Digital asset protection is a strategic task.
Organizations embarking on the path of digital transformation should thoroughly think about protecting information assets in order not to expose their business to very serious risks.
The world economy has entered an era of digital change — more precisely, a digital business transformation. In the next few years, this trend will become the defining vector of development for the vast majority of organizations. And this is not only about banks and telecommunications companies, which are “traditionally” dependent on IT. Enterprises will actively increase their information assets in order to set new records of operational efficiency, use the most modern opportunities to attract customers and enter markets, and create products and services in which the IT component will be, if not the main, then one of the central success factors. Under these conditions, the protection of information assets becomes one of the key areas of digital transformation.
In fact, the value of digital assets increases significantly - they are regarded as quite real, without which achieving the desired results is very, very problematic. Since the volume of digital assets is constantly increasing, some of them will be located outside the organization (primarily in the clouds), the structure will become more complicated and their management will be difficult. Such large-scale changes will lead to the emergence of a variety of data protection solutions. All of this suggests that digital assets will become highly vulnerable.
')
The number of intruders seeking to gain access to digital assets and control them will inevitably increase, new methods and tools for cyber attacks will appear. And their cost, most likely, will decrease, and the efficiency will increase. And most importantly, the business risks associated with the harmful effects on digital assets will increase: a “successful” cyber attack can cause very serious, and in some cases irreparable damage.
Recognizing this, Hewlett Packard Enterprise identified the protection of digital assets as one of the key areas of its digital transformation strategy . HPE intends to assist in adapting, on the one hand, to new business requirements, and on the other, to the changing threat landscape.
By offering customers a wide range of information asset protection technologies and services, HPE helps ensure the highest level of security and successfully resist even the most sophisticated threats. A whole range of services is focused on confronting new challenges, and the ways of providing such services are being updated - this is connected not only with changes in the IT landscape of organizations, but also with the improvement of the approaches of attackers who use IT to harm businesses.
HPE carefully assesses the needs of customers for managing risks that protect the security of their digital assets, and selects solutions that provide the necessary protection. Often of particular concern are not only the risks of information security (the cumulative damage from them can be very significant and even painful - up to a complete loss of competitiveness), but also economic risks.
According to a recent study of the “2015 Cost of Cyber ​​Crime Study: Global” conducted by the Ponemon Institute, most of all suffer from threats to the information security of energy enterprises, industrial, financial, transport and technology companies. In the oil and gas and energy sectors, many cases of fraud and theft of inventory items, primarily consumables, are recorded - losses sometimes reach 12-15% of annual revenue. Banks have to confront the risks associated with money laundering, their withdrawal from assets, splitting payments, fraudulent transactions. A large number of incidents in financial institutions is closely related to the presence of numerous electronic services through which you can access assets.
To counter the threats of cyber attacks, you can use the tools HPE ArcSight. They allow you to collect online any information about the operation of infrastructure systems (software and hardware IT complexes, telecommunication systems, engineering infrastructures, production facilities and their APCS). This data can be analyzed, the patterns inherent in incidents can be detected, and then on the basis of a system of rules to quickly detect new incidents. Moreover, it is possible to consider not only IT and IS, but also economic activity, industrial safety and other areas. The adaptation of ArcSight technology to the solution of the current tasks of the enterprise does not take much time.
Quite a few Russian customers are already using HPE information security products in their systems designed to prevent fraud. Significant gains, in particular, are provided by the integration of these products with the business systems of other suppliers. For example, in close cooperation with SAP, we managed to isolate a number of typical fraud scenarios that are popular with insiders working with the business applications of this vendor and implement fraud protection through the ArcSight toolkit. Such an integrated protection system allows you to track business process violations (when coordinating documents, making payments, giving discounts, etc.), controlling access to payroll lists and personal data of users, detecting fraudulent combinations associated, for example, with issuing loans, discount cards or cancellation of previously committed actions. It is always beneficial to use such systems, especially in large organizations, where fraud is not uncommon and the question of minimizing the damage from them is quite acute.
User Behavior Analytics is aimed at identifying the actions of intruders threatening digital assets. It allows you to build profiles of typical user and application behavior, as well as infrastructure elements with which they interact. On the basis of these profiles, atypical behavior is recognized and, thus, actions of an attacker or malicious code are detected during a targeted attack or fraudulent operation.
DNS Malware Analytics, another recently released analytical product that has no analogues on the market, allows detecting malicious code activity by analyzing DNS traffic. Certain types of activity, such as those from individual workstations, can signal that they are infected with malicious codes. By the way, the largest customer of this product is HPE itself - it analyzes the traffic generated by client devices by 200 thousand of its employees. The effectiveness of the technology is verified by the history of the creation of the DNS Malware Analytics system. It acquired a “marketable appearance” after several years of HP’s evolution: a start was made with a set of rules for handling alarms about information security events, and the result was the launch of a finished commercial product on the market.
Protection of information assets is impossible without data protection, primarily from unauthorized access to them and their loss. There are about a dozen products in the HPE portfolio that can protect emails (including file attachments), bank transactions, cross-border business transactions and other digital assets of the enterprise from cyber attacks. Worldwide, HPE data protection solutions are used by many large companies, such as the international payment systems Visa and MasterCard, and in Russia, the country's leading banks.
HPE Security Voltage family solutions help ensure reliable encryption of various types of data, along with the use of electronic token-tokens. They can operate in a variety of corporate IT infrastructures, including cloud, mobile, and Big Data systems. Solutions from another family, HPE Atalla, are responsible for the automated classification of unstructured data and their protection against loss, as well as for encrypting the data that the company exchanges with the external cloud or remote server platforms. To maintain the security of financial data (requirements of this kind are often put forward by banking regulators), the Atalla Network Security Processor (NSP) software and hardware solution is designed. By the way, Atalla was the first technology used to protect transactions made with plastic cards.
Data protection should not be limited to encryption, often the goal of attackers is to destroy or modify data. In such conditions it becomes very important, it would seem, such an obvious and simple task as backup. Today, backing up and restoring is complicated by the fragmentation of virtualization environments and cloud platforms. HPE's backup and recovery solutions portfolio (HPE Data Protector, StoreOnce, StoreEver, and other solutions) allows you to effectively respond to many challenges. We will try to cover this topic in more detail in other articles.
Another important class of information assets is applications. They are the basis for the provision of more and more services to business and external customers. Frequently introduced software systems become another risk factor for information security. Vulnerabilities caused by coding defects (malicious errors) are often caused by absent-mindedness of developers, haste, or incorrect programming.
Practice shows that in the course of even the most superficial scanning of dozens of applied software products in commercial operation, hundreds of critical errors in the program code are detected - from typical “master keys” left by developers “just in case the client forgets the password” to most serious "holes", not once described in the relevant documents.
These vulnerabilities are the cause of failures in IT systems, and in addition, they can take advantage of attackers. HPE promotes the idea of ​​managing information security in the course of software development and is a supporter of the deployment of the Security Development Life Cycle. Of course, programmers are not obliged to be experts in information security, but it is in their power to prevent defects in their products. At the same time, customers of software should have access to tools that allow to evaluate the quality of the development they paid for - either their own, owned by the company's information security service, or owned by service organizations of the IT and IS market.
You can avoid programming flaws by teaching developers how to secure programming and building the development process in the right way. Of course, different types of testing will be needed, but this is not enough - the risk is high that the imperfect code will be transferred to commercial operation. And then the elimination of shortcomings will require significant financial costs - 20-30 times greater than the cost of preventing or detecting errors at the software design stage. And it will take 10 times more time, because you will have to roll back to previous builds, check and fix all the code, recompile it again, perform functional and load testing, reinstall and hand over to the customer.
Organizations that create serious, critical systems are most interested in building the process of creating secure software. They introduce this process gradually and consistently transfer teams working on separate key projects to it — usually no more than two such projects are carried out simultaneously.
To identify programming flaws and vulnerabilities in out-of-the-box applications, HPE proposes to conduct at least two types of software tests. Dynamic scanning (penetration from the outside) makes it possible to reduce the risk of hacking an application by 80%. Scanning software source codes helps detect the most critical defects in the design phase. In Russia, about two dozen companies have already used this approach, implemented using HPE tools. First of all, we are talking about means of static analysis of the Fortify Static Code Analyzer program code and dynamic analysis of the security of web applications and Fortify WebInspect services. The Fortify Software Security Center solution, a repository of centralized development management, helps to build the process of creating secure software, providing a holistic and transparent view of application security in general.
In general terms, the process is as follows. After scanning the application, the detected defects of the code are automatically sorted and then grouped according to the degree of criticality: the most dangerous, rather serious and not too important (the latter in case of time trouble can be neglected). The security expert reviews the found vulnerabilities and confirms the tasks to eliminate them. The leaders of the development teams designate the performers who must eliminate the defects, after which the results are transferred back through the chain and pass the necessary checks. No additional procedures, except as provided by the regulations, are required. IT support for this process is implemented through the LoadRunner load testing toolkit and the Quality Management Enterprise software quality management system.
Information obtained during the application scanning can be used to prepare IT department reports or transferred to a security monitoring system. This can be useful, for example, to adequately respond to suspicious activities: if they are associated with software modules that have “holes” in their security, you should pay close attention to these attacks, since it is likely that attackers will try to exploit the defect in the code.
A key role in protecting digital assets is played by information security incident management centers (SOC). They collect and analyze in real time everything related to data protection, and proactively identify growing threats (primarily cyber attacks), helping to take the necessary measures. In the largest SOC-centers of the world, more than 1 million information security events are processed per second. In Russia, at least ten organizations have SOC, which process 200 thousand or more information security events per second. There is a SOC and the company HPE. Information about information security events occurring on the devices of 365 thousand employees is transmitted and analyzed; about 20 billion DNS queries are analyzed per day.
HPE employees note that in Russia there is also a growing demand for services to create information security incident management centers (SOC) and an independent assessment of the level of maturity of already constructed centers of this level. Three key aspects of SOC are evaluated: technology, employees, and processes. During the audit, the organizational structure and the correctness of the alignment of processes are checked, and in addition, the capabilities of the technologies used in SOC are assessed in terms of their sufficiency and redundancy.
Services available to Russian customers are not only provided by HPE, but also by its partners who have the status of Managed Security Services Provider. About 30 organizations are already cooperating with one of these SOC owners. Most likely, in the near future, the range of information security service providers based on HPE products will expand - primarily due to telecommunication companies seeking to replenish their offer portfolios for corporate clients.
To ensure that business leaders have the ability to control business processes, compare and evaluate the interconnection of various risks with IT factors, HPE specialists have developed the Executive Value Dashboard. It is built on the basis of functions of ArcSight, Business Service Management, Universal CMDB and Service Manager. There are among the users of this console and Russian customers who are already engaged in the implementation of this solution.
A number of Russian enterprises have already gained extensive experience in protecting digital assets. Some of them, relying on the existing competence and tools in the field of information security, master a new business for themselves - providing services to protect digital assets to other organizations, both their own subsidiaries and external customers. It can be said with confidence that investments aimed at protecting information assets can not only reduce risks, but also bring real income, helping to derive additional benefits from the digital transformation.
The world economy has entered an era of digital change — more precisely, a digital business transformation. In the next few years, this trend will become the defining vector of development for the vast majority of organizations. And this is not only about banks and telecommunications companies, which are “traditionally” dependent on IT. Enterprises will actively increase their information assets in order to set new records of operational efficiency, use the most modern opportunities to attract customers and enter markets, and create products and services in which the IT component will be, if not the main, then one of the central success factors. Under these conditions, the protection of information assets becomes one of the key areas of digital transformation.
In fact, the value of digital assets increases significantly - they are regarded as quite real, without which achieving the desired results is very, very problematic. Since the volume of digital assets is constantly increasing, some of them will be located outside the organization (primarily in the clouds), the structure will become more complicated and their management will be difficult. Such large-scale changes will lead to the emergence of a variety of data protection solutions. All of this suggests that digital assets will become highly vulnerable.
')
The number of intruders seeking to gain access to digital assets and control them will inevitably increase, new methods and tools for cyber attacks will appear. And their cost, most likely, will decrease, and the efficiency will increase. And most importantly, the business risks associated with the harmful effects on digital assets will increase: a “successful” cyber attack can cause very serious, and in some cases irreparable damage.
Recognizing this, Hewlett Packard Enterprise identified the protection of digital assets as one of the key areas of its digital transformation strategy . HPE intends to assist in adapting, on the one hand, to new business requirements, and on the other, to the changing threat landscape.
By offering customers a wide range of information asset protection technologies and services, HPE helps ensure the highest level of security and successfully resist even the most sophisticated threats. A whole range of services is focused on confronting new challenges, and the ways of providing such services are being updated - this is connected not only with changes in the IT landscape of organizations, but also with the improvement of the approaches of attackers who use IT to harm businesses.
Protection against intruders
HPE carefully assesses the needs of customers for managing risks that protect the security of their digital assets, and selects solutions that provide the necessary protection. Often of particular concern are not only the risks of information security (the cumulative damage from them can be very significant and even painful - up to a complete loss of competitiveness), but also economic risks.
According to a recent study of the “2015 Cost of Cyber ​​Crime Study: Global” conducted by the Ponemon Institute, most of all suffer from threats to the information security of energy enterprises, industrial, financial, transport and technology companies. In the oil and gas and energy sectors, many cases of fraud and theft of inventory items, primarily consumables, are recorded - losses sometimes reach 12-15% of annual revenue. Banks have to confront the risks associated with money laundering, their withdrawal from assets, splitting payments, fraudulent transactions. A large number of incidents in financial institutions is closely related to the presence of numerous electronic services through which you can access assets.
To counter the threats of cyber attacks, you can use the tools HPE ArcSight. They allow you to collect online any information about the operation of infrastructure systems (software and hardware IT complexes, telecommunication systems, engineering infrastructures, production facilities and their APCS). This data can be analyzed, the patterns inherent in incidents can be detected, and then on the basis of a system of rules to quickly detect new incidents. Moreover, it is possible to consider not only IT and IS, but also economic activity, industrial safety and other areas. The adaptation of ArcSight technology to the solution of the current tasks of the enterprise does not take much time.
Quite a few Russian customers are already using HPE information security products in their systems designed to prevent fraud. Significant gains, in particular, are provided by the integration of these products with the business systems of other suppliers. For example, in close cooperation with SAP, we managed to isolate a number of typical fraud scenarios that are popular with insiders working with the business applications of this vendor and implement fraud protection through the ArcSight toolkit. Such an integrated protection system allows you to track business process violations (when coordinating documents, making payments, giving discounts, etc.), controlling access to payroll lists and personal data of users, detecting fraudulent combinations associated, for example, with issuing loans, discount cards or cancellation of previously committed actions. It is always beneficial to use such systems, especially in large organizations, where fraud is not uncommon and the question of minimizing the damage from them is quite acute.
User Behavior Analytics is aimed at identifying the actions of intruders threatening digital assets. It allows you to build profiles of typical user and application behavior, as well as infrastructure elements with which they interact. On the basis of these profiles, atypical behavior is recognized and, thus, actions of an attacker or malicious code are detected during a targeted attack or fraudulent operation.
DNS Malware Analytics, another recently released analytical product that has no analogues on the market, allows detecting malicious code activity by analyzing DNS traffic. Certain types of activity, such as those from individual workstations, can signal that they are infected with malicious codes. By the way, the largest customer of this product is HPE itself - it analyzes the traffic generated by client devices by 200 thousand of its employees. The effectiveness of the technology is verified by the history of the creation of the DNS Malware Analytics system. It acquired a “marketable appearance” after several years of HP’s evolution: a start was made with a set of rules for handling alarms about information security events, and the result was the launch of a finished commercial product on the market.
Data protection
Protection of information assets is impossible without data protection, primarily from unauthorized access to them and their loss. There are about a dozen products in the HPE portfolio that can protect emails (including file attachments), bank transactions, cross-border business transactions and other digital assets of the enterprise from cyber attacks. Worldwide, HPE data protection solutions are used by many large companies, such as the international payment systems Visa and MasterCard, and in Russia, the country's leading banks.
HPE Security Voltage family solutions help ensure reliable encryption of various types of data, along with the use of electronic token-tokens. They can operate in a variety of corporate IT infrastructures, including cloud, mobile, and Big Data systems. Solutions from another family, HPE Atalla, are responsible for the automated classification of unstructured data and their protection against loss, as well as for encrypting the data that the company exchanges with the external cloud or remote server platforms. To maintain the security of financial data (requirements of this kind are often put forward by banking regulators), the Atalla Network Security Processor (NSP) software and hardware solution is designed. By the way, Atalla was the first technology used to protect transactions made with plastic cards.
Data protection should not be limited to encryption, often the goal of attackers is to destroy or modify data. In such conditions it becomes very important, it would seem, such an obvious and simple task as backup. Today, backing up and restoring is complicated by the fragmentation of virtualization environments and cloud platforms. HPE's backup and recovery solutions portfolio (HPE Data Protector, StoreOnce, StoreEver, and other solutions) allows you to effectively respond to many challenges. We will try to cover this topic in more detail in other articles.
Application security
Another important class of information assets is applications. They are the basis for the provision of more and more services to business and external customers. Frequently introduced software systems become another risk factor for information security. Vulnerabilities caused by coding defects (malicious errors) are often caused by absent-mindedness of developers, haste, or incorrect programming.
Practice shows that in the course of even the most superficial scanning of dozens of applied software products in commercial operation, hundreds of critical errors in the program code are detected - from typical “master keys” left by developers “just in case the client forgets the password” to most serious "holes", not once described in the relevant documents.
These vulnerabilities are the cause of failures in IT systems, and in addition, they can take advantage of attackers. HPE promotes the idea of ​​managing information security in the course of software development and is a supporter of the deployment of the Security Development Life Cycle. Of course, programmers are not obliged to be experts in information security, but it is in their power to prevent defects in their products. At the same time, customers of software should have access to tools that allow to evaluate the quality of the development they paid for - either their own, owned by the company's information security service, or owned by service organizations of the IT and IS market.
You can avoid programming flaws by teaching developers how to secure programming and building the development process in the right way. Of course, different types of testing will be needed, but this is not enough - the risk is high that the imperfect code will be transferred to commercial operation. And then the elimination of shortcomings will require significant financial costs - 20-30 times greater than the cost of preventing or detecting errors at the software design stage. And it will take 10 times more time, because you will have to roll back to previous builds, check and fix all the code, recompile it again, perform functional and load testing, reinstall and hand over to the customer.
Organizations that create serious, critical systems are most interested in building the process of creating secure software. They introduce this process gradually and consistently transfer teams working on separate key projects to it — usually no more than two such projects are carried out simultaneously.
To identify programming flaws and vulnerabilities in out-of-the-box applications, HPE proposes to conduct at least two types of software tests. Dynamic scanning (penetration from the outside) makes it possible to reduce the risk of hacking an application by 80%. Scanning software source codes helps detect the most critical defects in the design phase. In Russia, about two dozen companies have already used this approach, implemented using HPE tools. First of all, we are talking about means of static analysis of the Fortify Static Code Analyzer program code and dynamic analysis of the security of web applications and Fortify WebInspect services. The Fortify Software Security Center solution, a repository of centralized development management, helps to build the process of creating secure software, providing a holistic and transparent view of application security in general.
In general terms, the process is as follows. After scanning the application, the detected defects of the code are automatically sorted and then grouped according to the degree of criticality: the most dangerous, rather serious and not too important (the latter in case of time trouble can be neglected). The security expert reviews the found vulnerabilities and confirms the tasks to eliminate them. The leaders of the development teams designate the performers who must eliminate the defects, after which the results are transferred back through the chain and pass the necessary checks. No additional procedures, except as provided by the regulations, are required. IT support for this process is implemented through the LoadRunner load testing toolkit and the Quality Management Enterprise software quality management system.
Information obtained during the application scanning can be used to prepare IT department reports or transferred to a security monitoring system. This can be useful, for example, to adequately respond to suspicious activities: if they are associated with software modules that have “holes” in their security, you should pay close attention to these attacks, since it is likely that attackers will try to exploit the defect in the code.
Information asset protection centers
A key role in protecting digital assets is played by information security incident management centers (SOC). They collect and analyze in real time everything related to data protection, and proactively identify growing threats (primarily cyber attacks), helping to take the necessary measures. In the largest SOC-centers of the world, more than 1 million information security events are processed per second. In Russia, at least ten organizations have SOC, which process 200 thousand or more information security events per second. There is a SOC and the company HPE. Information about information security events occurring on the devices of 365 thousand employees is transmitted and analyzed; about 20 billion DNS queries are analyzed per day.
HPE employees note that in Russia there is also a growing demand for services to create information security incident management centers (SOC) and an independent assessment of the level of maturity of already constructed centers of this level. Three key aspects of SOC are evaluated: technology, employees, and processes. During the audit, the organizational structure and the correctness of the alignment of processes are checked, and in addition, the capabilities of the technologies used in SOC are assessed in terms of their sufficiency and redundancy.
Services available to Russian customers are not only provided by HPE, but also by its partners who have the status of Managed Security Services Provider. About 30 organizations are already cooperating with one of these SOC owners. Most likely, in the near future, the range of information security service providers based on HPE products will expand - primarily due to telecommunication companies seeking to replenish their offer portfolios for corporate clients.
To ensure that business leaders have the ability to control business processes, compare and evaluate the interconnection of various risks with IT factors, HPE specialists have developed the Executive Value Dashboard. It is built on the basis of functions of ArcSight, Business Service Management, Universal CMDB and Service Manager. There are among the users of this console and Russian customers who are already engaged in the implementation of this solution.
A number of Russian enterprises have already gained extensive experience in protecting digital assets. Some of them, relying on the existing competence and tools in the field of information security, master a new business for themselves - providing services to protect digital assets to other organizations, both their own subsidiaries and external customers. It can be said with confidence that investments aimed at protecting information assets can not only reduce risks, but also bring real income, helping to derive additional benefits from the digital transformation.
Source: https://habr.com/ru/post/301116/
All Articles