CYBER DEFENSE - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

CYBER DEFENSE

Description:

www.duarte.com. CYBER DEFENSE Alexandar Alexandrov – PowerPoint PPT presentation

Number of Views:604
Avg rating:3.0/5.0
Slides: 18
Provided by: Stephan263
Category:

less

Transcript and Presenter's Notes

Title: CYBER DEFENSE


1
CYBER DEFENSE
  • Alexandar Alexandrov

2
Cyber security
Our technological advantage is a key . But our
defense and military networks are under constant
attack. .... Indeed, in today's world, acts of
terror could come not only from a few extremists
but from a few key strokes on the computer -- a
weapon of mass disruption. ... it's now clear
that this cyber threat is one of the most serious
economic and national security challenges we face
as a nation.
  • President Barack Obama,
  • May 29, 2009

3
Public Value national security
PUBLIC VALUE IN NATIONAL SECURITY CYBERSECURITY
ULTIMATE BUSINESS GOAL
EXECUTIVE KPI(Direction) CORE FINANCIAL
KPI(Direction)
TRUST
INFORMATION ASSURANCE
EFFICIENCY ---------------
OUTCOMES ---------
  • Citizens Trust
  • Privacy
  • Civil Liberties
  • Protection / Security
  • Govt Transparency
  • Strengthen Security and Resilience at Home
  • Secure Cyberspace
  • Critical Infrastructure Protection
  • Services delivered quickly
  • Agencies operate within budgets
  • Leverage Technology
  • Incidents / Attacks Prevented
  • Infrastructure Protection
  • Access to Services
  • Coordinate with Emergency Mgt., Public Safety /
    Justice Agencies

Capital Investment Management
Budget, Labor, Operating Cost Management
BUSINESSINITIATIVES(Strategy/Priority Language)
Develop Intelligence Capabilities
Reduce Network Intrusions/ Internet Crime
Improve Incident Response
Increase IT Efficiency and Effectiveness
OPERATING KPIs--------------------------------PR
OCESS/FUNCTION
Reduce Network Attacks / Internet Crime
Rates Risk Assessments / Awareness _______________
Forensics / Law Enforcement
Improve Incident Response ______________ Detecti
on, Response, Recovery
Reduce IT Operating Costs ______________ Budget,
Capital, HR, Procurement, Training
Prevent Critical System Intrusions __________ Cybe
r Security Intelligence
HP SOLUTION Cybersecurity
Business Continuity / Recovery
Identity / Access Management
Network / Datacenter Security
Security Operations
Risk Management / Compliance
Application / Data Security
4
The Threat
  • Stakeholders
  • The Source of the Threat
  • Whats at Risk
  • Military, Intelligence, Homeland Security
  • Federal, state, local and tribal governments
  • Businesses Consumers
  • Nation states
  • Ideological Movements
  • Organized Criminal Elements
  • Fame Seekers
  • Industry Competitors
  • Insiders
  • Merely Curious
  • Economic security
  • National security
  • Competitive Advantage
  • Public safety
  • Personal Information, intellectual property,
    privacy
  • Critical infrastructure (e.g. power grids,
    transportation)

5
HP Security Services
Cyber Dominance
Mission Integration
Situational Awareness
Cyber Control to Achieve Mission
Cyber/Network Analytics Prediction
Informed Decision Making
6
Comprehensive Cyber Security services portfolio
  • Proven integrated building blocks

Application Security Services for testing applications (including vulnerability assessment and penetration testing) and for building security and privacy controls into applications
Data Content Security Services for data encryption, key management, data loss prevention, secure e-mail, and web content filtering
End Point Security Services including anti-virus, anti-spyware, mobile device security, and host intrusion detection prevention
Network Security Services for protecting the network, including firewalls, wireless security, remote access, network access control, etc.
Data Center Security Security services for servers, storage, virtualization, and cloud computing
Risk Management Compliance Services to train clients in security policies and procedures, to measure and manage risk, to define appropriate security controls and governance, and to achieve and sustain compliance
Security Operations Services for managing security events including log management, security incident response, reporting and root cause analysis
Business Continuity Recovery Services for ensuring the continuity of IT-based business processes
Identity Access Management Services for establishing authentication and authorization of user access to business assets
Research Development Working with clients to develop next generation approaches to cyber security.
Research Development
7
HP Security Services Portfolio
  1. End Point Threat Mgmt (AV, AS, HIDS, Personal
    F/W)
  2. End Point Application Device Control
  3. Host Intrusion Detection Prevention Services
  4. Mobile Device Security
  1. Application Penetration Testing
  2. Application and Code Testing/Scanning
  3. Web Application Security Assessments
  4. Web Application Penetration Testing
  5. Web Application Firewalls
  6. SOA Security
  7. SAP Security
  8. Middleware Mainframe Security
  9. Midrange/Server Security
  1. Network Intrusion Detection Prevention Services
  2. Adaptive Network Architecture
  3. Managed Firewall
  4. VPN, UTM
  5. Network Access Control
  6. Wireless Security
  7. Managed Proxy / Cache / Filtering
  1. Web Content Filtering
  2. Email Security
  1. Disk/File Encryption
  2. Database Security
  3. Data Loss Prevention
  4. Enterprise Rights Management
  5. PKI
  6. Key Management
  1. Server Threat Management
  2. Storage Security
  3. Virtualization Security
  4. Cloud Computing Security
  5. Fusion Center

8
HP Security Services Portfolio
  1. IT Governance, Risk Compliance (GRC)
  2. eDiscovery Archiving
  3. Customer Specific Training and Awareness
  4. Operational Risk and Exceptions to Policy
  5. Account Delivery Continuity
  6. ISO 27001 Certification
  7. Information Risk Advisory Service
  8. PCI Compliance Scanning
  9. PCI Managed Compliance
  10. C A NIST SP 800-37
  11. C A DIACAP
  12. SCADA/Process Control System Security Assessment
  13. NERC CIP Design, Audit and Implementation
  14. IVV Test and Evaluation
  15. Compliance Assessments
  16. Threat Risk Assessments
  17. MCSS Capabilities
  • PKI Management
  • Token Management
  • Managed Remote Access
  • Directory Services
  • Meta Virtual Directory
  • Active Directory
  • User administration
  • IDAM - Current State Assessment
  • IDAM - Architecture Blueprint
  • IDAM Design Implement
  • Web SSO
  • Federation
  • Provisioning
  • E-SSO
  • Risk Based Authentication
  • PAM Management

9
HP Security Services Portfolio
  1. Research, Development, Test Evaluation services
  2. DARPA, IARPA and Military Department research
    agency opportunity
  3. DOE National Labs support
  4. NMCI Research Analysis capabilities and support
  5. Large comprehensive cyber security pursuits
  1. Enterprise Security Information Event
    Management
  2. Log Management
  3. Compliance Management
  4. Security Dashboard
  5. System Hardening Services
  6. Security Incident Response
  7. Forensics
  8. Threat Monitoring Alerting
  9. Live Network Service
  10. Vulnerability Scanning
  11. Vulnerability Detection Management Services
  12. Security Configuration Management
  13. Global Security Operations Centers (GSOC)
  14. Mainframe Platform/OS Security
  15. Midrange/Server Platform/OS Security

10
Vulnerability Assessment Services
  • Network Assessments (Internet Intranet)
  • Network Vulnerability Scanning (State of Art
    Tools)
  • Network Penetration Testing
  • System and Host Vulnerability Testing (White Box
    Black Box)
  • Wireless Network Surveys and Penetration Testing
  • Application Assessments (COTS and Custom)
  • Application Development Life Cycle Security Gap
    Analysis
  • Application Development/Design Training
  • Application Code Analysis (From C to Cobol)
  • Application Cyber Red Team
  • Application Automated Vulnerability Scanning (Web
    Database)
  • Application Regression Testing
  • Independent Validation and Verification (IVV)

11
HP Comprehensive Applications Threat Analysis
  • Fast Facts
  • 40,000 vulnerabilities in National
    Vulnerabilities Database
  • Estimate 800,000 vulnerabilities not yet
    exploited
  • Vulnerabilities patched late cost some 30X more
    that those patched early
  • 70 of all successful attacks have exploited
    application vulnerabilities (Gartner, Microsoft)
  • Typical security audits find 20 issues,
    uncovering dozens or hundreds of vulnerabilities
  • One action which avoids a single data breach pays
    for itself 100 fold
  • Services Solutions
  • Security Requirements Gap Analysis
  • Architectural Threat Analysis

Building security in, not merely testing it
12
HP Assured IdentityTM Plus Services
End-to-end Security Solutions
Run
Business Readiness Workshop
Detailed Design Architecture
Implementation
Strategy Roadmap
Assured Identity ManagementTM
Assessment Service
Fed SecureTM
Services Offered
Audit Compliance Validation
Gate SecureTM
Assured Identity TM
Strategic Technology Partnerships
Industry Frameworks
13
HP Assured IdentityTM Plus
  • Assured Identity
  • Credential Enrollment
  • Credential Issuance
  • FIPS 201 Compliance
  • PIV.XX Support
  • Gate Secure
  • Physical Security
  • Automated PACS provisioning system
  • New, single use, common credentials across
    multiple agencies
  • Fed Secure
  • Federation in a Box
  • Cross Credentialing
  • Federation Broker
  • Access Management Services
  • Assured Identity Management
  • Life Cycle Management
  • User Provisioning
  • Workflow
  • Delegated Admin
  • Self-Service

Consulting Services
Managed Security Services
14
Cross Industry Experience
  • Deep HP Security experience in all industries
  • Industry focused security consultants

We serve/manage critical cyber infrastructures
across all US Critical Infrastructure/Key
Resource sectors
15
HP Personnel Dedicated to Cyber Security
  • Over 2,500 cyber security professionals worldwide
  • Includes specialists for advisory and consulting
    engagements
  • Certified security staff with CISSP, CISM, CAP,
    CIS, CSSLP or GSEC

16
Global Reach and Support
  • Top 50 Accounts

US Dept. of Defense US Government Comptroller of
the Currency Defense Logistics Agency US Dept. of
Agriculture US Dept of Justice US Dept. of
Education US Dept. of Energy US Dept. of Health
Human Services US Dept. of Homeland
Security US Dept. of Housing Urban
Development NHIC/ Medicare US Dept. of
Treasury Dept. of the Army Dept. of the Navy Dept
. Of Veterans Affairs DFAS DISA US Postal Food
Drug Administration Social Security
Administration US Dept. of State
Alberta Sustainable Resource Div. BC Ministry of
Labour BC Ministry of Provincial Revenue
Citizen Services Edmonton Delivery PWGSC
Pension Modernization Government of Manitoba
Sweden Post
Ministry of the Flemish Govt.
INAIL IPZS Minesterio di Grazia e Guist Ministro
Pubblica Intruzione
State of California City of Anaheim State of
Michigan State of Ohio Commonwealth of
Pennsylvania
European Space Agency
Federal Reserve World Bank
IDA of Singapore
Consulting ATP
UK Ministry of Defence UK Dept. For Work
Pensions UK Justice Offender Management
Tax Administration Service of Mexico (SAT)
Israel Ministry of Justice
South Australian Government
17
QA
Write a Comment
User Comments (0)
About PowerShow.com