Upload
ibmmea
View
253
Download
1
Tags:
Embed Size (px)
DESCRIPTION
IBM Software Day 2013. Defending against cyber threats with security intelligence
Citation preview
Defending Against Cyber Threats with Security Intelligence and Behavioral Analytics
Bob Kalka, CRISCDirector, IBM Security [email protected]
Four Key Drivers
Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more
EVERYTHING IS EVERYWHERE
With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared
Consumerization of IT
The age of Big Data – the explosion of digital information – has arrived and is facilitated by the pervasiveness of applications accessed from everywhere
Data Explosion
The speed and dexterity of attacks has increased coupled with new actors with new motivations from cyber crime to terrorismto state-sponsored intrusions
Attack Sophistication
Marketing
Services
Online Gaming
Online Gaming
Online Gaming
Online Gaming
Central Governme
nt
Gaming
Gaming
InternetServices
Online Gaming
Online Gaming
OnlineServices
Online Gaming
IT Security
Banking
IT Security
GovernmentConsulting
IT Security
Tele-communications
Enter-tainment
ConsumerElectronic
s AgricultureApparel
Insurance
Consulting
ConsumerElectronics
InternetServices
CentralGovt
CentralGovt
CentralGovt
Attack TypeSQL Injection
URL TamperingSpear Phishing
3rd Party Software
DDoSSecureID
Trojan SoftwareUnknown
Source: IBM X-Force® Research 2011 Trend and Risk Report
Size of circle estimates relative impact of breach in terms of cost to business
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Entertainment
Defense
Defense
Defense
ConsumerElectronics
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
ConsumerElectronics
National Police
National Police
StatePolice
StatePolice
Police
Gaming
FinancialMarket
OnlineServices
Consulting
Defense
HeavyIndustry
Entertainment
Banking
2011 Sampling of Security Incidents by Attack Type, Time and Impact
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
Intelligence ● Integration ● Expertise
Now: Intelligence
•Real-time monitoring
•Context-aware anomaly detection
•Automated correlation and analytics
Then: Collection
•Log collection
•Signature-based detection
Security Intelligence
LogsEvents Alerts
Configuration information
System audit trails
Externalthreat feeds
E-mail and social activity
Network flows and anomalies
Identity context
Business process data
Malware information
Now: Insight
•Identify and monitor highest risk users
•Know who has access to sensitive data and systems
•Baseline normal behavior
•Prioritize privileged identities
Then: Administration
•Identity management
•Cost control
Monitor EverythingMonitor Everything
People
Now: Laser Focus
• Discover and protect high-value data
• Understand who is accessing the data, at what time of day, from where, and in what role
• Baseline normal behavior
Then: Basic Control
• Simple access controls and encryption
Data
Monitor Everything
Now: Built-in
• Harden applications with access to sensitive data
• Scan source and real-time
• Baseline normal application behavior and alert
Then: Bolt-on
• Periodic scanning of Web applications
Applications
Monitor Everything
Now: Smarter Defenses
• Baseline system and network behavior
• Analyze unknown threats using advanced heuristics
• Expand coverage into cloud and mobile environments
Then: Thicker Walls
• Firewalls, manual patching, and antivirus
• Focus on perimeter security
Infrastructure
Monitor Everything
Directory management
Directory management Access Mgmt.
and Strong Authentication
Access Mgmt. and Strong
Authentication
Fine-grained entitlementsFine-grained entitlements
Database Activity Monitoring
Database Activity Monitoring
BasicBasic ProficientProficient OptimizedOptimized
Privileged user
management
Privileged user
managementTest Data Masking
Test Data Masking
EncryptionEncryption
Hybrid Scanning and Correlation
Hybrid Scanning and Correlation
Encryption Key
Management
Encryption Key
Management
Data Discovery and
Classification
Data Discovery and
Classification
Fraud Detection
Fraud Detection
Data Loss PreventionData Loss Prevention
Anomaly DetectionAnomaly Detection
Network SecurityNetwork Security
Host Security
Host Security
VirtualizedVirtualized
Static Source Code
Scanning
Static Source Code
ScanningDynamic
Vulnerability Analysis
Dynamic Vulnerability
AnalysisWeb
Application Protection
Web Application Protection
User Provisioning
User Provisioning
Anti-VirusAnti-Virus
Endpoint Security
Management
Endpoint Security
Management
Log Management
Log Management
Flow AnalyticsFlow Analytics
PredictiveAnalytics
PredictiveAnalytics
Multi-faceted Network
Protection
Multi-faceted Network
Protection
Professional AssessmentsProfessional Assessments
Identity governance
Identity governance
Managed Security Services
Managed Security Services
SIEMSIEM
GRCGRC
IBM Security Systems - Security Intelligence
Directory management
Directory management Access Mgmt.
and Strong Authentication
Access Mgmt. and Strong
Authentication
Fine-grained entitlementsFine-grained entitlements
Database Activity Monitoring
Database Activity Monitoring
BasicBasic ProficientProficient OptimizedOptimized
Privileged user
management
Privileged user
managementTest Data Masking
Test Data Masking
EncryptionEncryption
Hybrid Scanning and Correlation
Hybrid Scanning and Correlation
Encryption Key
Management
Encryption Key
Management
Data Discovery and
Classification
Data Discovery and
Classification
Fraud Detection
Fraud Detection
Data Loss PreventionData Loss Prevention
Anomaly DetectionAnomaly Detection
Network SecurityNetwork Security
Host Security
Host Security
VirtualizedVirtualized
Static Source Code
Scanning
Static Source Code
ScanningDynamic
Vulnerability Analysis
Dynamic Vulnerability
AnalysisWeb
Application Protection
Web Application Protection
User Provisioning
User Provisioning
Anti-VirusAnti-Virus
Endpoint Security
Management
Endpoint Security
Management
IBM Security Systems - Security IntelligenceSIEMSIEM
Log Management
Log Management
Flow AnalyticsFlow Analytics
PredictiveAnalytics
PredictiveAnalytics
Multi-faceted Network
Protection
Multi-faceted Network
Protection
Professional AssessmentsProfessional Assessments
Identity governance
Identity governance
Managed Security Services
Managed Security Services
Security Policy Manager Security Policy Manager
QRadar SIEMQRadar SIEM
Privileged Identity Manager
Privileged Identity Manager
InfoSphere Identity Insight
InfoSphere Identity Insight
InfoSphere Discovery
InfoSphere Discovery
Key Lifecycle Manager
Key Lifecycle Manager
Network Anomaly Detection
Network Anomaly Detection
AppScan familyAppScan family
Access Manager family
Access Manager family
Federated Identity Manager
Federated Identity Manager
InfoSphere GuardiumInfoSphere Guardium
TEM for Core Protection; GTS partnerships
TEM for Core Protection; GTS partnerships
Guardium Data MaskingGuardium Data Masking
Virtual Server Protection (VSP)
VFLOW
Virtual Server Protection (VSP)
VFLOW
IPS, XGS,DataPowerIPS, XGS,
DataPower
AppScan Source AppScan Source
Endpoint ManagerzSecure
Endpoint ManagerzSecure
Directory Integrator
Directory Server
Directory Integrator
Directory Server
InfoSphere Guardium Encryption Expert
STG Solutions
PGP (GTS)
InfoSphere Guardium Encryption Expert
STG Solutions
PGP (GTS)
Network IPSNetwork IPS
Host Protection, RACF
Host Protection, RACF
AppScan StandardAppScan Standard
Endpoint Manager for Core Protection
Endpoint Manager for Core Protection
QRadar Log Manager
QRadar Log Manager
QFLOW/VFLOWQFLOW/VFLOW
XGSXGS
QRadar Risk ManagerQRadar Risk Manager
zSecurezSecure
GTS and BPsGTS and BPs
Identity Manager/Role Lifecycle Manager
Identity Manager/Role Lifecycle Manager
GTS and BPsGTS and BPs
Identity ManagerIdentity Manager
GRCGRC Open PagesOpen Pages
IBM Security Services: Professional and Managed Services Capabilities
Security Consulting• Broad security capability consultative assessments and planning• Compliance focused assessments (e.g. PCI, SCADA, HIPAA)• Information Security Assessments
Security Intelligence & Operations
• SOC and SIEM assessments and planning SOC architecture and design (people, process and technology)
Identity and Access Management
• Identity assessment and planning• Identify solution architecture, design and deployment for access, provisioning, single sign on and two factor
authentication.• Managed identity services
Data & Application / SDLC Security
• Application secure engineering• Data security assessments and enterprise planning• Database protection solution design and deployment• Endpoint and network data control (DLP, encryption) solution design and deployment
Infrastructure Security• Technical infrastructure assessments and planning• Infrastructure solution (UTM, Firewall, IDPS) design and deployment• Network, endpoint, server
Cyber Security Assessment & Response
• Application technical testing and source code scanning• Infrastructure penetration testing• Emergency response services
Managed Security & Cloud Services
• Security event monitoring and managed protection• Security intelligence analysis• Security infrastructure device (UTM, firewall, IPDS) device monitoring & management• Mobile device management• Hosted / managed SIEM, application. email, vulnerability scanning