Breakout session title here
Download
Report
Transcript Breakout session title here
5G/SOC: Inside the
world’s most advanced
SOCs
E Malligarjunan
Sr. Consultant – Security & End User Computing
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
We see security everywhere.
Information
governance
Mobility and
devices
Intelligence &
operations
STAR
T
Web &
application
security
Identity and
access
Cloud security
Data center
security
Data
protection
2
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security
Operations Center
Situational
Awareness
Intrusion
Analysis
Security
Monitoring
Cyber Defense Center (CDC)
Security Operations Center (SOC)
Threat Operations Center (TOC)
Security Defense Center (SDC)
Cyber Security Intelligence
Response Center (C-SIRC)
3
Threat Management Center (TMC)
Security Intelligence & Operations Center (SIOC)
Security Intelligence &
Threat Handlers (SITH)
Security Threat and
Intelligence Center (STIC)
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
4
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Lifecycle of Events to Incidents
People, process, technology
Technology
Process
Firewall
1
Escalation
People
Intrusion
Detection
Router
5
Network &
system
owners
2
Incident
handler
Level 2
Level
41
3
Proxy
Server
Case
closed
Web
Server
Engineer
ESM
Serve
r
5
6
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1G/SOC
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1G/SOC: 1970’s - 1995
Birth of the Internet: businesses not connected, or via slow connections
Nuisance programs & minimally impacting malicious code
Information Security tools appear
Military & Governments start to build SOCs and CERTs
7
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1G/SOC Data Feeds
Firewalls
8
IDS
Network
equipment
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2G/SOC
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2G/SOC: 1996 - 2001
Malware outbreaks & intrusion detection
MSSPs begin to offer SOC as a service to customers
SIEM concepts are introduced
10
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2G/SOC data feeds
Firewalls
11
IDS
Network
equipment
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
3G/SOC
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
3G/SOC: 2002 - 2005
Botnets, cybercrime, intrusion prevention, and compliance
Largest companies in specific industries create SOCs internally
13
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
3G/SOC data feeds
Server and
desktop OS
14
Network
equipment
Firewalls/
VPN
IDPS
Databases
Vulnerability
scanning
Anti-virus
System health
information
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Web
traffic
Intelligence
feeds
4G/SOC
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
4G/SOC: 2006 - 2013
Hacktivism, Intellectual Property Theft, Advanced Persistent Threat
Wide adoption of continuous security monitoring as breaches fill headlines
16
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
4G/SOC data feeds
Firewalls/
VPN
Idps
Business
context
17
Server and
desktop OS
Physical
infrastructure
Network
equipment
Identity
management
Vulnerability
scanning
Directory
services
Anti-virus
System health
information
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Applications
Web
traffic
Databases
Intelligence
feeds
5G/SOC
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
5G/SOC—2013 - ????
Subtle threat detection, hunt teams, counter-intel , anti-fragile,
Advanced analytics, big data
kaggle
98,000
tweets
Pandora
Music
SolidFire
Scribd.
SmugMug
Amazon
Finance
salesforce.com
SuperCam
AppFog
Plex Systems
Joyent
Urban Travel
Snapfish
Facebook
Parse
Xactly
Google
DCC
PingMe
eBay
Dragon Diction GoGrid
Product
SAP
LinkedIn
Reference
Configurator
CCC
Hosting.com
UPS Mobile Bromium Atlassian
CRM
HP
Tata Communications
buzzd
Bills of Material
Lifestyle
Engineering
Amazon Web Services
Ariba
NetReach
SCM
Splunk
Sport
Quickbooks
Inventory
Scanner Pro LimeLight
NetDocuments Zoho
Quality Control
ScaleXtreme
box.net
Alterian
EMC
Burroughs
Foursquare
HCM
Taleo
Qvidian
Datapipe
Education Pinterest
Hitachi
Hyland
Cost Management
OpenText
IBM
MRM
Sage NetSuite
Unisys
Manufacturing Projects
Workscape
Order Entry
iHandy
Mainframe
Client/server
Mobile, social,
big data & the cloud
The Internet
Cash Management
CyberShift
CloudSigma
DocuSign
PaperHost
Yandex
Baidu
ERP
HCM
Games
Hootsuite
Yahoo!
Xerox
YouTube
Time and Expense
nebula
Serif
Microsoft
Atlassian
Fixed
Assets
HP
ePrint
Accounts
Costing
WorkbrainZynga
SLI
Systems
Navigation
OpSource
Receivable
Avid
Mixi
cloudability
Workday
Billing
iSchedule
Elemica
ADP VirtualEdge
Yandex
Payroll
Photo & Video
Activity
PLM
SCM
Twitter
Khan Academy
Corel
Heroku
Yammer
Management
Zillabyte
Training
CyberShift
Adobe
Sales tracking &
Renren
SuccessFactors Entertainment Viber
Yahoo
Time &
Rostering
Marketing
Kinaxis
Answers.com
Microsoft
News
Atlassian
Attendance
SugarCRM
Saba
Social Networking
BrainPOP
DatabaseService
RightScale
Commissions
PPM
Sonar6
CYworld
Quadrem
Data Warehousing
MobileFrame.com
Claim Processing
Kenexa
Sonar6
Jive Software
Business
Saba
myHomework
Qzone
NetSuite
Softscape
Tumblr.
Intacct
Toggl
dotCloud
Fring
Amazon
Exact Online
Cornerstone onDemand
Mozy
Cookie Doodle Xing
New Relic
FinancialForce.com
Softscape
MailChimp
PingMe
Utilities Zynga
Ah! Fasion Girl
Volusion
IntraLinks
Associatedcontent
BeyondCore
Bull
NEC
Fijitsu
SmugMug
Rackspace
MobilieIron
Flickr
Fed Ex Mobile
23,148 apps
downloaded
400,710 ad
requests
Every
60 seconds
2000 lyrics played
on Tunewiki
1500 pings
sent on PingMe
34,597 people
using Zinio
208,333 minutes of
Angry Birds played
Productivity
Twitter
Paint.NET
19
TripIt
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How we got here
10+ years of breaches
Increased awareness
Advancements in technology
Increasing regulation
Consumerization of IT
20
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Hunt teams
big data analysis
Select a subset of
fields to save long
term for analytical
searches
…track malicious groups and individuals both
inside and outside
Use Cases:
• Previously unseen connections from DMZ servers
• Previously unseen connections from critical business
servers
• Previously unseen executables launching
• Abnormal logins from service accounts
• Abnormal logins from admin accounts
Red Team: To Simulate the Advanced attacks..
22
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
5G/SOC functional process framework
Intelligence
Detect
Respond
Remediate
23
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How has security visualization
evolved?
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1G/SOC
26
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2G/SOC
27
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
3G/SOC
28
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
4G/SOC
29
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
5G/SOC
30
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
The now & future of security
31
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
32
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you!
Come on! It can‘t go
wrong every time...
[email protected]
Security should never be an afterthought
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Security for the new reality
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.