It’s hard to believe that Micro Focus successfully completed the spin-merge with HPE Software nearly a year-and-a-half ago in September 2017. Our first chance to unveil our expanded security portfolio was at our first annual Micro Focus Cybersecurity Summit, which took place in Washington, DC, on September 25-27, 2018. The Summit allowed attendees to gain in-person insight from Micro Focus product development leaders about key trends and planned enhancements for our industry-leading cybersecurity products, including ArcSight, Fortify, Identity & Access, Voltage and ZENworks.
We were so pleased with the success of interacting with our customer base and networking with old and new friends that we couldn’t wait for the second Micro Focus Cybersecurity Summit to happen. This year we moved it up in the conference season, with the 2019 iteration taking place at the beautiful Hilton Anatole in Dallas, Texas on June 11-13, 2019. Registration is now open, and attendees will have the opportunity to learn how to take a holistic, analytics-driven approach to securing what matters most—identities, applications, and data with our new Security, Risk and Governance focus area. We also will introduce our new UEBA product family—Interset.
If you are still on the fence about attending, here are some highlights from the 2018 sessions:
Secure development, security testing, and continuous monitoring and protection of apps
David Harper, practice principal for Fortify on Demand presented on “Application Security as a Service.” David discussed how 80% of breaches today are from application vulnerabilities, which are only growing due to the fact companies continue to have more and more applications, along with shorter and shorter release cycles. One approach companies can take is secure gating with Fortify on Demand, David said. The challenge, however, is even though a security gate may work for your organization now, can it keep up with DevOps? We then heard some great advice on building security into the software development lifecycle (SDLC) and addressing it early on. David closed with a fairly detailed plan of creating an application security program by implementing a security gate first, then securing the DevOps lifecycle with compensating control.
Micro Focus’ Lucas von Stockhausen shared the stage with Fortify customers for “Shifting security left: bringing security into continuous integration and delivery.” While discussing what shifting security left means, the team pointed out that it’s NOT about moving current activities left, changing the location of the stop, or controlling development, but more about changing how you do security, compromising in order to reduce risk, and finally, becoming a part of development. Application Security teams not only feel frustrated, ignored and left out, but are looked at as roadblocks, and being anti-business. During this presentation, however, the team discusses how shifting left correctly can change all of that.
Detecting known and unknown threats through correlation, data ingestion and analytics
Marius Iversen, a platform engineer for a major telecommunications company located in the Netherlands, presented “ArcSight is an open architecture for SecOps.” He discussed the need for his organization to abstract event data related to their customers into a custom web driven portal. In order to accomplish this, they use APIs (Application Programming Interfaces) extensively, which allowed them to present visualizations based on data pulled from many different security tools into a single customer dashboard.
Even though applications like ArcSight are natively multitenant, there are also security advantages to having them access data through a custom portal, verses giving them direct access to the tools themselves. As he states it “ArcSight is generally integrated into the core of your network where you don’t want customers having access. We resolved this by using APIs because we can control what data comes out and what information should be presented to customers.”
Discovering an integrated approach to Identity and Access Management
Today CISOs place IAM concerns on top of the list because continuously connected users need swift access to business processes at a reduced risk. In the session “Access management: The glue between business value and security,” Micro Focus’ Kent Purdy and Chan Yoon talked mostly about these three access management trends: organizations are looking for more than just passwords; risk-based access is on the rise; and one size authentication no longer applies. They also pointed out some deployment gotcha’s, as well as some unique approaches that Micro Focus takes on solving these and other IAM-related problems.
Micro Focus’ Rob MacDonald and Derek Gordon from PWC discussed how Identity among other technologies can improve the customer experience in the session, “Improving the customer experience by understanding customer relationships.” IoT has a big part in that discussion both from a security and customer experience perspective. To harness the power of IoT, businesses must learn how to manage it safely. At the heart of all enterprise security is the concept of identity. Just like people, connected things need to be given an identity from day one. Connected things and the people who use them must follow rules that govern access to information.
Ensure all devices follow standards and compliance to secure your network
A significant part of any IT department’s day includes managing and maintaining security and compliance standards across a wide array of endpoints while enabling access to corporate applications and resources. The ZENworks portfolio includes a host of UEM products that consolidate management into a single solution. The session, “Automating IT management processes across device lifecycles with ZENworks: present and future,” with Micro Focus’ Jason Blackett and Gil Cattelain, looked at endpoint management needs and how ZENworks helps address them.
The “Securing your devices and data with ZENworks” session hosted by Micro Focus’ Darrin VandenBos considered what happens when security incidents happen, such as a stolen corporate laptop or smart phone, and how IT teams can best tackle security through their ZENworks implementation. Specific topics included patch management, containerization, data encryption, VPN enforcement, and other specifics that are critical to secure an enterprise’s IT assets.
The Summit included session with a number of our customers. The session, “Simplifying IT processes and increasing user productivity” featured a case study highlighting Trinity Health, one of the largest multi-institutional Catholic healthcare delivery systems in the nation, serving communities in 22 states with 94 hospitals and 109 continuing care locations. The discussion focused on Trinity’s use of ZENworks Configuration Management and ZENworks Patch Management, with a particular emphasis on software distribution, secure patch management, asset management and automation of desktop migration to Windows 10, as well as touching on reporting and imaging.
Exploring data-centric security solutions that safeguard data throughout its entire lifecycle
In the session, “Voltage data-centric security innovations to expand protection—in use, motion and at rest,” Micro Focus’s Reiner Kappenberger shared how his team is growing the data security portfolio, adding key capabilities to make it the most comprehensive data-centric security portfolio in the industry. He detailed how they recently added transparent protection for cloud, commercial and in-house applications without critical application changes or integration required. Micro Focus is investing heavily in the protection of data of all types, he added, for structured and unstructured data, whether in use, in transit or at rest, for persistent protection and management of sensitive data across the enterprise.
Enterprises are adopting cloud services whole heartedly. In the panel discussion, “Cloud-based data privacy and protection: protecting data and privacy across hybrid IT,” challenges for enterprises to govern data security and privacy across hybrid IT were outlined. Concerns about control over platforms, multi-tenancy, data residency, identity and access, collaboration and data flowing into and between clouds were discussed.
So if you missed this informative event in 2018, or even if you did attend, now is your chance to sign up for the 2019 Micro Focus Cybersecurity Summit to get a deep dive on our products with our experts to get InfoSec best practices and also hear from our existing customers about how they best utilize our security portfolio. Don’t miss it, register today!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.