Leverage security intelligence for retail organizations

Transcription

1 Leverage security intelligence for retail organizations Embrace mobile consumers, protect payment and personal data, deliver a secure shopping experience Highlights Reach the connected consumer without risking your business Incorporate network flow analysis to gain essential insight beyond traditional security information and event management (SIEM) Consolidate data silos to improve visibility and speed forensic investigations Better detect fraud and minimize sensitive data loss to help protect customer loyalty and business reputation Reduce operational costs and resource overhead by automating risk-management functions such as network and security configuration, vulnerability assessment, and policy and compliance management Users are adopting ios and Android devices faster than any past consumer technology. Smart device adoption, in fact, is occurring 10 times faster than that of the PC revolution in the 1980s, twice as fast as that of the Internet boom in the 1990s, and three times faster than that of recent social network adoption. 1 Empowered with these smart devices, a new breed of informed and always-connected shopper has emerged, one that demands real choice when it comes to selecting and purchasing goods. These consumers use all channels from brick-and-mortar stores to catalogs, web and mobile simultaneously, forcing retailers to adopt multi-channel marketing capabilities to provide a seamless and satisfying consumer experience. However, serving the needs of the connected consumer can open retailer networks to new threats. With retailers so focused on customer service, many push critical cyber protection to the back burner, making them appealing targets with high returns on a hacker s investment. To protect credit card data and information about customer shopping behaviors valuable data that can be leveraged to provide a better user experience traditional, perimeter-based network defenses are no longer enough. IBM QRadar Security Intelligence Platform can serve as a foundational element of retail organizations network defense capabilities, helping to cost-effectively guard against an expanding population of sophisticated attackers. In addition, Trusteer 2 Apex can further extend this protection to help prevent advanced malware from gaining control over user endpoints, stealing data and propagating advanced attacks.

2 Facing more frequent internal and external attacks Merchants today face organized threats that did not exist 10 years ago. Wireless networks, tablet technology and social media are revolutionizing the in-store shopping experience, forcing retailers to create mobile versions of their websites and adopt or develop new applications to support outreach efforts such as customer loyalty programs. And because consumers are spending hours every day on social media sites such as Twitter, Facebook and YouTube as well as using tools such as Instagram, Pinterest and Vine savvy businesses are stepping up and using these marketing channels to reach them. But the rapid adoption of new technology can significantly increase vulnerabilities to emerging threats. Vulnerability management is essential for today s merchants, as infrastructures expand and their footprints increase to support new business initiatives. The Payment Card Industry (PCI) Data Security Standard (DSS) mandates that merchants who store, process or transmit credit card information perform quarterly vulnerability scans to assess the risk within cardholder environments to help ensure the effectiveness of their security defenses. Vulnerability scans are the front line of defense against the exploitation of software and configuration defects by highly skilled attackers familiar with well-known exposures. These scans enable focused remediation to help prevent data breaches of sensitive customer information or damage to the business and brand. They can detect both known and unknown application vulnerabilities on corporate endpoints, and can support compliance with PCI DSS regulations by blocking malicious software downloads that steal user access credentials. Adhering to PCI DSS regulations is one way organizations can firm up their security posture, but when considering the end goal of security intelligence, retailers must also continuously monitor their cardholder environments to help ensure the effectiveness of their defenses. They can do this through actions that include network flow analysis, data loss prevention, fraud detection, vulnerability analysis, network monitoring and device configuration. Using the right integrated tools can help security teams move beyond traditional log management to proactively identify and remediate or even mitigate attacks and vulnerabilities based on their threat level. Exceeding PCI compliance mandates While the evolution of PCI DSS has resulted in more stringent requirements for network monitoring, device configuration and vulnerability analysis, these standards alone are not enough to protect against tomorrow s vulnerabilities and evolving threats. The variability of payment card and point-of-sale (POS) devices, as well as overall changes to the retail infrastructure present an unending challenge to security teams. To help prioritize and detect areas of risk, retail organizations need a consolidated view of event information and an active view of the network topology and device configuration so they can better assess the implications of adapting their infrastructure to new business initiatives that require fundamental changes to the IT environment. QRadar Security Intelligence Platform takes security professionals beyond the functionality of standard SIEM or log management solutions to provide advanced threat detection, intelligent vulnerability analysis, device configuration alignment, network traffic telemetry reviews and more. For example, it enables IT staff to monitor application traffic via network behavioral anomaly detection (NBAD) technology to help prevent the unauthorized movement of sensitive, 2

3 commerce-related information outside the organization. To effectively meet and even exceed compliance mandates, retail organizations must be able to leverage all available data in every possible context to accurately detect well-hidden threats. Trusteer Apex goes further to help prevent against the exploitation of unpatched and zero-day vulnerabilities. Unlike other solutions, it does not use traditional malware detection methods such as signatures and behavioral profiling, which can be bypassed using advanced evasion techniques. While basic antivirus platforms may meet minimum PCI DSS requirements, these solutions are largely ineffective against today s highly advanced, highly evasive, information-stealing malware threats. Trusteer Apex blocks application vulnerability exploitation the primary way in which cyber criminals install malware on endpoint devices even while organizations test the impact of vulnerability patches across their software suites. Delivering critical context and insight with network flow analysis Many retail organizations are coming to the realization that network flow collection and analysis can greatly improve their overall security posture. In fact, without network flow analytics, classic log management and SIEM solutions cannot achieve the insight required to protect cardholder data. While the Layer 4 NetFlow format can provide basic static and presummarized data, it does not provide deep visibility into application activity. A more advanced Layer 7 flow-analysis solution, called IBM Security QRadar QFlow Collector, is needed to perform deep analysis of network packet content. For example, it can discover the unauthorized movement of sensitive intellectual property or cardholder data outside the organization. Visibility into network flow can help retailers meet PCI requirements in a variety of ways. For starters, network flow provides 24x7 monitoring of everything that happens within the payment card data environment. This provides security teams with complete records of current and historical traffic for both physical and virtual environments. QRadar Security Intelligence Platform surveys the entire network using native flow sources in an organization s routing/switching infrastructure or from distributed collectors to gather a detailed history of all network flow activity. Network flows can be further analyzed to build baseline behavioral models based on observed network activity, and then generate alerts and offenses when anomalous behavior is detected. Consolidating data silos to speed and enhance forensic investigations ers have an overwhelming number of systems especially POS devices that produce various types of data to aggregate, normalize, analyze and correlate. There are encryption products to secure credit card data transmission; firewalls to protect critical systems and devices; and vulnerability management tools to provide much-needed visibility into existing risks, such as improper device configurations. But most older-generation SIEM solutions require manual customization during implementation to ensure that they correctly process this data. QRadar automates the discovery of event sources and assets for many products and with less to manually configure, organizations can see more immediate results. QRadar collects events and logs from a heterogeneous set of sources including network infrastructure, security devices, servers, operating systems and applications. It then normalizes all events to enable out-of-the-box correlation with other events, network flows and threat intelligence feeds. In addition to event data, QRadar also gathers vulnerability insights within profiles built for each business asset by passively monitoring network traffic between all IP addresses. 3

4 Detecting fraud and minimizing data loss to help protect business continuity Very often, retail organizations have extremely proprietary intellectual property (recipes, designs, schematics, etc.) that must be protected from both insider and external threats. To better detect insider threats, QRadar Security Intelligence Platform can pull data from across an organization, including remote locations, providing a more complete view of its security health. Its integration with identity and access management solutions helps deliver a comprehensive picture of who is accessing what networked assets as well as the user s typical behavior. QRadar then connects this data with an asset s vulnerability state providing information typically not available through the identity and access management solution alone. QRadar across the retail organization CISO QRadar helps chief information security officers (CISOs) roll out emerging technologies, such as mobility solutions, with assurance and confidence that their infrastructure is protected by security intelligence. IT security team Using SIEM data enhanced with network flow data, security teams can move beyond PCI compliance to vulnerability management best practices that proactively monitor for attacks against credit card environments and sensitive customer data, and that scan for network, payment application and POS vulnerabilities. Operations As new network devices such as mobile POS or wireless access points are deployed, operations can trust that QRadar is collecting, analyzing and correlating this device data, as well as protecting the infrastructure from rogue devices attaching to the wireless network Compliance auditor QRadar helps minimize resource overhead as it meets current PCI DSS requirements with a comprehensive set of security capabilities and out-of-the-box reporting. For example, one popular retail design firm used QRadar to catch an employee transferring intellectual property outside the company for the purpose of starting a competitive business. QRadar helps detect these unauthorized accesses to systems and data and helps prevent sensitive information from being stolen or otherwise compromised. Predicting risk against your business QRadar Security Intelligence Platform automates riskmanagement functions such as network and security configuration, vulnerability assessment, and policy and compliance management. It helps users better understand network topology by monitoring and displaying all network events and devices. This level of knowledge enables retail organizations to better understand which systems are most vulnerable to attack, and by using modeling and simulation, retailers can quickly understand the impact of any proposed changes before they are implemented. For example, IBM Security QRadar Risk Manager provides advanced monitoring of firewalls and routers to help ensure that configurations meet a specific baseline; it then automatically detects when the configuration is outside this baseline. A popular retailer used QRadar to catch a suspect employee transferring intellectual property outside the company via an account for the purpose of starting a competitive business. 4

5 Designed specifically for compliance-driven retailers, IBM Security QRadar Vulnerability Manager includes an embedded, PCI-approved scanning engine that can be set up to run both dynamic and periodic scans, providing near real-time visibility of weaknesses that might otherwise remain hidden. The software can incorporate vulnerability data from a wide variety of IBM or third-party sources, including web application scanners, database vulnerability assessments, endpoint management systems and even external threat intelligence feeds. Input may come from both on-premises and hosted sources, enabling QRadar users to see exactly what the adversary views from the outside, as well as the view from within. ers can further strengthen risk management activities by leveraging the platform s integration with other IBM security products including: IBM Security SiteProtector System Provides virtual patching capabilities, using network intrusion prevention system signatures to block associated connections and helping to protect against the exploit of identified vulnerabilities IBM X-Force threat intelligence feed Supplies up-to-date information on recommended fixes and security advice for active vulnerabilities, viruses, worms and threats IBM Endpoint Manager Streamlines remediation tasks by automatically managing patches to hundreds of thousands of endpoints, including the latest mobile devices; provides integrated reporting for real-time monitoring of patch progress IBM Security AppScan Supports web application vulnerability assessments, enabling QRadar Vulnerability Manager to provide visibility and prioritization of web application vulnerabilities within its integrated dashboard IBM InfoSphere Guardium Database Vulnerability Assessment Supports scanning of the database infrastructure, enabling QRadar Vulnerability Manager to provide visibility and prioritization of database vulnerabilities within its integrated dashboard Why IBM? IBM operates a worldwide security research, development and delivery organization comprising 10 security operations centers, 10 IBM Research centers, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM solutions empower organizations to reduce their security vulnerabilities and focus more on the success of their strategic initiatives. These products build on the threat intelligence expertise of the X-Force research and development team to provide a preemptive approach to security. As a trusted partner in security, IBM delivers the solutions to keep the entire enterprise infrastructure, including the cloud, protected from the latest security risks. 5

6 For more information To learn more about IBM QRadar Security Intelligence Platform, please contact your IBM representative or IBM Business Partner, or visit: ibm.com/security Additionally, IBM Global Financing can help you acquire the software capabilities that your business needs in the most cost-effective and strategic way possible. We ll partner with credit-qualified clients to customize a financing solution to suit your business and development goals, enable effective cash management, and improve your total cost of ownership. Fund your critical IT investment and propel your business forward with IBM Global Financing. For more information, visit: ibm.com/financing Copyright IBM Corporation 2013 IBM Corporation Software Group Route 100 Somers, NY Produced in the United States of America October 2013 IBM, the IBM logo, ibm.com, QRadar, and X-Force are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at Copyright and trademark information at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. 1 Peter Farango, ios and Android Adoption Explodes Internationally, Flurry, August 27, ios-and-android-adoption-explodes-internationally 2 An IBM company. Please Recycle WGS03014-USEN-00