visualizing security data and threat impact - c.ymcdn.comc.ymcdn.com/sites/ · •hp webinspect was...

© Copyright 2013 Vivit Worldwide

Visualizing Security Data and Threat Impact

November 21, 2013

http://www.edge-technologies.com/


Brought to you by

• Vivit Security & Privacy Special Interest Group

(SIG)

Leader: Jason Kennedy

• Vivit US Federal Special Interest Group (SIG)

Leader: Jim Haskins


Hosted by

Tammy Young

Vivit Director

Chapters/Special Interests Groups (SIGs)


Today’s Presenters

Ed Willhide

Chief Technology Officer

Edge Technologies

Ward Cobleigh

Director of Solutions Marketing

Edge Technologies



Housekeeping

• This “LIVE” session is being recorded

Recordings are available to all Vivit members

• Session Q&A:

Please type questions in the Questions Pane


Webinar Control Panel

Toggle View Window between

Full screen/window mode.

Questions


Edge Technologies

• Data integration and visualization specialists

• Providing situational awareness and operational

decision making support for cyber and IT

operations

• Secure, scalable, multi-tenant architecture

• Rapid deployment and time-to-value

• Expanding product offerings to incorporate Big

Data analytics for cyber security

• Customers include Government agencies,

Managed Service Providers, Fortune 500


Edge Technologies and HP

• Established history:

– 1997: Web-enabled

OpenView

– 2005: Enterprise

Management

Alliance Program

– 2011: AllianceOne

Partner Program

– Close relationship

with HP Sales and

internal teams

• Integrations:

– ArcSight

– Business Process

Monitor

– NNMi

– Operations Manager

– Performance Insight

– Service Manager

– SiteScope

– WebInspect


The Challenge

• Every facet of business and government

operations depend on availability and security

of computer networks and assets

• Security and IT applications create huge

amounts of highly complex information that

only analysts are able to decipher

• Determining the impact of cyber incidents to

operations / business processes and then

communicating that information in a

meaningful way is a challenge


Problem: The inherent complexity and abundance of

cyber data makes situational awareness a challenge


Solution: Aggregate cyber and IT operations to provide

awareness, assess impact, support decision making


Tailored views provide the information necessary to

support decision making

Managers

Summary & Some Detail

Operations

Summary & Fine Grain Details

Executives

High Level Summary


Operational / Mission Impact

• Operational / Mission impact is realized through

the marriage of cyber security data and “non-

cyber” sources:

– asset management systems

– business process management system

– …

• Which of these sources are relevant is

dependent on the how they can be applied to

assess impact

• Impact assessment can be realized to varying

degrees depending on the information available


Real World Example: DOC PACOM

• Provide DOD leadership with cyber situational

awareness views and operational impact

summaries

• HP ArcSight deployed as the SEIM and analyst

console

• HP ArcSight alerts collected, processed and

analyzed by AppBoard

• AppBoard deployed as cyber COP(common

operating picture) to provide leadership with

situational awareness and operational impact

summaries


Security Visualization Example: Cyber COP


Perspectives: Theatre


Perspectives: Asset


Perspectives: Device


Real World Example:

Major Managed Security Service Provider

• Provide customers with cyber security service

views and reporting over the Internet

• Delivery requires a combination security data

visualization and us of vendor web tools used to

provide the service

• HP WebInspect was used to provide vulnerability

analysis to the customers

• AppBoard deployed to provide web application

hardening for HP WebInspect


Security Visualization Example:

Managed Security Services


Web Application Hardening

• Most companies have well-known policies in

place for hardening or securing their servers,

VMs, and Operating Systems

• Web application hardening is a natural extension

of these policies

• For Managed Service Providers this is an

essential element in delivering customer-facing

views of third party tools safely and securely


Web Application Hardening (cont.)

• AppBoard proxies web UI and dynamically

modifies vendor web UI on the fly to:

– remove known security flaws

– limit access to sections of web content and URLs

– remove / add buttons

– prevent pop-up windows

– prevent script execution, e.g., Cross-site Scripting

(XSS)

– provide additional control of user sessions


WebInspect Hardening Example Web Parts

Full WebInspect Web UI

WebInspect Partial UI


Managed Service View Examples


Demonstration


Thank you

• Complete the short survey and opt-in for more

information from Edge Technologies and you will be

entered into a drawing for a $100 American Express Gift

Card.

www.vivit-worldwide.org

http://www.vivit-worldwide.org/




visualizing security data and threat impact - c.ymcdn.comc.ymcdn.com/sites/ · •hp webinspect was...

Documents