Cyber Security C2
- 1. Cyber Security Command and Control (C2) Solution Detects and responds to cyber security threats in near real-time. Provides network situational awareness and mission visibility to act on security breaches with confidence. At-A-Glance The Cyber Security C2 Solution enables situational awareness across large network environments, providing command and control capabilities for cyber security threat response. The solution rapidly processes large volumes of disparate data across the enterprise and delivers near real- time network operational insight for decision-makers to intervene, mitigate risks and determine impact to mission operations. Your business challenges • Map enterprise events to event models defining The best time to stop an attack is before it happens and relationships between applications, services and causes significant damage to the mission. To proactively servers – the infrastructure used to accomplish the enable action in a 24x7 mission-critical environment, a mission solution needs to implement best practices with known • Apply rule sets to enable pattern recognition and results quickly across the enterprise to protect the data correlation based on current and historical network in case of an attack. events Governments and businesses use large, geographically • Provide consulting services to assist in achieving distributed networks to perform their missions. Mission enterprise outcomes success depends on timely event detection, correlation Features and rapid responses with known results. Existing • Enables near-real-time visibility across the enterprise monitoring and security systems help components of the • Uses leading threat-detection algorithms to identify enterprise achieve success, but they generate enormous complex, stealth cyber attacks volumes of data in various formats and locations. In many cases, the context of this information is limited to • Correlates mission impact to prioritize responses in a what the operator knows. As a result, both commanders multi-threat environment and operators are increasingly challenged or • Enables predictive analytics to see the cyber storm overwhelmed by the sequences of manually integrated coming before it hits tasks needed to communicate, share and understand • Features a streamlined, operator-friendly console to their risk posture at a particular moment. simplify monitoring network health and respond to What we offer incidents with quick action The Cyber Security C2 Solution provides a focused, • Incorporates scalable design to support enterprises user-definable view into the status and health of of all sizes sophisticated network environments and the missions • Uses extendible interfaces to handle custom systems they support. Using a combination of complex event as well as standard monitoring platforms processing, event correlation and information fusion technologies, the solution dramatically improves • Leverages existing investments in systems and training situational awareness across the enterprise to give Benefits commanders and operational decision-makers near • Provides near real-time operational intelligence for real-time insight to cyber threats or attacks. The networks and missions solution builds on existing investments in monitoring • Enables predictive threat analyses to respond before and detection systems to: the attacks impact mission operations • Collect, filter and correlate seemingly unrelated event patterns to identify disparate cyber attack • Identifies threats that go undetected by typical systems signatures • Makes log data actionable, enabling operators to concentrate on the mission, not on mechanics of • Identify both technical and mission impacts of an incident and recommend immediate courses of action situational awareness • Provides scalable design to overcome limitations with • Put correlating events into context of other events, processes and best practices point solutions to address data sets of all sizes
- 2. Business outcomes Monitor and manage — Uses an incident dashboard • Allows decision-makers to react to actual threats in to show complex incidents, along with impact level, seconds, before the damage is done incident type, a unique identifier for that specific • Enables shared understanding of network operations incident, incident status, the primary individual who from a single, user-definable operational picture has been tasked with management of the incident (UDOP) along with the time of last update, and the name of the last person to update information about the • Provides proactive command and control capability complex incident. To the right, more details are for near real-time situational network operation described regarding the impact of whichever complex • Uses rule sets based on best-practice threat detection incident is selected from the pane. to warn operators of significant events Locate and respond — Displays information about • Aggregates data sources, detects anomalies and individual contributing events that make up a single provides actionable recommendations to the complex incident along with details for each event. operator Geographic information related to the complex • Enables both human intervention and automated incident are displayed on a map, which can provide responses to address cyber intrusion incidents overlay information about how effects on cyber assets • Leverages existing network investments to display impact kinetic operations. Recommended courses of past, present and potential future cyber security action, based on best practices, guide the operator threats and enable a high-performing cyber security team. Visibility into the enterprise network Analyze activity — Shows modules that can be configured to display any one of a number of different data outputs. In this case, summary statistics on the types of security events being detected at the current point in time are shown, along with trending data to indicate rising or falling trends. News feeds from various open sources are shown on the right side. For more information To read more about Cyber Security Command and Control, go to www.hp.com/go/cybersecurity or contact: Sam Chun at samuel.chun@hp.com The user-defined operational picture (UDOP) enables rapid event processing by operators and commanders and has three main sections aligned with typical activities: Technology for better business outcomes To learn more, visit www.hp.com © Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. USPS808301,Nov 2009