#MicroFocusCyberSummit Preparing for When Your Organization Will be - - PowerPoint PPT Presentation

#MicroFocusCyberSummit

#MicroFocusCyberSummit

Preparing for When Your Organization Will be Breached: Prioritizing and Protecting

Paulo Veloso Shogo Cottrell

98% companies were victims of cyber attack in the year 2016. Ponemon Institute Study

What’s happening in the market?

3

“Approximately 40,000 Tesco Bank accounts were compromised in a cyberattack” November 2016 66% of consumers will stop doing business with a company that has suffered a cyber breach. Study by Centrify

4

The World is Feeling the Economic Pressures

World Economic Forum – 2018 Global Risk Report

2015

Attack on Ukraine’s power grid shut down 30 substations, interrupting power to 230,000 people

2016

SWIFT attack led to the theft of US$81 million from the central bank of Bangladesh

Today

European Aviation Safety Agency has stated their systems are subject to an average of 1,000 attacks each month

Global interconnectedness continues to expand the attack surface

Top 10 risks in terms of likelihood

#3 – Cyber attacks

90% CFOs claim cyber-security concerns as the primary reason to implement

new software security tools BDO Survey, 2015

40% increase in

data breach last year

• Identity Theft Resource Center

Cost of breach as high as

$74 million

• Ponemon Institute study

5

What is the Impact?

6

Cyber Risk Increased

The new battlefield Patch or perish Monetization of malware

Vanishing perimeter Perimeter in your pocket Defending interactions between users, apps, and data Back to the basics Unintended consequences Vendor transparency Ransomware ATM-malware Banking Trojans

Cycle of Security – Breaking the Cyber Kill Chain

8

Security Focus Areas – What to Prioritize and Protect

9

ANALYTICS & MACHINE LEARNING APP SECURITY DATA SECURITY SECURITY OPERATIONS IDENTITY & ACCESS ENDPOINT SECURITY

• Data de-identification

(encryption/tokenization)

• Key management
• Hardware-based trust assurance
• Messaging security
• Static, Dynamic, & Runtime

application testing

• Application security-as-a-

service

• Lifecycle management
• Patching & containerization
• Application virtualization
• Mobile & server management
• Adaptive Identity governance
• Adaptive access management
• Adaptive privileged users
• Real-time detection
• Workflow automation
• Open source data ingestion
• Hunt and investigation

GOVERNANCE, RISK & COMPLIANCE

• eDiscovery & Classification
• Information Management

Security Focus Areas – What to Prioritize and Protect

10

ANALYTICS & MACHINE LEARNING APP SECURITY IDENTITY & ACCESS

• Static, Dynamic, & Runtime

application testing

• Application security-as-a-

service

• Adaptive Identity governance
• Adaptive access management
• Adaptive privileged users

DATA SECURITY

• Data de-identification

(encryption/tokenization)

• Key management
• Hardware-based trust assurance
• Messaging security

SECURITY OPERATIONS

• Real-time detection
• Workflow automation
• Open source data ingestion
• Hunt and investigation

ENDPOINT SECURITY

• Lifecycle management
• Patching & containerization
• Application virtualization
• Mobile & server management

Identity Powers the Future of IT

Access Identity Insight

• Governance
• Provisioning
• Privileged Identity
• Self Service
• Social Registration
• Unified Identity
• Roles
• Analytics
• Data Security
• Risk Based Access
• SSO
• Privileged Access
• Federation
• Multi-Factor
• Mobile
• Social Access
• Analytics
• Data Security
• SIEM
• File Integrity
• Privileged Monitoring
• Configuration

Monitoring

• Change Monitoring
• Analytics
• Data Security

Users Devices Things Services Cloud On-Premise Hybrid

Salesforce Workday Office365 SAP … Azure AWS …

Identity Manager Identity Governance Self Service Password Reset

Identity, Governance & Administration

Identity Management Identity Self Services Governance & Compliance

Identity Powered Security

Secure Login Access Manager

Access

WebAccess Enterprise Access

Identity Powered Security

Advanced Authentication

Authentication

Identity Powered Security

Privileged Account Manager Directory & Resource Administrator Group Policy Administrator

Security Secure Administration

Privileged Accounts

Identity Powered Security

Sentinel Change Guardian

Reporting and Logging

SIEM

Activity Monitoring

Identity Powered Security

SIEM Secure Login Identity Manager Advanced Authentication Identity Governance Privileged Account Manager Self Service Password Reset Access Manager Directory & Resource Administrator Group Policy Administrator

Access

WebAccess Enterprise Access

Identity, Governance & Administration

Identity Management Identity Self Services Governance & Compliance

Authentication

Reporting and Logging

SIEM

Activity Monitoring Security Secure Administration

Privileged Accounts

Identity Powered Security

Security Focus Areas – What to prioritize and protect

18

ANALYTICS & MACHINE LEARNING DATA SECURITY SECURITY OPERATIONS IDENTITY & ACCESS ENDPOINT SECURITY

• Data de-identification

(encryption/tokenization)

• Key management
• Hardware-based trust assurance
• Messaging security
• Lifecycle management
• Patching & containerization
• Application virtualization
• Mobile & server management
• Adaptive Identity governance
• Adaptive access management
• Adaptive privileged users
• Real-time detection
• Workflow automation
• Open source data ingestion
• Hunt and investigation

APP SECURITY

• Static, Dynamic, & Runtime

application testing

• Application security-as-a-

service

19

Best Approach: Build It In

The only way to keep up is to build security into your processes and tools

Source: 1U.S. Department of Homeland Security’s U.S. Computer Emergency Response Team (US-CERT)

22017 Application Security Research Update” by the HPE Software Security Research team, 2017

• Business requires an increasing number of applications and faster release cycles – hard for

security to keep up

• Development and security teams are not integrated
• Tools across different teams are not standardized

Key Concerns

90 90%

Percentage of security incidents from exploits against defects in the design or code of software.1 Percentage of applications containing at least one critical or high vulnerability.2

80 80%

20

Best Approach: Build It In

The only way to keep up is to build security into your processes and tools

Source: 12017 Ponemon Institute Cost of Data Breach Study

2National Institute of Standards & Technology (NIST)

Solution Discussion

• The average cost of a security

breach is $3.62M1

• The key to effective application

security is to build it in to the development process

− Vulnerabilities found in the

production/post-release phase are 30 times more costly to fix than vulnerabilities found earlier in the lifecycle.2

21

The Only Way to Keep Up is to “Build It In”

Source: “10 Things to Get Right for Successful DevSecOps,” Gartner, Inc., 2017

DevSecOps

Static Code Analysis

Static Code Analyzer (SCA)

Dynamic Application Security Testing Real-time Application Self Protection

Create Plan Verify Preprod Prevent Detect Predict Respond

Continuous Integration Continuous Monitoring Monitoring and Analytics Monitoring and Analytics Continuous Improvement Continuous Deployment Continuous Configuration Continuous Learning

Continuous Delivery

Dev Ops

21

22

Implementing an End-to-End AppSec Strategy

Web Dynamic Testing (DAST) Runtime Protection (RASP) Static Code Analysis (SAST)

Production

App Defender

Application Development

Test, Integration & Staging

Code Design

IT Operations

WebInspect Management Console Static Code Analyzer (SCA)

Security Focus Areas – What to prioritize and protect

23

ANALYTICS & MACHINE LEARNING DATA SECURITY SECURITY OPERATIONS IDENTITY & ACCESS

• Data de-identification

(encryption/tokenization)

• Key management
• Hardware-based trust assurance
• Messaging security
• Adaptive Identity governance
• Adaptive access management
• Adaptive privileged users
• Real-time detection
• Workflow automation
• Open source data ingestion
• Hunt and investigation

APP SECURITY

• Static, Dynamic, & Runtime

application testing

• Application security-as-a-

service

ENDPOINT SECURITY

• Lifecycle management
• Patching & containerization
• Application virtualization
• Mobile & server management

Service Desk, Mobile Workspace, Desktop Containers

24

Endpoint Security

Securing the digital workspace

Automation | configuration Single pane of glass Security Compliance User self-services

USER WORKSPACE

Self-services Data BYOD Apps Devices

Self-services Data BYOD Apps Devices User Based

Configuration Management, Endpoint Security, Mobile Workspace, Service Desk, Patch Management, Desktop Containers, Asset Management The ZENworks Control Center / Common End User Portal Asset Management, Patch Management, FDE, Endpoint Security Full Disk Encryption, Endpoint Security, Mobile Workspace, Desktop Containers, Patch Management

Security Focus Areas – What to prioritize and protect

25

ANALYTICS & MACHINE LEARNING DATA SECURITY IDENTITY & ACCESS ENDPOINT SECURITY

• Data de-identification

(encryption/tokenization)

• Key management
• Hardware-based trust assurance
• Messaging security
• Lifecycle management
• Patching & containerization
• Application virtualization
• Mobile & server management
• Adaptive Identity governance
• Adaptive access management
• Adaptive privileged users

APP SECURITY

• Static, Dynamic, & Runtime

application testing

• Application security-as-a-

service

SECURITY OPERATIONS

• Real-time detection
• Workflow automation
• Open source data ingestion
• Hunt and investigation

Security Operations

Modular, Open, Intuitive

Workbench

Investigation

Real Time Correlation

Event Prioritization

Detection Analytics

minutes 30 days 7 years Reporting

& Compliance

7 years

Message Bus

Connectors

Hunt Exploration Engines

30-180 days

R ML BI Tools

3rd Party

BI Tools

Shared content

UEBA

Data Lake

IT | OT | IOT | Cloud | Physical | Flow Vuln | Intel | Asset | Users Data Sources Temporal Enrichment

Workbench

Investigation, integration, case management

Workbench

Investigation

Risk Prioritization

Archive, Search

Data Sources

(Structured & Unstructured)

+ Control points Security Operations

(On-prem & Managed) Users Cloud Apps Servers & Workloads Network Endpoints IoT Security Analysts Level 1 Security Analysts Level 2 Hunt Team

From Data Chaos to Security Insight

SIEM Hadoop UBA Advanced Analytics Hunt Visualization OT IOT Physical IT SIEM Hadoop UBA Advanced Analytics Hunt

Visualization

OT IOT Physical IT

Event Broker

Traditional N : 1 Architecture Open N : M Architecture

More Use Cases More Secure More Sources

Intelligent SOC Solution

Security Focus Areas – What to Prioritize and Protect

29

ANALYTICS & MACHINE LEARNING SECURITY OPERATIONS IDENTITY & ACCESS ENDPOINT SECURITY

• Lifecycle management
• Patching & containerization
• Application virtualization
• Mobile & server management
• Adaptive Identity governance
• Adaptive access management
• Adaptive privileged users
• Real-time detection
• Workflow automation
• Open source data ingestion
• Hunt and investigation

APP SECURITY

• Static, Dynamic, & Runtime

application testing

• Application security-as-a-

service

DATA SECURITY

• Data de-identification

(encryption/tokenization)

• Key management
• Hardware-based trust assurance
• Messaging security

30

New Best Practice: “Data-centric” Security

Data-centric Security

End-to-end Protection

30 Threats to Data Traditional IT Infrastructure Security Security Gaps

Malware, Insiders SQL injection, Malware Traffic Interceptors Malware, Insiders Credential Compromise Disk encryption Database encryption SSL/TLS/ firewalls SSL/TLS/ firewalls Authentication Management

Data security coverage Data Ecosystem

Data and applications Middleware Databases File systems Storage

Security gap Security gap Security gap Security gap

Protect your data by using FPE

Live data capture & protection at source Controlled granular access to sensitive data by policy Useful pseudonymised data in applications, storage, analytics…

Governance & Use - central policy controlled granular data access and audit Discovery, Classification, Conversion, Protection

32

Secure Stateless Tokenization (SST)

• Stateless - redundancy, failover, scalability are easy
• Customized token formats
• Token multiplexing

Credit Card

4171 5678 8765 4321 SST 8736 5533 4678 9453 Partial SST 4171 5633 4678 4321 Obvious SST 4171 56AZ UYTZ 4321 BIN Mapping 1236 5533 4678 4321

• Guaranteed referential integrity or fully randomized output by policy
• Enables data protection and data de-identification from one framework

− Can be used to generate test data for QA, training, etc.

Data Protection with FPE and SST

Name SS# Credit Card # Street Address Customer ID James Potter 385-12-1199 3712 3456 7890 1001 1279 Farland Avenue G8199143 Ryan Johnson 857-64-4190 5587 0806 2212 0139 111 Grant Street S3626248 Carrie Young 761-58-6733 5348 9261 0695 2829 4513 Cambridge Court B0191348 Brent Warner 604-41-6687 4929 4358 7398 4379 1984 Middleville Road G8888767 Anna Berman 416-03-4226 4556 2525 1285 1830 2893 Hamilton Drive S9298273

Name SS# Credit Card # Street Address Customer ID

Kwfdv Cqvzgk 161-82-1292 3712 3486 3545 1001 2890 Ykzbpoi Clpppn S7202483 Veks Iounrfo 200-79-7127 5587 0856 7634 0139 406 Cmxto Osfalu B0928254 Pdnme Wntob 095-52-8683 5348 9209 2367 2829 1498 Zejojtbbx Pqkag G7265029 Eskfw Gzhqlv 178-17-8353 4929 4333 0934 4379 8261 Saicbmeayqw Yotv G3951257 Jsfk Tbluhm 525-25-2125 4556 2545 6223 1830 8412 Wbbhalhs Ueyzg B6625294 FPE FPE FPE FPE SST Name SS# Credit Card # Street Address Customer ID Anna Berman 416-03-4226 4556 2525 1285 1830 2893 Hamilton Drive S9298273

Secured data access under strict policy controls

34

ANALYTICS & MACHINE LEARNING APP SECURITY DATA SECURITY SECURITY OPERATIONS IDENTITY & ACCESS ENDPOINT SECURITY

• Data de-identification

(encryption/tokenization)

• Key management
• Hardware-based trust assurance
• Messaging security
• Static, Dynamic, & Runtime

application testing

• Application security-as-a-

service

• Lifecycle management
• Patching & containerization
• Application virtualization
• Mobile & server management
• Adaptive Identity governance
• Adaptive access management
• Adaptive privileged users
• Real-time detection
• Workflow automation
• Open source data ingestion
• Hunt and investigation

Thank You.

#MicroFocusCyberSummit

#MicroFocusCyberSummit