top 10 tips for effective soc/noc collaboration or integration
DESCRIPTION
Top 10 tips for effective SOC/NOC collaboration or integration. In 5 years the security operation center and IT operation center will integrate and bring more context to security events and help to search, store, and analyze machine data for operational intelligenceTRANSCRIPT
![Page 1: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/1.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Top 10 Tips for Achieving EffectiveSecurity + Operations CollaborationSridhar KarnamSecurity Product MarketingHP Enterprise Security
Amy FeldmanOperations Product MarketingHP Software
![Page 2: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/2.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Agenda
• Is SOC/ NOC collaboration a big deal?
• Challenges• Top 10 Tips for effective SOC/
NOC collaboration• Summary
![Page 3: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/3.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Is SOC/ NOC collaboration a big deal?
![Page 4: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/4.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Organizational and security leadership is under immense pressure
Security awareness at board level
CISOChief Information Security Officer sits at heart of the enterprise security response
SIMPLE CONTROLS 97% OF DATA BREACHES
COULD HAVE BEEN AVOIDED
CYBER THREAT56% ORGANIZATIONS
HAVE BEEN THE TARGET OF NATION-STATE CYBER ATTACK
INCREASING COST PRESSURES 11% OF TOTAL IT
BUDGET SPENT ON SECURITY
![Page 5: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/5.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Riskier enterprises + advanced attackers = more attacks
Threat landscape
Virtualization
State funded
Anonymous
Cloud
LulzSec
Mobile/BYOD
New technologies
Hactivists
Attacks24 millions40 millions95 millions101 millions130 millions
![Page 6: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/6.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
No effective way…to understand and prioritize risk
The IT operations problem
Breaches continue… even though they have hundreds of security solutions available
Silo’d products… don’t learn or share information
Limited context…a gap between IT operations and security constrains potential actions
![Page 7: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/7.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
SOC/NOC collaboration
- Align business with IT
- Secure IT Operations
- IT GRC, SIEM, ITIL
- Optimize resources
Unified data with context from security, operations, service, and risk
![Page 8: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/8.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
SOC/NOC collaboration challenges
• Simplify un-structured data
• Comprehensive log management
• Secure applications
• Unified data
• 360° secure network defense• Change management without risk
• Manual correlation of security threats
• Centralized approach
• Resource optimization
• Consolidated view
![Page 9: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/9.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Top 10 tips for better SOC/NOC collaboration
![Page 10: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/10.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Single view of security, operations, and IT GRC
Tip 1: Consolidated view
![Page 11: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/11.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Seamless integration of security and IT operation tools – no point solutions
Tip 2: Centralized approach
Understandcontext Act
Proactive risk reduction
SECURITYUser ProvisioningIdentity & Access MgmtDatabase EncryptionAnti-Virus, EndpointFirewall, Email Security
See everything
IT OPERATIONSUser ManagementApp Lifecycle MgmtInformation MgmtOperations MgmtNetwork Mgmt
Seeeverything
![Page 12: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/12.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Log management approach to unify collection, search, and reporting of machine data
Tip 3: Comprehensive log management
• Collection complete visibility
• Analyze events in real time to deliver insight
• Search quickly to simplify IT
• IT GRC & Security in a single tool
• Reporting on log data
• IT operations through monitoring & alerting
Machine Data
Monitoring & alerting
Log Collection
Search
AnalysisDashboard
IT GRC
![Page 13: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/13.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Cross-correlation of events provide security context and avoids false positives
Tip 4: Event correlation
Correlation:• Connect roles, responsibilities,
identities, history, and trends to detect business risk violations
• Pattern recognition• Anomaly detection • The more you collect, the
smarter it gets
Hardware
Software People
Process
![Page 14: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/14.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Monitor network activities for malicious activity through IPS and log management
Tip 5: 360° secure network defense and management
• IPS (Intrusion prevention system) protects your vulnerable applications and data from harmful attacks
• Dynamic analytics and policy deployment with real time network management data
• Network events and log analysis to proactively address threats
NetworkDefenseSystem
IPS data
Log data
Network events
Plug-n-play
![Page 15: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/15.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Develop immunity for threats right through development of applications
Tip 7: Confidently deliver secure applications
Automated code testingTesting of code during
development for security vulnerability
App runtime testingSecurity testing of 3rd party
or open source applications
• Automated testing• Part of SDLC
• Test any apps• Threat detection
without source code
Manual review
• Manual expert audit• Reduce false positives
Security experts
444
![Page 16: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/16.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Add digital vaccination to prevent against new and zero-day threats
Tip 6: Change management without risk
• Digital vaccination against threats through IPS
• Reputation database of known threats
• Advanced security intelligence
APPAPP
APP
![Page 17: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/17.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Time (Event Time)
name
DeviceVendor
DeviceProduct CategoryBehavior
CategoryDeviceGroup
CategoryOutcome
CategorySignificance
6/17/2009 12:16:03
Deny Cisco PIX /Access /Firewall /Failure /Informational/
Warning
6/17/2009 14:53:16
Drop Checkpoint Firewall-1/VPN-1 /Access/Start /Firewall /Failure /Informational/
Warning
Convert all machine data into common format for search, report, and retention
Tip 8: Unified data
Benefit: Single data for searching, indexing, reporting, and archiving
Jun 17 2009 12:16:03: %PIX-6-106015: Deny TCP (no connection) from 10.50.215.102/15605 to 204.110.227.16/443 flags FIN ACK on interface outsideJun 17 2009 14:53:16 drop gw.foobar.com >eth0 product VPN-1 & Firewall-1 src xxx.xxx.146.12 s_port 2523 dst xxx.xxx.10.2 service ms-sql-m proto udp rule 49
Raw machine data
Unified data
![Page 18: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/18.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Simplify searching, reporting, forensics, and correlation through search tool
Tip 9: Simplify un-structured data
• Simplify forensics and investigation through a search tool
• Easily search and report on historical data
• Retention of logs as per regulatory compliance
• Pre-packaged content for security and GRC
• Feed unified data into event correlation engine
![Page 19: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/19.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Collaboration enables resource optimization, rotation, and sharing for faster ROI
Tip 10: Resource optimization
Shared tools
• Seamlessly integrated tools
• Single vendor as opposed to multiple point solutions
• Enhanced user experience
Shared Knowledge
• Bi-directional information
• Unified and contextual data
• Efficient operation
Shared talent pool
• Job rotation
• Process focused
• Empowered IT practitioners
Distribute investment across SOC and NOC to realize faster ROI
![Page 20: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/20.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Summary
![Page 21: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/21.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How we help our customers (SOC/NOC integration)3 days to generate IT GRC report through logsNow with HP, get a consolidated view of IT GRC, security, and operations in 2 minutes giving a 99% improvement32 weeks to run a IT auditNow with HP, audit ready log data can be searched within 2 days giving a 99+% improvement
8 hours to fix a new IT incidentNow with HP, search years worth of log data with annotations in 5 minutes to find resolution giving 99% improvement
10 days to investigate and respond to a data breachNow with HP, forensics takes less than 5 minutes giving a 99+% improvement
3 weeks to fix a threat vulnerabilityNow with HP, built threat immune and respond to new threats in 2 minutes giving a 99+% improvement
![Page 22: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/22.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Download HP ArcSight Logger trial software
• Free downloadable software
• Collect up to 750 MB of log data per day
• Store up to 500 GB of uncompressed logs
• Access to most enterprise features for a full 12 months
• Standard HP ArcSight community support (Protect 724)
HP.COM/GO/LOGGER
![Page 23: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/23.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
HP.COM/GO/LOGGER
![Page 24: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/24.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Dedicated HP Software track sessions, HP and partner exhibits, demos, and keynotes
Las Vegas (On-Demand…NOW)
Watch recordings of:
• General Sessions• Track Sessions• Breakout Sessions• Press Conferences
Frankfurt (4-6 December 2012)
Join over 10,000 enterprise IT leaders
• Breakthrough innovations • Emerging trends• New best practices• Key IT and business strategies
![Page 25: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/25.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
A recording of today’s event may be viewed in our “Library of On-Demand Events”:www.hp.com/go/it
Participate in HP Software’s “Community of IT Professionals”:www.hp.com/go/swcommunity
Join HP Software’s “LinkedIn group”:www.hp.com/go/linkedin
Additional resources
![Page 26: Top 10 tips for effective SOC/NOC collaboration or integration](https://reader035.vdocuments.mx/reader035/viewer/2022070315/55550cbeb4c905c35e8b52a3/html5/thumbnails/26.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank You!
If you have any additional comments or questions,or would like to receive a .pdf copy of today’s presentation, please contact:
Scott ArmaniniExecutive Producer, HP Software Web [email protected]/go/IT