big data security with hp arcsight
DESCRIPTION
Big Data Security with HP ArcSightTRANSCRIPT
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Big Data Security
Sridhar KarnamProduct Marketing ManagerHP EnterpriseSecurity.com Hewlett-Packard Company
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
Riskier enterprises + advanced attackers = more attacks
Threat landscape
Virtualization
State funded
Anonymous
Cloud
LulzSec
Mobile/BYOD
New technologies
Hactivists
Attacks24 millions40 millions95 millions101 millions130 millions
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
Problem with existing approach
Cloud1000+ security vendors
Virtual
Physical
Too much data
Too many securitysolutions
No integrated intelligence
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
Big data security challenges
• Simplify un-structured data
• Comprehensive log management
• Secure applications
• Unified data
• Network security
• Change management
• Correlation of security events
• Centralized approach
• Resource optimization
• Consolidated view
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Single view of security, operations, and IT GRC
Consolidated view
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
Seamless integration of security and IT operation tools – no point solutions
Centralized approach
Understandcontext Act
Proactive risk reduction
SECURITYUser ProvisioningIdentity & Access MgmtDatabase EncryptionAnti-Virus, EndpointFirewall, Email Security
See everything
IT OPERATIONSUser ManagementApp Lifecycle MgmtInformation MgmtOperations MgmtNetwork Mgmt
Seeeverything
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
Log management approach to unify collection, search, and reporting of machine data
Comprehensive log management
• Collection complete visibility
• Analyze events in real time to deliver insight
• Search quickly to simplify IT
• IT GRC & Security in a single tool
• Reporting on log data
• IT operations through monitoring & alerting
Machine Data
Monitoring & alerting
Log Collection
Search
AnalysisDashboard
IT GRC
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
Time (Event Time)
name
DeviceVendor
DeviceProduct CategoryBehavior
CategoryDeviceGroup
CategoryOutcome
CategorySignificance
6/17/2009 12:16:03
Deny Cisco PIX /Access /Firewall /Failure /Informational/
Warning
6/17/2009 14:53:16
Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/
Warning
Convert all machine data into common format for search, report, and retention
Unified data
Benefit: Single data for searching, indexing, reporting, and archiving
Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outsideJun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49
Raw machine data
Unified data
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
Simplify searching, reporting, forensics, and correlation through search tool
Simplify un-structured data
• Simplify forensics and investigation through a search tool
• Easily search and report on historical data
• Retention of logs as per regulatory compliance
• Pre-packaged content for security and GRC
• Feed unified data into event correlation engine
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
How we help our customers3 days to generate IT GRC report through logsNow with HP, get a consolidated view of IT GRC, security, and operations in 2 minutes giving a 99% improvement32 weeks to run a IT auditNow with HP, audit ready log data can be searched within 2 days giving a 99+% improvement
8 hours to fix a new IT incidentNow with HP, search years worth of log data with annotations in 5 minutes to find resolution giving 99% improvement
10 days to investigate and respond to a data breachNow with HP, forensics takes less than 5 minutes giving a 99+% improvement
3 weeks to fix a threat vulnerabilityNow with HP, built threat immune and respond to new threats in 2 minutes giving a 99+% improvement
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
Download HP ArcSight Logger trial software
• Free downloadable software
• Collect up to 750 MB of log data per day
• Store up to 500 GB of uncompressed logs
• Access to most enterprise features for a full 12 months
• Standard HP ArcSight community support (Protect 724)
HP.COM/GO/LOGGER
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
hp.com/go/logger