Get Ready for RSA ArcSight
RSA 2017 Overview Su Jin Kim
Always relevant. Always fresh. Always on. Collectively our conferences draw over 45,000 attendees per year, making us the world’s largest provider of security events. However, the real value of RSA Conference lies not in our size, but in the valuable content we provide and our commitment to finding new industry voices and new ways for our community to feel inspired and engaged. - Largest Security Conference in the World with 20,000+ attendees - HPE is a Platinum Sponsor with a 30’ x 40’ Booth - HPE Keynote will be delivered by Martin Fink along with 5 other HPE Breakout Sessions - We expect 2,500 booth leads scans, 150+ customer meetings all lead to new Sales opportunities https://www.rsaconference.com/events/us17
HPE Security - RSA messaging Est. time = 2:00 HPE Security - RSA messaging Tag line HPE Security delivers the confidence to securely innovate Theme Fearlessly Innovate We are in a period of disruptive change, where success is achieved by innovating faster than the competition. Innovating means adopting technologies that increase productivity, lower costs and extend businesses into new markets. In this environment, organizations that rapidly design, deploy and adapt IT based on the needs of our customers, partners and employees cannot be slowed down by security. But not considering risk in an increasingly connected world jeopardizes innovation. Security must accelerate, not impede innovation. We help you build security directly into your data and your apps. We provide the visibility, analytics and automation to rapidly detect, respond to, and remediate threats at scale. Customer Value HPE Security provides the tools and expertise to help you fearlessly innovate in the face of increasing risks. Protect what matters most to you, by building security into your data and applications and detect, respond to and remediate threats at scale. Frank or bill ? PURPOSE OF SLIDE: Establish HP’s view and set context for need for server transformation. KEY TAKEAWAYS: The four big trends – Cloud, Big Data, Security, and Mobility – are dramatically impacting how IT is experienced. Other trends are pressuring IT Leaders and they must respond. User demands are also/already accelerating at a phenomenal rate. Placing pressure on the server industry, which is already undergoing dramatic transformation TRANSITION: These disruptive forces are placing pressure son the existing server industry… AUDIENCE NET IMPRESSION: “I agree the world has changed; affecting current data center (and IT) approach.” ******************************* Driving a huge disruption in today’s IT is the rise of Cloud, Mobility, Big Data, and Security. By 2020 we expect 30 billion devices; 40 trillion gigabytes of data; 10 million mobile apps; for 8 billion people. These numbers are overwhelming. Their sheer size makes it clear just how fundamental these trends are to an organization’s bottom line. On any given day, we post 1B pieces of content to Facebook, generate 200+M tweets, and create information with cameras, sensors, GPS devices, and transaction systems. Wal-Mart processes over 1M transactions every hour –translating to 2.5+ EB of data. These trends are seen as disruption for some vendors and are embraced as opportunity by others. But the bottom line is that solving these kinds of challenges and using these forces to our advantage are the table-stakes in today’s hyper-competitive environment. Substatiation for user demand quants: (30B devices) IDC Directions 2013: Why the Datacenter of the Future Will Leverage a Converged Infrastructure, March 2013, Matt Eastwood (40T GB and 10M mobile apps) IDC Predictions 2015: Competing for 2020, Document 231720, December 2011, Frank Gens (8B people) http://en.wikipedia.org Product Marketing objectives: Drive awareness of HPE Security products securing innovation today and in the future - keynote, demo use cases Thought leadership - in booth presos, sponsor session, keynote Product/Solution consideration - demos, in booth presos Customer advocacy - upsell, educate, TLC Product Pillars/launches will map into this FY17 focus
Sponsor Keynote Thursday, February 16th 11:20 – 11:40 am Title: Data Futures: Protecting the changing value of data The value of data is in constant flux due to aggregation, correlation and usage. Hear how new cryptographic models including quantum cryptography, homomorphic cryptography, and Blockchain protect both the current and future value of data - allowing business professionals to create, use and dispose of data with the confidence that they will be protected over time. Terence Spies, HPE Distinguished Chief Technologist Terence Spies is HPE Distinguish Chief Technologist at HPE Security – Data Security, and is a leading expert in encryption, tokenization and other data security approaches. He oversees the expansion of Data Security technology into new application areas such as Hadoop, cloud, mobility, payments, Blockchain and other areas where application data security is required. Terence is active within the standards community and currently serves as chair of X9F1, the Cryptographic Tools group of X9 whose charter is to draft cryptographic algorithm standards for use in the financial industry.
Sponsor Speaking Session Thursday, 2/16 at 9:15 AM - 10:00 AM Title: Fully automated security operations: Fact of Fiction? Abstract: As an industry, we have a people problem and the explosion of data generated from transactions, customer behavior, sensor activity, fraudulent activity, and growing compliance requirements are not helping. Join HPE Security ArcSight to explore how to address the people problem through automation in your intelligent security operations organization; increasing security without breaking the budget. Jesse Emerson, Global lead HPE Software’s Cyber Defense Consulting Mr. Emerson has worked in Cyber Security for over 15 years, specializing in Security Intelligence, Security Operations, and Incident Response. He is the worldwide leader of HPE Software’s Cyber Defense Consulting practice and has served as the HPE Global Head of Protect Transformation Solutions. He joined Hewlett Packard Enterprise with the acquisition of ArcSight and has worked with dozens of Global 500 and Public Sector organizations to develop and improve cyber defense capabilities. Previously, Mr. Emerson led Threat Analysis, Cyber Security Incident Response and Security Intelligence in IBM’s Managed Security Services organization.
RSA Call For Papers Watch for the Live-Stream interview throughout the conference on RSAC TV. Title: Security For Real People: A Case Study Abstract: Kerry Matre set out to explain our world of risks, threats and vulnerabilities to a roofing company. Yes, roofers. Real people with real security problems. Hear Kerry discuss her attacker-persona-based approach to having non-security folks truly understand security and risk. Plus, learn the surprising reaction of the roofers and the impact of security awareness on their employees/business. Kerry Matre, Director, HPE Security Portfolio Kerry Matre is a unicorn. And by unicorn I mean a female in infosec. Having started her career in application development she jumped into ethical hacking and learned the fine art of sql injection. The result was pure paranoia and an instant desire to burn every piece of code she had previously written. The rest is history. She has spoken around the world on security and privacy topics but ask her about the industries skills gap and she will fill the conversation with comedy, tragedy and hope. David Graves Alternate Architectural Threat Analysis: Driving secure application development Agile approaches need not create a battle between rapid, flexible development and solution security. This session will describe a scalable process for security-driven architecture specification, enabling rapid threat analysis and risk mitigation while using Agile methodologies. Analysis of a detailed case study will empower you to apply this process in your organization.
ArcSight at RSA 2017 Su Jin Kim
Intelligent Security Operations Increase Speed, Simplicity and Effectiveness Across Entire Workflow Visibility Without Boundaries Open platform, massive scale log ingestion supporting both short term alerting and long term investigation The first benefit of leveraging an intelligent SOC is having “VISIBILITY WITHOUT BOUNDARIES”. The second benefit is having “COMPREHENSIVE DETECTION”. The third benefit is bringing “INTUITIVE INVESTIGATION” to bear. Seamless Real-time and Advanced Analytics powered monitoring and alerting built for security scale Comprehensive Detection Guided, Analytics powered prioritization, investigation, entity profiling and workflow Intuitive Investigation
Challenges to performing security investigation Lack of ability to perform searches at scale Security analysts bogged down with time-consuming tasks Limited access to full range of data However, there are three major challenges to performing investigation. Many tools are not efficient enough to run searches on large data sets and the limitation slows down the speed of security operations. It is hard to hire skilled resources for security operations and manual tasks hinder their productivity It requires additional setups and tasks to leverage a data lake such as Hadoop for long-term data storage HPE Confidential
Intuitive investigation – ArcSight Investigate Industry-leading search speed at scale ArcSight Investigate takes advantage of distributed system so it can execute searches 10x faster than competitions Modern intuitive dashboard and visualization ArcSight Investigate allows security analysts to turn data into insights with a few clicks Seamless integration with Hadoop A single UI for ArcSight Investigate and Hadoop provides easy access to full range of historical data
Key Features – Intuitive Search Interface
Key Features – Dashboard and Visualization
Key Features – Dashboard and Visualization
Key Features – Dashboard and Visualization
Key Features – Integration with Hadoop ArcSight Investigate Search data Vertica (OEM) Event Broker Search Application Hadoop /HDFS Store data Option 1: Customers can choose to move data to Hadoop in real time in addition to storing in OEM Vertica Option 2: Customers can choose to move data to Hadoop after a time period (i.e. 90 days) like data archives Choose to store data in Open Formats (i.e. ORC etc) Search data Based on time period selected – ArcSight Investigate will execute search in Hadoop/HDFS Analyze data Same Data Analysis Experience on Hadoop as Vertica. Query results from Hadoop are cached in Vertica Data flow Store data Data lake Connectors Analyze data
ADP & ESM Shilpi Srivastava
Enterprise Security Manager 6.11 Accurate detection and investigation with real time context Detect threats as soon as they start to occur, at the scale your enterprise demands Enhancements to Enterprise Security Manager with ESM 6.11 will be released in Q2FY17. Integration with ArcSight Investigate and Event Broker IPv6 Support for super-enterprise scale with native IPv6 and dual stack capabilities ACC Enhancements - improved case management, integration commands, and more, for easier investigation Modernized looks in the Console and Web UIs with new light and dark themes For more information about Enterprise Security Manager, visit ESM sales portal page Sales enablement training scheduled March 30
ArcSight Data Platform 2.1 Evolve to an open architecture model to maximize usage Leverage all available data – from devices, in data lakes and 3rd party intelligence to establish and monitor your threat posture Enhancements to ArcSight Data Platform with ADP 2.1 will be released in Q2FY17. Integration with ArcSight Investigate Quick Flex - Build Parser for Flex Connector using Token Filter Technology Events from Event Broker into ESM Event broker management through central management console Routing – look at the content of the event and send to the right destination For more information about ArcSight Data Platform, visit ADP sales portal page Sales enablement training scheduled March 30.
Product Contacts Team at RSA Product Marketing Su Jin Kim – ArcSight Investigate <su-jin.kim@hpe.com> Shilpi Srivastava – ADP, ESM <shilpi.srivastava@hpe.com> Sam Pierre – DMA, UBA <sam.pierre@hpe.com> Product Management Alona Nadler – ArcSight Investigate, ADP <alona@hpe.com> Kavita Varadarajan – ESM <kavita.varadarajan@hpe.com> Chip Mesec – DMA, UBA <chip.mesec@hpe.com>
Thank You