Event Correlation Applications for Utilities
•Télécharger en tant que PPTX, PDF•
1 j'aime•934 vues
This document discusses United States smart meter deployments and how HP Enterprise Security partners with two of the top three utilities that have installed the most smart meters. It notes that a small Florida utility saw a 73,000% increase in data collection after implementing smart meters. The presentation emphasizes embracing constraints to drive innovation and using tools effectively to turn data into useful information for security operations centers that monitor smart meter networks. HP's security tools are highlighted for their ability to correlate smart meter events and integrate with utility systems to reduce costs through more efficient technician dispatch.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (17)
Similaire à Event Correlation Applications for Utilities
Similaire à Event Correlation Applications for Utilities (20)
Plus de EnergySec
Plus de EnergySec (20)
Dernier
Dernier (20)
Event Correlation Applications for Utilities
- 1. EnergySec 2014 Summit Brandon Dunlap
- 2. 2 United States Smart Meter Deployments History Source: Utility-Scale Smart Meter Deployments - Innovation Electricity Efficiency Institute of the Edison Foundation - 2013
- 3. 3 Of the 46M Smart Meters currently deployed in the US... ...three utilities are responsible for nearly a third of installed meters. HP Enterprise Security is a key partner to 2 of these top 3 utilities.
- 4. 4 Planned Projects Through 2015 US Smart Meter Implementation Map Source: Utility-Scale Smart Meter Deployments - Innovation Electricity Efficiency Institute of the Edison Foundation - 2013
- 5. 5 ...the beginning of the Internet of Things The Electric Grid is...
- 6. 6 The Data Deluge A small municipal electric utility in Lakeland, Florida went from collecting 122,000 data points per month prior to their Smart Meter implementation to 90 Million data points per month following implementation… ...a 73,000% increase!
- 7. 7 “We're entering a new world in which data may be more important than software.” Tim O’Reilly
- 8. 8 But we are constrained.
- 10. 10 “I think frugality drives innovation, just like other constraints do. One of the only ways to get out of a tight box is to invent your way out.” Jeff Bezos
- 13. 13 Embrace the constraints Many tools have multiple purposes
- 14. 14 “Data is not information, information is not knowledge, knowledge is not understanding, understanding is not wisdom.” Clifford Stoll
- 15. 15 Turn Data Into Information
- 16. 16 Case Study HP technology is currently used to run a Security Operations Center (SOC) for a very large smart meter implementation. Correlating and tracking events around: • Power outage event correlation • Meter failures and tampering Allowing event-driven integration with internal systems to reduce technician dispatch
- 17. 17 Using the tools effectively All of this is accomplished with ArcSight: • HP ArcSight Connector Appliance • HP ArcSight Logger • HP ArcSight Enterprise Security Management (ESM)
- 18. 18 Summary HP’s event correlation capabilities enable utilities to create customized Smart Meter event responses, increasing network visibility and reducing cost.
- 19. 19
- 20. 20 Questions?
Notes de l'éditeur
- Hello, I’m XX of Enterprise Security Services— Like most people who work in security, my role has changed a lot over the last few years. Not too long ago, it was all about firewalls and passwords—keeping everyone out. But you and I both know it’s not that simple anymore. Security is now a complex and expanding challenge at your enterprise. In fact, it’s a challenge at every enterprise worldwide. My message today is that you must evolve your approach to information security if you want to keep pace with a changing market and constantly growing technology. And, really, it’s not optional.
- So what are the big concerns? If you’re like most of our clients, the challenges fall into three major areas, all of which are hitting the enterprise at once. First, the criminals are better than us. They’re smart. And they’re a step ahead. Security threats can be external or internal in nature or they can represent malicious or unintentional actions. But more and more, they are a result of cybercriminals that have created an adversary market place that has become more specialized, more efficient, and more lucrative. Second, regulatory pressures are intense. Conflicting regulatory drivers, sovereignty challenges and industry specific issues add up to increasingly complex regulatory issues. You have to deal with compliance regulations, privacy rules and data protection. And you must find ways to implement governance, risk and compliance frameworks across their extended enterprise of partners, suppliers and customers. Third, The New Style of IT means new models to protect. Innovations like cloud, bring-your-own-device, and mobility are part of an enterprise’s infrastructure transformation and can drive innovation and growth. But these new models make it harder for your security team to proactively manage an information security and risk strategy because you’re constantly changing the internal security AND reacting to new threats that an open and interactive enterprise can bring.
- Let’s start with disrupting your adversaries. In our business, you hear a lot of about internal processes and policies. And, in fact, the standardization of security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary—the cyber-criminals creating new threats every day No framework discussed in committee will be able to evolve as fast as the market, especially the black market. We need to build our response in a way that disrupts the adversary at every step of their process. The adversary’s ecosystem is very sophisticated. It starts with building profiles on executives like you—your LinkedIn bio, Facebook posts, the places you’ve been, and things you like to do. It makes the victim an easy “phishing” target because the profiler know things about him or her that not many people should know. They sell the profiles to hackers. These hackers then breach the company. They might have used a phishing attack and installed malware to break into the network and use your credentials. They may build their own toolkits. They can sell these access points to the highest bidder, who then spends days or weeks figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create a map and sell it to the next person. Eventually the criminals are able to access critical databases and change the account profile, including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party. And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.
- My point is that cyber security too often focuses on the specific state-sponsored group, “hacktivist” or cyber criminal. We need to focus on the full black market in which these actors participate. There are market processes for breach, enabling disparate parties to collaborate. As actors specialize in this marketplace, based on skill sets, innovation is extraordinary. This criminal ecosystem is much more efficient at creating, sharing and acting on the security intelligence than the ecosystem that exists to defend our clients. Instead, we need to build capabilities and think about solutions that disrupt that chain at multiple points. In the discovery and capture stages, you need the ability to process large data sets in real time and at scale. You have to monitor the data that you have in your organization and be able to know when something unusual is happening. For instance, if it looks like a verified employee starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off. Now, what these criminals are looking for is your critical data like intellectual property and customer information. You should know when it is being moved, accessed inappropriately, or sent outside the organization in an email, posted on a Facebook account, or stored on cloud storage. Information can be correlated from all over the enterprise and from data outside the enterprise as well. Cybercriminals are monitoring the black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders.
- Let’s start with disrupting your adversaries. In our business, you hear a lot of about internal processes and policies. And, in fact, the standardization of security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary—the cyber-criminals creating new threats every day No framework discussed in committee will be able to evolve as fast as the market, especially the black market. We need to build our response in a way that disrupts the adversary at every step of their process. The adversary’s ecosystem is very sophisticated. It starts with building profiles on executives like you—your LinkedIn bio, Facebook posts, the places you’ve been, and things you like to do. It makes the victim an easy “phishing” target because the profiler know things about him or her that not many people should know. They sell the profiles to hackers. These hackers then breach the company. They might have used a phishing attack and installed malware to break into the network and use your credentials. They may build their own toolkits. They can sell these access points to the highest bidder, who then spends days or weeks figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create a map and sell it to the next person. Eventually the criminals are able to access critical databases and change the account profile, including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party. And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.