Transcript Slide 1

CYBER DEFENSE
Alexandar Alexandrov
1
2010 Hewlett-Packard
CYBER SECURITY
President Barack Obama,
May 29, 2009
2
2010 Hewlett-Packard
“Our technological advantage is a
key …. But our defense and
military networks are under
constant attack. .... Indeed, in
today's world, acts of terror could
come not only from a few
extremists …but from a few key
strokes on the computer -- a
weapon of mass disruption. ... it's
now clear that this cyber threat is
one of the most serious economic
and national security challenges
we face as a nation.”
PUBLIC VALUE NATIONAL SECURITY
PUBLIC VALUE IN NATIONAL SECURITY: CYBERSECURITY
ULTIMATE BUSINESS GOAL
EXECUTIVE
KPI
(Direction)
CORE FINANCIAL
KPI
(Direction)
INFORMATION
ASSURANCE
OUTCOMES
• Strengthen Security
and Resilience at
Home
• Secure Cyberspace
• Critical Infrastructure
Protection
• Coordinate with
Emergency Mgt.,
Public Safety /
Justice Agencies
---------
BUSINESS
INITIATIVES
(Strategy/Priority Language)
OPERATING KPIs
-------------------------------PROCESS/FUNCTION
• Incidents / Attacks
Prevented
• Infrastructure
Protection
• Access to Services
3
Citizen’s Trust:
• Privacy
• Civil Liberties
• Protection / Security
• Gov’t Transparency
• Services delivered
quickly
• Agencies operate
within budgets
• Leverage Technology
Capital
Investment
Management
Budget, Labor,
Operating Cost
Management
Reduce Network
Intrusions/ Internet
Crime
Reduce Network Attacks /
Internet Crime Rates
Risk Assessments /
Awareness
_______________
Risk Management /
Compliance
EFFICIENCY
---------------
Application / Data
Security
Develop
Intelligence
Capabilities
Improve Incident
Response
Improve Incident Response
______________
Detection, Response,
Recovery
Forensics / Law Enforcement
HP SOLUTION:
Cybersecurity
2010 Hewlett-Packard
TRUST
Business
Continuity /
Recovery
Prevent Critical
System Intrusions
__________
Cyber Security
Increase
IT Efficiency and
Effectiveness
Reduce IT Operating
Costs
______________
Intelligence
Security Operations
Network / Datacenter
Security
Budget, Capital, HR,
Procurement, Training
Identity / Access
Management
THE THREAT
Stakeholders
The Source of the
Threat
– Nation states
– Economic security
– Ideological Movements
– National security
– Federal, state, local and
tribal governments
– Organized Criminal
Elements
– Competitive Advantage
– Businesses &
Consumers
– Fame Seekers
– Personal Information,
intellectual property,
privacy
– Military, Intelligence,
Homeland Security
– Industry Competitors
– Insiders
– Merely Curious
4
What’s at Risk
2010 Hewlett-Packard
– Public safety
– Critical infrastructure
(e.g. power grids,
transportation)
HP SECURITY SERVICES
Cyber
Dominance
Business
Continuity &
Recovery
Mission
Integration
Research &
Development
Identity &
Access
Management
Datacenter
Security
Network
Security
Cyber/Network
Analytics &
Prediction
Cyber Control to
Achieve Mission
2010 Hewlett-Packard
Data &
Content
Security
Application
Security
Endpoint
Security
Delivering on your mission with confidence
5
Situational
Awareness
Security
Operations
Risk
Management &
Compliance
Informed
Decision Making
COMPREHENSIVE CYBER SECURITY SERVICES PORTFOLIO
– Proven integrated building blocks
Application
Security
6
Application Security: Services for testing applications (including vulnerability assessment and penetration testing) and for building security and
privacy controls into applications
Data &
Content
Security
Data & Content Security: Services for data encryption, key management, data loss prevention, secure e-mail, and web content filtering
Endpoint
Security
End Point Security: Services including anti-virus, anti-spyware, mobile device security, and host intrusion detection & prevention
Network
Security
Network Security: Services for protecting the network, including firewalls, wireless security, remote access, network access control, etc.
Datacenter
Security
Data Center Security: Security services for servers, storage, virtualization, and cloud computing
Risk Mgmt&
Compliance
Risk Management & Compliance: Services to train clients in security policies and procedures, to measure and manage risk, to define appropriate
security controls and governance, and to achieve and sustain compliance
Security
Operations
Security Operations: Services for managing security events including log management, security incident response, reporting and root cause analysis
Business
Continuity &
Recovery
Business Continuity & Recovery: Services for ensuring the continuity of IT-based business processes
Identify &
Access
Management
Identity & Access Management: Services for establishing authentication and authorization of user access to business assets
Research &
Development
Research & Development: Working with clients to develop next generation approaches to cyber security.
2010 Hewlett-Packard
Research &
Development
HP SECURITY SERVICES PORTFOLIO
Application
Security
1.
2.
3.
4.
5.
6.
7.
8.
9.
Application Penetration Testing
Application and Code Testing/Scanning
Web Application Security Assessments
Web Application Penetration Testing
Web Application Firewalls
SOA Security
SAP Security
Middleware & Mainframe Security
Midrange/Server Security
Endpoint
Security
Network
Security
Content
Security
Data
Security
7
2010 Hewlett-Packard
1. Web Content Filtering
2. Email Security
1.
2.
3.
4.
5.
6.
Disk/File Encryption
Database Security
Data Loss Prevention
Enterprise Rights Management
PKI
Key Management
Data Center
Security
1. End Point Threat Mgmt (AV, AS, HIDS,
Personal F/W)
2. End Point Application & Device Control
3. Host Intrusion Detection & Prevention
Services
4. Mobile Device Security
1. Network Intrusion Detection & Prevention
Services
2. Adaptive Network Architecture
3. Managed Firewall
4. VPN, UTM
5. Network Access Control
6. Wireless Security
7. Managed Proxy / Cache / Filtering
1.
2.
3.
4.
5.
Server Threat Management
Storage Security
Virtualization Security
Cloud Computing Security
Fusion Center
HP SECURITY SERVICES PORTFOLIO
Risk Mgmt
&
Compliance
8
2010 Hewlett-Packard
1. IT Governance, Risk & Compliance
(GRC)
2. eDiscovery & Archiving
3. Customer Specific Training and
Awareness
4. Operational Risk and Exceptions to Policy
5. Account Delivery Continuity
6. ISO 27001 Certification
7. Information Risk Advisory Service
8. PCI Compliance Scanning
9. PCI Managed Compliance
10. C & A: NIST SP 800-37
11. C & A: DIACAP
12. SCADA/Process Control System Security
Assessment
13. NERC CIP Design, Audit and
Implementation
14. IV&V Test and Evaluation
15. Compliance Assessments
16. Threat & Risk Assessments
17. MCSS Capabilities
Identity &
Access
Mgmt
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
PKI Management
Token Management
Managed Remote Access
Directory Services
Meta & Virtual Directory
Active Directory
User administration
IDAM - Current State Assessment
IDAM - Architecture Blueprint
IDAM Design & Implement
Web SSO
Federation
Provisioning
E-SSO
Risk Based Authentication
PAM Management
HP SECURITY SERVICES PORTFOLIO
Security
Operations
9
2010 Hewlett-Packard
1. Enterprise Security Information & Event
Management
2. Log Management
3. Compliance Management
4. Security Dashboard
5. System Hardening Services
6. Security Incident Response
7. Forensics
8. Threat Monitoring & Alerting
9. Live Network Service
10. Vulnerability Scanning
11. Vulnerability Detection & Management
Services
12. Security Configuration Management
13. Global Security Operations Centers (GSOC)
14. Mainframe Platform/OS Security
15. Midrange/Server Platform/OS Security
Research &
Development
1. Research, Development, Test &
Evaluation services
2. DARPA, IARPA and Military
Department research agency
opportunity
3. DOE National Labs support
4. NMCI Research & Analysis
capabilities and support
5. Large comprehensive cyber
security pursuits
VULNERABILITY ASSESSMENT SERVICES
Network Assessments (Internet & Intranet)
Network
Security
–
–
–
–
Network Vulnerability Scanning (State of Art Tools)
Network Penetration Testing
System and Host Vulnerability Testing (White Box & Black Box)
Wireless Network Surveys and Penetration Testing
Application Assessments (COTS and Custom)
Application
Security
10
2010 Hewlett-Packard
–
Application Development Life Cycle Security Gap Analysis
–
Application Development/Design Training
–
Application Code Analysis (From C to Cobol)
–
Application Cyber Red Team
–
Application Automated Vulnerability Scanning (Web & Database)
–
Application Regression Testing
–
Independent Validation and Verification (IV&V)
HP COMPREHENSIVE APPLICATIONS THREAT ANALYSIS
Application
Security
HP’s industry-leading highly efficient and effective security quality assessment. This service is
designed to greatly reduce the problem of latent security defects reducing TCO.
Fast Facts:
Services & Solutions:
–
40,000 vulnerabilities in National Vulnerabilities
Database
–
Security Requirements Gap Analysis
–
Estimate 800,000 vulnerabilities not yet exploited
–
Architectural Threat Analysis
–
Vulnerabilities patched late cost some 30X more that
those patched early
–
“70%+ of all successful attacks have exploited
application vulnerabilities” (Gartner, Microsoft)
–
Typical security audits find ~20 issues, uncovering
dozens or hundreds of vulnerabilities
–
One action which avoids a single data breach
pays for itself 100 fold
11
2010 Hewlett-Packard
HP ASSURED
End-to-end
Security
Solutions
IDENTITYTM
Business
Readiness
Workshop
Strategy &
Roadmap
PLUS SERVICES
Detailed Design &
Architecture
Implementation
Identity &
Access
Management
Run
Assessment Service
Assured Identity
ManagementTM
Fed SecureTM
Audit Compliance &
Validation
Assured Identity TM
Gate SecureTM
Services Offered
Strategic &
Technology
Partnerships
Industry
Frameworks
12
2010 Hewlett-Packard
Identity &
Access
Management
TM
HP Assured Identity Plus
Consulting Services
Assured Identity™
Assured Identity
Management™
Fed Secure™
– Federation in a Box
– Credential Enrollment
– Credential Issuance
– FIPS 201 Compliance
– PIV.XX Support
13
2010 Hewlett-Packard
– Life Cycle
Management
– User Provisioning
– Workflow
– Delegated Admin
– Self-Service
– Cross Credentialing
– Federation Broker
– Access Management
Services
Gate Secure™
– Physical Security
– Automated PACS
provisioning system
– New, single use,
common credentials
across multiple
agencies
CROSS INDUSTRY EXPERIENCE
•
•
Deep HP Security experience in all industries
Industry focused security consultants
Communications,
Media & Entertainment
Government
Consumer
Industries and
Retail
Healthcare
Energy
Financial Services
Manufacturing
Transportation
We serve/manage critical cyber infrastructures across all US Critical
Infrastructure/Key Resource sectors
14
2010 Hewlett-Packard
HP Personnel Dedicated to Cyber Security
– Over 2,500 cyber security professionals
worldwide
– Includes specialists for advisory and consulting
engagements
– Certified security staff with CISSP, CISM, CAP,
CIS, CSSLP or GSEC
15
2010 Hewlett-Packard
GLOBAL REACH AND SUPPORT
Top 50 Accounts
Alberta Sustainable Resource Div.
BC Ministry of Labour
BC Ministry of Provincial Revenue
& Citizen Services
Edmonton Delivery
PWGSC – Pension Modernization
Government of Manitoba
State of California
City of Anaheim
State of Michigan
State of Ohio
Commonwealth of
Pennsylvania
US Dept. of Defense
US Government
Comptroller of the Currency
Defense Logistics Agency
US Dept. of Agriculture
US Dept of Justice
US Dept. of Education
US Dept. of Energy
US Dept. of Health
& Human Services
US Dept. of Homeland Security
US Dept. of Housing &
Urban Development
NHIC/ Medicare
US Dept. of Treasury
Dept. of the Army
Dept. of the Navy
Dept . Of Veterans Affairs
DFAS
DISA
US Postal
Food & Drug Administration
Social Security Administration
US Dept. of State
Ministry of the
Flemish Gov’t.
INAIL
IPZS
Minesterio di
Grazia e Guist
Ministro Pubblica
Intruzione
European Space Agency
Federal Reserve
World Bank
Consulting ATP
Tax Administration Service
of Mexico (SAT)
Sweden Post
IDA of Singapore
UK Ministry of Defence
UK Dept. For Work & Pensions
UK Justice &
Offender Management
Israel Ministry of Justice
South Australian Government
Spanning all Tiers of Government in 83 countries with >3,500 government accounts
16
2010 Hewlett-Packard
Q&A
17
2010 Hewlett-Packard