L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management



Similar documents
IBM QRadar Security Intelligence April 2013

IBM Security Intelligence Strategy

Protecting against cyber threats and security breaches

IBM Security IBM Corporation IBM Corporation

Security Intelligence

Introducing IBM s Advanced Threat Protection Platform

The Current State of Cyber Security

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

The webinar will begin shortly

IBM Security QRadar Vulnerability Manager

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM Advanced Threat Protection Solution

Security strategies to stay off the Børsen front page

IBM Security QRadar Risk Manager

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Advanced Threat Protection with Dell SecureWorks Security Services

IBM Security X-Force Threat Intelligence

Under the Hood of the IBM Threat Protection System

IBM Security QRadar Risk Manager

What is Security Intelligence?

QRadar SIEM 7.2 Flows Overview

AMPLIFYING SECURITY INTELLIGENCE

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

How to Choose the Right Security Information and Event Management (SIEM) Solution

Data Security: Fight Insider Threats & Protect Your Sensitive Data

How To Create An Insight Analysis For Cyber Security

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Addressing Security for Hybrid Cloud

Q1 Labs Corporate Overview

North American Electric Reliability Corporation (NERC) Cyber Security Standard

and Security in the Era of Cloud

Extreme Networks Security Analytics G2 Vulnerability Manager

Enterprise Security Tactical Plan

Strengthen security with intelligent identity and access management

Security Intelligence Solutions

Powering Security and Easy Authentication in a Multi-Channel World

Applying IBM Security solutions to the NIST Cybersecurity Framework

Do not forget the basics!!!!!

The Benefits of an Integrated Approach to Security in the Cloud

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Continuous Network Monitoring

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

IBM Security Intrusion Prevention Solutions

IBM Security Strategy

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

How To Protect Your Network From Attack From A Network Security Threat

Microsoft s cybersecurity commitment

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IBM Security re-defines enterprise endpoint protection against advanced malware

Leverage security intelligence for retail organizations

Payment Card Industry Data Security Standard

Safeguarding the cloud with IBM Dynamic Cloud Security

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Rational Asset Manager 7.2 Editions and Licensing

IBM Security QRadar SIEM Product Overview

Managed Security Services D e l i vering real-time protection to help organizations st r e n g t h e n their security posture in the face of today s

IBM Internet Security Systems products and services

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar QFlow Collector appliances for security intelligence

FFIEC Cybersecurity Assessment Tool

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Preemptive security solutions for healthcare

Getting Ahead of Advanced Threats

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

IBM QRadar Security Intelligence Platform appliances

Boosting enterprise security with integrated log management

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

A proven 5-step framework for managing supplier performance

IBM Security Network Protection

IBM Global Technology Services Preemptive security products and services

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Defending against modern threats Kruger National Park ICCWS 2015

How To Buy Nitro Security

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

Open Source Incident Management Tool for CSIRTs

QRadar SIEM and FireEye MPS Integration

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

PREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Protect Your Business and Customers from Online Fraud

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

Transcription:

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management Security Services Architect & Advisor, IBM Italia

Intervento al Security Summit Milano 2016 15 aprile Autore e Speaker: Security Services Architect & Advisor, IBM Italia Con l intervento di Andrea Zapparoli Manzoni Docente Clusit 2

Universe of cyber security threats is constantly expanding 3

Attacks are relentless, aggressive and constantly evolving Size of circle estimates relative impact of incident in terms of cost to business. Source: IBM X-Force Threat Intelligence Report 2016 4

Is your security team prepared? Broad Attacks Indiscriminate malware, spam and DoS activity Tactical Approach Compliance-driven, reactionary Build multiple perimeters Protect all systems Use signature-based methods Periodically scan for known threats Read the latest news Shut down systems Targeted Attacks Advanced, persistent, organized, politically or financially motivated Strategic Approach Intelligence-driven, continuous Assume constant compromise Prioritize high-risk assets Use behavioral-based methods Continuously monitor activity Consume real-time threat feeds Gather, preserve, retrace evidence New threats require a new approach to security, but most are defending against yesterday s attacks, using siloed, discrete defenses 5

What is a Security Operations Center, or SOC? A Security Operations Center is a highly skilled team following defined definitions and processes to manage threats and reduce security risk. Security Operations Centers (SOC) are designed to: protect mission-critical data and assets prepare for and respond to cyber emergencies help provide continuity and efficient recovery fortify the business infrastructure The SOC s major responsibilities are: Monitor, Analyze, Correlate & Escalate Intrusion Events Develop Appropriate Responses; Protect, Detect, Respond Conduct Incident Management and Forensic Investigation Maintain Security Community Relationships Assist in Crisis Operations 6

A Security Operations Center is key to keeping up with a perpetually evolving cyber security environment 1 Manage risk Objectives 2 Meet compliance and regulatory requirements 3 Safeguard critical data 4 Protect business against attacks 5 Increase cyber security visibility 6 Move from reactive response to proactive mitigation 7

To achieve these objectives, IBM Security looks at the whole span of the threat management lifecycle Threat management lifecycle Strategize Collect Analyze Prioritize Respond Prevent Assess security posture and capabilities Gather and process threat data Analyze, correlate, score and filter Rank, prioritize and measure Operationalize and respond Track, learn and integrate into the organization Where can I begin or improve? What threats am I facing? What do they mean to me? Which are high value threats? How should I respond? How can I prevent it in the future? Enterprise risk management data platform Ongoing optimization 8

SOC Operating Model 9

Cybersecurity Incident Response Planning An incident response plan is the foundation on which all incident response and recovery activities are based: It provides a framework for effectively responding to any number of potential incidents It specifically defines the organization, roles and responsibilities of the computer security incident response ream (CSIRT) It should have criteria to assist an organization determine types and priorities of each security incident It defines escalation and communication procedures to management, executive, legal, law enforcement, and media depending on incident conditions and severity It must be regularly updated and fully tested via dry runs CSIRP Review and Gap Assessment CSIRP Development Incident Mock Tests and Table Top Exercise 1 CSIRP = Computer Security Incident Response Plan 10 10

Incident Response: Prepare proactively and respond instantly Around-the-clock access to incident response and forensics experts Combat a significant intrusion, sophisticated attack or other security incident for faster recovery and forensic analysis Incident planning Proactive preparation Periodic reviews Cyber Emergency Hotline Italy +39 02 99953631 US 1-888-241-9812 Worldwide 1-312-212-8034 Worldwide, around-the-clock coverage to enable faster recovery and reduce business impact from incidents Incident triage Containment, eradication and recovery Post-incident analysis Helps manage incident response across multiple stages including prevention, intelligence gathering, containment, eradication, recovery, and compliance management 11

IBM Security Services Portfolio 12

Key components for a SOC initiative Consulting Services Security Intelligence & Operations Consulting SOC Strategy & Planning SOC Maturity Assessment SOC Build & Transformation SIEM Activation & Tuning Integrations SIEM platform QRadar SIEM (software, virtual, appliances, SaaS) Security Intelligence feed QRadar additional modules (QVM, QFlow) Managed Security Services Managed SIEM service Security Monitoring Security Service Manager Emergency Response Services Early Warning (XForce Threat Analysis Services) 13

Thank You Security Services Architect & Advisor, IBM Italia mattia.cinacchi@it.ibm.com +39.334.6004854 Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information