© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

HP Enterprise SecurityInnovative Platforms for AdvancedCyber Solutions

Rob Roy (esproy@hp.com) Federal Chief Technology Officerhttp://hp.com/security

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2

What’s so significant about these numbers?

9

4

7

1

41

6

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3

of breaches are reported by a 3rd party94%

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4

71

%

Since 2010, time to resolve an attack has grown

average time to detect breach416days

2012 January February March April May June July August September October November December 2013

January February March April

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5

Better Intelligence Utilization

Network Security

Application Security

SecurityIntelligence

HP Enterprise Security Product Pillars

ATALLA

HP Enterprise Security Products

Join us for HP Protect 2013 in DC!

https://h30627.www3.hp.com/

Introducing

Cyber Intelligence & Response Technology

(CIRT)

Jason MicalVice President of Cyber Security

www.accessdata.com

Detection and Response Times are a Joke

*Source: 2013 Verizon Data Breach Investigations Report

Top 3 Reasons You Struggleto Defend Your Domain

1. Inherently handicapped toolsSignature-based tools (IDS, antivirus, etc.) and DLP solutions only catch what you tell them to look for

3. Disparate teams that don’t collaborate with each otherComputer forensics, information compliance, malware, network security

2. Juggling several disparate productsNetwork analysis, computer analysis, malware analysis, log analysis…

Who Your Focus Should Be…

Faster Response and Remediation

Detecting Unknown Threats IDS, Antivirus, DLP Miss

Automating Incident Response•Two-way communication between SIEM/SIM and IR platform•Ability to customize auto-response tasks

Integrated AnalysisReveals whole picture in minutes, not hours, not days… packet capture, hard drive, memory/RAM, malware disassembly

Real-Time CollaborationNetSec, Forensics, Malware, IA teams all using single platform

Built-in Batch Remediation

Eliminating blind spots through integrated visibility into the following through single pane of glass…

Network Communications•Whether target machines are logged onto your network or not

Host•Disk•Volatile/RAM

Malware Disassembly to Extract Functions without Sandbox

Removable MediaWhat is uploaded and downloaded

2013 DBIR: Lessons Learned that CIRT Enables

Eliminate unnecessary data; keep tabs on what’s left.

Without deemphasizing prevention, focus on better and faster detection through a blend of people, processes, and technology

Collect, analyze and share incident data to create a rich data source that can drive security program effectiveness.

Collect, analyze, and share tactical threat intelligence, especially Indicators of Compromise (IOCs), that can greatly aid defense and detection.

Regularly measure things like “number of compromised systems” and “mean time to detection” in networks. Use them to drive security practices.

Evaluate the threat landscape to prioritize a treatment strategy. Don’t buy into a “one-size fits all” approach to security.

Traditional Model vs Integration/Automation/Collaboration

Many DisparateTools

1 Agent.1 Database.Real-time

Collaboration

IDS

/IP

S/A

nti

viru

s

DL

P

FIR

EW

AL

L

Detect threats your prevention and

alerting tools miss, even on nodes outside of your

network.

AUTOMATED RESPONSE

Host Network RemovableMedia

Malware Remediation

1Web

Interface

Multi-Team Collaboration for Improved Emergency Response

Incident Response

Team

Information Assurance

Team

Network Security

Team

Compliance Team

Computer Forensics

Team

Malware Team

CIRT Business Value

Incident ResponseData Spillage & PII /PCI Reporting

Removable Media Monitoring

Malware Triage & Analysis

Regulatory & Standards

Compliance

Mitigate Brand & Shareholder

Exposure

Enterprise Risk Posture

CYBER INTELLIGENCE & RESPONSE TECHNOLOGY

Optimizing Reactive Operations: SIEM–CIRT Integration

Automatically and systematically respond to security incidents leveraging two-way communication between

SIEM / SIM and AccessData CIRT.

Details:• Easy setup; no lengthy configuration process• SIEM alerts trigger automated incident response operations by CIRT,

or…• Manually execute CIRT response/analysis operations from the SIEM

interface• Results can be automatically sent to SIEM in CEF (Common Event

Format) or stored for future analysis• Full analysis of results can be performed within the SIEM or CIRT

interfaces• 11 pre-programmed response templates• Quickly create new response templates or modify existing ones.

All Functionality on a Single Agent

A Look at the Components…

Host Forensics w/Volatile Data Analysis

Data Audit

Network & Host-based Packet Capture

Removable Media Monitoring

Malware Analysis

SSL Decryption

SIEM / SIM Integration Batch

Remediation

CIRT Fills Your Cyber Security Gaps

CIRT augments your cyber security infrastructure to address

the two most prevalent weaknesses plaguing organizations

today—response times and detection capabilities.

You will be able to perform a broad range of operations that

are otherwise not possible, taking a more comprehensive

approach to risk mitigation and dramatically reducing the cost

of incident response.

Detect threats & spillage missed by alerting tools.

Automate rapid response.

Determine behavior & intent

in minutes.

Enforce security policies.

Synchronize with real-time collaboration.

Stop the bleeding fast.

Questions

Tom Delellis Thomas_Delellis@immixGroup.com 571-405-2947

Rob Roy esproy@hp.com 703-623-7743

Jason Mical jmical@accessdata.com