Presentation is loading. Please wait.

Presentation is loading. Please wait.

2010 Hewlett-Packard1 CYBER DEFENSE Alexandar Alexandrov.

Similar presentations


Presentation on theme: "2010 Hewlett-Packard1 CYBER DEFENSE Alexandar Alexandrov."— Presentation transcript:

1 2010 Hewlett-Packard1 CYBER DEFENSE Alexandar Alexandrov

2 2010 Hewlett-Packard2 CYBER SECURITY President Barack Obama, May 29, 2009 “Our technological advantage is a key …. But our defense and military networks are under constant attack..... Indeed, in today's world, acts of terror could come not only from a few extremists …but from a few key strokes on the computer -- a weapon of mass disruption.... it's now clear that this cyber threat is one of the most serious economic and national security challenges we face as a nation.”

3 2010 Hewlett-Packard3 OPERATING KPIs PROCESS/FUNCTION EXECUTIVE KPI (Direction) CORE FINANCIAL KPI (Direction) EXECUTIVE KPI (Direction) CORE FINANCIAL KPI (Direction) INFORMATION ASSURANCE EFFICIENCY TRUST OUTCOMES Incidents / Attacks Prevented Infrastructure Protection Access to Services Services delivered quickly Agencies operate within budgets Leverage Technology ULTIMATE BUSINESS GOAL PUBLIC VALUE IN NATIONAL SECURITY: CYBERSECURITY BUSINESS INITIATIVES (Strategy/Priority Language) HP SOLUTION: Cybersecurity Reduce Network Intrusions/ Internet Crime Improve Incident Response Increase IT Efficiency and Effectiveness Capital Investment Management Develop Intelligence Capabilities Reduce Network Attacks / Internet Crime Rates Risk Assessments / Awareness _______________ Forensics / Law Enforcement Improve Incident Response ______________ Detection, Response, Recovery Reduce IT Operating Costs ______________ Budget, Capital, HR, Procurement, Training Prevent Critical System Intrusions __________ Cyber Security Intelligence PUBLIC VALUE NATIONAL SECURITY Budget, Labor, Operating Cost Management Strengthen Security and Resilience at Home Secure Cyberspace Critical Infrastructure Protection Coordinate with Emergency Mgt., Public Safety / Justice Agencies Citizen’s Trust: Privacy Civil Liberties Protection / Security Gov’t Transparency Identity / Access Management Network / Datacenter Security Security Operations Business Continuity / Recovery Risk Management / Compliance Application / Data Security

4 2010 Hewlett-Packard4 Stakeholders The Source of the Threat What’s at Risk THE THREAT –Military, Intelligence, Homeland Security –Federal, state, local and tribal governments –Businesses & Consumers –Nation states –Ideological Movements –Organized Criminal Elements –Fame Seekers –Industry Competitors –Insiders –Merely Curious –Economic security –National security –Competitive Advantage –Public safety –Personal Information, intellectual property, privacy –Critical infrastructure (e.g. power grids, transportation)

5 2010 Hewlett-Packard5 HP SECURITY SERVICES Delivering on your mission with confidence Cyber Control to Achieve Mission Mission Integration Cyber Dominance Situational Awareness Informed Decision Making Cyber/Network Analytics & Prediction

6 2010 Hewlett-Packard6 –Proven integrated building blocks COMPREHENSIVE CYBER SECURITY SERVICES PORTFOLIO Application Security: Services for testing applications (including vulnerability assessment and penetration testing) and for building security and privacy controls into applications Data & Content Security: Services for data encryption, key management, data loss prevention, secure , and web content filtering End Point Security: Services including anti-virus, anti-spyware, mobile device security, and host intrusion detection & prevention Network Security: Services for protecting the network, including firewalls, wireless security, remote access, network access control, etc. Data Center Security: Security services for servers, storage, virtualization, and cloud computing Risk Management & Compliance: Services to train clients in security policies and procedures, to measure and manage risk, to define appropriate security controls and governance, and to achieve and sustain compliance Security Operations: Services for managing security events including log management, security incident response, reporting and root cause analysis Business Continuity & Recovery: Services for ensuring the continuity of IT-based business processes Identity & Access Management: Services for establishing authentication and authorization of user access to business assets Research & Development: Working with clients to develop next generation approaches to cyber security. Research & Development Identify & Access Management Data & Content Security Application Security Risk Mgmt& Compliance Security Operations Endpoint Security Network Security Datacenter Security Business Continuity & Recovery Research & Development

7 2010 Hewlett-Packard7 HP SECURITY SERVICES PORTFOLIO 1. Application Penetration Testing 2. Application and Code Testing/Scanning 3. Web Application Security Assessments 4. Web Application Penetration Testing 5. Web Application Firewalls 6. SOA Security 7. SAP Security 8. Middleware & Mainframe Security 9. Midrange/Server Security 1. Web Content Filtering 2. Security 1. Disk/File Encryption 2. Database Security 3. Data Loss Prevention 4. Enterprise Rights Management 5. PKI 6. Key Management 1. End Point Threat Mgmt (AV, AS, HIDS, Personal F/W) 2. End Point Application & Device Control 3. Host Intrusion Detection & Prevention Services 4. Mobile Device Security 1. Network Intrusion Detection & Prevention Services 2. Adaptive Network Architecture 3. Managed Firewall 4. VPN, UTM 5. Network Access Control 6. Wireless Security 7. Managed Proxy / Cache / Filtering 1. Server Threat Management 2. Storage Security 3. Virtualization Security 4. Cloud Computing Security 5. Fusion Center Application Security Content Security Data Security Endpoint Security Network Security Data Center Security

8 2010 Hewlett-Packard8 HP SECURITY SERVICES PORTFOLIO 1. IT Governance, Risk & Compliance (GRC) 2. eDiscovery & Archiving 3. Customer Specific Training and Awareness 4. Operational Risk and Exceptions to Policy 5. Account Delivery Continuity 6. ISO Certification 7. Information Risk Advisory Service 8. PCI Compliance Scanning 9. PCI Managed Compliance 10. C & A: NIST SP C & A: DIACAP 12. SCADA/Process Control System Security Assessment 13. NERC CIP Design, Audit and Implementation 14. IV&V Test and Evaluation 15. Compliance Assessments 16. Threat & Risk Assessments 17. MCSS Capabilities Risk Mgmt & Compliance 1. PKI Management 2. Token Management 3. Managed Remote Access 4. Directory Services 5. Meta & Virtual Directory 6. Active Directory 7. User administration 8. IDAM - Current State Assessment 9. IDAM - Architecture Blueprint 10. IDAM Design & Implement 11. Web SSO 12. Federation 13. Provisioning 14. E-SSO 15. Risk Based Authentication 16. PAM Management Identity & Access Mgmt

9 2010 Hewlett-Packard9 HP SECURITY SERVICES PORTFOLIO 1. Enterprise Security Information & Event Management 2. Log Management 3. Compliance Management 4. Security Dashboard 5. System Hardening Services 6. Security Incident Response 7. Forensics 8. Threat Monitoring & Alerting 9. Live Network Service 10. Vulnerability Scanning 11. Vulnerability Detection & Management Services 12. Security Configuration Management 13. Global Security Operations Centers (GSOC) 14. Mainframe Platform/OS Security 15. Midrange/Server Platform/OS Security Security Operations Research & Development 1. Research, Development, Test & Evaluation services 2. DARPA, IARPA and Military Department research agency opportunity 3. DOE National Labs support 4. NMCI Research & Analysis capabilities and support 5. Large comprehensive cyber security pursuits

10 2010 Hewlett-Packard10 VULNERABILITY ASSESSMENT SERVICES Network Security Application Security Network Assessments (Internet & Intranet) – Network Vulnerability Scanning (State of Art Tools) – Network Penetration Testing – System and Host Vulnerability Testing (White Box & Black Box) – Wireless Network Surveys and Penetration Testing Application Assessments (COTS and Custom) – Application Development Life Cycle Security Gap Analysis – Application Development/Design Training – Application Code Analysis (From C to Cobol) – Application Cyber Red Team – Application Automated Vulnerability Scanning (Web & Database) – Application Regression Testing – Independent Validation and Verification (IV&V)

11 2010 Hewlett-Packard11 HP COMPREHENSIVE APPLICATIONS THREAT ANALYSIS Application Security Fast Facts: – 40,000 vulnerabilities in National Vulnerabilities Database – Estimate 800,000 vulnerabilities not yet exploited – Vulnerabilities patched late cost some 30X more that those patched early – “70%+ of all successful attacks have exploited application vulnerabilities” (Gartner, Microsoft) – Typical security audits find ~20 issues, uncovering dozens or hundreds of vulnerabilities – One action which avoids a single data breach pays for itself 100 fold Services & Solutions: – Security Requirements Gap Analysis – Architectural Threat Analysis HP’s industry-leading highly efficient and effective security quality assessment. This service is designed to greatly reduce the problem of latent security defects reducing TCO.

12 2010 Hewlett-Packard12 HP ASSURED IDENTITY TM PLUS SERVICES End-to-end Security Solutions Business Readiness Workshop Detailed Design & Architecture Implementation Run Industry Frameworks Strategic & Technology Partnerships Services Offered Strategy & Roadmap Assessment Service Audit Compliance & Validation Assured Identity Management TM Gate Secure TM Assured Identity TM Fed Secure TM Identity & Access Management

13 2010 Hewlett-Packard13 HP Assured Identity TM Plus Assured Identity™ –Credential Enrollment –Credential Issuance –FIPS 201 Compliance –PIV.XX Support Gate Secure™ –Physical Security –Automated PACS provisioning system –New, single use, common credentials across multiple agencies Fed Secure™ –Federation in a Box –Cross Credentialing –Federation Broker –Access Management Services Assured Identity Management™ –Life Cycle Management –User Provisioning –Workflow –Delegated Admin –Self-Service Identity & Access Management Consulting Services

14 2010 Hewlett-Packard14 CROSS INDUSTRY EXPERIENCE HealthcareGovernment Communications, Media & Entertainment Consumer Industries and Retail Financial Services Manufacturing Energy Transportation Deep HP Security experience in all industries Industry focused security consultants We serve/manage critical cyber infrastructures across all US Critical Infrastructure/Key Resource sectors

15 2010 Hewlett-Packard15 HP Personnel Dedicated to Cyber Security –Over 2,500 cyber security professionals worldwide –Includes specialists for advisory and consulting engagements –Certified security staff with CISSP, CISM, CAP, CIS, CSSLP or GSEC

16 2010 Hewlett-Packard16 INAIL IPZS Minesterio di Grazia e Guist Ministro Pubblica Intruzione INAIL IPZS Minesterio di Grazia e Guist Ministro Pubblica Intruzione State of California City of Anaheim State of Michigan State of Ohio Commonwealth of Pennsylvania State of California City of Anaheim State of Michigan State of Ohio Commonwealth of Pennsylvania Consulting ATP South Australian Government Federal Reserve World Bank Federal Reserve World Bank European Space Agency Alberta Sustainable Resource Div. BC Ministry of Labour BC Ministry of Provincial Revenue & Citizen Services Edmonton Delivery PWGSC – Pension Modernization Government of Manitoba Alberta Sustainable Resource Div. BC Ministry of Labour BC Ministry of Provincial Revenue & Citizen Services Edmonton Delivery PWGSC – Pension Modernization Government of Manitoba Tax Administration Service of Mexico (SAT) Tax Administration Service of Mexico (SAT) Sweden Post UK Ministry of Defence UK Dept. For Work & Pensions UK Justice & Offender Management UK Ministry of Defence UK Dept. For Work & Pensions UK Justice & Offender Management Israel Ministry of Justice IDA of Singapore Ministry of the Flemish Gov’t. Ministry of the Flemish Gov’t. Spanning all Tiers of Government in 83 countries with >3,500 government accounts GLOBAL REACH AND SUPPORT Top 50 Accounts US Dept. of Defense US Government Comptroller of the Currency Defense Logistics Agency US Dept. of Agriculture US Dept of Justice US Dept. of Education US Dept. of Energy US Dept. of Health & Human Services US Dept. of Homeland Security US Dept. of Housing & Urban Development NHIC/ Medicare US Dept. of Treasury Dept. of the Army Dept. of the Navy Dept. Of Veterans Affairs DFAS DISA US Postal Food & Drug Administration Social Security Administration US Dept. of State US Dept. of Defense US Government Comptroller of the Currency Defense Logistics Agency US Dept. of Agriculture US Dept of Justice US Dept. of Education US Dept. of Energy US Dept. of Health & Human Services US Dept. of Homeland Security US Dept. of Housing & Urban Development NHIC/ Medicare US Dept. of Treasury Dept. of the Army Dept. of the Navy Dept. Of Veterans Affairs DFAS DISA US Postal Food & Drug Administration Social Security Administration US Dept. of State

17 2010 Hewlett-Packard17 Q&A


Download ppt "2010 Hewlett-Packard1 CYBER DEFENSE Alexandar Alexandrov."

Similar presentations


Ads by Google