Embed Size (px)
Citation preview
© 2014 IBM Corporation
IBM Security
1© 2014 IBM Corporation
4 Undeniable Truths of AdvancedThreat Protection
Patrick VandenbergProgram DirectorIBM Security
October 22, 2014
© 2014 IBM Corporation
IBM Security
2 © 2014 IBM Corporation2
We are in an era of continuous breachesAttackers are relentless, victims are targeted, and the damage toll is rising
Source:IBM X-Force Threat Intelligence Quarterly – 1Q 2014
OperationalSophistication
IBM X-Force declaredYear of the
Security Breach
Near Daily Leaksof Sensitive Data
40% increasein reported data
breaches and incidents
Relentless Useof Multiple Methods
500,000,000+ recordswere leaked, while the future
shows no sign of change
2011 2012 2013
Note: Size of circle estimates relative impact of incident in terms of cost to business.
2011 2012 2013
© 2014 IBM Corporation
IBM Security
33
And the cost of a data breach is on the rise, with customers at risk
2014 Cost of Data Breach StudyFrom Ponemon Institute, sponsored by IBM
© 2014 IBM Corporation
IBM Security
44
Security is a board room discussion, and security leadersare more accountable than ever before
Your Board and CEO demand a strategy
Loss of marketshare andreputation
Legal exposure
Audit failure
Fines and criminalcharges
Financial loss
Loss of dataconfidentiality,integrity and/or
availability
Violation ofemployee privacy
Loss ofcustomer trust
Loss of brandreputation
CEO CFO/COO CIO CHRO CMO
Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
© 2014 IBM Corporation
IBM Security
55
Threats haveevolved…
…yet the majorityof security teamsare still using siloed,discrete defenses
Are security teams up for the challenge?
Broad AttacksIndiscriminate malware,spam and DoS activity
Targeted AttacksAdvanced, persistent, organized,
and politically or financially motivated
o Build multiple perimeterso Protect all systemso Use signature-based methodso Periodically scan for known threatso Read the latest newso Shut down systems
o Assume constant compromiseo Prioritize high-risk assetso Use behavioral-based methodso Continuously monitor activityo Consume real-time threat feedso Gather, preserve, retrace evidence
Requiring a newapproach to protection…
Tactical ApproachCompliance-driven, Reactionary
Strategic ApproachIntelligence-driven, Continuous
New threats require new thinking, but most are defending against yesterday’s attacks
© 2014 IBM Corporation
IBM Security
6 © 2014 IBM Corporation6
Four truths about advanced threat protectionDespite increasing challenges, organizations can protect themselves by adoptingthe right strategy
1 Prevention is mandatoryTraditional methods of prevention haveoften failed, leaving many to believedetection is the only way forward.This is a dangerous proposition.
2 Security Intelligenceis the underpinningSpecialized knowledge in one domain is notenough. It takes enterprise-wide visibility andmaximum use of data to stop today’s threats.
3 Integration enablesprotectionThe best defense is relentless improvement.Technologies must seamlessly integrate withprocesses and people across the entirelifecycle of attacks.
4 Openness must beembracedSecurity teams need the ability to share contextand invoke actions between communities ofinterest and numerous new and existingsecurity investments.
© 2014 IBM Corporation
IBM Security
7 © 2014 IBM Corporation7
Introducing the IBM Threat Protection SystemA dynamic, integrated system to disrupt the lifecycle of advanced attacksand help prevent loss
Made possible by the following:
Accelerated RoadmapSignificant investment across10 development labs to fast-trackadvanced threat protection offerings
Unique IntegrationsStrategic focus on connecting IBMproducts to streamline intelligencesharing and take action
New PartnershipsCoordinated outreach across theindustry to bring together interoperableproducts for our customers
© 2014 IBM Corporation
IBM Security
8 © 2014 IBM Corporation8
Exploit Disruption
Preventmalware installs• Verify the state
of applications• Block exploit
attempts used todeliver malware
Preventmutated exploits• Verify the state of
network protocols• Block unknown
exploits withbehavioral heuristics
Malware Quarantine
Preventcontrol channels• Stop direct
outbound malwarecommunications
• Protect againstprocess hijacking
Preventactive beaconing• Stop malware and
botnet control trafficwith real-timereputation andSSL inspection
User Protection
Preventmalicious apps
• Block accessto maliciouswebsites
• Protect againstweb applicationmisuse
Preventcredential loss
• Block keyloggers• Stop credential use
on phishing sites• Limit reuse of
passwordsOn the Endpoint
Trusteer ApexMalware Protection
On the Network
IBM Security NetworkProtection XGS
Focus on critical points in the attack chain with preemptive defenseson both the endpoint and network
© 2014 IBM Corporation
IBM Security
9 © 2014 IBM Corporation9
Continuously monitor security-relevant activity from acrossthe entire organization
Pre-Attack Analytics
Predict and prioritizesecurity weaknessesbefore adversaries do• Use automated
vulnerability scans andrich security context
• Emphasize high-priority,unpatched, or defenselessassets requiring attention
IBM Security QRadarVulnerability Manager
Real-time Attack Analytics
Detect activity andanomalies outsidenormal behavior• Correlate and baseline
massive sets of data• From logs, events, flows,
user activity, assets,locations, vulnerabilities,external threats, and more
IBM SecurityQRadar SIEM
IBM Security QRadarSecurity Intelligence Platform
© 2014 IBM Corporation
IBM Security
10 © 2014 IBM Corporation10
Rapid Response Integrations
Quickly expand security coverageto prevent further harm• Share indicators across control points• Dynamically apply customized rules
IBM SecurityFramework Integrations
Quickly investigate breaches, retrace activity, and learn from findingsto remediate weaknesses
Help prepare for and withstandsecurity breaches more effectively• Gain access to key resources that can
enable faster recovery and helpreduce incident business impact
Emergency Response Services
IBM EmergencyResponse Services
Post-Attack Incident Forensics
Reduce the time to fully discoverwhat happened and when it occurred• Index and reconstruct attack activity and
content from full-packet network data• Apply search engine technology
and advanced visualizations
IBM SecurityQRadar Incident Forensics
© 2014 IBM Corporation
IBM Security
1111
Leverage threat intelligence with product integrations that drawupon human and machine-generated information
Global Threat Intelligence
X-Force Intelligence Network
ExploitTriage
MalwareTracking
Zero-dayResearch
Real-time sharing ofTrusteer intelligence
NEW
PhishingSites
URL/WebCategories
IP/DomainReputation
• Combines the renowned expertise ofX-Force + Trusteer malware research
• Catalog of 80K+ vulnerabilities,17B+web pages, and data from 100M+endpoints
• Intelligence databases dynamicallyupdated on a minute-by-minute basis
© 2014 IBM Corporation
IBM Security
1212
Share, analyze, and act upon information gatheredfrom an ecosystem of third-party products
Security Partner Ecosystem and Integrations
IBM works with a broad set of technology vendorswho provide complementary solutions and areintegrated with our security products
Strengthen the threat protection lifecycle• Leverage a vibrant ecosystem
of security products• Increase visibility, collapse
information silos, and provideinsights on advanced attacks
Ready forIBM Security IntelligencePartner Ecosystem
100+ vendorsand 400+ products
SSL Traffic Decryption forQRadar Incident Forensicsinvestigations
New Advanced Threat Protection Integrations:
Additional Sample of QRadar Partners:
Integration with IBM XGS toblock new threats and QRadarfor centralized response
© 2014 IBM Corporation
IBM Security
1313
IBM is uniquely positioned to offer integrated protection
Open Integrations
Smarter Prevention Security Intelligence Continuous Response
Global Threat Intelligence
1 2 3
5 4
Ready for IBM SecurityIntelligence Ecosystem
New integration with A10Networks to decrypt SSLTraffic for incident forensics
NEW
IBM X-ForceThreat Intelligence
New virtual real-timesharing of Trusteer threatintelligence from 100M+endpoints with X-Force
NEW
IBM EmergencyResponse Services
IBM Security QRadarIncident Forensics
In-line packet compression, dataimport facility and integrated SSLtraffic decryption with A10
NEW
Increased global coverageand expertise & Available asSubscription via online
NEW
Trusteer Apex EndpointMalware Protection
IBM Security NetworkProtection XGS
Threat Flow Visualization andIncident Analysis [Cloud-basedFile Inspection Feedback]
NEW
IBM XGS7100 with increased20Gps+ throughput for high-performance datacenters
NEW
IBM Security QRadarSecurity Intelligence
Master Console appliance forMSSPs, Greater QFlow collectionand data burst handling
NEW
Threat Monitoringand Intelligence Services
Managed SIEM enhancements,cyber threat intelligence
© 2014 IBM Corporation
IBM Security
1414
Find us at IBM Booth #607…
And visit us on SecurityIntelligence.com
IBM X-Force Threat Intelligence Reports/http://www.ibm.com/security/xforce
Website/protection-ibm.com/security/threat
YouTubeIBMSecuritySolutionsyoutube.com/user/
Twitteribmsecurity@
IBM X-Force Security Insights Blogforce-www.SecurityIntelligence.com/x
© 2014 IBM Corporation
IBM Security
15
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposesonly, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the useof, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating anywarranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreementgoverning the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available inall countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s solediscretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in anyway. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the UnitedStates, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and responseto improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriatedor can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secureand no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed tobe part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
