Managed Security Services
|
|
- Kevin Snow
- 8 years ago
- Views:
Transcription
1 IBM Global Technology Services Service Profile Managed Security Services Managed Security Services Helping to strengthen your defenses through service delivery best practices
2 1 2 5 Overview Deployment 3Service Delivery 4Support and Reporting Next Steps A brief summary of IBM Managed Security Services and the business challenges addressed A look at the IBM solution, including its capabilities, technical components, and cost How IBM will manage your security assets, monitor your environment, analyze event data and handle security incidents Our customer portal, problem management and the query and reporting tools that can help you manage your security environment Steps you can take and resources you can explore to learn more about IBM Managed Security Services
3 1. Overview The need for protection Enterprises of all sizes struggle in an ongoing battle to defend against online attackers that can strike at any moment. Whether it s a virus or denial-of-service attack or unauthorized database access, successful security attacks wreak havoc by disrupting business operations, reducing workforce productivity, damaging the infrastructure and harming reputation and brand value. Liabilities associated with inadequate security management are becoming more severe, ranging from resources required to remedy the breach, costly downtime and potential loss of business to penalties for regulatory noncompliance. While IT security threats continue to evolve, organizations face shrinking budgets, competing priorities and more complex environments. Today s IT security departments need to deliver a higher level of protection at a significantly reduced cost. However, organizations managing their own information security often lack the inhouse resources required to protect online systems on a 24x7x365 basis. Advanced security practices require highly skilled personnel who can be expensive to recruit, hire and retain. In addition, implementing and managing security solutions can divert IT resources from other critical initiatives, including preventing the next attack. IBM Managed Security Services IBM Managed Security Services for customer premises equipment (see Table 1) are designed to provide around-the-clock, near-real-time monitoring and management of security technology from a variety of vendors, helping you protect the value of your existing security investments while reducing the complexity and cost of your security operations. These managed services can be employed individually or in combination to help organizations: Improve security posture and mitigate risks to business operations 1 Overview Deployment 3 Service Delivery 4 Support and Reporting 5 Next Steps 1
4 Reduce the cost of security management Simplify management and reduce complexity Address critical skill shortages Support compliance management. IBM also offers a comprehensive range of hosted managed security services as well as a Managed Distributed Denial of Service (DDoS) Protection solution. By combining offerings from IBM s full portfolio of complementary managed services, you can increase both your cost savings and your security intelligence. That s because IBM s global security operations infrastructure is designed to integrate data from multiple managed security services, helping you to Firewall Management 24x7 firewall monitoring, escalation, incident reporting, and remediation assistance. Managed Security Information and Event Management (SIEM) Provides 24x7 expert monitoring and response for Check Point NGX / R71 and later Cisco Juniper Netscreen customer SIEM tools. IBM Q1 Labs QRadar HP ArcSight Unified Threat Management 24x7 management with support for comprehensive UTM product features (firewall, IPS/ Managed Secure Web Gateway Ongoing protection of critical web-based transactions. IDS, anti-virus, anti-spam, web filtering, SSL VPN). BlueCoat SG (Proxy) BlueCoat AV (w/ SG) IBM Proventia Network Multi- Function Security Check Point UTM-1, Edge and IP Appliance Cisco ASA, ISR Juniper SSG, ISG + IDP, SRX Palo Alto Networks Fortinet FortiGate Managed Protection Services 24x7 protection and live, expert management, monitoring and escalation for enterprise networks and endpoints. Vulnerability Management Services Ongoing security scans that help identify and prioritize vulnerabilities found Intrusion Detection and Prevention Management 24x7 threat monitoring, escalation, incident reporting, and on network devices, operating systems, web applications and databases. remediation assistance. IBM Network Intrusion Prevention System IBM Security Server Protection Cisco IDS, IPS, IDP McAfee Intrushield, M Series IPS SourceFire Check Point IPS-1 Juniper IDP Table 1. IBM Managed Security Services (customer premises equipment) and device support 2 1 Overview Deployment 3 Service Delivery 4 Support and Reporting 5 Next Steps
5 bridge IT silos and technologies and gain an end-to-end view of your security landscape (see Figure 1). The end result is more information, correlated by IBM in near real time for deep analysis and faster response to threats. Service features IBM Managed Security Services offer industry-leading tools, technology and expertise combined with flexible, scalable packaging to meet a broad range of requirements. Whether you purchase managed services for one or for multiple device types, your security solution will include: Add Gain Firewall logs Near-real-time identification of connections with known attackers Good Intrusion detection and prevention services Knowledge of the attacks levied against you Better Vulnerability scan results Knowledge of whether the attacks are successful Enhanced Figure 1. Combining IBM Managed Security Services offerings can help increase your analytic capabilities. Operating system and application logs Ability to monitor suspicious internal activities Superior 1 Overview Deployment 3 Service Delivery 4 Support and Reporting 5 Next Steps 3
6 The Virtual Security Operations Center (Virtual SOC) web-based customer portal that provides a single pane of glass through which you can manage your security environment and your IBM services Access to security experts Continuous upgrades and updates Standardized and customizable reporting SSAE 16-certified operations at all of our state-of-the-art Security Operations Centers (SOCs), which are designed for high availability Simplified flat-rate pricing standardized across our core set of services, with pricing tiers that offer the flexibility to select the service levels that best fit your security environment Security intelligence and reports from the global IBM X-Force security research organization. Flexible configuration of service levels With IBM, you gain the flexibility to configure your managed security services to meet your requirements for response time, device availability and cost. You can choose from preconfigured service packages that simplify the buying process, or you can start with the base service and then specify service level options per device, by location or even with device-by-device granularity. For example, per device, your configuration options can include: Retention of log data (one, three, five or seven years) One-time charge or monthly charge for service initiation and device configuration fees Automated analysis and alerting or eyes on monitoring and alerting by an IBM Threat Analyst Alert response times (15-, 30- or 60-minute service levels) Policy Change Request response times (2-, 4-, 8-, 12- or 24-hour service levels) Device health event notification (15-, 30- or 60-minute service levels) Device update application (24-, 48- or 72- hour service levels) 1 Overview Deployment 3 Service Delivery 4 Support and Reporting 5 Next Steps 4
7 Device availability, including options for management of a warm stand-by redundant device and high availability configurations of clustered devices. IBM X-Force Threat Analysis Service Included with all IBM Managed Security Services offerings, and integrated into the customer portal, is the IBM X-Force Threat Analysis Service. This industry-leading security intelligence service helps you proactively manage daily security threats by providing an evaluation of global online threat conditions and detailed analysis tailored for your needs. The X-Force Threat Analysis Service consists of a blend of trusted security intelligence from the IBM Security X-Force research and development organization, threat data collected from IBM s international network of security operations centers and over 30,000 managed or monitored network sensors, agents and devices, and global Internet threats monitored 24x7x365 by IBM s global threat operations center. The global Internet threat level is updated in real time by X-Force personnel and reported using the AlertCon rating system, an indicator designed to measure the level of threat to online assets at a certain point in time. In addition to current AlertCon status, the X-Force Threat Analysis Service provides customized threat information and security news relevant to your platforms, products and business. Detailed information about X-Force Threat Analysis Service reports and the X-Force section of the Virtual SOC portal can be found in Section 4 of this guide. 1 Overview Deployment 3 Service Delivery 4 Support and Reporting 5 Next Steps 5
8 2. Deployment Activating services IBM employs a structured five-phase process to help ensure a smooth implementation of your managed security services (see Figure 2). As a general rule, implementations are completed in 30 to 60 days although small projects may take only a few days while very large projects may be implemented in stages over several months. Initiation. Your assigned Deployment Engineer (DE), who will be your single point of contact during implementation, will review your order with you and establish contact with the various members of your team. Your DE will work with your team to determine a timeline and assess the status of your sites. Planning. During this phase, your DE will work with your team to plan how any new security devices will be placed into your network; how IBM will manage and monitor your security devices and data via various encrypted communication channels; and schedule more definitive installation and service activation dates. Staging. If applicable, your DE will arrange for any new security devices that you have purchased through or provided to IBM to be configured, either remotely or at one of our deployment centers. Your DE will also prepare the management architecture at IBM for your security devices. Integration. In this phase, new security devices are installed and tested for correct functionality, and connectivity is established between your existing devices and the Security Operations Center (SOC). After testing shows that the SOC is able to monitor and manage your security devices, your DE will transition device management to the SOC and demonstrate the Virtual SOC customer portal to your team. 2 Deployment 1 Overview Service Delivery 4 Support and Reporting 5 Next Steps 6
9 Closeout. Your DE will wrap up any final deployment items and host or arrange an introductory call with the SOC team that will provide your 24x7x365 security services. From this point, your primary contact will be with the SOC, with your DE available to you for final outstanding issues and transition questions. Establishing baseline policies Unless otherwise requested, IBM deploys new devices and agents with a standard baseline policy developed by the IBM Security Operations Center. IBM baseline policies generally reflect the default policy recommendations of the respective product vendors. This includes which signatures Design Outputs Managed Security Services deployment and integration process Initiate Figure 2. IBM s established process for deploying and integrating your devices into our management infrastructure is designed to ensure a smooth implementation of your managed security services. are enabled and which responses are configured for each signature. However, based on trends and emerging threats Plan Stage Close SOC Inputs detected by IBM security analysts, baseline policies may also include deviations from vendor recommendations. 2 Deployment 1 Overview Service Delivery 4 Support and Reporting 5 Next Steps 7
10 For existing devices and agents, IBM recommends that you replace existing policies with IBM baseline policies when you migrate to the SOC for management. This can help eliminate past misconfigurations that created security holes and replace outdated or ineffective tuning with a consistent baseline across all managed devices. For clients who have multiple devices and agents of the same model, version or operating system, IBM shares policies wherever possible. Shared policies provide consistency in security coverage, allow for faster deployment of new signatures and other policy changes and help facilitate efficient auditing. Roles and responsibilities: IBM security operations To effectively and efficiently manage each client s security infrastructure and ensure the proper skills are leveraged across operations, IBM has divided the SOC team into three primary groups: Threat Analysts operate 24x7x365 and focus directly on actionable events that are filtered through to the Virtual SOC operations console. These analysts monitor multiple data sources, respond to alerts, and investigate and escalate security incidents. The Device Management Team operates 24x7x365, with responsibility for managing device health and availability. These security experts work with clients to resolve device issues, perform maintenance and upgrades, implement policy changes and provide technical support. The Service Assurance and Standards Team monitors processes for quality control, conducts training and performs planning and operational project management. 2 Deployment 1 Overview Service Delivery 4 Support and Reporting 5 Next Steps 8
11 Responding to a security incident: who is in charge? While it is IBM s responsibility to monitor your supported security environment, manage the health of your devices and analyze events and alerts, your Computer Security Incident Response Team (CSIRT) is responsible for verifying and acting on actual incidents whether escalated by the SOC or your own IT staff. Your Incident Response Team should be guided by your organization s Computer Security Incident Response Plan (CSIRP), which provides a map for dealing with a security attack. It should define the roles and responsibilities of all respondents, establish authority for making major decisions and define communications flows and notification procedures. During your response, it is critical that your team and the SOC staff remain in close communication. For its part, the SOC will continue to provide assistance and offer recommendations where appropriate until the incident is resolved and closed. Roles and responsibilities: client IT security team To help ensure your success in using IBM Managed Security Services, it is critical that you assign staff to effectively execute on the following security responsibilities. How an organization staffs these roles depends on its size. For small organizations, a single person could potentially perform all of these responsibilities. In large organizations, multiple individuals may be needed to fulfill these responsibilities: Interacting with the managed security service through the customer portal to review device status, open tickets, security incidents and X-Force threat information Documenting customer networks, devices, servers and other assets Reviewing device policies and initiating change requests Determining when escalations both within the client organization and to the SOC are necessary Responding to SOC-initiated escalations and coordinating appropriate internal resources. 2 Deployment 1 Overview Service Delivery 4 Support and Reporting 5 Next Steps 9
12 3. Service Delivery Security Operations Center IBM s global network of interconnected Security Operation Centers (SOCs) serves as the principle delivery arm for all Managed Security Services. Each of the SOCs is located within a hardened IBM facility that provides industry-standard security protocols for both physical and logical security. IBM SOCs carry SSAE16 (Statement on Standards for Attestation Engagements, number 16) certifications and are operated according to governance standards from organizations such as ISO and the Federal Financial Institutions Examination Council (FFIEC) as well as IBM s own stringent IT security standards. A common technology architecture and an integrated managed security services network enables all SOCs to function as a single cohesive operation known as a Virtual Security Operations Center (Virtual SOC) with any SOC able to see all managed and monitored devices. Standardized hardware and software plus common policies and procedures enforce uniform management and monitoring of client devices as well as globally managed SLAs and change control. With the Virtual SOC structure, a full staff of security specialists is available 24 hours a day during the business week, with a more limited staff on weekends and holidays (see Figure 3). Additionally, each SOC has visibility into every other. Through the use of web cams, voice over IP, and a digital SOC engineer dashboard, SOC engineers may act and feel as if each SOC is right next door regardless of how many thousands of miles away they actually may be located. Global SOC activity is orchestrated from a centralized command and control center 10 3 Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
13 Security Operations Center Staffing 1st shift 2nd shift 3rd shift Atlanta, GA, United States Brisbane, Australia Brisbane, Australia Boulder, CO, United States Brussels, Belgium Hortolandia, Brazil Bangalore, India Bangalore, India Southfield, MI, United States Tokyo, Japan located in Atlanta, Georgia. Here, workload balancing, managed device failover and event correlation and analysis occur. The Atlanta facility also serves as IBM s Global Threat Operations Center (GTOC). Here, threat information is correlated, global trends identified, and daily briefings for the various government agencies IBM supports including the U.S. Department of Homeland Security, the Information Technology Information Sharing and Analysis Center (IT-ISAC) and the U.S. Federal Bureau of Investigation (FBI) are conducted via conference call every morning. Wroclaw, Poland Heredia, Costa Rica Figure 3. Globally integrated security operation centers (SOCs) and around-the-clock staffing enable 24x7x365 security management and monitoring. 3 Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
14 Device management A key component of IBM Managed Security Services is the remote device management capability, which enables SOC personnel to conduct essential daily activities such as troubleshooting, configuration management, log management, installation of upgrades and overall device monitoring (see Figure 4). Through remote monitoring, the SOC is able to detect connectivity failures or other abnormal issues that could adversely affect your security and business operations. Customer location Security devices Command & Control Device Management Health Monitoring Event Stream Internet or VPN Security Operations Center (SOC) Device monitors X-Force Protection System SOC analysts Figure 4. This high-level view of the Managed Security Services architecture shows the data flow between the managed devices at the customer location and the SOC. If an event makes it impossible to manage a device via an in-band connection, IBM works with your designated personnel to identify the causes of the outage and determine whether the loss of connectivity represents a larger incident that could affect security or operations. IBM issues a trouble ticket and tracks the problem through resolution Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
15 Policy tuning and policy changes Typically after two to four weeks of steady state operations, your managed devices will have produced enough event data for policy tuning. Your analysts can evaluate this data to identify opportunities to better align the standard baseline policies established by IBM at service initiation with your network traffic. This effort can help reduce false positives and the amount of data analysis required to monitor your network, helping focus incident response on real events. Whether requested as the result of initial tuning decisions, because of changes in the threat landscape or in response to actual events, policy changes for devices managed by IBM are considered to be standard requests, with implementation time frames determined by contracted service levels. Policy change requests for example, a firewall policy change or an intrusion detection signature change are submitted via the Virtual SOC portal as tickets and executed by a SOC engineer. The ticketing system helps to track your policy changes over time and helps ensure that they are implemented correctly. Updates and patches New security content and signatures, as well as product enhancements, firmware updates and bug fixes release on a monthly basis at a minimum and more frequently as necessary, based on the current Internet threat environment. Emergency updates may be made available within 24 hours of a new vulnerability being discovered. All updates and associated communications are coordinated with the client through the ticketing system in the Virtual SOC. Security content updates typically contain new signature information and minor updates to the device. They do not include changes to the device operating system or to hardware drivers and as such they generally do not impact the monitored 13 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps 3 Service Delivery
16 networks, or require a maintenance window. The SOC applies these content updates automatically unless customers specify otherwise. The update process starts within a specific number of hours from the timestamp of the official release from the device vendor, as outlined by your service level agreement. For IBM security products, there is a regular monthly X-Press Update (XPU) release immediately following the Microsoft monthly patch release. IBM also releases emergency XPUs as needed to address zero-day exploits and other urgent security issues. For firmware updates, the SOC reviews each release as it is announced by the respective vendor to determine the criticality of the update. If the firmware release addresses a significant security vulnerability in the product, the SOC creates a ticket with specific details and works with you to schedule a maintenance window to perform the update. If, upon investigation, the SOC judges a firmware update to be non-critical, the update will be treated as optional. Event monitoring and analysis IBM Security Services are dedicated to providing customers with the highest level of protection services to help address vulnerabilities and guard against Internetbased threats. The first line of defense is the X-Force Protection System (XPS), a proprietary IBM tool that handles the collection, archiving and analysis of all logs and events monitored by the SOC (see Figure 4). A security event is defined as the output of a security device or application. Examples of security events include alerts from intrusion detection/prevention sensors (IDPS) or logs from firewalls. The XPS correlation engine employs sophisticated statistical analysis and rules-based correlation to filter out real events from noise in the data coming from these devices (see Figure 5). IBM s highly skilled SOC analysts continuously monitor and evaluate the 14 3 Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
17 filtered event data in near real time to identify security incidents. These analysts correlate across multiple data sources and types, including X-Force security intelligence and a customer s security posture. As part of initial event triage, SOC analysts draw on their in-depth knowledge of vulnerabilities and attack vectors to quickly eliminate false alarms. SOC analysts are also trained to uncover events that are more difficult to identify, such as low and slow security incidents as well as advanced persistent threats. Potential alerts IBM X-Force Protection Service (XPS) databases and logic engines are referenced and the data analyzed by our industry-leading expert system Alerts generated by XPS Events eliminated and validated by analysts Filtered by your customized IT profile Events eliminated and validated by analysts Prioritized events with solutions requiring client action Virtual SOC portal updated Events eliminated and validated by analysts IBM-monitored and IBM-managed client devices 1 billion 150, Figure 5. IBM employs multiple tiers of analysis by both expert systems and skilled analysts to filter out noise and prioritize events based on your environment Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
18 Incident management Events that cannot be immediately dismissed trigger a comprehensive review of vulnerability data, past security incidents, customer network diagrams, and realtime cross-correlation of global attack trends. SOC analysts employ a six-phase methodology to thoroughly investigate anomalous or suspicious activity. Phase 1: Intelligence and attack analysis IBM X-Force intelligence provides the basis for the initial triage of events. Using information about how the exploits work, SOC analysts correlate activity patterns with signature severity to associate the behavior with known attacks. This allows the SOC analyst to determine the potential risks associated with the events. Phase 2: Source and target investigations This investigation varies based on whether the source and target machines are internal or external to a customer s network. For internal machines, the SOC crossreferences against monitored network diagrams, critical server information and, when available, vulnerability scan data. For external machines, analysts cross-reference against the X-Force black list IP blocks, known attackers and past investigations and escalations. Phase 3: Incident classification and prioritization Not all investigations of suspicious activity result in the declaration of a security incident: the majority of events are classified as non-actionable. These events are triggered by malicious traffic in the customer environment for example, the presence of mass worm traffic on a network but the targeted networks and servers are not vulnerable to the exploits. Unless a customer server is infected and actively propagating a worm, there is no need for action, and the event is not escalated Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
19 Only after careful examination and analysis of the data is an event classified as a security incident requiring action and prioritized according to the severity of the threat. IBM employs the following incident categories to help guide subsequent actions: Malicious code: A virus, worm, Trojan or other code-based entity that has successfully infected or compromised an internal system, and has begun propagating within internal networks or systems Probes and scans: Reconnaissance activities on a network intended to discover systems and facilitate network mapping Denial of service: An attack that impairs the use of networks, systems, or applications by exhausting connection and bandwidth resources; both denial of service (DoS) and distributed denial of device (DDoS) attacks fall into this category Unauthorized access: Unauthorized logical access to a network, system, application, data, or other resource, including root compromises, unauthorized data alterations and website defacements Inappropriate use: Violations of acceptable use policies, such as peer-topeer file sharing applications and other misuses or abuses of resources Trend analysis: Anomalous activity within a standard event stream for a given device that requires a historical review of an event stream, which is not typically performed in real time Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
20 After classification, the SOC analyst prioritizes the incident by correlating three factors (see Figure 6). Security incidents are assigned to one of three priority levels: Priority 1: Incidents at this level are actionable, high-risk events that have the potential to cause severe damage to customer environments. Priority 1 events require customers to take immediate defensive actions. System or data compromises, worm infections and propagation, massive denial of service (DOS) attacks, and similar incidents are assigned this priority level. Priority 2: This is the lowest level of actionable incidents. Priority 2 incidents Attack severity Figure 6. SOC analysts prioritize incidents based on three criteria. require customers to take actions within 12 to 24 hours of notification by the SOC. Incidents such as unauthorized local Incident priority Security intelligence category Analyst investigation and correlation scanning activity and attacks targeted at specific servers or workstations are assigned this priority level Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
21 Priority 3: Incidents in this category involve activity on a network or server that is not directly actionable. Discovery and vulnerability scanning, information gathering scripts and other reconnaissance probes are assigned this priority level. Phase 4: Incident escalation Once an incident has been identified, classified and prioritized, IBM escalates it to your authorized security staff for handling. Contracted service levels determine how quickly security incidents will be escalated, with service level options for 15-, 30- or 60-minute response times. Customers can set preferences for preferred methods of notification for example, telephone, mobile phone, or via the portal. During a Priority 1 security incident escalation, IBM will attempt to reach the designated customer contact until successfully notified or all escalation contacts have been exhausted. Phase 5: Countermeasure recommendations After reaching an authorized contact during a Priority 1 security incident escalation, the SOC analyst will recommend appropriate actions to thwart or contain the attack. The countermeasures available to the SOC and clients vary based on the services and platforms managed by IBM at the affected site. A list of countermeasures and their associated properties is detailed in Table 2. Countermeasure Type IBM Default Action Requires Authorization Platforms Reactive Block No Yes IBM IDS/ IPS Kill No Yes All network and host IDS/IPS ISP notification Yes No All Firewall policy or ACL change No Yes IBM IDS/ IPS or managed firewall Table 2. SOC analysts will work with you to determine actions you can take to thwart or contain an attack Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
22 Important note: The client Incident Response Team is responsible for verifying and acting on SOC-escalated incidents, in accordance with the organization s Computer Security Incident Response Plan (CSIRP). As your team executes your CSIRP, it is critical that you and the IBM SOC staff remain in close communication. For its part, the SOC will continue to provide assistance and offer recommendations where appropriate. If your organization lacks a robust CSIRP or an emergency response capability, IBM offers security consulting services that can address your particular needs. Phase 6: Documentation The final stage of any security incident escalation is documentation. All aspects of the activity and attack are documented within a security incident ticket and report. Ticketing and reporting information is available to customers in real time via the Virtual SOC customer portal Service Delivery 1 Overview 2 Deployment 4 Support and Reporting 5 Next Steps
23 4. Support and Reporting Virtual SOC customer portal The Virtual SOC customer portal is a webbased portal that serves as a centralized command center for monitoring and controlling security devices under IBM management. It is available online 24x7x365 from a desktop or handheld device. The portal may be used to submit policy change requests, create tickets, generate reports and view security events and logs from managed devices at a single location. With the Virtual SOC portal (see Figure 7): Consolidated security views enable monitoring and control of all managed security services via a centralized command center and the viewing of all security events and logs through a single tabbed interface. Powerful query and reporting options allow ad hoc queries and reports for security devices, security events, service level agreement activity and other parameters as well as customized standard reports. Event/log archives provide online event/ log storage accessible via the Virtual SOC portal and offline archiving in the forensically sound IBM Managed Security Services archive system. A granular permissions system allows you to determine who can access the portal, what each user sees, what each user can change, and who is authorized to contact the SOC. Integrated trouble ticketing and workflow provides a trouble ticket workflow system for the creation, assignment and tracking of ticket status. Integrated X-Force security intelligence includes real-time integrated X-Force security intelligence feeds and research tools Overview 2 Deployment 3 Service Delivery 5 Next Steps 4 Support and Reporting
24 Problem management and resolution The process for managing security incidents is detailed in Section 3 of this guide. Service incidents problems outside of standard service operations that cause, or may cause, a reduction in service quality or a security compromise are addressed by a separate team of SOC specialists. Both types of incidents are tracked end-to-end via the integrated ticketing system. Service incidents classified by customers as major (Severity 1) pose a risk to critical business processes, such as revenue generation, or result in an outage to a system, network or key application that Figure 7. The Virtual SOC portal provides a single point of access to all aspects of Managed Security Services delivery Support and Reporting 1 Overview 2 Deployment 3 Service Delivery 5 Next Steps
25 impacts IT service delivery. Major incidents are handled with an expedited process designed to restore normal operations as quickly as possible. SOC incident management specialists work with the customer through resolution of the problem, and at any time customers can escalate problem handling to the SOC team lead or shift manager. Trouble tickets can be opened for lower priority incidents either by automated systems and monitoring functions, by SOC personnel or by customer security contacts. These problems are routed to the appropriate SOC operations support teams for resolution. X-Force security intelligence Included with all IBM Managed Security Services, and integrated into the Virtual SOC portal, is the IBM X-Force Threat Analysis Service. This industry-leading security intelligence service helps you proactively manage daily security threats by providing an evaluation of global online threat conditions and detailed analysis tailored for your needs. Figure 8 shows a typical client view of the X-Force Threat Analysis home page on the Virtual SOC portal, which provides at-a-glance access to: Current Security Assessment: a summary of the important events and product releases that could impact your network security Vulnerabilities: a customized matrix that shows the number of vulnerabilities, by category, over the last 90 days and since your last portal login as well as trends across all available vulnerability data 23 1 Overview 2 Deployment 3 Service Delivery 5 Next Steps 4 Support and Reporting
26 AlertCon 5-Day Forecast: an assessment of the current and anticipated threat level of online attacks, ranging from AlertCon 1 (regular vigilance required) to AlertCon 4 (catastrophic threat imminent or ongoing) Alerts/Advisories: a timely compilation of breaking information on new threats from both IBM and from US-CERT Worms & Viruses: the top three worms and viruses active on the Internet Security News: an aggregated view of the top security news stories compiled by XFTAS, with links to a news archive. Figure 8. The X-Force Threat Analysis Service home page provides an at-a-glance view of vulnerability trends, Internet security status and your customized security assessment Support and Reporting 1 Overview 2 Deployment 3 Service Delivery 5 Next Steps
27 notification of threat assessments and alerts As an XFTAS customer, you can subscribe to daily newsletters that provide insightful information about the day s issues, emerging threat trends and their impact, and a tailored list of vulnerabilities, threats, and news articles that pertain to your business. You can also subscribe to a customizable daily threat assessment that includes IBM protection advisories and daily AlertCon status, which indicates the current threat state of the Internet. Standard and customized reports IBM provides a robust reporting and query engine that you can use to help facilitate day-to-day security operations, including research, vulnerability assessment, threat mitigation, and workload prioritization. There are also reports that can help you manage your IBM services and address audit compliancy requirements. IBM provides normalized data from your IBM services and devices managed and monitored by IBM. Reports are available 24x7x365 through the Virtual SOC portal Report Dashboard (see Figure 9). IBM provides several industrystandard report templates that you can customize by device, device group or time frame to match your requirements. In addition, you can save your report criteria and schedule reports to automatically run hourly, daily, weekly, monthly or yearly. You can view report data directly in the portal or export reports and them to your security community in HTML, CSV, PDF or other commonly supported formats Overview 2 Deployment 3 Service Delivery 5 Next Steps 4 Support and Reporting
28 To help you work more efficiently, the report templates are organized into the following groups: General Service Related: Overview of events and incidents and overall service performance IDS/IPS Sensors: Detailed event metrics and overall attack trends detected by sensors Vulnerability Management: Enterprise and PCI vulnerability data for clients using the Hosted Vulnerability Management Service Figure 9. The Report Dashboard section of the Virtual SOC portal gives you ready access to all standard and customized reports on your security environment and security services Support and Reporting 1 Overview 2 Deployment 3 Service Delivery 5 Next Steps
29 Firewall: Detailed data related to network traffic, protocol usage, connections, target IPs, rule utilization, and suspicious host correlation Log Management: System activity data for clients using the Hosted Security Event and Log Management Service Alerts: Summaries of potential security issues and corresponding counts Content Management: URL filtering (what was blocked by category, by client and source IP) and anti-virus reports Compliance Reports: Documentation of performance in meeting regulatory, industry and legal standards. As a best practice, IBM recommends that clients regularly run and review event count reports, in particular event counts by IP source address, by event name and by sensor. Together these reports can help you quickly determine whether attacks are coming from within or outside of your organization, what systems may be compromised, which types of attacks are most prevalent, and which devices may need additional policy tuning Overview 2 Deployment 3 Service Delivery 5 Next Steps 4 Support and Reporting
30 5. Next steps IBM specialists can work with you to create a business case that demonstrates how IBM Managed Security Services can help you improve your security posture and mitigate risks to business operations while reducing the cost and complexity of security management. Contact us If you would like to speak with an IBM Security Services representative to discuss your security management requirements and objectives, contact us directly by calling Mention code 609CG98W (U.S. and Canada only). Or you can us to request a response from an IBM specialist. Learn more Read about the issues facing IT security executives today and how IBM can help you address your most significant challenges. Download the IBM Security Services Cyber Security Intelligence Index to learn more about the threats facing your organization today. Read the Forrester report Surviving the Technical Security Skills Crisis for an analyst view on the role of managed security services in helping to close the skills gap. Share the Chief Information Security Officer (CISO) report A new standard for security leaders from the IBM Center for Applied Insights Overview 2 Deployment 3 Service Delivery 4 Support and Reporting 5 Next Steps 1 2
31 Financing from IBM IBM Global Financing can help you acquire the IT solutions that your business needs in the most cost-effective and strategic way possible. We ll partner with credit-qualified clients to customize an IT financing solution to suit your business goals, enable effective cash management, and improve your total cost of ownership. IBM Global Financing is your smartest choice to fund critical IT investments and propel your business forward. For more information, visit: ibm.com/financing For more information For more information about IBM Security Services, visit our web page: ibm.com/services/security Follow us 29 1 Overview 2 Deployment 3 Service Delivery 4 Support and Reporting 5 Next Steps 1 2
32 Copyright IBM Corporation 2014 IBM Global Services Route 100 Somers, NY U.S.A. Produced in the United States of America January 2014 IBM, the IBM logo, ibm.com, AlertCon, Proventia, Q1 Labs, QRadar and X-Force are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. IBM Global Financing offerings are provided through IBM Credit LLC in the United States and other IBM subsidiaries and divisions worldwide to qualified commercial and government clients. Rates and availability are based on a client s credit rating, financing terms, offering type, equipment and product type and options, and may vary by country. Non-hardware items must be one-time, non-recurring charges and are financed by means of loans. Other restrictions may apply. Rates and offerings are subject to change, extension or withdrawal without notice and may not be available in all countries. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. Please Recycle SEO03083-USEN-01
IBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationIBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!
IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM can provide unmatched global coverage and security awareness! 4,300 Strategic outsourcing security delivery resources 1,200
More informationIBM Security X-Force Threat Intelligence
IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationIBM Security Intrusion Prevention Solutions
IBM Security Intrusion Prevention Solutions Sarah Cucuz sarah.cucuz@spyders.ca IBM Software Solution Brief IBM Security intrusion prevention solutions In-depth protection for networks, servers, endpoints
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationIBM Internet Security Systems products and services
Delivering preemptive security products and services IBM Internet Security Systems products and services Highlights Helps protect critical assets and reduce costs by preempting online threats Helps secure
More informationIBM Global Technology Services Preemptive security products and services
IBM Global Technology Services Preemptive security products and services Providing protection ahead of the threat Today, security threats to your organization leave little margin for error. To consistently
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationReducing the cost and complexity of endpoint management
IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationSelecting a Managed Security Services Provider: The 10 most important criteria to consider
IBM Global Technology Services Thought Leadership White Paper May 2011 Selecting a Managed Security Services Provider: The 10 most important criteria to consider 2 Selecting a Managed Security Services
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationThe Evolution of Managed Security Services ISS Virtual-SOC Solution, Security the Way You Need It
The Evolution of Managed Security ISS Virtual-SOC Solution, Security the Way You Need It Copyright 2006 Internet Security Systems, Inc. All rights reserved worldwide The Evolution of Managed Security :
More informationRisk-based solutions for managing application security
IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated
More informationThe webinar will begin shortly
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationSimplify security management in the cloud
Simplify security management in the cloud IBM Endpoint Manager and IBM SmartCloud offerings provide complete cloud protection Highlights Ensure security of new cloud services by employing scalable, optimized
More informationManaged Security Services Portfolio
Managed Security Services Portfolio Managed Security Services Professional Services Security Hardware and Software What is on the truck IBM ISS Agenda An introduction and statement of capability Virtual
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationLeveraging security from the cloud
IBM Global Technology Services Thought Leadership White Paper IBM Security Services Leveraging security from the cloud The who, what, when, why and how of cloud-based security services 2 Leveraging security
More informationIBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationIBM ISS Optimizacija Sigurnosti
IBM ISS Optimizacija Sigurnosti Slaven Novak IBM ISS Technical Sales Specialist slaven.novak@hr.ibm.com 1 The Business Challenge: New Methods and Motives: Adding to the complexity and sheer number of risks
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationIBM Security Privileged Identity Manager helps prevent insider threats
IBM Security Privileged Identity Manager helps prevent insider threats Securely provision, manage, automate and track privileged access to critical enterprise resources Highlights Centrally manage privileged
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationSecurity Event and Log Management Service:
IBM Global Technology Services December 2007 Security Event and Log Management Service: Comprehensive, Cost-effective Approach to Enhance Network Security and Security Data Management Page 2 Contents 2
More informationDer Weg, wie die Verantwortung getragen werden kann!
Managed Security Services Der Weg, wie die Verantwortung getragen werden kann! Christoph Altherr System Engineer Security 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Agenda Enterprise
More informationSecurity strategies to stay off the Børsen front page
Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationAdvantages of Managed Security Services
Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network
More informationTechnology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications
Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security
More informationLeverage security intelligence for retail organizations
Leverage security intelligence for retail organizations Embrace mobile consumers, protect payment and personal data, deliver a secure shopping experience Highlights Reach the connected consumer without
More informationIBM QRadar Security Intelligence Platform appliances
IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationSYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationIBM Endpoint Manager for Mobile Devices
IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationIBM Security QRadar QFlow Collector appliances for security intelligence
IBM Software January 2013 IBM Security QRadar QFlow Collector appliances for security intelligence Advanced solutions for the analysis of network flow data 2 IBM Security QRadar QFlow Collector appliances
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationSelecting the right cybercrime-prevention solution
IBM Software Thought Leadership White Paper Selecting the right cybercrime-prevention solution Key considerations and best practices for achieving effective, sustainable cybercrime prevention Contents
More informationApplying IBM Security solutions to the NIST Cybersecurity Framework
IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements
More informationV1.4. Spambrella Email Continuity SaaS. August 2
V1.4 August 2 Spambrella Email Continuity SaaS Easy to implement, manage and use, Message Continuity is a scalable, reliable and secure service with no set-up fees. Built on a highly reliable and scalable
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationIBM Security Network Protection
IBM Software Data sheet IBM Security Network Protection Highlights Delivers superior zero-day threat protection and security intelligence powered by IBM X- Force Provides critical insight and visibility
More informationSpyders Managed Security Services
Spyders Managed Security Services To deliver world-class Managed Security Services, Spyders must maintain and invest in a strong Security Operations Centre (SOC) capability. Spyders SOC capability is built
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationSecurity Event and Log Management Service:
IBM Internet Security Systems White Paper Security Event and Log Management Service: Comprehensive, Cost-effective Approach to Enhance Network Security and Security Data Management Security Event and Log
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationManaged Security Service Providers vs. SIEM Product Solutions
White Paper The Business Case for Managed Security Services Managed Security Service Providers vs. SIEM Product Solutions www.solutionary.com (866) 333-2133 The Business Case for Managed Security Services
More informationIBM Internet Security Systems
IBM Global Services IBM Internet Security Systems Norberto Gazzoni Italy Channel Manager norberto_gazzoni@it.ibm.com +39 347 3499617 IBM Internet Security Systems Ahead of the threat. 2006 IBM Corporation
More informationAlcatel-Lucent Services
SOLUTION DESCRIPTION Alcatel-Lucent Services Security Introduction Security is a sophisticated business and technical challenge, and it plays an important role in the success of any network, service or
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationIBM Security. Managed Security Services. SOC Poland / GSOC. Damian Staroscic Security Operations Center (SOC) Manager.
IBM Security Managed Security Services SOC Poland / GSOC Damian Staroscic Security Operations Center (SOC) Manager IBM Security Damian.Staroscic@pl.ibm.com +48-727-036-464 November 27, 2015 Why setting
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationIBM Endpoint Manager for Core Protection
IBM Endpoint Manager for Core Protection Device control and endpoint protection designed to guard against malware and loss of sensitive data Highlights Delivers real-time endpoint protection against viruses,
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationSecuring the mobile enterprise with IBM Security solutions
Securing the mobile enterprise with IBM Security solutions Gain visibility and control with proven security for mobile initiatives in the enterprise Highlights Address the full spectrum of mobile risks
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationSafeguarding the cloud with IBM Security solutions
Safeguarding the cloud with IBM Security solutions Maintain visibility and control with proven solutions for public, private and hybrid clouds Highlights Address cloud concerns with enterprise-class solutions
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationCisco Network Optimization Service
Service Data Sheet Cisco Network Optimization Service Optimize your network for borderless business evolution and innovation using Cisco expertise and leading practices. New Expanded Smart Analytics Offerings
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationIBM Managed Security Services for Network Intrusion Detection and Intrusion Prevention
Service Description IBM Ireland Limited Registered in Dublin: No. 16226 Registered Office: Oldbrook House 24-32 Pembroke Road Ballsbridge, Dublin 4. 1. Scope of Services IBM Managed Security Services for
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationManaged Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?
Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security
More informationSymantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationIBM Software Choosing the right virtualization security solution
IBM Software Choosing the right virtualization security solution Meet the unique security challenges of virtualized environments 2 Choosing the right virtualization security solution Having the right tool
More information