Intelligence, Integration and Expertise

Scott Ainslie - Principal Security Consultant, Security Risk Management

March 2012

© 2009 IBM Corporation

Building a smarter planet

z

The world is becoming more digitised and

interconnected, opening the door to emerging threats and leaks…

2

Organisations continue to move to new platforms including

cloud, virtualization, mobile, social business and more

EVERYTHING

IS EVERYWHERE

With the advent of Enterprise 2.0 and social business, the

line between personal and professional hours, devices and

data has disappeared

CONSUMERISATION

OF IT

The age of Big Data – the explosion of digital information –

has arrived and is facilitated by the pervasiveness of

applications accessed from everywhere

DATA

EXPLOSION

The speed and dexterity of attacks has increased coupled

with new actors with new motivations from cyber crime to

terrorism to state-sponsored intrusions

ATTACK

SOPHISTICATION

© 2009 IBM Corporation

Building a smarter planet Targeted Attacks Shake

Businesses and Governments

3 IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011

Attack Type

SQL Injection

URL Tampering

Spear Phishing

3rd Party SW

DDoS

Secure ID

Unknown

Mar April May June July Aug Feb

Sony

Epsilon

L3 Communications Sony BMG

Greece

US Senate NATO

AZ Police

Turkish Government

SK Communications

Korea

Monsanto

RSA HB Gary

Nintendo Brazil Govt

Lockheed Martin

Vanguard Defense

Booz Allen

Hamilton

PBS

PBS

SOCA

Malaysian Govt Site Peru

Special Police

Gmail Accounts

Spanish National Police

Citigroup

Sega

Fox News

X-Factor

Italy PM Site

IMF

Northrop Grumman

Bethesda Software

Size of circle estimates relative impact of breach

© 2009 IBM Corporation

Building a smarter planet

Who is attacking our networks?

4

© 2009 IBM Corporation

Building a smarter planet Solving a security issue

is a complex, four-dimensional puzzle

5

People

Data

Applications

Infrastructure

It is no longer enough to protect the perimeter –

siloed point products will not secure the enterprise

Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers

Structured Unstructured At rest In motion

Systems

applications Web applications Web 2.0 Mobile apps

© 2009 IBM Corporation

Building a smarter planet In this “new normal”, organisations need

an intelligent view of their security posture

6

Proactive

Au

tom

ate

d

Ma

nu

al

Reactive

Basic Organisations

employ perimeter

protection, which

regulates access and

feeds manual reporting

Proficient Security is layered into

the IT fabric and

business operations

Optimised Organisations use

predictive and

automated security

analytics to drive toward

security intelligence

© 2009 IBM Corporation

Building a smarter planet

70 cents of every US$1

is spent on

maintaining

existing

environment

50 percent of CIOs are engaged in

re-engineering their

companies, making them

faster, more flexible and

better equipped to turn

data into insights.

650 percent Growth in storage

by 2012

IT executives are challenged with minimising risk while meeting client expectations on existing IT operations

7

Source for statistics on this slide: IBM 2011 CIO study 2

8 times Increase in

security risk

42 percent Increase in Internet-

connected devices

Partner extensively as a source

of new skills and expertise versus

doing everything in-house

Change the mix of capabilities,

knowledge and assets within the

organisation than stay with

status quo

Two out of three

of these CIOs will:

Less than

1 percent Increase in existing

IT budgets

2 URL for IBM 2011 CIO Study - http://www-935.ibm.com/services/c-suite/cio/study.html

© 2009 IBM Corporation

Building a smarter planet

I need to protect against

threats—even the ones

I’m not prepared for.

At the same time, their role within the organisation continues to evolve

8

I need to manage complexity

of compliance, and improve

service across my enterprise-

and be audit-ready all the time.

I need to provide access

to and recoverability of

data at any time.

How do you:

Address compliance regulations without increasing capital expenses?

Prevent threats without inhibiting traffic flow, data availability and uptime?

Prepare for the unexpected data breach, outage or disaster?

Currently enable your geographically distributed workforce?

Improve the quality of IT services and enable innovation?

I need to improve

productivity and

collaboration

across the

enterprise.

© 2009 IBM Corporation

Building a smarter planet

A holistic approach to help better manage risk, security and compliance across the enterprise

9

From traditional challenges … … to better outcomes

Foundational capabilities Integrated risk management | End-to-end security | Business continuity and resiliency

Ever-increasing security and

resiliency threats

Security breaches and business

disruptions are mitigated

automatically

Unexpected downtime that

throttles business performance

Continuous business operations are

maintained with a responsive and

highly available infrastructure

Inability to meet regulatory and industry

requirements associated with security

and resiliency

Regulatory and industry requirements

are addressed with confidence

© 2009 IBM Corporation

Building a smarter planet

Example of an ‘optimised’ customer……

10

30+ Protect against new threats 30+ days

before market fixes are available

95% of events handled without human intervention

55% lower total cost of ownership and

management complexity of security

40% lower total cost of ownership of data

backup and protection1

1Based on previous IBM client engagements; individual client results vary.

“We used to be worried about how we were going to take care of our customers if one of our servers failed. But thanks to IBM Global Technology Services, that’s no longer a major concern for us.”

– Jin-hwan Kim, HANATOUR,

General Manager of Strategic Planning

Hanatour

© 2009 IBM Corporation

Building a smarter planet

Example of an ‘optimised’ approach……

11

An Islamic-compliant bank in Kuwait gains a better view of its security posture and network vulnerabilities

Business challenge:

With security a top priority, the client wanted to test and evaluate its public-facing and

internal systems against possible threats and cyber attacks. They sought an external

service provider to deliver thorough and cost-effective security testing and evaluation.

Solution:

The client engaged IBM to test and evaluate its network and application security. IBM

consultants attempted remote penetration of the client’s network perimeter defenses and

remote access to internal systems. By using these controlled demonstrations, the team

provided the client with real evidence of how its critical systems and data could be

compromised.

Benefits:

The client realised a better view of its security posture

Received an accurate list of security vulnerabilities, an action plan, and advice on

how to move forward with security planning

A fine-tuned network intrusion prevention system to stop attacks

Solution components:

Penetration Testing

Application Security Services

MSS Infrastructure Security

Services

© 2009 IBM Corporation

Building a smarter planet

IBM Security: Delivering intelligence, integration

and expertise across a comprehensive framework

12

Intelligence ● Integration ● Expertise

Only vendor in the market with end-to-end coverage

of the security foundation

6K+ security engineers and consultants

Award-winning X-Force® research

Largest vulnerability database in the industry

© 2009 IBM Corporation

Building a smarter planet Intelligent by design (and acquisition)

Q1 Labs (Oct 2011)

• One of the largest and most successful SIEM vendors

• Leader in Gartner 2011, 2010, 2009 Magic Quadrant

• Threat Intelligence - Intelligence from one of the world's largest repository of threat and vulnerability

insights is planned to be available based on the real-time monitoring of 13 billion security events per day

from the IBM X-Force Threat Intelligence Feed. This insight can flag behavior that may be associated

with Advanced Persistent Threats, which may emanate from teams of attackers accessing networks

through stealth means.

13

Security Intelligence provides actionable and comprehensive insight for managing

risks and threats from protection and detection through remediation

i2 (Oct 2011)

• 8 of the top 10 retail banks worldwide leverage i2 software to address fraud, insider threat and compliance

• 80% of national security organisations worldwide exploit i2 intelligence

• Rich extraction, analysis and visualisation capabilities that turn large quantities of data into actionable intelligence

“The ability to leverage analytics is becoming a competitive differentiator" - Brendan Hannigan, General Manager, IBM Security Systems -

© 2009 IBM Corporation

Building a smarter planet

Attack Sophistication IBM is helping clients combat advanced threats

with pre- and post-exploit intelligence and action

14

What are the external

and internal threats?

Are we configured

to protect against

these threats?

What is happening

right now? What was the impact?

Prediction & Prevention Reaction & Remediation Network and Host Intrusion Prevention.

Network Anomaly Detection. Packet Forensics.

Database Activity Monitoring. Data Leak Prevention.

SIEM. Log Management. Incident Response.

Risk Management. Vulnerability Management.

Configuration and Patch Management.

X-Force Research and Threat Intelligence.

Compliance Management. Reporting and Scorecards.

IBM Security Intelligence

© 2009 IBM Corporation

Building a smarter planet

Security Intelligence is enabling progress to optimised security

15

Optimised

Security Intelligence:

Information and event management

Advanced correlation and deep analytics

External threat research

Role based analytics

Identity governance

Privileged user

controls

Data flow analytics

Data governance

Secure app

engineering

processes

Fraud detection

Advanced network

monitoring

Forensics / data mining

Secure systems

Proficient

User provisioning

Access mgmt

Strong authentication

Access monitoring

Data loss prevention

Application firewall

Source code

scanning

Virtualization security

Asset mgmt

Endpoint / network

security management

Basic Centralised directory Encryption

Access control Application scanning

Perimeter security

Anti-virus

People Data Applications Infrastructure

Security

Intelligence

© 2009 IBM Corporation

Building a smarter planet

Security

Intelligence,

Analytics & GRC

People

Data

Applications

Infrastructure

Thank You.

For more information, please visit:

Ibm.com/security

www.instituteforadvancedsecurity.com/

Or email: sainslie@au1.ibm.com

Questions ?

IBM Security Systems

Intelligent solutions provide the DNA to secure a Smarter Planet

ibm.com/security

© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS

without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing

contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the

terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not

imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at

IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the

IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other

company, product, or service names may be trademarks or service marks of others.