Cyber security - the business critical issues facing organisations

Transcription

1 Cyber security - the business critical issues facing organisations Peter Jopling Global Deputy Leader IBM Security Tiger Team joplingp@uk.ibm.com September 29, 2015

2 A new security reality is here 90 % 74 % & Have had a cyber incident in last 12 months 2014 ONS of large organisations 70 % of security executives have cloud and mobile security concerns 2014 IBM CISO Survey 83 % of enterprises have difficulty finding the security skills they need 2013 ESG Research UK businesses now earns 1in every 5from the Internet % 85 security tools from vendors Mobile malware growth in just one year Juniper Mobile Threat Report 45IBM client example 2

3 where your security team sees noise 3

4 Criminals use Security Business Intelligence are you? 4

5 5 5

6 Malicious code, sustained probes or scans and unauthorised access dominate the threat landscape. Categories of security incidents Reconnaissance activity for gathering information about targeted systems Software created to disrupt systems, gain unauthorized access or gather information about the system under attack 6

7 Who is attacking your networks? Attacker Outsiders Combination Malicious Insiders Inadvertent Actor 7

8 IBM Cyber Index Report Security events Security attacks Security incidents Annual 102,111,110 Monthly 8,509,259 Weekly 1,963,675 Annual 16,807 Monthly 1,401 Weekly 232 Annual Monthly 9.72 Weekly 2.24 Security Intelligence Correlation and analytics tools Security Intelligence Human security analysts Events: Observable occurrences in a system or network Attacks: Greater efficiency in security processing to help clients focus on identified malicious events Incidents: Attacks deemed worthy of deeper investigation 8

9 Ransomware has evolved to reach a broader range of attackers through service kits to provide infection as a service 2010 WinLock ransomware, a nonencrypted variant, demands premium-rate SMS messages to unlock target machines 2014 Ransomweb attacks target web applications through vulnerable web servers Sept st known ransomware "PC Cyborg created 2013 CryptoLock, ZeroLocker and CryptoWall require ransom be paid in anonymous cryptocurrencies 2015 Tox ransomware as a service kit released in the wild 9

10 10

11 The Dark Web is comprised of nefarious individuals participating anonymous encrypted communications Tor was originally designed, implemented and deployed in 2004 as a third-generation onion routing project of the US Naval Research Laboratory to protect government communications. Because it allows private, encrypted communication, it s now used for nefarious purposes. Guard Node Relay Node Exit Node Requestor Destination Server Relay Node Unencrypted link Encrypted link Tor node 11

12 Security leaders are more accountable than ever before CEO / COO CCO / CFO CIO CHRO / CDO CMO Loss of market share and reputation Legal exposure Business continuity Audit failure Fines and enforcement impact Financial loss Impact to data and systems, (confidentiality, integrity and / or availability) Violation of employee privacy Loss of sensitive data Loss of customer trust Loss of brand reputation Your board and CEO demand a strategy 12

13 Protect against new and complex security challenges Optimise your security program Use experts to modernise security, reduce complexity, and lower costs Stop advanced threats Use analytics and insights for smarter and more integrated defense Protect critical assets Use context-aware controls to prevent unauthorised access and data loss Safeguard cloud and mobile Use IT transformation to build a new, stronger security posture 13

14 Optimise your security program Use experts to modernize security, reduce complexity, and lower costs Assess and transform your security posture Build next generation security operations Get help from worldwide experts 24x7x365 14

15 Leading expertise to help optimise your security program Assess, plan and develop your security maturity and operations Security Maturity Assess and transform your security posture SOC Transformation Build next generation security operations Technology Process Organization Metrics Governance Identify capability gaps, plan and deploy a robust strategy and roadmap to close them Gain insight to prioritize security investments Plan Design Build Deploy Optimize Deploy intelligence-driven security capabilities Optimize your ability to react to and contain events, while reducing impact 15

16 Around-the-clock management, monitoring and protection Protect networks, servers and endpoints from the Internet s most critical threats Firewall Management Managed Protection Services Unified Threat Management Secure Web Gateway Management Intrusion Detection and Prevention System Management Malware Defense Management Better secure information assets from Internet attacks Reduce security investment and management costs Better manage compliance Improve system uptime and performance Simplify management of multiple security device types 16

17 Immediate access to incident response and forensics experts Proactively prepare for, and instantly respond to, cyber attacks Combat a significant intrusion, sophisticated attack, or other security incident for faster recovery and forensic analysis Incident Planning Proactive Preparation Periodic Reviews Incident Triage Containment, Eradication and Recovery Post- Incident Analysis 24x7 Worldwide, around-the-clock coverage can enable faster recovery and reduce business impact from incidents 17

18 Stop advanced threats Use analytics and insights for smarter and more integrated defense Defend against web fraud and cybercrime Prevent targeted attacks in real-time Detect threats with security intelligence 18

19 A dynamic, integrated system to help stop advanced threats Attack Chain 1 Break-in 2 Latch-on 3 Expand 4 Gather 5 Exfiltrate 19

20 Focus on critical points in the attack chain with preemptive defenses on both the endpoint and network Prevent malware installs Prevent control channels Prevent credential loss On the Endpoint Verify the state of applications Block exploit attempts used to deliver malware Stop direct outbound malware communications Protect against process hijacking Block keyloggers Stop credential use on phishing sites Limit reuse of passwords Exploit Disruption Malware Quarantine User Protection On the Network Prevent mutated exploits Prevent active beaconing Prevent malicious apps Verify the state of network protocols Block unknown exploits with behavioral heuristics Stop malware and botnet control traffic with real-time reputation and SSL inspection Block access to malicious websites Prevent web application misuse 20

21 Continuously monitor security-relevant activity from across the entire organisation Predict and prioritise security weaknesses before adversaries do Use automated vulnerability scans and rich security context Emphasis high-priority, unpatched, or defenseless assets requiring attention Security Intelligence Platform Detect activity and anomalies outside normal behavior Correlate and baseline massive sets of data From logs, events, flows, user activity, assets, locations, vulnerabilities, external threats, and more Pre-Attack Analytics Real-time Attack Analytics 21

22 Quickly investigate breaches, retrace activity, and learn from findings to remediate weaknesses Post-Attack Incident Forensics Reduce the time to fully discover what happened and when it occurred Index and reconstruct attack activity and content from full-packet network data Apply search engine technology and advanced visualizations Rapid Response Integrations Quickly expand security coverage to prevent further harm Share indicators across control points Dynamically apply customized rules Emergency Response Services Help prepare for and withstand security breaches more effectively Gain access to key resources that can enable faster recovery and help reduce incident business impact 22

23 Leverage threat intelligence with product integrations that draw upon human and machine-generated information Global Threat Intelligence Zero-day Research Malware Analysis Exploit Triage IP/Domain Reputation URL/Web Filtering Web App Control Intelligence Network 23

24 Protect critical assets Use context-aware controls to prevent unauthorized access and data loss Govern and administer users and their access Identify and protect sensitive data Manage application security risk Manage and secure network and endpoints 24

25 Govern and administer users and their access Datacenter Web Social Mobile Cloud Identity Management Identity governance and intelligence User lifecycle management Privileged identity control Access Management Adaptive access control and federation Application content protection Authentication and single sign on On Premise Appliances Software-as-a- Service Cloud Managed / Hosted Services 25

26 Identify and protect sensitive data Safeguard your crown jewels and protect your brand Identify Risk Discover and classify sensitive data Assess database vulnerabilities Harden Repositories Encrypt and mask sensitive data Archive / purge dormant data Revoke dormant entitlements Monitor Access Monitor and alert on attacks in real-time Identify suspicious activity Produce detailed compliance reports Protect Data Prevent unauthorized access to sensitive data Enforce change control 26

27 Manage application security risk Dynamic Application Scanning Identify and remediate vulnerabilities in live applications Static Application Scanning Address application security from day one to production Application Security Management Use a single console for managing application testing, reporting and policies Key Integrations Security Intelligence Network Protection Mobile App Protection 27

28 Fortify and manage endpoints wherever they exist Discover and manage endpoints Enforce policy compliance Rapidly patch vulnerable endpoints Quarantine infected endpoints Analyze software usage Protect against viruses and data leakage Get dynamic, crowd-sourced intelligence from endpoints Block zero-day / unknown threats Identify and block malicious communication processes Remove malware Prevent misuse of corporate credentials Gain real-time visibility and control Bridge the gap between Operations and Security 28

29 Safeguard cloud and mobile Use IT transformation to build a new, stronger security posture Gain cloud visibility and control Protect the mobile enterprise 29

30 .Final thoughts

31 Cloud Security the next Challenge Risk Assessment and Alerting Identity and Access Control Threat Intelligence and Protection User Behavioral Analysis Discovery and Visibility Policy Enforcement Approved Cloud Apps BYOD On-Prem Mobile 31

32 the next time you get in your car 32

33 IBM Security has global reach IBM Security by the Numbers + monitored countries (MSS) + service delivery experts + endpoints protected + events managed per day 33

34 Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

35 Legal notices and disclaimers Copyright 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at Copyright and trademark information