Sponsor Track

Next Generation SOC: Building a Learning Security Ecosystem Using HP ArcSight Technology

Expo Theatre (Hall G) October 21, 2014 - Feedback     

Bookmark and Share

Matt Anthony

The concept of defense in depth has attracted a lot of attention over the past decade. Several organizations have invested heavily in a broad collection of technologies in an effort to better secure their information. The objective of defense in depth is to use complementary technologies to cover the gaps and limitations of each other to provide more robust Security protection.  Demand for defense in depth solutions has grown steadily over the years but the promise of its true potential remains unfulfilled.  In response to this demand, leading technology companies such as HP are expanding the portfolio of multiple security solutions that contribute to better performance and increased interoperability over a multi-vendor approach.  To fully realize the benefits of defense in depth, the strategy must be extended beyond technology alone to include system integration, SME analysis, insightful reporting, run-book automation, and sound operational processes to streamline recalibration of the system components.

In this presentation, we explain Sentry Metrics’ Next Generation SOC methodology in detail to illustrate how ArcSight can be used as part of a learning ecosystem that continuously adapts to each client’s dynamic risk profile.  The reference architecture for this presentation will demonstrate the use of HP ArcSight to integrate and inform defense in depth with multi-vendor technologies such as HP TippingPoint, F5 ASM, Rapid7 Nexpose, and others.  Two key concepts form the basis of the Next Generation SOC.  The first concept is the relationship between Exposures, Threats, and Counter-Measures.  By appropriately aligning these inputs, we will show how critical insight drives appropriate actions including proactive and responsive protections.  The second concept is a continuous process to move active protections further away from protected assets through the use of shared intelligence.  By moving active protections outward we restrict attacker visibility and reconnaissance, reduce the circumvention of Security controls, and simultaneously optimize the performance of technologies deployed throughout the ecosystem.  By combining these two concepts, we are able to improve Security posture, accelerate program performance, and ultimately increase productivity in achieving, maintaining, and continuously improving Security operations.

October 22, 2014 | Tech 2 (801a) | 11:30 – 12:00