HPESPSeeEverything Infographic 2 - NDM Technologies · Policy Compliance Risk Assessment...
Transcript of HPESPSeeEverything Infographic 2 - NDM Technologies · Policy Compliance Risk Assessment...
ENTERPRISEVIEWHP EnterpriseView translates IT data into actionable intelligence, arming CISOs
RISKMANAGEMENT
VULNERABILITYMANAGEMENT
POLICY &COMPLIANCE
ASSETPROFILING
POLICYLIBRARYIT OPS CONNECTORS
WWW.HPENTERPRISESECURITY.COM
10 2 3 4 5 6 7 8 9 10
10
0
20
30
40
50
60
70
80
90
100
eCommerceOverall Asset Score 36 Criticality Level 8
1
1 Citrus Billing
2
2 Delivery Infrastructure
3
3 Zen Shopping
Zen ShoppingScore: 36Criticality Level: 8
Compliance MaturityZen Shopping Reports
PCI DSS v2.0
A Build and Maintain a Secure Network
B Protect Cardholder Data
3 Requirment 3: Protect stored cardholder data
3.3 Mask PAN when displayed
3.4 Render PAN unreadable anywhere it is stored
30
81
10
10
10
NA
Overall asset score
31Risk 50
38
4.0
2.7
Compliance
Maturity
Vulnerability
ESM
Risk Scores for Assets Riskiest Assets Open VulnerabilitiesRemediation Status
Most Vulnerable Assets
Zen Web Server 8.6
7.1
6.1
5.2
3.7
Zen App Server
Citrus Server
Router
Zen Shopping
Zen Shopping 72
51
20
Low
Medium
66.7%
33.3% Citrus Billing
Delivery Infrastructure
Asset Summary
Policy Compliance Risk Assessment Vulnerability Information
Assigned
New
Reopened
AwaitingRemediation
Risk Register Contained Assets Summary
Asset Name Overall asset score Risk Compliance Maturity Vulnerability ESM
Zen Shopping 60 25 30 1.2 6.5
65 51 20 1.0 2.9
18 10 67 4.0 1.7
Citrus Billing
Delivery Infrastructure
Policy Name
PCI DSS v2.0 38 4.0
Compliance Maturity
3
4
SEE EVERYTHINGWITH HP ENTERPRISE SECURITY
WHO WE AREHP is a leading provider of security and compliance solutions for the modern enterprise that wants to mitigate risk in their hybrid environment and defend against advanced threats. Based on market leading products from ArcSight, Fortify, and TippingPoint, the HP Security Intelligence & Risk Management Platform uniquely delivers the advanced correlation, application protection, and network defenses to protect today’s hybrid IT infrastructure from sophisticated cyber threats.
HP Enterprise Security at a GlanceMore than 600 security patents
Over 160 security products and services
HP Fortify: #1 in market share among security testing providers for 2009, and a leader in Static Application Security Testing (Gartner)
HP ArcSight is a leader in Security Information and Event Management (Gartner) and #1 in SIEM market share (TheInfoPro)
HP TippingPoint is a leader in the Network Intrusion Prevention magic quadrant (Gartner)
DVLabs discovers four times the number of critical vulnerabilities than the rest of the market combined (Frost & Sullivan)
THE INDUSTRY SAYSArcSightHP ArcSight is the #1 “In Use” and #1 “In Plan” SIEM and Log Management solution as per TheInfoPro.
In 2011, both GSN and SC Magazine rated HP ArcSight as the “Best Security Information/Event Management” solution.
A credit union in the mid-west found a $900k wire fraud during an HP ArcSight ESM proof of concept.
TippingPointIn 2012, according to Frost & Sullivan, HP TippingPoint was the #1 ranked security organization in 7 vulnerability reporting categories.*
Using RepDV, HP TippingPoint stops 10M+ connections to bad sites at a large government agency.
HP TippingPoint saves 30% bandwidth with ReputationDV at a well-known ISP by blocking unnecessary DNS look ups.
FortifyOver 1000 organizations worldwide have standardized on HP Fortify - 9 of the top 10 major banks, 9 of the top 10 software companies, all of the top 10 telecoms, all major branches of U.S. DOD, all 5 top insurance firms.
Offers the deepest deployment experience and most supported programming languages, platforms and IDEs.
Detects more application vulnerabilities than any other vendor with the industry’s largest software security research group.
PROTECT 724Protect 724 is an online community for HP ArcSight customers and allows you to help each other:
Share content, collaborate on best practices, and get feedback
Ask and answer questions
Network with each other
Gain visibility on product roadmaps
For more info, visit:protect724.arcsight.com
QUESTIONS1. How do you ensure your
critical applications are secure and available?
2. What are you doing to protect your applications, infrastructure and networks across physical, virtual, and cloud environments?
3. Do you have a single ‘pane of glass’ view into security intelligence and risk management to prove compliance?
FOLLOW US ON...#HPSecure
HPSecure
hp-enterprise-security
HPSecure
Next GenIPS
DVLabsResearch
Next GenManagement
Next GenFirewall
In-House
Commercial Open Source
OutsourcedEventCorrelation
UserMonitoring
FraudMonitoring
LogManagement
ApplicationMonitoring
ControllerMonitoring
INFORMATION OPERATIONS APPLICATIONS RESEARCHMonitor and Assure Security of Applications and Infrastructure Completely
HP ArcSight ESMProvides automated pattern analysis and protects critical data, applications and infrastructure.
HP ArcSight LoggerStores and manages all enterprise log data, while automating compliance reporting.
HP ArcSight ExpressAllows the deployment of all-in-one correlation and log management, while automating security operations.
HP ArcSight IdentityViewMonitors ALL user activity, watches privileged usersand attributes shared account usage.
HP ArcSight AppSMEnables application security monitoring within business applications without any additional instrumentation and leverages the strengths of HP Fortify in application security and HP ArcSight in enterprise threat and risk management.
HP TippingPointNext Generation IPSAdapts to provide advanced protection against advanced targeted threats. Deployed inline, our NGIPS protects vulnerable applications from attack, stops malicious botnet and malware traffic, provides richer event information and policy decision making, and delivers granular application control.
HP TippingPoint Secure Virtualization Framework (SVF)Is purpose-built for securing physical, virtual and cloud environments by providing visibility, full security policy management, and firewall zoning and segmentation across trust zones, while leveraging the TippingPoint IPS N-Series for full VM traffic inspection.
HP TippingPoint WebAppDV WebAppDV adds Adaptive WAF technology to the HP TippingPoint IPS.
HP Fortify Software Security CenterSecure all your business-critical desktop, mobile and cloud applications in the enterprise.
HP FortifyStatic Code AnalyzerIdentify, prioritize and fix security vulnerabilities in the source code during software development.
HP Fortify on DemandProtect all in-house or vendor applications quickly, easily and affordably with software security in the cloud.
HP WebInspect Real-TimeCorrelate dynamic and static security testing results to provide actionable line-of code remediation details for any web application.
HP Fortify Mobile Application SecuritySecure all mobile applications, save time and money by removing security vulnerabilities at the source, and increase development productivity.
HP DVLabsTeam is dedicated to applied security intelligence including advanced vulnerability research, filter development and advanced persistent threat counter measures. They also manage the global Zero Day Initiative (ZDI) program.www.zerodayinitiative.com
DVLabs provides the following:
App DVGranular control for the access and use of applications such as Facebook and YouTube
ReputationDVPolicy-based protection from known bad IP addresses and DNS entries
ThreatLinQOnline customer portal that provides security intelligence to finely tune IPS settings
Fortify Security Research GroupFocused on advanced threat research providing industry leading security intelligence to the Enterprise Security products and solutions.
Defend Applications and Networks Seamlessly
Design, Develop and Deploy Applications Securely
Apply Industry-Leading Security Research to Provide the Latest Protections
SECURITY INTELLIGENCE & RISK MANAGEMENT PLATFORMThe HP Enterprise Security Intelligence and Risk Management Platform consolidates security information with operational information delivering the ability to understand risk and prioritize responses.