Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Size: px
Start display at page:

Download "Effectively Using Security Intelligence to Detect Threats and Exceed Compliance"

Transcription

1 Effectively Using Security Intelligence to Detect Threats and Exceed Compliance Chris Poulin Security Strategist, IBM Reboot Conference

2 Security Threats Affect the Business Business Brand image Supply chain Legal Impact of Audit risk results exposure hacktivism Sony estimates potential $1B long term impact $171M / 100 customers* HSBC data breach discloses 24K private banking customers Epsilon breach impacts 100 national brands TJX estimates $150M class action settlement in release of credit / debit card info Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony Zurich Insurance PLc fined 2.275M ($3.8M) for the loss and exposure of 46K customer records *Sources for all breaches shown in speaker notes 2

3 Attacks from All Sides Cyber vandals Cyber warfare Targets of opportunity Cyber crime Cyber terrorism Hacktivists Nation states Corporate espionage Targets of choice APTs Cyber espionage Data exfiltration Client-side vulnerabilities Insiders 3

4 Sophistication of Threats, Attackers, & Motives is Escalating Motive National Security Espionage, Political Activism st Decade of the Commercial Internet nd Decade of the Commercial Internet Nation-state Actors; Targeted Attacks / Advanced Persistent Threat Competitors, Hacktivists Monetary Gain Organized Crime, using sophisticated tools Revenge Insiders, using inside information Curiosity Script-kiddies or hackers using tools, web-based how-to s Adversary 4

5 And Yet the Compromises are Mostly Avoidable Source: IBM X-Force 2011 Trend and Risk Report March

6 Not If, but When Breaches are taking longer to discover Breaches are not being discovered internally 6 Charts from Verizon 2011 Investigative Response Caseload Review

7 92% of Breaches Are Undetected by Breached Organization Source: 2012 Data Breach Investigations Report 7

8 but all is not lost 8

9 Choose the Right Technology Protection technology is critical, but choose wisely There is no magic security technology 9

10 People and Processes First A lesson from airport security: Instead of expensive equipment, use what works In Israel No plane departing Ben Gurion Airport has ever been hijacked Use human intelligence Questioning looks for suspicious behavior Simple metal detectors Scotland Yard 24+ men planned to smuggle explosive liquids Foiled beforehand because of intelligence Before they even got to the airport 10

11 No Perfect Protection: Asymptotes Never Reach Zero 20% Security Technology Budget 80% THREATS 11

12 Security is a Complex, Four-Dimensional Puzzle People Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers Data Structured Unstructured At rest In motion Applications Systems applications Web applications Web 2.0 Mobile apps Infrastructure It is no longer enough to protect the perimeter siloed point products will not secure the enterprise 12

13 What Gartner is Saying About the Need for Context Mark Nicollet, Managing VP, Gartner Security, Risk & Compliance The rapid discovery of a breach is key to minimizing the damage of a targeted attack, but most organizations do not have adequate breach detection capabilities. Since perfect defenses are not practical or achievable, organizations need to augment vulnerability management and shielding with moreeffective monitoring. The addition of context, such as user, application, asset, data and threat, to security event monitoring will increase the likelihood of early discovery of a targeted attack. We need to get better at discovering the changes in normal activity patterns that are the early signal of an attack or breach. 13 #1-3 from Effective Security Monitoring Requires Context, Gartner, 16 January 2012, G #4 from Using SIEM for Targeted Attack Detection, Gartner, 20 March 2012, G

14 What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the IT security and risk posture of an enterprise Security Intelligence provides actionable and comprehensive insight for managing risks and threats from protection and detection through remediation 14

15 Security Intelligence Timeline Prediction & Prevention Risk Management. Vulnerability Management. Configuration Monitoring. Patch Management. X-Force Research and Threat Intelligence. Compliance Management. Reporting and Scorecards. Reaction & Remediation SIEM. Log Management. Incident Response. Network and Host Intrusion Prevention. Network Anomaly Detection. Packet Forensics. Database Activity Monitoring. Data Loss Prevention. 15

16 Context and Correlation Drive Deep Insight Security Devices Servers & Hosts Network & Virtual Activity Database Activity Application Activity Configuration Info Vulnerability Info Users & Identities Event Correlation Logs IP Reputation Flows Geo Location Activity Baselining & Anomaly Detection User Activity Database Activity Application Activity Network Activity Offense Identification Credibility Severity Relevance Suspected Incidents Extensive Data Sources Deep + Intelligence = Exceptionally Accurate and Actionable Insight 16

17 Security Intelligence Use Cases 17

18 How Security Intelligence Can Help Continuously monitor all activity and correlate in real time Change & configuration management Gain visibility into unauthorized or anomalous activities High number of failed logins to critical servers -- brute-force password attack Query by DBA to credit card tables during off-hours possible SQL injection attack Spike in network activity -- high download volume from SharePoint server Server (or thermostat) communicating with IP address in China Inappropriate use of protocols -- sensitive data being exfiltrated via P2P Configuration change -- unauthorized port being enabled for exfiltration Unusual Windows service -- backdoor or spyware program Automation => reduced cost & complexity, simplified compliance, lower TCO 18

19 Activity and Data Access Monitoring Visualize Data Risks Automated charting and reporting on potential attacks Correlate System, Application, & Network Activity Enrich security alerts with anomaly detection and flow analysis Detect suspicious activity before it leads to a breach 360-degree visibility helps distinguish true breaches from benign activity, in real time 19

20 User Activity Monitoring to Combat Advanced Persistent Threats User & Application Activity Monitoring alerts on a user anomaly for Oracle database access. Identify the user, normal access behavior, and the anomaly behavior with all source & destination information to quickly resolve the threat. 20

21 Activity / Behavior Monitoring, Flow Analytics, Anomaly Detection Behaviour / activity base lining of users and processes Helps detect day-zero attacks and covert channels that have no signature or AV / IPS detection Provides definitive evidence of attack Enables visibility into attacker communications Network traffic does not lie Attackers can stop logging and erase their tracks, but can t cut off the network (flow data) 21

22 Application and Threat Detection with Forensic Evidence Potential Botnet Detected? This is as far as traditional SIEM can go IRC on port 80? IBM Security QRadar QFlow detects a covert channel Irrefutable Botnet Communication Layer 7 flow data contains botnet command control instructions Application layer flow analysis can detect threats others miss 22

23 Data Leakage Who is responsible for the data leak? Alert on data patterns, such as credit card number, in real time. 23

24 Configuration & Risk Network topology and open paths of attack add context Rules can take exposure into account to: Prioritize offenses and remediation Enforce policies Play out what-if scenarios 24

25 Detecting Insider Fraud and Data Loss Potential Data Loss Who? What? Where? Who? An internal user What? Oracle data Where? Gmail Threat detection in the post-perimeter world User anomaly detection and application level visibility are critical to identify inside threats 25

26 Other Use Cases Detect suspicious behavior Privileged actions being conducted from a contractor s workstation DNS communications with external system flagged as malicious Detect policy violations Baseline against reality (CMDB) Social media, P2P, etc. Detect APTs File accesses out of the norm behavior anomaly detection Least used applications or external systems; occasional traffic Detect fraud Determine baselines on credit pulls or trading volumes, and detect anomalies Correlate ebanking PIN change with large money transfers Forensic evidence for prosecution Impact analysis Compliance Change & configuration management 26

27 Intelligent solutions provide the DNA to secure a Smarter Planet Security Intelligence, Analytics & GRC People Data Applications Infrastructure 27

28 Thank You! 28

29 ibm.com/security Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will 29 necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT 2012 IBM Corporation THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

Security strategies to stay off the Børsen front page

Security strategies to stay off the Børsen front page Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Security Intelligence Solutions

Security Intelligence Solutions Security Intelligence Solutions Know what is going on inside your enterprise with QRadar Joseph Skocich, WW Sales Integration Executive Q1 Labs, an IBM Company June 2012 jskocich@us.ibm.com What is Security

More information

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation

IBM Security. 2013 IBM Corporation. 2013 IBM Corporation IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

AMPLIFYING SECURITY INTELLIGENCE

AMPLIFYING SECURITY INTELLIGENCE AMPLIFYING SECURITY INTELLIGENCE WITH BIG DATA AND ADVANCED ANALYTICS Chris Meenan Senior Product Manager, Security Intelligence 1 IBM Security Systems Welcome to a Not So Friendly Cyber World Biggest

More information

The webinar will begin shortly

The webinar will begin shortly The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security

More information

Using Security Intelligence to Stay out of the Headlines

Using Security Intelligence to Stay out of the Headlines Using Security Intelligence to Stay out of the Headlines Chris Poulin IBM, Security Systems Session ID: DAS-309 Session Classification: Intermediate Welcome to the SIEM Crime Scene Remove yourself from

More information

Ahead of the threat with Security Intelligence

Ahead of the threat with Security Intelligence Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

Under the Hood of the IBM Threat Protection System

Under the Hood of the IBM Threat Protection System Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer

More information

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Mobile, Cloud, Advanced Threats: A Unified Approach to Security Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence IBM Security Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence Peter Kurfürst Vertrieb IBM Security Lösungen Enterprise-Kunden Baden-Württemberg

More information

Security Intelligence

Security Intelligence IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers

More information

IBM Security QRadar SIEM Product Overview

IBM Security QRadar SIEM Product Overview IBM Security QRadar SIEM Product Overview Alex Kioni IBM Security Systems Technical Consultant 1 2012 IBM Corporation The importance of integrated, all source analysis cannot be overstated. Without it,

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to

More information

BigData Analytics per la sicurezza delle Infrastrutture Critiche

BigData Analytics per la sicurezza delle Infrastrutture Critiche BigData Analytics per la sicurezza delle Infrastrutture Critiche Vincenzo Conti IBM Security Sales Consultant Energy and utility organizations are at the forefront of attacks Utilities are among the most

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns

More information

IBM Security QRadar QFlow Collector appliances for security intelligence

IBM Security QRadar QFlow Collector appliances for security intelligence IBM Software January 2013 IBM Security QRadar QFlow Collector appliances for security intelligence Advanced solutions for the analysis of network flow data 2 IBM Security QRadar QFlow Collector appliances

More information

Breaking down silos of protection: An integrated approach to managing application security

Breaking down silos of protection: An integrated approach to managing application security IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity

More information

How to Choose the Right Security Information and Event Management (SIEM) Solution

How to Choose the Right Security Information and Event Management (SIEM) Solution How to Choose the Right Security Information and Event Management (SIEM) Solution John Burnham Director, Strategic Communications and Analyst Relations IBM Security Chris Meenan Director, Security Intelligence

More information

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Data Security: Fight Insider Threats & Protect Your Sensitive Data Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

IBM Security X-Force Threat Intelligence

IBM Security X-Force Threat Intelligence IBM Security X-Force Threat Intelligence Use dynamic IBM X-Force data with IBM Security QRadar to detect the latest Internet threats Highlights Automatically feed IBM X-Force data into IBM QRadar Security

More information

Risk-based solutions for managing application security

Risk-based solutions for managing application security IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated

More information

QRadar SIEM and Zscaler Nanolog Streaming Service

QRadar SIEM and Zscaler Nanolog Streaming Service QRadar SIEM and Zscaler Nanolog Streaming Service February 2014 1 QRadar SIEM: Security Intelligence Platform QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

Cybercrime: the New Reality of Information Security

Cybercrime: the New Reality of Information Security Cybercrime: the New Reality of Information Security Christina Peters, Senior Counsel, Security and Privacy IBM Jack Danahy, Director for Advanced Security, IBM Security Systems Thomas X. Grasso, Jr. Supervisory

More information

Win the race against time to stay ahead of cybercriminals

Win the race against time to stay ahead of cybercriminals IBM Software Win the race against time to stay ahead of cybercriminals Get to the root cause of attacks fast with IBM Security QRadar Incident Forensics Highlights Help reduce the time required to determine

More information

Extending security intelligence with big data solutions

Extending security intelligence with big data solutions IBM Software Thought Leadership White Paper January 2013 Extending security intelligence with big data solutions Leverage big data technologies to uncover actionable insights into modern, advanced data

More information

QRadar SIEM and FireEye MPS Integration

QRadar SIEM and FireEye MPS Integration QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving

More information

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence BROCHURE The Value of QRadar QFlow and QRadar VFlow for Security Intelligence As the security threats facing organizations have grown exponentially, the need for greater visibility into network activity

More information

Leverage security intelligence for retail organizations

Leverage security intelligence for retail organizations Leverage security intelligence for retail organizations Embrace mobile consumers, protect payment and personal data, deliver a secure shopping experience Highlights Reach the connected consumer without

More information

and Security in the Era of Cloud

and Security in the Era of Cloud Re-imagine i Enterprise Mobility and Security in the Era of Cloud Brendan Hannigan General Manager, IBM Security Systems Leverage Cloud as a growth engine for business Exploit Mobile to build customer

More information

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to

More information

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

Safeguarding the cloud with IBM Dynamic Cloud Security

Safeguarding the cloud with IBM Dynamic Cloud Security Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

IBM i2 Enterprise Insight Analysis for Cyber Analysis

IBM i2 Enterprise Insight Analysis for Cyber Analysis IBM i2 Enterprise Insight Analysis for Cyber Analysis Protect your organization with cyber intelligence Highlights Quickly identify threats, threat actors and hidden connections with multidimensional analytics

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk

More information

IBM Security Framework

IBM Security Framework IBM Security Framework Intelligence, Integration and Expertise Sadu Bajekal, Senior Technical Staff Member Principal Security Architect IBM Security Systems January 28, 2014 12013 IBM Corporation Agenda

More information

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Securing the Cloud infrastructure with IBM Dynamic Cloud Security Securing the Cloud infrastructure with IBM Dynamic Cloud Security Ngo Duy Hiep Security Brand Manager Cell phone: +84 912216753 Email: hiepnd@vn.ibm.com 12015 IBM Corporation Cloud is rapidly transforming

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

7 Things All CFOs Should Know About Cyber Security

7 Things All CFOs Should Know About Cyber Security Insero & Company s Accounting & Finance Education Series Presents 7 Things All CFOs Should Know About Cyber Security September 23, 2014 Michael Montagliano Chief Technologist, IV4. Inc. CERTIFIED PUBLIC

More information

IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area?

IBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? IBM How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? Sven-Erik Vestergaard Nordic Security Architect IBM Software group svest@dk.ibm.com Security

More information

IBM QRadar Security Intelligence Platform appliances

IBM QRadar Security Intelligence Platform appliances IBM QRadar Security Intelligence Platform Comprehensive, state-of-the-art solutions providing next-generation security intelligence Highlights Get integrated log management, security information and event

More information

Addressing Security for Hybrid Cloud

Addressing Security for Hybrid Cloud Addressing Security for Hybrid Cloud Sreekanth Iyer Executive IT Architect IBM Cloud (CTO Office) Email : sreek.iyer@in.ibm.com Twitter: @sreek Blog: http://ibm.co/sreek July 18, 2015 Cloud is rapidly

More information

The Current State of Cyber Security

The Current State of Cyber Security The Current State of Cyber Security Bob Kalka, Vice President, IBM Security PARADIGM SHIFT in crime ORGANIZED COLLABORATIVE AUTOMATED 2 Cyber criminals use BUSINESS INTELLIGENCE 3 NOBODY IS IMMUNE 2012

More information

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager! IBM can provide unmatched global coverage and security awareness! 4,300 Strategic outsourcing security delivery resources 1,200

More information

Society Protection Best Practices from Industry

Society Protection Best Practices from Industry Society Best Practices from Industry The Nuts and Bolts of the Dynamic Attack Chain 1 October 2015 1 2015 IBM Corporation You are an... IT Security Manager (and a father of three teenagers his wife is

More information

The Next Generation Security Operations Center

The Next Generation Security Operations Center The Next Generation Security Operations Center Vassil Barsakov Regional Manager, CEE & CIS RSA, the Security Division of EMC 1 Threats are Evolving Rapidly Criminals Petty criminals Unsophisticated Organized

More information

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.

More information

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security re-defines enterprise endpoint protection against advanced malware IBM Security re-defines enterprise endpoint protection against advanced malware Break the cyber attack chain to stop advanced persistent threats and targeted attacks Highlights IBM Security Trusteer Apex

More information

IBM Security Intrusion Prevention Solutions

IBM Security Intrusion Prevention Solutions IBM Security Intrusion Prevention Solutions Sarah Cucuz sarah.cucuz@spyders.ca IBM Software Solution Brief IBM Security intrusion prevention solutions In-depth protection for networks, servers, endpoints

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments

More information

IBM QRadar as a Service

IBM QRadar as a Service Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major

More information

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management Security Services Architect & Advisor, IBM Italia Intervento al Security Summit Milano 2016 15 aprile Autore

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS

More information

IBM & Security Gov. Point Of Views

IBM & Security Gov. Point Of Views IBM & Security Gov. Point Of Views Santiago Cavanna Cavanna@Ar.IBM.com @scavanna Point of View: Info Security situation How Government can Protect Itself from Cyber Attacks According to a GovLoop survey,

More information

Advanced Threats: The New World Order

Advanced Threats: The New World Order Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC

More information

HP ArcSight User Behavior Analytics

HP ArcSight User Behavior Analytics Insider Threat HP ArcSight User Behavior Analytics Application Misuse Sensitive Data Access Hakan Durgut ArcSight Specialist Nordics/Baltics 1 The insider threat challenge IT Security focus in on the external

More information

Application Security from IBM Karl Snider, Market Segment Manager March 2012

Application Security from IBM Karl Snider, Market Segment Manager March 2012 Application Security from IBM Karl Snider, Market Segment Manager March 2012 1 2012 IBM Corporation Helping Solve Customer Challenges Application Security Finding Application Vulnerabilities GlassBox scanning

More information

Boosting enterprise security with integrated log management

Boosting enterprise security with integrated log management IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise

More information

Powering Security and Easy Authentication in a Multi-Channel World

Powering Security and Easy Authentication in a Multi-Channel World Powering Security and Easy Authentication in a Multi-Channel World Archit Lohokare Global Product Manager IBM Security Systems 1 2012 IBM Corporation IBM Security Systems division is one of the largest

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture Using LYNXeon with NetFlow to Complete Your Cyber Security Picture 21CT.COM Combine NetFlow traffic with other data sources and see more of your network, over a longer period of time. Introduction Many

More information

Gaining the upper hand in today s cyber security battle

Gaining the upper hand in today s cyber security battle IBM Global Technology Services Managed Security Services Gaining the upper hand in today s cyber security battle How threat intelligence can help you stop attackers in their tracks 2 Gaining the upper

More information

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data

More information

Let s talk about assets in QRadar

Let s talk about assets in QRadar QRadar Open Mic Webcast #7 January 28, 2015 Let s talk about assets in QRadar Panelists Dwight Spencer Principal Solutions Architect & Co-founder of Q1 Labs Adam Frank Principal Solutions Architect Brad

More information

Covert Operations: Kill Chain Actions using Security Analytics

Covert Operations: Kill Chain Actions using Security Analytics Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

The Changing Nature of Risk and the Role of Big Data

The Changing Nature of Risk and the Role of Big Data The Changing Nature of Risk and the Role of Big Data Jack Danahy Director / North American Security Consulting IBM Incidents Continue to Grow in Spite of Investment 2012 Sampling of Security Incidents

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 HP Enterprise Security 林 傳 凱 (C. K. Lin) Senior Channel PreSales, North Asia HP ArcSight, Enterprise Security 1 Rise Of The Cyber Threat Enterprises and Governments are experiencing

More information

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.

Agenda. 3 2012, Palo Alto Networks. Confidential and Proprietary. Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and

More information

IBM X-Force 2012 Cyber Security Threat Landscape

IBM X-Force 2012 Cyber Security Threat Landscape IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in

More information

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments. Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover

More information

Security Analytics for Smart Grid

Security Analytics for Smart Grid Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Nanci Knight IBM Academic Initiative Ecosystem Development Relationship Manager West Region email: nknight@us.ibm.com cell: 707.529.

Nanci Knight IBM Academic Initiative Ecosystem Development Relationship Manager West Region email: nknight@us.ibm.com cell: 707.529. Nanci Knight IBM Academic Initiative Ecosystem Development Relationship Manager West Region email: nknight@us.ibm.com cell: 707.529.9603 IBM At A Glance IBM has 425,000 ee s worldwide 2012 Financials Revenue

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1 Securing ephi with Effective Database Activity Monitoring HIMSS Webcast 4/26/2011 p. 1 Agenda Agenda Database Security Primer Industry Trends What Works Integrated DB Security Product Demonstration Questions

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information