IBM Security Strategy
|
|
- Claude Short
- 8 years ago
- Views:
Transcription
1
2 IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems
3 IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Click to edit subtitle style Broadest and deepest coverage across all security domains Worldwide research, development, and security experts Award-winning global threat research Intelligence. Integration. Expertise.
4 IBM can provide unmatched global coverage and security awareness 4,300 Strategic outsourcing security delivery resources 1,200 Professional services security consultants 650 Field security specialists 400 Security operations analysts 10 Security Operations Centers Click to edit Security Master text Research Centers styles Security Solution Development Centers Institute for Advanced Security Branches Second level Third level Fourth level Fifth level Security Research Centers 10 Security Operations Centers 14 Security Development Labs IBM X-Force Expertise 150M intrusion attempts monitored daily 46,000 documented vulnerabilities 40M unique phishing / spam attacks Millions of unique malware samples Billions of analyzed web pages Managed Services Excellence 20,000+ devices under management 3,700+ MSS clients worldwide 15B+ events managed per day 133 monitored countries (MSS) Unique research and reports security patents
5 Security Reality We have all been compromised Click to edit Master text styles 1,764,121 Represents the number of security events the average organization of 15K employees will capture weekly 324 of these events represent actual attacks, per week 2.1 of these attacks will result in an incident, per week, a 22% annual increase 2014 IBM Cybersecurity Intelligence Index Click to edit Master text styles 1 out of Click to edit Master text 100 styles Second level of incidents analyzed logged level human error asthird a contributing factor Fourth level Stolen or lost laptop Fifth level or mobile device, Mistaken address/disposition/ of SPI, Double clicking (malware), Poor system hygiene: failure to patch, configure, or update Failure to delete dormant user accounts, use of default passwords IBM Cybersecurity Intelligence Team security compromises are ever detected General Keith Alexander, Head of U.S. Cyber Command, in a speech to the American Enterprise Institute of all incidents analyzed by IBM Response Services could be considered noteworthy (potentially material or significant impact) 2014 IBM Cybersecurity Intelligence Team
6 We are in an era of continuous breaches. Operational sophistication Near daily leaks of sensitive data Relentless use of multiple methods IBM X-Force declared 40% increase 500,000,000+ records year of the security breach in reported data breaches and incidents 2011 were leaked, while the future shows no sign of change Attack types SQL injection Spear phishing DDoS Third-party software Physical access Malware XSS Watering hole Undisclosed Note: Size of circle estimates relative impact of incident in terms of cost to business.
7 Who is attacking your networks? Attacker Outsiders Combination Malicious Insiders Inadvertent Actor
8 Spear phishing and Exploit Kit Example User receives risky from personal social network ATTACKER TARGET User is redirected to a malicious website Drive-by exploit is used to install malware on target PC
9 Java Vulnerabilities
10 Security is a board room discussion, and security leaders are more accountable than ever before
11 IBM Security A new approach to security is needed IBM IBMCorporation Corporation
12 Ten essential steps to creating an intelligent security management program Understand Security Essentials Secure collaboration in social and mobile workplace 4 5 Manage IT hygienically 6 Create a secure and resilient network GOAL: INTELLIGENT CYBER THREAT PROTECTION AND RISK MANAGEMENT Build a risk aware culture and management system Address security complexity of cloud and virtualization Develop secure products, by design 8 Manage third party security compliance 9 Assure data security and privacy 2 Establish intelligent security operations and rapid threat response 10 Manage the digital identity lifecycle
13 The IBM fundamental approach to threat protection VULNERABILITY vs. A weakness in a system EXPLOIT A method used to gain system entry Can be used to do something unintended Many different exploits can target a single vulnerability Can be exploited in multiple ways IBM PROTECTION Not all exploits are publicly available, and mutation is common vs. IBM protects the vulnerability OTHER PRODUCTS Other products only block the exploits Stays ahead of the threat with pre-emptive protection that stops things from breaking the window??? Looks for methods that can break the window Keeping up can be challenging
14 Behavioral-based detection blocks attacks that have never been seen before IBM Protection Disclosed 2006 MS IE Remote Exploit CVE Java Plug-in for IE Remote Code Exploit CVE April JavaScript_NOOP_Sled 6.8 years ahead 94 vulnerabilities covered March 2006 HTML_Browser_Plugin_Overflow 5.7 years ahead October vulnerabilities covered Java JRE Code Execution October 2012 Java_Malicious_Applet 5 months ahead 8 vulnerabilities covered CVE Cisco ASA Cross-Site Scripting CVE March 2013 November 2008 Cross_Site_Scripting March years ahead 8,500+ vulnerabilities covered CVE Symantec Live Update SQL Injection December 2012 June 2007 SQL_Injection March years ahead 9,000+ vulnerabilities covered
15
16 Reaching security maturity to meet new challenges Security Intelligence Predictive Analytics, Big Data Workbench, Flow Analytics SIEM and Vulnerability Management Log Management Advanced Fraud Protection People Optimized Privileged user management User provisioning Access management Basic Applications Infrastructure Data governance Fraud detection Multi-faceted network protection Encryption key management Hybrid scanning and correlation Anomaly detection Identity governance Fine-grained entitlements Proficient Data Strong authentication Directory management Data masking / redaction Database activity monitoring Virtualization security Web application protection Asset management Source code scanning Endpoint / network security management Data loss prevention Encryption Database access control Hardened systems Application scanning Perimeter security Host security Anti-virus
17 IBM Security offers a comprehensive product portfolio
18 All domains feed Security Intelligence Correlate new threats based on X-Force IP reputation feeds Hundreds of 3rd party information sources Guardium Identity and Access Management Database assets, rule logic and database activity information Identity context for all security domains w/ QRadar as the dashboard IBM Endpoint Manager Endpoint Management vulnerabilities enrich QRadar s vulnerability database IBM Security Network Intrusion Prevention System Flow data into QRadar turns NIPS devices into activity sensors AppScan Enterprise AppScan vulnerability results feed QRadar SIEM for improved asset risk assessment
19 CrossIdeas offers a modular solution built on a single governance platform CrossIdeas Platform Auditors, CRO Business Managers IT Security Customer Value Business-driven approach to Identity and Access Governance Integral part of an organization s compliance and risk strategy Extends enterprise IAM systems with out-of-box integrations
20 KB to create icon Apex multi-layered defense architecture Threat and Risk Reporting NEW Vulnerability Mapping and Critical Event Reporting Advanced Threat Analysis and Turnkey Service Credential Protection Alert and prevent phishing and reuse on noncorporate sites Exploit Chain Disruption Cloud Based File Inspection Lockdown for Java NEW NEW Prevent infections Legacy protection Prevent high-risk actions by via exploits against known malicious Java viruses Zero-day defense Consolidates over applications by controlling exploit-chain 20 AV engines for choke point maximal efficacy and operational simplicity Malicious Communication Prevention Block malware communication Disrupt C&C control Prevent data exfiltration Global Threat Research and Intelligence Global threat intelligence delivered in near-real time from the cloud
21
IBM Security re-defines enterprise endpoint protection against advanced malware
IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex
More informationDo not forget the basics!!!!!
Do not forget the basics!!!!! Domenico Raguseo IBM Europe Security Systems Technical Sales Manager Attackers are relentless, victims are targeted, and the damage toll is rising We are in an era of continuous
More informationAhead of the threat with Security Intelligence
Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationCan We Become Resilient to Cyber Attacks?
Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,
More informationMobile, Cloud, Advanced Threats: A Unified Approach to Security
Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationIBM Smarter Cities Cybersecurity Update
IBM Smarter Cities Cybersecurity Update October 2012 Kent Blossom, Vice President, IBM Security Solutions kblossom@us.ibm.com 1 Discussion Topics IBM Security Systems Evolving Client Priorities & Approaches
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationCloud Security. Vaughan Harper IBM Security Architect
Cloud Security Vaughan Harper IBM Security Architect A new security reality is here Sophisticated attackers break through conventional safeguards every day Cloud, mobile, social and big data drive unprecedented
More informationSecurity Intelligence
IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationIBM Security Systems Trends and IBM Framework
IBM Security Systems Trends and IBM Framework Alex Kioni CISSP, CISM, CEH, ITILv3 Security Systems Lead Technical Consultant Central, East & West Africa Region 1 Agenda IBM X-Force 2013 Mid Year Trend
More informationStaying Ahead of the Cyber Security Game. Nigel Tan ASEAN Technical Leader IBM Security
Staying Ahead of the Cyber Security Game Nigel Tan ASEAN Technical Leader IBM Security PARADIGM SHIFT in crime ORGANIZED COLLABORATIVE AUTOMATED Cyber Criminals Use BUSINESS INTELLIGENCE NOBODY IS IMMUNE
More informationIBM Security X-Force Threat Intelligence
IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationSecurity strategies to stay off the Børsen front page
Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the
More informationThe webinar will begin shortly
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
More informationIBM & Security Gov. Point Of Views
IBM & Security Gov. Point Of Views Santiago Cavanna Cavanna@Ar.IBM.com @scavanna Point of View: Info Security situation How Government can Protect Itself from Cyber Attacks According to a GovLoop survey,
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationIBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!
IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM can provide unmatched global coverage and security awareness! 4,300 Strategic outsourcing security delivery resources 1,200
More informationINDUSTRY OVERVIEW: HEALTHCARE
ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...
More informationThe Landscape of Cyber, critical infrastructure and how Regulation fits in
The Landscape of Cyber, critical infrastructure and how Regulation fits in National Security and Critical infrastructure: New Perspectives for Private-Public Cooperation, Madrid, April 14th Jonathan Sage
More informationStop advanced targeted attacks, identify high risk users and control Insider Threats
TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationIBM Security Briefing: Differentiators & Maturity Model
IBM Security Briefing: Differentiators & Maturity Model Hamilton, Bermuda February 11, 2015 Norman John, MBA IBM Security Sales Executive Ontario & Caribbean norm.john@ca.ibm.com @norm_john 1 2014 IBM
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationRagy Magdy Regional Channel Manager MEA IBM Security Systems
Ragy Magdy Regional Channel Manager MEA IBM Security Systems 1 Started my career in Security in 2003 by Joining ISS 2005 was named the ISS Regional Manager for the Middle East 2006 ISS was acquired by
More informationSicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi
Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dagli attacchi Giovanni Abbadessa, IBM IT Security Architect Umberto Sansovini, IBM Security Consultant Document number Big
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationand Security in the Era of Cloud
Re-imagine i Enterprise Mobility and Security in the Era of Cloud Brendan Hannigan General Manager, IBM Security Systems Leverage Cloud as a growth engine for business Exploit Mobile to build customer
More informationHow to Choose the Right Security Information and Event Management (SIEM) Solution
How to Choose the Right Security Information and Event Management (SIEM) Solution John Burnham Director, Strategic Communications and Analyst Relations IBM Security Chris Meenan Director, Security Intelligence
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationRE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC
RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure
More informationComprehensive real-time protection against Advanced Threats and data theft
TRITON AP-WEB Comprehensive real-time protection against Advanced Threats and data theft Your business and its data are under constant attack. Traditional security solutions no longer provide sufficient
More informationSR B17. The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner
SR B17 The Threat Landscape Continues to Change: How are You Keeping Pace? Dean Turner Director - Engineering, Global Intelligence Network Symantec Intelligence Group Agenda 1 2 3 5 Symantec Intelligence
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape Johan Celis X-Force R&D Spokesperson Security Channel Sales Leader BeNeLux 1 Mission IBM Security Systems To protect our customers from security threats
More informationCloud and Critical Infrastructures how Cloud services are factored in from a risk perspective
Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationIBM Security Framework
IBM Security Framework Intelligence, Integration and Expertise Sadu Bajekal, Senior Technical Staff Member Principal Security Architect IBM Security Systems January 28, 2014 12013 IBM Corporation Agenda
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationHow Shared Security Intelligence Can Better Stop Targeted Attacks
How Shared Security Intelligence Can Better Stop Targeted Attacks SESSION ID: SPO3-T07 Piero DePaoli Senior Director Global Product Marketing Symantec Corporation Targeted Attacks are an Increasing Issue
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationSituational Awareness A Discussion
Situational Awareness A Discussion Dean Weber March, 2012 The Current Situation take one spending incidents financial losses overall risk grows resources applied grows but no real progress The situation
More informationLeverage security intelligence for retail organizations
Leverage security intelligence for retail organizations Embrace mobile consumers, protect payment and personal data, deliver a secure shopping experience Highlights Reach the connected consumer without
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationTRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT
TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS AND DATA THEFT Your business and its data
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationIBM Protocol Analysis Module
IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network
More informationTrends in Advanced Threat Protection
Trends in Advanced Threat Protection John Martin Senior Security Architect IBM Security Systems Division 1 2012 IBM Corporation John Martin Senior Security Architect IBM Security Systems Division Security
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationUNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
More informationProtect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities
Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities Protecting a business s IT infrastructure is complex. Take, for example, a retailer operating a standard multi-tier infrastructure
More informationThe Current State of Cyber Security
The Current State of Cyber Security Bob Kalka, Vice President, IBM Security PARADIGM SHIFT in crime ORGANIZED COLLABORATIVE AUTOMATED 2 Cyber criminals use BUSINESS INTELLIGENCE 3 NOBODY IS IMMUNE 2012
More informationSecuring OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
More informationApplying IBM Security solutions to the NIST Cybersecurity Framework
IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements
More informationRedefining SIEM to Real Time Security Intelligence
Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities
More informationHow a Company s IT Systems Can Be Breached Despite Strict Security Protocols
How a Company s IT Systems Can Be Breached Despite Strict Security Protocols Brian D. Huntley, CISSP, PMP, CBCP, CISA Senior Information Security Advisor Information Security Officer, IDT911 Overview Good
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationINDUSTRY OVERVIEW: FINANCIAL
ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More information2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY
2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY 1 EXECUTIVE SUMMARY INTRODUCING THE 2015 GLOBAL THREAT INTELLIGENCE REPORT Over the last several years, there has been significant security industry
More informationAdvanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA
Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery
More informationRisk-based solutions for managing application security
IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationJUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
More informationWeb 2.0 and Data Protection. Paul Tsang Security Consultant McAfee
Web 2.0 and Data Protection Paul Tsang Security Consultant McAfee Criminal Motivators For Profit Targeted Attacks Cyber Warfare (Credit Cards, PII, Criminal Infrastructure) (Nation-State Secrets, Trade
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationDETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?
A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social
More informationISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems
IBM Global Services ISS X-Force Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems Internet Security Systems, an IBM Company Security Market Overview Companies face sophisticated
More informationDOWNTIME BREACHES DATA LOSS. SYMANTEC TECHNICAL SERVICES HELP YOU AVOID THEM.
DOWNTIME BREACHES DATA LOSS. SYMANTEC TECHNICAL SERVICES HELP YOU AVOID THEM. Symantec Technical Services 2015 Symantec Corporation. All rights reserved. Go ahead, you ve got There s More to Protect By
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationEl costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada
El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationHost/Platform Security. Module 11
Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic
More informationAPT Advanced Persistent Threat Time to rethink?
APT Advanced Persistent Threat Time to rethink? 23 November 2012 Gergely Tóth Senior Manager, Security & Privacy Agenda APT examples How to get inside? Remote control Once we are inside Conclusion 2 APT
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationSociety for Information Management
Society for Information Management The Projected Top 5 Security Issues of 2010 Steve Erdman CSO and Staff Security Consultant of SecureState Network +, MCP Precursor 2009 has been a difficult year in Information
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More information