IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Click to edit subtitle style Broadest and deepest coverage across all security domains Worldwide research, development, and security experts Award-winning global threat research Intelligence. Integration. Expertise.
IBM can provide unmatched global coverage and security awareness 4,300 Strategic outsourcing security delivery resources 1,200 Professional services security consultants 650 Field security specialists 400 Security operations analysts 10 Security Operations Centers Click to edit Security Master text Research Centers styles Security Solution Development Centers Institute for Advanced Security Branches Second level Third level Fourth level Fifth level Security Research Centers 10 Security Operations Centers 14 Security Development Labs IBM X-Force Expertise 150M intrusion attempts monitored daily 46,000 documented vulnerabilities 40M unique phishing / spam attacks Millions of unique malware samples Billions of analyzed web pages Managed Services Excellence 20,000+ devices under management 3,700+ MSS clients worldwide 15B+ events managed per day 133 monitored countries (MSS) Unique research and reports 1000+ security patents
Security Reality We have all been compromised Click to edit Master text styles 1,764,121 Represents the number of security events the average organization of 15K employees will capture weekly 324 of these events represent actual attacks, per week 2.1 of these attacks will result in an incident, per week, a 22% annual increase 2014 IBM Cybersecurity Intelligence Index Click to edit Master text styles 1 out of Click to edit Master text 100 styles Second level of incidents analyzed logged level human error asthird a contributing factor Fourth level Stolen or lost laptop Fifth level or mobile device, Mistaken address/disposition/email of SPI, Double clicking (malware), Poor system hygiene: failure to patch, configure, or update Failure to delete dormant user accounts, use of default passwords. 2014 IBM Cybersecurity Intelligence Team security compromises are ever detected General Keith Alexander, Head of U.S. Cyber Command, in a speech to the American Enterprise Institute of all incidents analyzed by IBM Response Services could be considered noteworthy (potentially material or significant impact) 2014 IBM Cybersecurity Intelligence Team
We are in an era of continuous breaches. Operational sophistication Near daily leaks of sensitive data Relentless use of multiple methods IBM X-Force declared 40% increase 500,000,000+ records year of the security breach in reported data breaches and incidents 2011 were leaked, while the future shows no sign of change 2012 2013 Attack types SQL injection Spear phishing DDoS Third-party software Physical access Malware XSS Watering hole Undisclosed Note: Size of circle estimates relative impact of incident in terms of cost to business.
Who is attacking your networks? Attacker Outsiders Combination Malicious Insiders Inadvertent Actor
Spear phishing and Exploit Kit Example User receives risky email from personal social network ATTACKER TARGET User is redirected to a malicious website Drive-by exploit is used to install malware on target PC
Java Vulnerabilities
Security is a board room discussion, and security leaders are more accountable than ever before
IBM Security A new approach to security is needed 2014 2014IBM IBMCorporation Corporation
Ten essential steps to creating an intelligent security management program Understand Security Essentials 3 1 7 Secure collaboration in social and mobile workplace 4 5 Manage IT hygienically 6 Create a secure and resilient network GOAL: INTELLIGENT CYBER THREAT PROTECTION AND RISK MANAGEMENT Build a risk aware culture and management system Address security complexity of cloud and virtualization Develop secure products, by design 8 Manage third party security compliance 9 Assure data security and privacy 2 Establish intelligent security operations and rapid threat response 10 Manage the digital identity lifecycle
The IBM fundamental approach to threat protection VULNERABILITY vs. A weakness in a system EXPLOIT A method used to gain system entry Can be used to do something unintended Many different exploits can target a single vulnerability Can be exploited in multiple ways IBM PROTECTION Not all exploits are publicly available, and mutation is common vs. IBM protects the vulnerability OTHER PRODUCTS Other products only block the exploits Stays ahead of the threat with pre-emptive protection that stops things from breaking the window??? Looks for methods that can break the window Keeping up can be challenging
Behavioral-based detection blocks attacks that have never been seen before IBM Protection Disclosed 2006 MS IE Remote Exploit CVE-2012-4781 Java Plug-in for IE Remote Code Exploit CVE-2010-3552 April 2006 2014 JavaScript_NOOP_Sled 6.8 years ahead 94 vulnerabilities covered March 2006 HTML_Browser_Plugin_Overflow 5.7 years ahead October 2010 2 vulnerabilities covered Java JRE Code Execution October 2012 Java_Malicious_Applet 5 months ahead 8 vulnerabilities covered CVE-2013-2465 Cisco ASA Cross-Site Scripting CVE-2014-1645 March 2013 November 2008 Cross_Site_Scripting March 2014 5.5 years ahead 8,500+ vulnerabilities covered CVE-2014-2120 Symantec Live Update SQL Injection December 2012 June 2007 SQL_Injection March 2014 6.9 years ahead 9,000+ vulnerabilities covered
Reaching security maturity to meet new challenges Security Intelligence Predictive Analytics, Big Data Workbench, Flow Analytics SIEM and Vulnerability Management Log Management Advanced Fraud Protection People Optimized Privileged user management User provisioning Access management Basic Applications Infrastructure Data governance Fraud detection Multi-faceted network protection Encryption key management Hybrid scanning and correlation Anomaly detection Identity governance Fine-grained entitlements Proficient Data Strong authentication Directory management Data masking / redaction Database activity monitoring Virtualization security Web application protection Asset management Source code scanning Endpoint / network security management Data loss prevention Encryption Database access control Hardened systems Application scanning Perimeter security Host security Anti-virus 13-09-17
IBM Security offers a comprehensive product portfolio
All domains feed Security Intelligence Correlate new threats based on X-Force IP reputation feeds Hundreds of 3rd party information sources Guardium Identity and Access Management Database assets, rule logic and database activity information Identity context for all security domains w/ QRadar as the dashboard IBM Endpoint Manager Endpoint Management vulnerabilities enrich QRadar s vulnerability database IBM Security Network Intrusion Prevention System Flow data into QRadar turns NIPS devices into activity sensors AppScan Enterprise AppScan vulnerability results feed QRadar SIEM for improved asset risk assessment
CrossIdeas offers a modular solution built on a single governance platform CrossIdeas Platform Auditors, CRO Business Managers IT Security Customer Value Business-driven approach to Identity and Access Governance Integral part of an organization s compliance and risk strategy Extends enterprise IAM systems with out-of-box integrations
KB to create icon Apex multi-layered defense architecture Threat and Risk Reporting NEW Vulnerability Mapping and Critical Event Reporting Advanced Threat Analysis and Turnkey Service Credential Protection Alert and prevent phishing and reuse on noncorporate sites Exploit Chain Disruption Cloud Based File Inspection Lockdown for Java NEW NEW Prevent infections Legacy protection Prevent high-risk actions by via exploits against known malicious Java viruses Zero-day defense Consolidates over applications by controlling exploit-chain 20 AV engines for choke point maximal efficacy and operational simplicity Malicious Communication Prevention Block malware communication Disrupt C&C control Prevent data exfiltration Global Threat Research and Intelligence Global threat intelligence delivered in near-real time from the cloud