / solutions are in place to manage /
mitigate risk
Proof
Determines if the correct validation methods, metrics, and / or Key Performance Indicators (KPIs)
are used to track control effectiveness
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Security
Disrupt the adversary, manage risk, and extend your capabilities
5000+
Disrupt the adversary
Security technology
Manage risk
Risk & compliance
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Reduce cost & complexity
Advisory & management
HP’s Security Services
HP’s security services
Advise
Strategy
IS Strategy and
architecture
Vulnerability
Assessment
HP and 3rd party tools
Transform
Roadmap
Design
Audit
ISO 27001, PCI DSS
Network Security
Design
Risk Assessment
HP P5 and CMM
Define Security
Controls
HP and 3rd party
Maturity Assessment
HP P5 and CMM
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Manage
Implement
Security Products
Implementation
Service
ArcSight
TippingPoint
Operate / Evolve
Penetration Testing
HP and 3rd Party Tools
Our capabilities
Create a security offering no other company can duplicate
HP Security
Networking
Next-Generation IPS
Secure the data
and apps that
matter
Next-Generation Firewall
Secure the
perimeter and
mobile worker
Network Protector
SDN Application
Dynamic threat
protection
Reputation Digital
Vaccine
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Converging network and security trends
Network trends
• SLA requirements
• Network visibility
• Network complexity
Pain points
Required solutions
Changing infrastructure needs and
network upgrades
Flexible solutions that scale with changing
customer requirements
Evolving threats, increasing
number of attack vectors and rising
data breach costs
High-performing solutions with high degree
of security effectiveness and a low TCO
New systems and applications
deployed on the network
Complete visibility to monitor network
behavior and provide actionable security
intelligence
Mobile, BYOD and cloud trends
adding network and security
management complexity
Easy-to-use management system that
deploys updated policy configurations to all
devices on the network
Complicated management
systems requiring overhead costs
and dedicated resources
Integrated application control, user behavior
and IP monitoring through single
management interface
Security trends
• Emerging threats
• Scalability/managemen
t
• Regulatory pressures
Software Defined Networking (SDN) with HP Networking and HP Enterprise Security
Products can solve networking and security challenges
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
A new approach: See everything with HP ArcSight
Log management, security information and event management (SIEM)
Approach
Benefit
Collect
Collect logs from any device, any source, and in any format at high
speed
Consolidate
Machine data is unified into a single format through normalization
and categorization
Correlate
Real-time, cross-device correlation of events
Collaborate
Automate the process of event analysis, information sharing for
IT GRC, IT security, and IT operations
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Fortify helps you protect your applications
In-house
Outsourced
Commercial
Open source
Application
assessment
Software
security assurance
Application
protection
Assess
Assure
Protect
Fix security flaws in source
code before it ships
Fortify applications against
attack in production
Find security
vulnerabilities in any type
of software
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP Security Solutions for Cloud
Deployments
Off-premise service provider
On-premise data center
Private cloud
SAAS
Providers
HP Arcsight SIEM
HP TippingPoint
vController
HP Fortify
App.Scanning
HP ArcSight
SIEM
HP TippingPoint
vController
HP Fortify
App.
Scanning
Off-premise data center
Managed cloud
HP ArcSight
SIEM
HP TippingPoint
vController
HP Fortify
App.
Scanning
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Public cloud
ArcSight connectors
Thank you
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.