Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Intelligence, Integration and Expertise
Scott Ainslie - Principal Security Consultant, Security Risk Management
March 2012
© 2009 IBM Corporation
Building a smarter planet
z
The world is becoming more digitised and
interconnected, opening the door to emerging threats and leaks…
2
Organisations continue to move to new platforms including
cloud, virtualization, mobile, social business and more
EVERYTHING
IS EVERYWHERE
With the advent of Enterprise 2.0 and social business, the
line between personal and professional hours, devices and
data has disappeared
CONSUMERISATION
OF IT
The age of Big Data – the explosion of digital information –
has arrived and is facilitated by the pervasiveness of
applications accessed from everywhere
DATA
EXPLOSION
The speed and dexterity of attacks has increased coupled
with new actors with new motivations from cyber crime to
terrorism to state-sponsored intrusions
ATTACK
SOPHISTICATION
© 2009 IBM Corporation
Building a smarter planet Targeted Attacks Shake
Businesses and Governments
3 IBM Security X-Force® 2011 Midyear Trend and Risk Report September 2011
Attack Type
SQL Injection
URL Tampering
Spear Phishing
3rd Party SW
DDoS
Secure ID
Unknown
Mar April May June July Aug Feb
Sony
Epsilon
L3 Communications Sony BMG
Greece
US Senate NATO
AZ Police
Turkish Government
SK Communications
Korea
Monsanto
RSA HB Gary
Nintendo Brazil Govt
Lockheed Martin
Vanguard Defense
Booz Allen
Hamilton
PBS
PBS
SOCA
Malaysian Govt Site Peru
Special Police
Gmail Accounts
Spanish National Police
Citigroup
Sega
Fox News
X-Factor
Italy PM Site
IMF
Northrop Grumman
Bethesda Software
Size of circle estimates relative impact of breach
© 2009 IBM Corporation
Building a smarter planet
Who is attacking our networks?
4
© 2009 IBM Corporation
Building a smarter planet Solving a security issue
is a complex, four-dimensional puzzle
5
People
Data
Applications
Infrastructure
It is no longer enough to protect the perimeter –
siloed point products will not secure the enterprise
Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers
Structured Unstructured At rest In motion
Systems
applications Web applications Web 2.0 Mobile apps
© 2009 IBM Corporation
Building a smarter planet In this “new normal”, organisations need
an intelligent view of their security posture
6
Proactive
Au
tom
ate
d
Ma
nu
al
Reactive
Basic Organisations
employ perimeter
protection, which
regulates access and
feeds manual reporting
Proficient Security is layered into
the IT fabric and
business operations
Optimised Organisations use
predictive and
automated security
analytics to drive toward
security intelligence
© 2009 IBM Corporation
Building a smarter planet
70 cents of every US$1
is spent on
maintaining
existing
environment
50 percent of CIOs are engaged in
re-engineering their
companies, making them
faster, more flexible and
better equipped to turn
data into insights.
650 percent Growth in storage
by 2012
IT executives are challenged with minimising risk while meeting client expectations on existing IT operations
7
Source for statistics on this slide: IBM 2011 CIO study 2
8 times Increase in
security risk
42 percent Increase in Internet-
connected devices
Partner extensively as a source
of new skills and expertise versus
doing everything in-house
Change the mix of capabilities,
knowledge and assets within the
organisation than stay with
status quo
Two out of three
of these CIOs will:
Less than
1 percent Increase in existing
IT budgets
2 URL for IBM 2011 CIO Study - http://www-935.ibm.com/services/c-suite/cio/study.html
© 2009 IBM Corporation
Building a smarter planet
I need to protect against
threats—even the ones
I’m not prepared for.
At the same time, their role within the organisation continues to evolve
8
I need to manage complexity
of compliance, and improve
service across my enterprise-
and be audit-ready all the time.
I need to provide access
to and recoverability of
data at any time.
How do you:
Address compliance regulations without increasing capital expenses?
Prevent threats without inhibiting traffic flow, data availability and uptime?
Prepare for the unexpected data breach, outage or disaster?
Currently enable your geographically distributed workforce?
Improve the quality of IT services and enable innovation?
I need to improve
productivity and
collaboration
across the
enterprise.
© 2009 IBM Corporation
Building a smarter planet
A holistic approach to help better manage risk, security and compliance across the enterprise
9
From traditional challenges … … to better outcomes
Foundational capabilities Integrated risk management | End-to-end security | Business continuity and resiliency
Ever-increasing security and
resiliency threats
Security breaches and business
disruptions are mitigated
automatically
Unexpected downtime that
throttles business performance
Continuous business operations are
maintained with a responsive and
highly available infrastructure
Inability to meet regulatory and industry
requirements associated with security
and resiliency
Regulatory and industry requirements
are addressed with confidence
© 2009 IBM Corporation
Building a smarter planet
Example of an ‘optimised’ customer……
10
30+ Protect against new threats 30+ days
before market fixes are available
95% of events handled without human intervention
55% lower total cost of ownership and
management complexity of security
40% lower total cost of ownership of data
backup and protection1
1Based on previous IBM client engagements; individual client results vary.
“We used to be worried about how we were going to take care of our customers if one of our servers failed. But thanks to IBM Global Technology Services, that’s no longer a major concern for us.”
– Jin-hwan Kim, HANATOUR,
General Manager of Strategic Planning
Hanatour
© 2009 IBM Corporation
Building a smarter planet
Example of an ‘optimised’ approach……
11
An Islamic-compliant bank in Kuwait gains a better view of its security posture and network vulnerabilities
Business challenge:
With security a top priority, the client wanted to test and evaluate its public-facing and
internal systems against possible threats and cyber attacks. They sought an external
service provider to deliver thorough and cost-effective security testing and evaluation.
Solution:
The client engaged IBM to test and evaluate its network and application security. IBM
consultants attempted remote penetration of the client’s network perimeter defenses and
remote access to internal systems. By using these controlled demonstrations, the team
provided the client with real evidence of how its critical systems and data could be
compromised.
Benefits:
The client realised a better view of its security posture
Received an accurate list of security vulnerabilities, an action plan, and advice on
how to move forward with security planning
A fine-tuned network intrusion prevention system to stop attacks
Solution components:
Penetration Testing
Application Security Services
MSS Infrastructure Security
Services
© 2009 IBM Corporation
Building a smarter planet
IBM Security: Delivering intelligence, integration
and expertise across a comprehensive framework
12
Intelligence ● Integration ● Expertise
Only vendor in the market with end-to-end coverage
of the security foundation
6K+ security engineers and consultants
Award-winning X-Force® research
Largest vulnerability database in the industry
© 2009 IBM Corporation
Building a smarter planet Intelligent by design (and acquisition)
Q1 Labs (Oct 2011)
• One of the largest and most successful SIEM vendors
• Leader in Gartner 2011, 2010, 2009 Magic Quadrant
• Threat Intelligence - Intelligence from one of the world's largest repository of threat and vulnerability
insights is planned to be available based on the real-time monitoring of 13 billion security events per day
from the IBM X-Force Threat Intelligence Feed. This insight can flag behavior that may be associated
with Advanced Persistent Threats, which may emanate from teams of attackers accessing networks
through stealth means.
13
Security Intelligence provides actionable and comprehensive insight for managing
risks and threats from protection and detection through remediation
i2 (Oct 2011)
• 8 of the top 10 retail banks worldwide leverage i2 software to address fraud, insider threat and compliance
• 80% of national security organisations worldwide exploit i2 intelligence
• Rich extraction, analysis and visualisation capabilities that turn large quantities of data into actionable intelligence
“The ability to leverage analytics is becoming a competitive differentiator" - Brendan Hannigan, General Manager, IBM Security Systems -
© 2009 IBM Corporation
Building a smarter planet
Attack Sophistication IBM is helping clients combat advanced threats
with pre- and post-exploit intelligence and action
14
What are the external
and internal threats?
Are we configured
to protect against
these threats?
What is happening
right now? What was the impact?
Prediction & Prevention Reaction & Remediation Network and Host Intrusion Prevention.
Network Anomaly Detection. Packet Forensics.
Database Activity Monitoring. Data Leak Prevention.
SIEM. Log Management. Incident Response.
Risk Management. Vulnerability Management.
Configuration and Patch Management.
X-Force Research and Threat Intelligence.
Compliance Management. Reporting and Scorecards.
IBM Security Intelligence
© 2009 IBM Corporation
Building a smarter planet
Security Intelligence is enabling progress to optimised security
15
Optimised
Security Intelligence:
Information and event management
Advanced correlation and deep analytics
External threat research
Role based analytics
Identity governance
Privileged user
controls
Data flow analytics
Data governance
Secure app
engineering
processes
Fraud detection
Advanced network
monitoring
Forensics / data mining
Secure systems
Proficient
User provisioning
Access mgmt
Strong authentication
Access monitoring
Data loss prevention
Application firewall
Source code
scanning
Virtualization security
Asset mgmt
Endpoint / network
security management
Basic Centralised directory Encryption
Access control Application scanning
Perimeter security
Anti-virus
People Data Applications Infrastructure
Security
Intelligence
© 2009 IBM Corporation
Building a smarter planet
Security
Intelligence,
Analytics & GRC
People
Data
Applications
Infrastructure
Thank You.
For more information, please visit:
Ibm.com/security
www.instituteforadvancedsecurity.com/
Or email: [email protected]
Questions ?
IBM Security Systems
Intelligent solutions provide the DNA to secure a Smarter Planet
ibm.com/security
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS
without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing
contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the
terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not
imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at
IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the
IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other
company, product, or service names may be trademarks or service marks of others.