Protect your Digital Enterprise Sajith Rahman K Hewlett Packard Enterprise . Solution Architect-Pre-Sales Consultant. South India & Sri Lanka. Sajith.Rahman@hpe.com +91-9880435416

Today’s digital Enterprise needs a new style of protection IaaS SaaS PaaS Off Premise On Premise USERS Protect your most business-critical digital assets and their interactions, regardless of location device APPS DATA BIG DATA BYOD Off Premise

Managing risk in today’s digital enterprise Data User Interaction Application

Traditional data security Everything encrypted at the end point

Challenges with traditional data security Performance issues. Managing keys. Application rewrite. Data visible to privilege users. PCI scope reduction

Format-Preserving Encryption & Tokenization. Preserves referential integrity Supports data of any format: name, address, dates, numbers, etc. Provides production protection and data masking Embeds the key rotation policy in the data Reduces the need to re-encrypt PCI Scope Reductions.

Traditional Application Security 84% of breaches target applications Applications have become the new perimeter  Develop Test Deploy

80% of successful attacks target the application layer $3.8m Average Cost of breach Less than 10% of IT Security Spend on Application Security 86% of applications are in trouble 13% of applications compromised completely automatically Sources: Gartner , Ponemon Institute, Annual Study: $U.S. Cost of a Data Breach, The Open Security Foundation

Cyber attackers are targeting applications Intellectual Property Customer Data Business Processes Trade Secrets Applications Hardware Security Measures Switch/Router security Firewalls NIPS/NIDS VPN Net-Forensics Anti-Virus/Anti-Spam DLP Host FW Host IPS/IDS Vuln. Assessment tools Networks

Operate Securing the new SDLC Secure Development Security Testing Deploy Secure Development Find and fix as developer codes Security Testing Expand testing to web, mobile and cloud applications in production Software Security Assurance Programmatic approach to securing applications at scale

Application Security A proactive approach to defend the organisations from application layer threats by building security within the applications… Secure By Design Secure By Development Secure By Deployment

Internal Users are Now the Weakest Link SIEM focuses on the “known”; Analytics shines a light on the “unknown A determined attacker will get in 98% of all breaches investigated, evidence of the attacker activity was available and contained in security log files (Verizon Data Breach Report) 83% of all data loss was via legitimate credentials (Verizon Data Breach Report, 100% Mandiant) Little/no visibility inside the enterprise of lateral movement, applications Lack of monitoring/tracking of internal sources / networks

User Behavior Analytics Overview Identity Risk scoring & Prioritization Abnormal Behavior Detection Active Monitoring of Events Contextual Visual Investigation Learn normal Identify Weird Access UBA Activity (Events & Applications)

What value does UBA bring to our customers? Find the malicious user Faster event resolution Prioritization of high risk users Investigation efficiency & visualization 5-1 ROI impact

Detecting not “normal” for that user +1 +1 Frequency spike Event rarity Behavioral analysis +1 +1 Behavior profiles Peer group profiles Amount spike Peer group comparison Peer analysis Suspicious activities & transactions Suspicious account usage Suspicious system usage

How Destructive is Malware? In an average week, an organization receives 17,000 malware alerts $1.27 million annually Average cost of time wasted responding to inaccurate intelligence 205 Percentage of malware alerts deemed to be reliable Median number of days threat groups were present on a victim’s network before detection Mandiant Ponemon Institute

DNS Malware Analytics USE CASE: An automated service to Detect and Identify hosts inside my Enterprise which: Are positively infected with malware, bots, or other unknown threats Are trying to contact Command and Control Servers or exfiltrate data, Other perimeter or internal security products have not detected, High fidelity – Low false-positive Alerts, Enable Operational Staff (L1) to mitigate/remediate, Data feeds/Alerts fit into my existing SOC infrastructure without expansion.

Thank You