Cyber Security
differentiator, market leadership, and industry alignment are better predictors of maturity. The right growth strategy for cyber security maturity How should customers establish their growth strategy, in terms of cyber maturity? What are the key focus areas and challenges? Vasant Kumar considers and outlines the HPE approach. “Whether protecting brand, intellectual capital, and customer information or providing controls for critical infrastructure, the means for incident detection and response to protect organisational interests have common elements: people, processes, and technology. The HPE model, SOMM (Security operations maturity model and methodology), focuses on multiple aspects of a successful and mature security intelligence and monitoring capability including people, process, technology, and the supporting business functions. These four pillars are equally important. Our experience with our clients revealed that, while clients focus on people, process and technology, it is critical to gain the buy-in from the business, who has an important role to play. When we deliver services, the first thing we conduct are the Business Requirements Mapping workshop with our clients. This is a series of a 5-day workshop with the key stakeholders where we establish the business issues. We do this by identifying these across products, services, and use cases, and the associated risk levels. For example, for a banking client, we map against the compliance and regulatory requirements relating to system logs, and help the client automate these reports in an auditable way. In this way, the client is able to demonstrate to the auditors that there is an established protocol in place to review logs and highlight issues. Everyone has a responsibility when it comes to security. And this includes the business, which means the need for the board to be involved in key decisions relating to security. Knowing there was a security risk and not prioritising it is no longer acceptable. Stringent regulations are being enforced in certain industries, for example in financial services. Aligning the cyber security goals against regulatory requirements will also be useful in helping to formulate growth strategy. Security Intelligence and the key sources for Security Operations Security Intelligence using analytics, such as machine learning and predictive analytics across diverse data sets, can help an organisation become proactive, rather than reactive, in managing cyber risk and mitigate threats. Vasant Kumar notes, “this allows our clients to identify threats quickly and accurately so that action can be taken before critical systems are impacted. With the ability to predict, using a data collection platform that is reliable and secure, it provides visibility and triggers for alerts generation. Data collected, normalised and enriched through this platform, include key sources such as: logs, sensors, stream
network traffic, security devices, web servers, customer applications, cloud services and others. HPE ArcSight Data Platform (ADP) 2.0 collects data from these sources and delivers an open architecture that can also send event data to third-party applications such as Hadoop, data lakes, or even proprietary in-house applications. For example, data from the end-device monitoring capability allows for identification of the specific device in issue and reduce time to make an informed decision to fix any problem quickly. In addition, normalising and categorising data immediately after it is collected, and enriched with security context enables faster correlation and threat detection. This also helps our clients to be proactive rather than reactive. Our in-house threat intelligence feeds can be plugged onto the platform. For example, our Threat Intelligence team monitors the cyber underground to understand the threat actors and the indicators of compromise; our experts in vulnerability, malware and defender research perform complex analysis of the latest malware and exploits while putting the trends into context for defenders; and we have our data scientists and security researchers utilise machine learning and predictive analytics to develop use case driven models. We also use Open Source intelligence and collaborative feeds, such as Stix, Taxii, which are integrated into the platform.� >>
HPE ARCSIGHT Evolves Beyond Traditional SIEM HPE ArcSight continues its leadership in the industry, helping clients to protect their organisation against cyber threats using a risk-based adversary-centric approach. As the landscape of threats vectors moved beyond the traditional IT environment to OT, to now IoT, HPE had recently launched a rethink of the fundamentals of ArcSight. The roadmap for HPE ArcSight will continue to help protect clients against the most aggressive threat environment in the history of IT security HPE ArcSight is a next-generation cyber defense solution with security and compliance analytics. In coming up with the roadmap, we have taken on client pain points.
Australian Security Magazine | 35