1 IBM Global Technology Services Managed Security Services Research Report IBM Security Services 2014 Cyber Security Intelligence Index Analysis of cyber attack and incident data from IBM s worldwide security operations
2 2 IBM Security Services 2014 Cyber Security Intelligence Index About this report IBM Managed Security Services continuously monitors billions of events per year, as reported by a sample of nearly 1,000 of our clients in 133 countries. This report is based on the cyber attack event data IBM collected between 1 January 2013 and 31 December 2013 in the course of monitoring client security devices as well as data derived from responding to and performing forensics on cyber attack incidents. It is complementary to the IBM X-Force 1Q 2014 Threat Intelligence Quarterly. 1 Since our client profiles can differ significantly across industries and company size, we have normalized the data for this report to describe an average client organization as having between 1,000 and 5,000 employees (although IBM typically serves larger client organizations), with an average of 500 security devices deployed within its network. The annual Cyber Security Intelligence Index report offers a high-level overview of the major threats trending across businesses worldwide over the past year. Our goal is to help you better understand the current threat landscape by offering a detailed look at the volume of attacks, the industries most affected, the most prevalent types of attacks and attackers, and the key factors enabling them. We provide insights into where and how successful attacks can impact today s technologydependent organizations and discuss how the threat landscape is evolving from year to year as companies work to better detect and insulate themselves from future attacks. The problem that isn t going away After several years of continuing growth, data breaches literally hit home in In that one year, more than half a billion records of personally identifiable information including names, s, credit card numbers and passwords were stolen. Heavy media coverage of several significant retail industry attacks pushed conversations about privacy and security straight from boardrooms into living rooms around the world. The damage from such data breaches can be severe. If consumers lose faith in a company s ability to keep their personal data safe, the company can ultimately lose customers. Most certainly they stand to lose money, and in some cases, intellectual property. In its most recent analysis, the Ponemon Institute found that in 2013 each lost data record cost companies an average of $145 per record, with companies in Germany losing the most per record for each data breach ($201), followed by the United States ($195), and companies in India the least at $51. 2 Based on the global average cost per record, that means: A major retailer with millions of leaked credit cards could face more than $100 million in direct costs, including fines. A university that leaked 40,000 records could suffer over $5.4 million in losses. Ponemon also found that heavily regulated industries such as healthcare, finance, pharmaceuticals and communications had a per record data breach cost ranging from $177 to $359 placing them well above the mean of $145. Meanwhile, retailers and public sector organizations had a per record cost of $105 and $100, considerably below the mean value. 3 The U.S. experienced the highest total average cost at more than $5.9 million, followed by Germany at $4.7 million. At the other end of the scale, Brazilian and Indian companies experienced the lowest total average cost at $1.6 million and $1.4 million respectively. 4
3 IBM Global Technology Services 3 With more data comes more vulnerability and more insight Looking back at 2013, we asked a few key questions: What s happening across the threat landscape? What kinds of attacks are being launched? How many of those attacks result in incidents requiring investigation? As companies around the world continue to expand their businesses and IT infrastructure adding more devices and increasing connectivity across their organizations their volumes of data requiring 24x7 monitoring also continue to grow. That can increase an organization s vulnerability by making it even more difficult to develop and deploy effective measures to fend off cyber attacks, but at the same time, such growth creates enormous quantities of data on security events. It also presents us with the challenge of understanding what all that data means and deciding what to do about it. IBM employs proprietary advanced analytics to tackle the massive amount of information collected across our monitored platforms and develop useful insights into the kinds of attacks that are taking place, who may be launching them and how their techniques are evolving. This report reflects both the data we ve gathered through our monitoring operations and the security intelligence generated by our analysis and the interpretations of our experienced security analysts and security response teams. The impact of security incidents What is the impact of a security incident? As we look through the data reported here, we see that the astronomical number of security events (see Figure 1) is ultimately whittled down to a much more manageable number of incidents. However, of those incidents, how many are actually noteworthy, with the potential to result in a significant or material impact to the business? According to the IBM Computer Security Incident Response Team, of all the security incidents they work through and analyze, only three percent actually reach a level of severity high enough to consider them noteworthy with the most common impact being data disclosure or theft. What is fascinating and disheartening is that over 95 percent of all incidents investigated recognize human error as a contributing factor. The most commonly recorded form of human errors include system misconfiguration, poor patch management, use of default user names and passwords or easy-to-guess passwords, lost laptops or mobile devices, and disclosure of regulated information via use of an incorrect address. The most prevalent contributing human error? Double clicking on an infected attachment or unsafe URL. A more efficient approach to narrowing down the numbers IBM s global monitoring operations and analysts have determined that the average company experienced more than 91 million security events in 2013 (see Figure 1) a 12 percent increase over That reflects the continued worldwide growth of data, networks, applications and the new technology and innovations they support. It also reflects a growing number of targets for potential attacks.
4 4 IBM Security Services 2014 Cyber Security Intelligence Index Virtually no company is equipped to deal with the threat potential of 91 million events a year on its own. And because we know that only a fraction of a percent of those security events end up being identified as incidents, the real challenge is determining which of those events deserve further attention (see sidebar Disruptions defined). IBM security intelligence correlation and analytics tools filter through millions of events each year and determine which ones deserve further attention. In 2013, that meant identifying nearly 17,000 potentially critical attacks out of over 91 million events. While the number of security events grows, so does our ability to analyze and manage them more efficiently. As a result, the annual number of security attacks seen by the average IBM client in 2013 dropped to an average of 16,900, down from 73,000 in IBM security analysts went on to review those 16,900 security attacks and found 109 security incidents for the average company in 2013, which is 19 more than the year before. 5 Disruptions defined Security event: An event on a system or network detected by a security device or application. Security attack: A security event that has been identified by correlation and analytics tools as malicious activity that is attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself. Security incident: An attack or security event that has been reviewed by IBM security analysts and deemed worthy of deeper investigation. Security breach: An incident that has successfully defeated security measures and accomplished its designated task. Security events, attacks and incidents for 2013 Security events Annual 91,765,453 Security attacks Annual 16,856 Security incidents Annual 109 Monthly 7,647,121 Monthly 1,405 Monthly 9 Weekly 1,764,720 Weekly 324 Weekly 2 Security Intelligence Correlation and analytics tools Security Intelligence Human security analysts Figure 1. Security intelligence makes it possible to reduce the millions of security events detected annually in any one of our clients systems to an average of 16,900 attacks and under 110 incidents in a single organization over the course of a year.
5 IBM Global Technology Services 5 Over 75 percent of incidents target the same five industries The not-so-big news is we re seeing the same five industries top the list of those struck by the most incidents over the past year. Some of them, however, have changed places within the group since Once again, the top two (see Figure 2) account for nearly half of the year s security incidents among our data sets. The only difference is that they swapped places in It s likely that these two industries will continue to battle for the number one target spot in the years to come, since a breach in either one can result in both major business disruption and big paydays for successful cyber criminals. Moving down the list, the two industries occupying fourth and fifth place have also swapped places although together they account for 12 percent of the incidents in 2013, compared to 14 percent in Because both the retail and health services Incident rates across monitored industries Finance and insurance Manufacturing Information and communication Retail and wholesale Health and social services 6.2 % 5.8 % 18.6 % 23.8 % 21.7 % Figure 2. The finance and manufacturing industries continue to offer attackers the most significant potential payoff. industries deal directly with consumers, attackers there are going after valuable personal and financial information including credit cards, which have become a hot commodity on the black market. How credit cards allow attackers to cash in The average credit card sells on the black market for anywhere from $25 to $100, depending on how much information is available with the card data such as CSV security code, known limits, and expiration date. Since news accounts reported that more than 110 million credit records were stolen in recent retail breaches, it s easy to see how the sellers could have netted as much as $11 billion. But the story doesn t end there. Once the stolen cards are acquired, they then move into an elaborate laundering scheme where they re used to buy gift cards and prepaid credit cards. The shuffling of funds continues as these untraceable cards are used to purchase other items that can then be sold online with no ties back to the original stolen card data. On the flip side, we know that in such large-scale cases as those disclosed late in 2013, the attackers success can also be their demise. News about these massive breaches travels fast, and that means the stolen cards will often be deactivated by their owners before anyone can sell them. The United States is typically one of the largest targets in this underground market. That s at least partly due to its status as one of the last remaining countries using magnetic strip credit cards which are the easiest to forge using stolen data, making them a highly attractive target. And although the retail industry is the primary target here, credit card theft is really a threat to many industries. That means we re likely to see a strong push for tighter credit card security in the very near future
6 6 IBM Security Services 2014 Cyber Security Intelligence Index Malicious code and sustained probes or scans still dominate the landscape As was the case for 2012, there were two types of incidents dominating the cyber attack landscape in Together, malicious code and sustained probes or scans accounted for 58 percent of the security incidents affecting our clients (see Figure 3). The two often go hand in hand. Sustained probes and scans are typically used to search for potential targets, enabling attackers to see where and when to unleash their malicious code (or malware). Meanwhile, it might seem Malicious code Categories of incidents 38 % surprising that denial of service attacks, which seem to run rampant across the threat landscape, make up only two percent of the incidents reported. But it turns out that many denial of service attacks lack the bandwidth necessary to make a significant impact on their targets. In addition, some clients employ denial of service protection services, which also blunt these attacks effectiveness. In fact, malicious code continues to be the primary mode of attack in cyber crime. And it can include third-party software, Trojan software, spear phishing, keyloggers and droppers (see the glossary on page 11 for definitions). Over the past year we ve also continued to see greater sophistication in the creation of attack tools and the development and underground sale of tool kits (ready-to-use hacking applications). It appears that many of the tool kits that have been seen repeatedly over the years have been updated and recycled for use today. Sustained probe/scan Unauthorized access Suspicious activity Access or credentials abuse Denial of service 2 % 9 % 12 % 20 % 19 % Unauthorized access incidents were more prevalent in 2013 up six percent over the previous year which fits with the apparently growing use of malware to elevate privilege levels after hacking into a network. After all, just because attackers are able to gain access to a network doesn t mean they can navigate it. The situation is similar to a trespasser who s able to tailgate into a building by following close behind someone with authorized access. Once inside, the trespasser still needs to figure out how to move around undetected. That activity in the cyber world is what comprises not only unauthorized access but suspicious activity traffic as well. Figure 3. Malicious code and sustained probes or scans top the list of incident categories affecting every industry covered in this report
7 IBM Global Technology Services 7 Who s behind these attacks and where are they coming from? As we continue to focus on determining who is carrying out these attacks, it s clear that the role played by both inadvertent actors and outsiders has become increasingly important (see Figure 4). While inadvertent actors make up just five percent of the attacker population, as they did in 2012, they remain among the most dangerous. As members of your own organization who are unwittingly recruited to aid the cause of others with malicious intent, they can become key players in carrying out highly damaging, potentially prolonged attacks that fail to arouse suspicion. That said, outsiders will likely continue to play the largest role in cyber crime for some time to come, making it essential that we understand who those outsiders really are and where they are located. Outsiders Combination Malicious insiders Inadvertent actor Categories of attackers 5 % 17 % 22 % 56 % The social life of the inadvertent actor Today s organizations are made up of individuals who are more likely than ever to have vast networks of online relationships, each of which involves huge amounts of personal data. But how can that personal data pose a threat to your company? Rather than seeing a particular enterprise as a single entity, attackers now also look at an enterprise as collections of individuals. That means they decide to target specific people instead of enterprise infrastructures or applications. In other words, the personal lives and business activities of employees can be leveraged to target an enterprise. Social networks intentionally make it easy for users to contact one another. It s a great way to wish a faraway friend a happy birthday. But it s also an easy way for an attacker to send a user to a malicious website or to send malware directly to that user all of which renders enterprise security countermeasures completely useless. For example, a user can access social media using a device attached to a corporate network and thus open up a pathway for the malware. Or an attacker can take advantage of personal information available online to learn enough about the individual to execute a targeted phishing campaign via the corporate account. In this scenario the bad guy sends what appears to be legitimate business correspondence and dupes the employee into opening an infected attachment. Either way, the command and control malware gets into the enterprise systems. Figure 4. More than half of all attacks are most likely to be instigated by outsiders
8 8 IBM Security Services 2014 Cyber Security Intelligence Index A new security reality has taken hold Organized criminals, hacktivists, governments and adversaries are motivated by financial gain, politics and notoriety to attack your most valuable assets. Their operations are well funded and businesslike. Attackers patiently evaluate targets based on potential effort and reward. Their methods are extremely targeted; they use social media and other entry points to track down people with access, take advantage of trust, and exploit them as vulnerabilities. Meanwhile, negligent employees inadvertently put the business at risk via human error. Even worse, security investments of the past fail to protect against these new classes of attacks. The result is more severe security breaches more often. In fact, 61 percent of organizations say data theft and cybercrime are the greatest threats to their reputation. 6 And the costs are staggering. Why act now? Your business may be more vulnerable than you think. And that s just the first reason. Here are a few more: Criminals will not relent: Once you re a target, criminals will spend as much time trying to break into your enterprise as you spend on your core business. If you don t have visibility into attacks as they happen, the criminals will succeed. Every business is affected: Banks were once the primary targets of cyber criminals, but today, diverse actors move with lightning speed to steal money, intellectual property, customer information and state secrets across all sectors. Your perimeter may already have been breached: Recent attacks demonstrate that victims were compromised for months before they discovered it. Assuming that you have already been breached is today s prudent security posture. It starts with a phone call and ends with a major data breach Social engineering techniques allow attackers to target a specific company and gain access to its valuable data. They steal internal phone directories and then call employees of interest. Their goal? To convince victims to willingly install remote administration software that the hackers can use to gain access into the victims network. Posing as internal security or IT staff members, they direct their victims to download and install well-known remote administration software to help resolve a critical systems problem. Or they instruct their unwitting victims to join a web conference and hand over control to the attackers. Once the attackers gain control of the system, they download and install malware to maintain a persistent connection, then elevate privileges and penetrate the network. Because most companies don t have a system in place to verify calls, this has become a highly effective method for attackers to infiltrate internal systems especially when those attackers are able to gain an understanding of the targets processes and use it to convince victims that it s important to take immediate action. The victims targeted for these attacks typically have easy access to the data that the attackers are after. So once a point of presence is solidified within the network, the attackers are able to steal just about any type of data including financials and intellectual property. Even those companies with strong security practices are still vulnerable to acts of social engineering. It s important to educate employees on an ongoing basis about identifying suspicious communications and potential risks to the organization.
9 IBM Global Technology Services 9 Why IBM Security? Traditional security defenses are no match for today s unrelenting, well-funded attackers, while disruptive technologies introduce new vulnerabilities to exploit. Organizations must accelerate their ability to limit new risk and apply intelligence to stop attackers regardless of how advanced or persistent they are. New analytics, innovation, and a systematic approach to security are necessary. And there are very few companies able to meet those requirements on their own. That s why Forrester Research has noted: [Managed security services providers] leverage impressive economies of scale to offer clients an enhanced security environment, costeffective security, and a scalable and flexible security platform capable of handling future expansion. 7 At IBM, our IT security services can cover every corner of your network, from infrastructure to applications to devices. We monitor, in near real time, some of the most complex corporate networks in the world. We develop some of the most sophisticated testing tools in the industry, many of which are used by our competitors. And our team of highly skilled security professionals is constantly identifying and analyzing new threats, often before they are even known by the world at large. In fact, we maintain the largest single database of known cyber security threats in the world. When you engage with IBM for managed security services, you gain access to a full suite of capabilities that can help you extend protection from the back office to the front office. And we help ensure that it s all integrated and coordinated across your enterprise. Should you experience a security breach, you can call on IBM s emergency response team to help speed your response to and recovery from a computer security incident.
10 10 IBM Security Services 2014 Cyber Security Intelligence Index For more information To learn more about how IBM can help you protect your organization from cyber threats and strengthen your IT security, contact your IBM representative or IBM Business Partner, or visit this website: ibm.com/services/security Follow us End notes 1 IBM Managed Security Services is responsible for monitoring exploits related to endpoints, servers (including web servers) and general network infrastructure. This team tracks exploits delivered over the web as well as via other vectors such as and instant messaging. Meanwhile, the X-Force research and development team studies and monitors the latest threat trends including vulnerabilities, exploits and active attacks, viruses and other malware, spam, phishing, and malicious web content. In addition to advising customers and the general public about emerging and critical threats, X-Force also delivers security content to help protect IBM customers from these threats. As a result, these two groups issue reports that look at similar issues, but from a slightly different perspective and over different timeframes. Therefore, their findings are meant to complement one another, even though those findings are not always identical. 2,3, Cost of Data Breach Study: Global Analysis, Ponemon Institute, May IBM Security Services 2013 Cyber Security Intelligence Index, June Global Reputational Risk & IT Study, IBM. 7 The Forrester Wave: Managed Security Services: North America, Forrester Research, Inc., March 26, 2012.
11 IBM Global Technology Services 11 Glossary Term Access or credentials abuse Attacks Breach or compromise Denial of service Droppers Event Inadvertent actor Incidents Keyloggers Malicious code Definition Activity detected that violates the known use policy of that network or falls outside of what is considered typical usage. Security events that have been identified by correlation and analytics tools as malicious activity attempting to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. Security events such as SQL Injection, URL tampering, denial of service, and spear phishing fall into this category. An incident that has successfully defeated security measures and accomplished its designated task. Attempts to flood a server or network with such a large amount of malicious traffic that it renders the device unable to perform its designated functions. Malicious software designed to install other malicious software on a target. An event is an observable occurrence in a system or network. Any attack or suspicious activity sourcing from an IP address inside a customer network that is allegedly being executed without the knowledge of the user. Attacks and/or security events that have been reviewed by security analysts and have been deemed a security incident worthy of deeper investigation. Software designed to record the keystrokes typed on a keyboard. This malicious software is primarily used to steal passwords. A term used to describe software created for malicious use. It is usually designed to disrupt systems, gain unauthorized access, or gather information about the system or user being attacked. Third party software, Trojan software, keyloggers, and droppers can fall into this category. Phishing Security event Security device Spear phishing SQL injection Suspicious activity Sustained probe/scan Trojan software Unauthorized access Wiper A term used to describe when users are lured into browsing a malicious URL designed to pose as a website they trust, thus tricking them into providing information that can then be used to compromise their system, accounts, and/or steal their identity. An event on a system or network detected by a security device or application. Any device or software designed specifically to detect and/or protect a host or network from malicious activity. Such network-based devices are often referred to as intrusion detection and/or prevention systems (IDS, IPS or IDPS), while the host-based versions are often referred to as host-based intrusion detection and/or prevention systems (HIDS or HIPS). Phishing attempts with specific targets. These targets are usually chosen strategically in order to gain access to very specific devices or victims. An attack that attempts to pass SQL commands through a website in order to elicit a desired response one that the website is not designed to provide. These are lower priority attacks or suspicious traffic that could not be classified into one single type of category. They are usually detected over time by analyzing extended periods of data. Reconnaissance activity usually designed to gather information about the targeted systems such as operating systems, open ports, and running services. Malicious software hidden inside another software package that appears safe. This usually denotes suspicious activity on a system or failed attempts to access a system by a user or users who does not have access. Malicious software designed to erase data and destroy the capability to restore it. Outsiders Any attacks sourced from an IP address external to a customer s network.
12 Copyright IBM Corporation 2014 IBM Corporation IBM Global Technology Services Route 100 Somers, NY Produced in the United States of America June 2014 IBM, the IBM logo, ibm.com and X-force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information at ibm.com/legal/copytrade. shtml This document is current as of the initial date of publication and may be changed by IBM at any time. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. Please Recycle SEW03039-USEN-02
IBM Global Technology Services Security Services July 2013i IBM Global Technology Services IBM Security Services Cyber Security Intelligence Index Analysis of cyber security attack and incident data from
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez email@example.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz firstname.lastname@example.org IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE email@example.com 1 You are an... IT Security Manager at a retailer
Reviewing a year of serious data breaches, major attacks and new vulnerabilities Analysis of cyber attack and incident data from IBM s worldwide security services operations IBM X-Force Research 2016 Cyber
IBM Security Intrusion Prevention Solutions Sarah Cucuz firstname.lastname@example.org IBM Software Solution Brief IBM Security intrusion prevention solutions In-depth protection for networks, servers, endpoints
IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers
IBM Software Win the race against time to stay ahead of cybercriminals Get to the root cause of attacks fast with IBM Security QRadar Incident Forensics Highlights Help reduce the time required to determine
IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
IBM Security Managed Security Services IBM 2015 Cyber Security Intelligence Index Analysis of cyber attack and incident data from IBM s worldwide security services operations Research Report Contents The
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
IBM Security Managed Security Services IBM 2015 Cyber Security Intelligence Index Analysis of cyber attack and incident data from IBM s worldwide security services operations Research Report Contents The
Building a Smarter Planet with Advanced Cyber Security Solutions Recognize Nefarious Cyber Activity and Catch Those Responsible with Highlights g Cyber Security Solutions from IBM InfoSphere Entity Analytic
Simplify security management in the cloud IBM Endpoint Manager and IBM SmartCloud offerings provide complete cloud protection Highlights Ensure security of new cloud services by employing scalable, optimized
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
Safeguarding the cloud with IBM Security solutions Maintain visibility and control with proven solutions for public, private and hybrid clouds Highlights Address cloud concerns with enterprise-class solutions
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat
WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this
The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
IBM Endpoint Manager for Core Protection Device control and endpoint protection designed to guard against malware and loss of sensitive data Highlights Delivers real-time endpoint protection against viruses,
Leverage security intelligence for retail organizations Embrace mobile consumers, protect payment and personal data, deliver a secure shopping experience Highlights Reach the connected consumer without
IBM Software Thought Leadership White Paper October 2012 Avoiding insider threats to enterprise security Protect privileged user identities across complex IT environments even in the cloud 2 Avoiding insider
Solution Overview Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats What You Will Learn The network security threat landscape is ever-evolving. But always
Commissioned Study SURVEY: Web Threats Expose Businesses to Data Loss Introduction Web-borne attacks are on the rise as cybercriminals and others who do harm to computer systems for profit or malice prey
Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 email@example.com Powerful Insights. Proven Delivery. Kevin
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
EY Cyber Security Hacktics Center of Excellence The Cyber Crime Underground Page 2 The Darknet Page 3 What can we find there? Hit men Page 4 What can we find there? Drug dealers Page 5 What can we find
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
INTRODUCING isheriff CLOUD SECURITY isheriff s cloud-based, multi-layered, threat protection service is the simplest and most cost effective way to protect your organization s data and devices from cyber-threats.
Protecting Against Online Fraud with F5 Fraud is a relentless threat to financial services organizations that offer online banking. The F5 Web Fraud Protection solution defends against malware, phishing
STOP Cybercriminals and security attacks ControlNow TM Whitepaper Table of Contents Introduction 3 What the headlines don t tell you 4 The malware (r)evolution 5 Spear phishing scams 5 Poisoned searches
Cisco IPS Tuning Overview Overview Increasingly sophisticated attacks on business networks can impede business productivity, obstruct access to applications and resources, and significantly disrupt communications.
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
Best Practices Top 10: Keep your e-marketing safe from threats Months of work on a marketing campaign can go down the drain in a matter of minutes thanks to an unforeseen vulnerability on your campaign