visualizing security data and threat impact - c.ymcdn.comc.ymcdn.com/sites/ · •hp webinspect was...
TRANSCRIPT
© Copyright 2013 Vivit Worldwide
Visualizing Security Data and Threat Impact
November 21, 2013
© Copyright 2013 Vivit Worldwide
Brought to you by
• Vivit Security & Privacy Special Interest Group
(SIG)
Leader: Jason Kennedy
• Vivit US Federal Special Interest Group (SIG)
Leader: Jim Haskins
© Copyright 2013 Vivit Worldwide
Hosted by
Tammy Young
Vivit Director
Chapters/Special Interests Groups (SIGs)
© Copyright 2013 Vivit Worldwide
Today’s Presenters
Ed Willhide
Chief Technology Officer
Edge Technologies
Ward Cobleigh
Director of Solutions Marketing
Edge Technologies
© Copyright 2013 Vivit Worldwide
Housekeeping
• This “LIVE” session is being recorded
Recordings are available to all Vivit members
• Session Q&A:
Please type questions in the Questions Pane
© Copyright 2013 Vivit Worldwide
Webinar Control Panel
Toggle View Window between
Full screen/window mode.
Questions
© Copyright 2013 Vivit Worldwide
Edge Technologies
• Data integration and visualization specialists
• Providing situational awareness and operational
decision making support for cyber and IT
operations
• Secure, scalable, multi-tenant architecture
• Rapid deployment and time-to-value
• Expanding product offerings to incorporate Big
Data analytics for cyber security
• Customers include Government agencies,
Managed Service Providers, Fortune 500
© Copyright 2013 Vivit Worldwide
Edge Technologies and HP
• Established history:
– 1997: Web-enabled
OpenView
– 2005: Enterprise
Management
Alliance Program
– 2011: AllianceOne
Partner Program
– Close relationship
with HP Sales and
internal teams
• Integrations:
– ArcSight
– Business Process
Monitor
– NNMi
– Operations Manager
– Performance Insight
– Service Manager
– SiteScope
– WebInspect
© Copyright 2013 Vivit Worldwide
The Challenge
• Every facet of business and government
operations depend on availability and security
of computer networks and assets
• Security and IT applications create huge
amounts of highly complex information that
only analysts are able to decipher
• Determining the impact of cyber incidents to
operations / business processes and then
communicating that information in a
meaningful way is a challenge
© Copyright 2013 Vivit Worldwide
Problem: The inherent complexity and abundance of
cyber data makes situational awareness a challenge
© Copyright 2013 Vivit Worldwide
Solution: Aggregate cyber and IT operations to provide
awareness, assess impact, support decision making
© Copyright 2013 Vivit Worldwide
Tailored views provide the information necessary to
support decision making
Managers
Summary & Some Detail
Operations
Summary & Fine Grain Details
Executives
High Level Summary
© Copyright 2013 Vivit Worldwide
Operational / Mission Impact
• Operational / Mission impact is realized through
the marriage of cyber security data and “non-
cyber” sources:
– asset management systems
– business process management system
– …
• Which of these sources are relevant is
dependent on the how they can be applied to
assess impact
• Impact assessment can be realized to varying
degrees depending on the information available
© Copyright 2013 Vivit Worldwide
Real World Example: DOC PACOM
• Provide DOD leadership with cyber situational
awareness views and operational impact
summaries
• HP ArcSight deployed as the SEIM and analyst
console
• HP ArcSight alerts collected, processed and
analyzed by AppBoard
• AppBoard deployed as cyber COP(common
operating picture) to provide leadership with
situational awareness and operational impact
summaries
© Copyright 2013 Vivit Worldwide
Real World Example:
Major Managed Security Service Provider
• Provide customers with cyber security service
views and reporting over the Internet
• Delivery requires a combination security data
visualization and us of vendor web tools used to
provide the service
• HP WebInspect was used to provide vulnerability
analysis to the customers
• AppBoard deployed to provide web application
hardening for HP WebInspect
© Copyright 2013 Vivit Worldwide
Web Application Hardening
• Most companies have well-known policies in
place for hardening or securing their servers,
VMs, and Operating Systems
• Web application hardening is a natural extension
of these policies
• For Managed Service Providers this is an
essential element in delivering customer-facing
views of third party tools safely and securely
© Copyright 2013 Vivit Worldwide
Web Application Hardening (cont.)
• AppBoard proxies web UI and dynamically
modifies vendor web UI on the fly to:
– remove known security flaws
– limit access to sections of web content and URLs
– remove / add buttons
– prevent pop-up windows
– prevent script execution, e.g., Cross-site Scripting
(XSS)
– provide additional control of user sessions
© Copyright 2013 Vivit Worldwide
WebInspect Hardening Example Web Parts
Full WebInspect Web UI
WebInspect Partial UI
© Copyright 2013 Vivit Worldwide
Thank you
• Complete the short survey and opt-in for more
information from Edge Technologies and you will be
entered into a drawing for a $100 American Express Gift
Card.
www.vivit-worldwide.org
© Copyright 2013 Vivit Worldwide © Copyright 2013 Vivit Worldwide
www.edge-technologies.com