AMPLIFYING SECURITY INTELLIGENCE

Size: px
Start display at page:

Download "AMPLIFYING SECURITY INTELLIGENCE"

Transcription

1 AMPLIFYING SECURITY INTELLIGENCE WITH BIG DATA AND ADVANCED ANALYTICS Chris Meenan Senior Product Manager, Security Intelligence 1 IBM Security Systems

2 Welcome to a Not So Friendly Cyber World Biggest Bank Heist in History Nets $45Million All without setting foot in a Bank CYBER ESPIONAGE VIA SOCIAL NETWORKING SITES TARGET: US DOD OFFICIALS Hidden Malware Steals 3000 Confidential Documents Japanese Ministry 2 IBM Security Systems

3 Welcome to a Not So Friendly Cyber World 2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses 3 IBM Security Systems

4 Playing Defense Traditional Approach to Security Predicated on a Defensive Mindset Assumes explicit organizational perimeter Optimized for combating external threats Presumes standardization mitigates risk Dependent on general awareness of attack methodologies Requires monitoring and control of traffic flows Origins of Security Intelligence Layered Defenses Essential for Good Security Hygiene and Addressing Traditional Security Threats but attackers adapting too 4 IBM Security Systems

5 Business Change is Coming If Not Already Here Enterprises are Undergoing Dynamic Transformations The Organization s Cyber Perimeter is Being Blurred It can no longer be assumed 5 IBM Security Systems

6 Evolving Attack Tactics Focus on Breaching Defenses 6 IBM Security Systems

7 A Look at the Emerging Threat Landscape APTs Targeted, Persistent, Clandestine Concealed, Motivated, Opportunistic Fraud Insider Threat Situational, Subversive, Unsanctioned Hacktivism Cyber Attack 7 IBM Security Systems Topical, Disruptive, Public Focused, Well-Funded, Scalable

8 Incorporating a More Proactive Mindset to Enterprise Security Audit, Patch & Block Think like a defender, defense-in-depth mindset Protect all assets Emphasize the perimeter Patch systems Use signature-based detection Scan endpoints for malware Read the latest news Collect logs Conduct manual interviews Shut down systems Detect, Analyze & Remediate Think like an attacker, counter intelligence mindset Protect high value assets Emphasize the data Harden targets and weakest links Use anomaly-based detection Baseline system behavior Consume threat feeds Collect everything Automate correlation and analytics Gather and preserve evidence Broad Targeted 8 IBM Security Systems

9 Diversity & Sophistication of Attacks Placing Greater Demands Amplify Security Intelligence with New Insights from Big Data Traditional Security Operations and Technology Logs Events Alerts Configuration information System audit trails Identity context Network flows and anomalies 1. Analyze a variety of non-traditional and unstructured datasets 2. Significantly increase the volume of data stored for forensics and historic analysis 3. Visualize and query data in new ways External threat intelligence feeds Web page text Full packet and DNS captures Business process data 4. Integrate with my current operations Big Data Analytics and social activity Customer transactions 9 IBM Security Systems

10 Greater Need for Security Intelligence Visibility across organizational security systems to improve response times and incorporate adaptability/flexibility required for early detection of threats or risky behaviors 10 IBM Security Systems

11 Big Data Brings New Considerations & Empowers Powerful Analysis Transforming Data to Insights Requires Some Infrastructure Considerations Storage and Processing Collection and integration Size and speed Enrichment and correlation Analytics and Workflow Visualization Unstructured analysis Learning and prediction Customization Sharing and export 11 IBM Security Systems

12 Confidential for division executives only IBM Security Strategy Use Cases 12 IBM Confidential 2011 IBM Corporation

13 Security Intelligence From Real-time Processing of Big Data Behavior monitoring and flow analytics Network Traffic Doesn t Lie Attackers can stop logging and erase their tracks, but can t cut off the network (flow data) Activity and data access monitoring Improved Breach Detection 360-degree visibility helps distinguish true breaches from benign activity, in real-time Stealthy malware detection Irrefutable Botnet Communication Layer 7 flow data shows botnet command and control instructions 13 IBM Security Systems

14 Insider Threat: Cat and mouse Detecting insider fraud Customer Requirement: Customer wants to detect when an employee may be stealing customer contact info in preparation for leaving the company Solution: Baseline employee access to CRM Detect deviations from norm: 1,000 transactions (access to customer records) vs normal 50 per day BUT what if the user is tech savvy or has a geek nephew, and makes a single SQL query to the back end database? Profile network traffic between workstations and back-end database or policy shouldn t allow direct access to database from workstations 14 IBM Security Systems

15 User and Application Activity Monitoring Cont d Detecting insider fraud User & Application Activity Monitoring alerts to a user anomaly for Oracle database access. identifies the user, normal access behavior and the anomaly behavior with all source and destination information for quickly resolving the persistent threat. 15 IBM Security Systems

16 Social Media Intelligence When is social media being exploited or misused? Problem: Social media is an increasing threat to an organization's policies and network; company employees are the ones who are most likely to fall victim to social engineering based threats, and serve as entry points for Advanced Persistent Threats. Solution: Social media Monitoring& Correlation in real-time: QRadar alerts you, in real-time, to any sensitive data being transmitted to a social media site and as the offense shown in this example indicates, of social media being the avenue for a data breach. real-time monitoring and correlation of hundreds of social media sites, such as Twitter, Facebook, Gmail, LinkedIn, etc., offers automated application aware insight and identifies social media-based threats by user and application. 16 IBM Security Systems

17 Social Media Intelligence Cont d When is social media being exploited or misused? you can: Identify the user responsible for the data leak. you can: Identify all the source, destination and the actual corporate credit card number leaked. 17 IBM Security Systems

18 Stealthy Malware How to find malicious activity hiding behind web traffic? Botnet Detected? This is/ as far as traditional SIEM can go. IRC on port 80? QFlow enables detection of a covert channel. Irrefutable Layer 7 data contains botnet command and control instructions. 18 IBM Security Systems

19 Security Intelligence with Investigative Analysis of Big Data: Hunting for External Command & Control (C&C) Domains of an Attacker Historical analysis of DNS activity within organization Advanced analytics identify suspicious domains Why only a few hits across the entire organization to these domains? Correlating to public DNS registry information increases suspicions Automate correlation against external DNS registries 19 IBM Security Systems

20 Enrich Real-Time Analysis with Insights from Investigative Analysis Monitor & Thwart Connections to Potential C&C Domains of an Attacker View real-time data and look for active connections Correlate against network activity and visualize 20 IBM Security Systems

21 Security Intelligence with Investigative Analysis of Big Data: Pursue Active Spear-Phishing Campaigns Targeting the Organization Employ Big Data Analytics on to identify patterns to identify targets and redirects Load Spear-Phishing targets and redirect URLs into realtime security intelligence analysis to thwart the attack Build visualizations, such as heat maps, to view top targets of a spear-phishing attacks 21 IBM Security Systems

22 22 IBM Security Systems

23 Confidential for division executives only IBM Security Strategy IBM Security Intelligence Solution with Big Data 23 IBM Confidential 2011 IBM Corporation

24 QRadar uses Big Data capabilities to identify critical security events High Volume Security Events and Network Activity High Priority Security Offenses IBM QRadar Big Data Capabilities New SIEM appliances with massive scale Payload indexing for rapid ad hoc query leveraging a purpose-built data store Google-like Instant Search of large data sets (both logs and flows) Intelligent data policy management Advanced Threat Visualization and Impact Analysis 24 IBM Security Systems Customer Results Quickly find critical insights among 1000s of devices and years of data Search 7M+ events in <0.2 sec Instant, free-text searching for easier and faster forensics Granular management of log and flow data Attack path visualization and device / interface mapping

25 Extending the Big Data Support of QRadar Security Intelligence Platform Big Data Platform IBM Security QRadar Data collection and enrichment Event correlation Real-time analytics Offense prioritization Advanced Threat Detection Data ingest Insights IBM InfoSphere BigInsights Hadoop-based Enterprise-grade Any data / volume Data mining Ad hoc analytics Custom Analytics Traditional data sources Non-traditional 25 IBM Security Systems

26 Integrated analytics and exploration in a new architecture 26 IBM Security Systems

27 Enterprise Value IBM Security Systems InfoSphere BigInsights - flexible, enterprise-class solution for processing large volumes of data BigInsights Basic Edition Free download with web support Limit to <= 10 TB of data (Optional: 24x7 paid support Core Fixed Term License) Hadoop Easy installation and programming BigInsights Enterprise Edition Tiered terabyte-based pricing Enterprise-grade features Analytics tooling / visualization Recoverability security Administration tooling Development tooling Flexible storage High availability 27 IBM Security Systems Professional Services Offerings QuickStart, Bootcamp, Education, Custom Development

28 For IBM, Security and Business Intelligence offer insightful parallels 28 IBM Security Systems

29 Next Steps Download the Big Data whitepaper bit.ly/12p58qv Watch our Big Data with Security Intelligence Video: youtu.be Go to our dedicated website: ibm.co/12aomg0 Follow us on 29 IBM Security Systems

30 Statement IBM Security of Good Systems Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. ibm.com/security Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 30 IBM Security Systems

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi Giovanni Abbadessa, IBM IT Security Architect Umberto Sansovini, IBM Security Consultant Document number Big

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

Extending security intelligence with big data solutions

Extending security intelligence with big data solutions IBM Software Thought Leadership White Paper January 2013 Extending security intelligence with big data solutions Leverage big data technologies to uncover actionable insights into modern, advanced data

More information

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance Effectively Using Security Intelligence to Detect Threats and Exceed Compliance Chris Poulin Security Strategist, IBM Reboot Conference 2012 1 Security Threats Affect the Business Business Brand image

More information

BigData Analytics per la sicurezza delle Infrastrutture Critiche

BigData Analytics per la sicurezza delle Infrastrutture Critiche BigData Analytics per la sicurezza delle Infrastrutture Critiche Vincenzo Conti IBM Security Sales Consultant Energy and utility organizations are at the forefront of attacks Utilities are among the most

More information

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dai cyber-attacchi

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dai cyber-attacchi Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dai cyber-attacchi Giovanni Abbadessa, IBM T Security Architect Umberto Sansovini, IBM Security Consultant 1 Please note IBM

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

Security Intelligence

Security Intelligence IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers

More information

How to Choose the Right Security Information and Event Management (SIEM) Solution

How to Choose the Right Security Information and Event Management (SIEM) Solution How to Choose the Right Security Information and Event Management (SIEM) Solution John Burnham Director, Strategic Communications and Analyst Relations IBM Security Chris Meenan Director, Security Intelligence

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

Under the Hood of the IBM Threat Protection System

Under the Hood of the IBM Threat Protection System Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Securing the Cloud infrastructure with IBM Dynamic Cloud Security Securing the Cloud infrastructure with IBM Dynamic Cloud Security Ngo Duy Hiep Security Brand Manager Cell phone: +84 912216753 Email: hiepnd@vn.ibm.com 12015 IBM Corporation Cloud is rapidly transforming

More information

IBM Security QRadar SIEM Product Overview

IBM Security QRadar SIEM Product Overview IBM Security QRadar SIEM Product Overview Alex Kioni IBM Security Systems Technical Consultant 1 2012 IBM Corporation The importance of integrated, all source analysis cannot be overstated. Without it,

More information

and Security in the Era of Cloud

and Security in the Era of Cloud Re-imagine i Enterprise Mobility and Security in the Era of Cloud Brendan Hannigan General Manager, IBM Security Systems Leverage Cloud as a growth engine for business Exploit Mobile to build customer

More information

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Mobile, Cloud, Advanced Threats: A Unified Approach to Security Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or

More information

IBM QRadar Security Intelligence Platform appliances

IBM QRadar Security Intelligence Platform appliances IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event

More information

Breaking down silos of protection: An integrated approach to managing application security

Breaking down silos of protection: An integrated approach to managing application security IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

Security Intelligence Solutions

Security Intelligence Solutions Security Intelligence Solutions Know what is going on inside your enterprise with QRadar Joseph Skocich, WW Sales Integration Executive Q1 Labs, an IBM Company June 2012 jskocich@us.ibm.com What is Security

More information

IBM Security X-Force Threat Intelligence

IBM Security X-Force Threat Intelligence IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security

More information

Safeguarding the cloud with IBM Dynamic Cloud Security

Safeguarding the cloud with IBM Dynamic Cloud Security Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from

More information

The Current State of Cyber Security

The Current State of Cyber Security The Current State of Cyber Security Bob Kalka, Vice President, IBM Security PARADIGM SHIFT in crime ORGANIZED COLLABORATIVE AUTOMATED 2 Cyber criminals use BUSINESS INTELLIGENCE 3 NOBODY IS IMMUNE 2012

More information

How To Create An Insight Analysis For Cyber Security

How To Create An Insight Analysis For Cyber Security IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

IBM Security QRadar QFlow Collector appliances for security intelligence

IBM Security QRadar QFlow Collector appliances for security intelligence IBM Software January 2013 IBM Security QRadar QFlow Collector appliances for security intelligence Advanced solutions for the analysis of network flow data 2 IBM Security QRadar QFlow Collector appliances

More information

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management Security Services Architect & Advisor, IBM Italia Intervento al Security Summit Milano 2016 15 aprile Autore

More information

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence IBM Security Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence Peter Kurfürst Vertrieb IBM Security Lösungen Enterprise-Kunden Baden-Württemberg

More information

Leverage security intelligence for retail organizations

Leverage security intelligence for retail organizations Leverage security intelligence for retail organizations Embrace mobile consumers, protect payment and personal data, deliver a secure shopping experience Highlights Reach the connected consumer without

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns

More information

Risk-based solutions for managing application security

Risk-based solutions for managing application security IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to

More information

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk

More information

Addressing Security for Hybrid Cloud

Addressing Security for Hybrid Cloud Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly

More information

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence BROCHURE The Value of QRadar QFlow and QRadar VFlow for Security Intelligence As the security threats facing organizations have grown exponentially, the need for greater visibility into network activity

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

IBM Security Intrusion Prevention Solutions

IBM Security Intrusion Prevention Solutions IBM Security Intrusion Prevention Solutions Sarah Cucuz sarah.cucuz@spyders.ca IBM Software Solution Brief IBM Security intrusion prevention solutions In-depth protection for networks, servers, endpoints

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

QRadar SIEM and FireEye MPS Integration

QRadar SIEM and FireEye MPS Integration QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

Ahead of the threat with Security Intelligence

Ahead of the threat with Security Intelligence Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Unified Security, ATP and more

Unified Security, ATP and more SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

The Changing Nature of Risk and the Role of Big Data

The Changing Nature of Risk and the Role of Big Data The Changing Nature of Risk and the Role of Big Data Jack Danahy Director / North American Security Consulting IBM Incidents Continue to Grow in Spite of Investment 2012 Sampling of Security Incidents

More information

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction

More information

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments

More information

Attack Intelligence: Why It Matters

Attack Intelligence: Why It Matters Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,

More information

IBM X-Force 2012 Cyber Security Threat Landscape

IBM X-Force 2012 Cyber Security Threat Landscape IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

Boosting enterprise security with integrated log management

Boosting enterprise security with integrated log management IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise

More information

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity

More information

QRadar SIEM 7.2 Flows Overview

QRadar SIEM 7.2 Flows Overview QRadar SIEM 7.2 Flows Overview Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Aaron Breen QRadar World-wide Support Leader Adam Frank Principal Solutions Architect Dale

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

Society Protection Best Practices from Industry

Society Protection Best Practices from Industry Society Best Practices from Industry The Nuts and Bolts of the Dynamic Attack Chain 1 October 2015 1 2015 IBM Corporation You are an... IT Security Manager (and a father of three teenagers his wife is

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

A New Perspective on Protecting Critical Networks from Attack:

A New Perspective on Protecting Critical Networks from Attack: Whitepaper A New Perspective on Protecting Critical Networks from Attack: Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network 2014: A Year of Mega Breaches A Ponemon Study published

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In

More information

Win the race against time to stay ahead of cybercriminals

Win the race against time to stay ahead of cybercriminals IBM Software Win the race against time to stay ahead of cybercriminals Get to the root cause of attacks fast with IBM Security QRadar Incident Forensics Highlights Help reduce the time required to determine

More information

Safeguarding the cloud with IBM Security solutions

Safeguarding the cloud with IBM Security solutions Safeguarding the cloud with IBM Security solutions Maintain visibility and control with proven solutions for public, private and hybrid clouds Highlights Address cloud concerns with enterprise-class solutions

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Let s talk about assets in QRadar

Let s talk about assets in QRadar QRadar Open Mic Webcast #7 January 28, 2015 Let s talk about assets in QRadar Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Adam Frank Principal Solutions Architect Brad

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Stop advanced targeted attacks, identify high risk users and control Insider Threats TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these

More information

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

More information

Applying IBM Security solutions to the NIST Cybersecurity Framework

Applying IBM Security solutions to the NIST Cybersecurity Framework IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements

More information

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WHITE PAPER SPLUNK SOFTWARE AS A SIEM SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)

More information

Reducing the cost and complexity of endpoint management

Reducing the cost and complexity of endpoint management IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and

More information

Integrating MSS, SEP and NGFW to catch targeted APTs

Integrating MSS, SEP and NGFW to catch targeted APTs #SymVisionEmea #SymVisionEmea Integrating MSS, SEP and NGFW to catch targeted APTs Tom Davison Information Security Practice Manager, UK&I Antonio Forzieri EMEA Solution Lead, Cyber Security 2 Information

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

Securing the Cloud: Making Cloud an Opportunity to Enhance Security

Securing the Cloud: Making Cloud an Opportunity to Enhance Security Securing the Cloud: Making Cloud an Opportunity to Enhance Security February 2016 Greg Coughlin Director, IBM Security @JGCoughlin 1 The rise of Shadow IT? 2 Security reality we have all been compromised

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

IBM X-Force 2012 Cyber Security Threat Landscape

IBM X-Force 2012 Cyber Security Threat Landscape IBM X-Force 2012 Cyber Security Threat Landscape Johan Celis X-Force R&D Spokesperson Security Channel Sales Leader BeNeLux 1 Mission IBM Security Systems To protect our customers from security threats

More information

IBM QRadar as a Service

IBM QRadar as a Service Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major

More information

QRadar SIEM and Zscaler Nanolog Streaming Service

QRadar SIEM and Zscaler Nanolog Streaming Service QRadar SIEM and Zscaler Nanolog Streaming Service February 2014 1 QRadar SIEM: Security Intelligence Platform QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

More information

Gaining the upper hand in today s cyber security battle

Gaining the upper hand in today s cyber security battle IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper

More information

Advanced Threats: The New World Order

Advanced Threats: The New World Order Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC

More information

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM The Benefits of Integrating File Integrity Monitoring with SIEM Security Information and Event Management (SIEM) is designed to provide continuous IT monitoring, actionable intelligence, incident response,

More information

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Selecting the right cybercrime-prevention solution

Selecting the right cybercrime-prevention solution IBM Software Thought Leadership White Paper Selecting the right cybercrime-prevention solution Key considerations and best practices for achieving effective, sustainable cybercrime prevention Contents

More information

First Line of Defense

First Line of Defense First Line of Defense SecureWatch ANALYTICS FIRST LINE OF DEFENSE OVERVIEW KEY BENEFITS Comprehensive Visibility Gain comprehensive visibility into DDoS attacks and cyber-threats with easily accessible

More information

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly

More information

Symantec Cyber Security Services: DeepSight Intelligence

Symantec Cyber Security Services: DeepSight Intelligence Symantec Cyber Security Services: DeepSight Intelligence Actionable intelligence to get ahead of emerging threats Overview: Security Intelligence Companies face a rapidly evolving threat environment with

More information

Managing security risks and vulnerabilities

Managing security risks and vulnerabilities IBM Software Thought Leadership White Paper January 2014 Managing security risks and vulnerabilities Protect your critical assets with an integrated, cost-effective approach to vulnerability assessments

More information

Bridging the gap between COTS tool alerting and raw data analysis

Bridging the gap between COTS tool alerting and raw data analysis Article Bridging the gap between COTS tool alerting and raw data analysis An article on how the use of metadata in cybersecurity solutions raises the situational awareness of network activity, leading

More information