Staying Ahead of the Cyber Security Game. Nigel Tan ASEAN Technical Leader IBM Security

Transcription

1 Staying Ahead of the Cyber Security Game Nigel Tan ASEAN Technical Leader IBM Security

2 PARADIGM SHIFT in crime ORGANIZED COLLABORATIVE AUTOMATED

3 Cyber Criminals Use BUSINESS INTELLIGENCE

4 NOBODY IS IMMUNE % increase ,000,000+ records 2014 Unprecedented impact Attack types XSS Heartbleed Physical Access Brute Misconfig. Watering Hole Phishing SQLi DDoS Malware Undisclosed Force Sources: IBM X-Force Threat Intelligence Quarterly 1Q 2015

5 A New Way to Think About SECURITY

6 Security Imperatives STOP advanced threats PROTECT critical assets SAFEGUARD cloud and mobile OPTIMIZE your security program

7 Stop advanced threats Prevent targeted attacks in realtime Detect threats with security intelligence Defend against web fraud and cybercrime

8 Stop advanced threats Magic bullets don t work; firms need intelligent and integrated solutions

9 Protect Against Targeted Attacks DETECT Security intelligence Global security information Managed services PREVENT Behavioral malware prevention Zero-day exploit prevention Real-time data security RESPOND Incident forensics Endpoint management Emergency response

10 Protect critical assets Use context-aware, role-based controls to help prevent unauthorized access Govern and administer users and their access Identify and protect your crown jewels Manage application security risk Manage and secure your network and enpoints

11 Protect critical assets Organizations struggle to find their sensitive data and to build security around the people and applications that use it

12 Focus on your most critical assets.01 % to 2 % ~70 % is your critical data of the company s value Source: 2013 Commission on the Theft of American Intellectual Property

13 Align Security spend with risk 35% - 30% - 25% - 20% - 15% - Spend Risk Security Spend Security Risk 10% - Network Layer Application Layer Source: The State of Risk-Based Security Management, Research Study by Ponemon Institute, 2013

14 Safeguard Cloud and Mobile IaaS PaaS SaaS Protect Cloud Manage Access Protect Data Gain Visibility Protect Mobile Devices Applications Content Utilize cloud and mobile to reinvent security

15 Optimize the security program Integrate security silos, reduce complexity, and lower costs Risk-Aware Culture & Strategy Assess and transform your security maturity End-to-End Security Intelligence Build a next generation security operations capability Intelligent Threat Protection and Response Get help from the experts

16 Optimize the security program Most security programs today are compliance-based vs. risk-based 2012 ESG research

17 Optimize your security program A financial services firm analyzed 13M+ events per day and blocked 650+ suspicious incidents in the first 6 months Safeguard cloud and mobile A Fortune 10 automobile manufacturer safeguards access to its cloud hub for 8.5M automobile customers and internal users Protect critical assets A computer services company achieved a 33% reduction in the number of vulnerabilities in scanned programs Stop advanced threats A North American healthcare organization protected 30K endpoints and blocked 200 threats in the first 8 weeks

18 IBM Security

19 The IBM Security Journey IBM Security Systems IBM Security Services IBM Security IBM Security Systems IBM Security Services IBM acquires Q1 Labs, creates security division zdnet.com IBM Security has become a juggernaut networkworld.com 19% 2014 YtY growth 3x the market growth

20 Expand the Value of Security through Integration BigFix QRadar Incident Forensics Trusteer Apex zsecure Network Protection XGS SiteProtector Network QRadar Risk Manager Endpoint Mobile MobileFirst Protect (MaaS360) MobileFirst Platform (Worklight) Trusteer Mobile AppScan Applications Security Intelligence QRadar SIEM QRadar Log Manager QRadar Vulnerability Manager Advanced Fraud Trusteer Pinpoint Trusteer Rapport Data Identity and Access Guardium Suite Privileged Identity Manager Key Lifecycle Manager Consulting Services Managed Services Access Manager Ecosystem Partners IBM X-Force Research Identity Manager

21 IBM X-Force Exchange: A threat intelligence platform One of world s largest catalogs of vulnerabilities Threat information based on 15B+ monitored security events per day Malware threat intelligence from 270M+ endpoints Threat information based on 25B+ web pages, images Intelligence on 8M+ spam and phishing attacks Reputation data on 1M malicious IP addresses 1,000+ organizations signed up in the first week Participants across 16 industries, 5 of the world s top 10 banks, 6 of the top 10 retailers

22 Learn more about IBM Security Visit our website ibm.com/security Watch our videos youtube.com/user/ibmsecuritysolutions Read new blog posts SecurityIntelligence.com Follow us on