Presentation gdl

Reduzca costos y la complejidad de la seguridad en su negocio


Juan Carlos CarrilloSecurity Sales Leader

miércoles 12 de abril de 2023


2

agenda

6

5

IBM ISS product solutions

4

IBM Security Framework2

X-Force® 2008 Trend & Risk Report Highlights1

3

IBM ISS service solutions

IBM ISS security consulting solutions

Q&A


X-Force® 2008 Trend & Risk Report


4

The mission of the IBM Internet Security Systems™

X-Force® research and development team is to:

Research and evaluate threat and protection issues

Deliver security protection for today’s security problems

Develop new technology for tomorrow’s security challenges

Educate the media and user communities

The report data by the numbers… 9.1B analyzed Web pages &

images 150M intrusion attempts daily 40M spam & phishing attacks 40K documented vulnerabilities Millions of unique malware samples

Provides Specific Analysis of: Vulnerabilities & exploits Malicious/Unwanted websites Spam and phishing Malware Other emerging trends

The Annual X-Force 2008 Trend & Risk Report


5

Criminal Economics

On a basic microeconomic level, an understanding of the opportunity for a computer criminal comes from considering the amount of revenue that can be generated from exploiting a vulnerability relative to the cost of doing so.

Obviously, vulnerabilities that present a high revenue opportunity at a low cost are likely to be popular with attackers. Both revenue (opportunity) and cost are made up of a complicated set of components, and some of these components can be influenced by the security industry.


6

Vulnerabilities

2008 proved to be the busiest year in X-Force history chronicling vulnerabilities – a 13.5 percent increase compared to 2007.

The overall severity of vulnerabilities increased, with high and critical severity vulnerabilities up 15.3 percent and medium severity vulnerabilities up 67.5 percent.

Similar to 2007, nearly 92 percent of 2008 vulnerabilities can be exploited remotely.

Of all the vulnerabilities disclosed in 2008, only 47 percent can be corrected through vendor patches. Vendors do not always go back to patch previous year’s vulnerabilities. 46 percent of vulnerabilities from 2006 and 44 percent from 2007 were still left with no available patch at the end of 2008.

The two largest categories of vulnerabilities in 2008 are Web application at 55 percent and vulnerabilities affecting PC software at roughly 20 percent.


7

Vulnerabilities


8

Web-Related Security Threats

The number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 percent. Last year, China replaced the US as the most prolific host of malicious Web sites.

Spammers are turning to the Web. URL spam (a spam email with little more than a link to a Web page that delivers the spam message) took the lead as the main type of Spam this year, and Spammers more and more are using familiar domain names like news and blogging Web sites to host their content.

Web applications in general have become the Achilles heel of Corporate IT Security. Nearly 55% of all vulnerability disclosures in 2008 affect Web applications, and this number does not include custom-developed Web applications (only off-the-shelf packages). 74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of 2008.

Last year, SQL injection jumped 134 percent and replaced cross-site scripting as the predominant type of Web application vulnerability.

In addition to these vulnerabilities, many Web sites request the use of known vulnerable ActiveX controls, which leave Web site visitors who do not have updated browsers in a compromised position.


9

Vulnerabilities


10

Spam and Phishing Simple spam (text or URL-based) replaced complex (PDF, image, etc.) spam in 2008, with a

focus on URL spam near the end of the year. Spammers increasingly use familiar URL domains, like blogging Websites and news Websites, to host spam messages.

More than 97 percent of Spam URLs are up for one week or less.

In terms of the servers sending spam, Russia surpassed the US in 2008, and was accountable for 12 percent of all spam sent last year.

The most popular subject lines of phishing and spam are not so popular anymore. The top ten subject lines of 2008 took up a much smaller percentage in comparison to 2007. Spammers and phishers alike are becoming more granular and targeted, working harder in essence, to reach more targets. In 2007, the most popular phishing subject lines represented about 40% of all phishing emails. In 2008, the most popular subject lines made up only 6.23% of all phishing subject lines.

Trend that developed in 2008 is the focus on user action. Rather than having a generic subject like “security alert,” phishers attempt to engage the user into doing something, like fixing an account that has been suspended or updating their account information.

The majority of phishing – nearly 90 percent – was targeted at financial institutions. Over 99% of all financial phishing targets are in North America or Europe, with the majority of targets in North America (58.4 percent).


11

Spam and Phishing


12

You can read the full report in the following link

http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annual-report.pdf


IBM Security Framework


14

The IBM Security framework

Is the only security vendor in the market with a end-to-end coverage of the security foundation

15,000 researchers, developers and SMEs on security initiatives

3,000 + security & risk management patents

200+ security customers reference and 50+ published cases

40+ years of proven sucess securing the Zseries enviorement

Already managing more than 2.5 billion security events per day for clients

$1.5 USD billion security spent in 2008


1515 04/12/23

IBM ISS Solutions

IBM has the unmatched local and global expertise to deliver complete solutions and manage the cost and complexity of security. In addition, X-force, IBM ISS’ security and development organization, is one of the best-known commercial groups in the world. It discovers 30-60% of all vulnerabilities and captures more than 2 billion events per day


IBM ISS product solutions


17

ISS case I

A client needs to implement the following: Additional security controls on the

network perimeter IPS and AV inspection, and

Encryption (to support PCI certification) for all traffic between the main office and branch office

IPS to augment the existing firewall and proxy / AV implementation on the main office Internet link

Products that addresses the client’s need for a low cost solution Main Office primary link: Add

Proventia Network IPS, and leave existing infrastructure in place

Main Office secondary link: Add Proventia Network MFS

Branch Office primary link: Add Proventia Network MFS


18

ISS case II

A client wants to implement an antispam solution. Their branch offices relay mail through the main office, and the client wants the ability to implement multiple filtering rules, and to minimize the amount of internal network traffic

Products that addresses the client’s need for a low cost solution Main Office primary link: Add

Proventia MFS, and set it as the principal MX record in the DNS

Main Office secondary link: Leave as it is

Branch Office primary link: Leave as it is


19

ISS case III

A company wants a proposal bases on the following requirements Has 10 MB SDSL connection Wants to separate IPS policies per

segment, and is fundamentally interested in IPS capability

What can we offer Add a switch behind the firewall to

which the segments will be connected, and add a Proventia GX between the switch and the Proventia MX


20

ISS case IV

A company needs to implement IPS technology to protect a Windows server farm. The solution must be easy to implement and maintain

What can we offer Deploy a Proventia Network IPS

model GX6116 between the two core switches


21

ISS case V

A company needs a host protection solution for their server systems. The man requirement is IPS functionality, and the addition of OS monitoring would be a plus. The Operating systems deployed are Solaris Linux AIX

What can we offer Proventia Server and RealSecure

Server Sensor

IBM RealSecure® Server Sensor

provides server protection for:

Microsoft® Windows® AIX™ Solaris HP-UX

IBM Proventia® Server Intrusion Prevention System (IPS) for:

Microsoft® Windows® Linux® VMware Guest Operating System (OS)


22

Performance Flexibility: IPS beyond the perimeter

“…It is important to mandate that all ingress (inbound) traffic run through a segment of inline networkintrusion protection. Trace packet flows to ensure that each packet entering your network passesthrough at least one IPS sensor…”


23

Solution to stop automatically intrusion attacks either internal or external, also the Proventia GX has the best performance in bandwidth utilization and network availability of the market.

IPS Proventia GX Appliances

Proventia Network Multifunction Security

Solution all-in-one to help the enforce the security

IPS

Firewall

Traditional Antivirus

Heuristic Antivirus

Anti-Spam

Filtrado de URL

VPN estándar y SSL


24

PAM drives security convergence in a single solution & eliminates point products

Virtual Patch™: Shielding a vulnerability from exploitation independent of a software patch

Threat Detection & Prevention: Advanced intrusion prevention for zero-day attacks

Proventia Content Analysis: Monitors and identifies unencrypted personally identifiable information (PII) and other confidential data

Proventia Web application security: Protection for web apps, Web 2.0, databases (same protection as web application firewall)

Network Policy Enforcement: Reclaim bandwidth & block Skype, peer-to-peer networks, tunneling


25

Managing the agent overload


26

Multiple threats result in multiple endpoint security agents.

Function Vendor Deployment Impact Memory Updates Scheduled

Asset & Data Loss Prevention 1 Laptops Periodic Check N/A Manual

Data Loss Prevention 2 Workstations Periodic Check 6mb None

Computer Forensics 3 Workstations Agent remains dormant until off network

3mb Manual

Host Based Intrusion Prevention 4 Servers & Workstations

Periodic Check 75mb Automatic

Laptop Encryption 5 Workstations Periodic Check 18mb None

Removable Media Control 6 Workstations Periodic Check 2.5bm None

Virus Protection 7 Servers & Workstations

Periodic Check 42mb On Demand & Scheduled

Web Surfing 8 Workstations Agent remains dormant until off network

N/A Manual

Total Memory Usage 146mb

Typical deployment for midsize company


27

Proventia Desktop/Phoenix Rising Comparison

Feature Proventia Desktop

ESC

Firewall IPS Behavioral AV Signature AV Anti-spyware Extensible framework - NAC - DLP - USB port control - Patch management - Asset discovery - Vulnerability assessment - Power management - Configuration management - Flexible systems management - Software deployment/removal - Security policy compliance -


28

Case Study in Proventia ESC Savings: Financial CustomerMoved from low 80% success rate to 95% success rate with real-time reporting

Key Matrix

Before

Proventia ESC

After

Proventia ESC The Results

# of Managed Endpoints

40,000 out of 90,000

50K unknown endpoints

90,000 Uncovered 50K previously unknown

endpoints

# of Locations 100+ 800 Expanded locations by 700

Time to Install 8+ months for all infrastructure

1 week for all infrastructure

Saved more than 7 months for new

agent installation

# of Required Administrators

20 4 Reduced required admins by 1/5th

# of Dedicated Servers

25 1 Reduced dedicated servers by 24

Time to complete an enterprise wide full discovery, remediation and reporting cycle

~7 days ~5 minutes Saved 6 days, 23 hours, and 55 minutes for

enterprise wide discovery…


IBM ISS service solutions


30

Virtual Security Operations Center (VSOC)


32

Source: IBM Internet Security Systems, 2008

Security Management Monthly Annual

Assumes full security staff of 10 providing 24x7x35 coverage, managing 12 HA Firewalls and 6 IDS engines, attending 2 training classes/yr, 20% employee turnover, equipment costs allocated over 3 years, and maintenance costing15% of total equipment costs.

In this example, leveraging a

managed protection provider

yields a 55% savings over

in-house security

In-house

ISS Managed Security

Cost Savings

$82,592

$37,671

$44,921

$995,102

$452,051

$543,05

1

Cost Savings at a Glance


IBM ISS security consulting solutions


34

Why IBM ISS Professional Security Services?

Exclusive security focus and expertise Senior-Level consultants Deep industry experience

Average of 8.5 years of security experience, 6 years IBM ISS tenure Certified security experts with leadership, consulting, investigative, law

enforcement and research and development backgrounds Big 4, FBI, X-Force R&D, Government Agencies, Former CISOs

Qualified Incident Response Company As a Qualified Incident Response Company, IBM ISS can assist

organizations with security incidents involving payment card data Leverages security intelligence of IBM X-Force Complete, quality deliverables

Analysis, prioritization and remediation recommendations Actionable recommendations Results presented in both technical and management terms

Proven methodology


35

Penetration Testing

Quantifies risk to customer information, financial transactions, online applications and other critical business data and processes

Increases real-world perspective into hacker techniques and motivations Encourages executive support on direction of information security

strategy and resources Identifies steps needed to effectively reduce risk Provides the customer with insight into how technical vulnerabilities can

lead to serious risks to their business Helps to meet regulatory compliance requirements


36

IBM Emergency Response Services

Incident response Responding to and helping minimize the

impact of information security incidents such as external/internal attackers, virus/worm outbreaks, web site defacements and PCI data breaches

Preparedness planning Assisting with the development of an

computer security incident response plan Prepares organizations for security

incidents in advance Helps to meet regulatory guidelines and

security best practices Incident Analysis

Collects data from security incidents in a forensically-sound manner

Perform data analysis from all collected data

ERS Can Assist With:

PCI Data Breaches

Web Page Defacement

Network Intrusion

Employee Misconduct

Regulatory Issues

Digital Forensics


37

Information Security Assessment

Review of Network Security Architecture Assessment of current network security measures to get a clear picture of

the current security state Review of Security Policies, Procedures and Practices

Evaluation of current security processes in relation to ISO 17799 standards, industry best practices and business objectives

Review of Technical Security Controls and Mechanisms Review of the effectiveness of existing security practices and

mechanisms to recognize needed improvements External Vulnerability Testing

External network scan to understand network security posture and determine vulnerabilities

Internal Vulnerability Scan and Testing Internal network assessment to provide details on the vulnerability of

critical assets Social Engineering Assessment

Attempt to discover sensitive information by acting as a trusted employee or untrusted user


38

Information Security Assessment II

Physical Security Assessment Determination of how physical security can impact overall data and

system security Modem Testing (“War Dialing”)

Attempt to connect with modems by dialing a range of numbers Wireless Penetration Test

Attempt to penetrate wireless devices to uncover vulnerabilities Wireless Assessment

Test of wireless network environment to assess security Application Assessment

Review of custom client/server applications to provide details on vulnerabilities

Mainframe Assessment Identification of vulnerabilities within the mainframe environment


Q&A

Technology

Presentation gdl