IBM Security Intelligence Strategy



Similar documents
IBM SECURITY QRADAR INCIDENT FORENSICS

IBM QRadar Security Intelligence April 2013

How to Choose the Right Security Information and Event Management (SIEM) Solution

The webinar will begin shortly

QRadar SIEM and FireEye MPS Integration

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

IBM Security IBM Corporation IBM Corporation

Security strategies to stay off the Børsen front page

and Security in the Era of Cloud

Security Intelligence

IBM Security QRadar Risk Manager

Q1 Labs Corporate Overview

The Current State of Cyber Security

What is Security Intelligence?

Strengthen security with intelligent identity and access management

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

IBM Security QRadar Risk Manager

Security Intelligence Solutions

Under the Hood of the IBM Threat Protection System

Log management & SIEM: QRadar Security Intelligence Platform

Protecting against cyber threats and security breaches

IBM QRadar Security Intelligence Platform appliances

QRadar SIEM and Zscaler Nanolog Streaming Service

IBM Security QRadar SIEM Product Overview

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Cloud Security. Vaughan Harper IBM Security Architect

Boosting enterprise security with integrated log management

Data Security: Fight Insider Threats & Protect Your Sensitive Data

IBM QRadar as a Service

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Addressing Security for Hybrid Cloud

AMPLIFYING SECURITY INTELLIGENCE

The SIEM Evaluator s Guide

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

Breaking down silos of protection: An integrated approach to managing application security

Application Security from IBM Karl Snider, Market Segment Manager March 2012

IBM Security QRadar Vulnerability Manager

Safeguarding the cloud with IBM Dynamic Cloud Security

Do not forget the basics!!!!!

Introducing IBM s Advanced Threat Protection Platform

Leverage security intelligence for retail organizations

IBM Advanced Threat Protection Solution

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Risk-based solutions for managing application security

IBM Security QRadar QFlow Collector appliances for security intelligence

Win the race against time to stay ahead of cybercriminals

IBM Security re-defines enterprise endpoint protection against advanced malware

IBM Security X-Force Threat Intelligence

Extending security intelligence with big data solutions

IBM Security Intrusion Prevention Solutions

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

How To Manage Security On A Networked Computer System

How To Create An Insight Analysis For Cyber Security

Managing security risks and vulnerabilities

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

IBM Security Strategy

Enhance visibility into and control over software projects IBM Rational change and release management software

Continuous Network Monitoring

Reducing the cost and complexity of endpoint management

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Information Technology Policy

Tivoli Automation for Proactive Integrated Service Management

Mobile Security. Luther Knight Mobility Management Technical Specialist, Europe IOT IBM Security April 28, 2015.

IBM Security Systems Support

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Attack Intelligence: Why It Matters

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Extreme Networks Security Analytics G2 Vulnerability Manager

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Ecom Infotech. Page 1 of 6

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

IBM Tivoli Netcool Configuration Manager

FIVE PRACTICAL STEPS

The Benefits of an Integrated Approach to Security in the Cloud

Extreme Networks Security Analytics G2 Risk Manager

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

IBM Security Privileged Identity Manager helps prevent insider threats

IBM Security. Managed Security Services. SOC Poland / GSOC. Damian Staroscic Security Operations Center (SOC) Manager.

Vulnerability Management

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Applying IBM Security solutions to the NIST Cybersecurity Framework

can you improve service quality and availability while optimizing operations on VCE Vblock Systems?

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Beyond passwords: Protect the mobile enterprise with smarter security solutions

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

SecureVue Product Brochure

RSA Security Analytics

Staying Ahead of the Cyber Security Game. Nigel Tan ASEAN Technical Leader IBM Security

IBM Tivoli Netcool network management solutions for enterprise

QRadar SIEM 6.3 Datasheet

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

Transcription:

IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation

We are in an era of continuous breaches Operational Sophistication IBM X-Force declared Year of the Security Breach Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 500,000,000+ records were leaked, while the future shows no sign of change 2011 2012 2013 Attack types SQL injection Spear phishing DDoS Third-party software Physical access Malware XSS Watering hole Undisclosed Note: Size of circle estimates relative impact of incident in terms of cost to business. 2 Source: IBM X-Force Threat Intelligence Quarterly 1Q 2014

Today s challenges Escalating Attacks Increasing Complexity Resource Constraints Designer Malware Spear Phishing Persistence Backdoors Increasingly sophisticated attack methods Disappearing perimeters Accelerating security breaches Constantly changing infrastructure Too many products from multiple vendors; costly to configure and manage Inadequate and ineffective tools Struggling security teams Too much data with limited manpower and skills to manage it all Managing and monitoring increasing compliance demands 3

Ask the right questions What are the major risks and vulnerabilities? Are we configured to protect against advanced threats? What security incidents are happening right now? What was the impact to the organization? Vulnerability Pre-Exploit Exploit Post-Exploit Remediation PREDICTION / PREVENTION PHASE Gain visibility over the organization s security posture and identity security gaps Detect deviations from the norm that indicate early warnings of APTs Prioritize vulnerabilities to optimize remediation processes and close critical exposures before exploit REACTION / REMEDIATION PHASE Automatically detect threats with prioritized workflow to quickly analyze impact Gather full situational awareness through advanced security analytics Perform forensic investigation reducing time to find root-cause; use results to drive faster remediation Security Intelligence The actionable information derived from the analysis of security-relevant data available to an organization 4

Embedded intelligence offers automated offense identification INTELLIGENT Security devices Servers and mainframes Network and virtual activity Data activity Application activity Configuration information Vulnerabilities and threats Users and identities Global threat intelligence Automated Offense Identification Unlimited data collection, storage and analysis Built in data classification Automatic asset, service and user discovery and profiling Real-time correlation and threat intelligence Activity baselining and anomaly detection Detects incidents of the box Embedded Intelligence Prioritized Incidents Suspected Incidents 5

Extend clarity around incidents with in-depth forensics data INTELLIGENT Suspected Incidents Prioritized Incidents Directed Forensics Investigations Rapidly reduce time to resolution through intuitive forensic workflow Use intuition more than technical training Determine root cause and prevent re-occurrences Embedded Intelligence 6

Platform evolution Client based Needs on client needs IBM Security Evolving the IBM Security Intelligence strategy based on client needs INTELLIGENT Flow Visualization and NBAD Anomaly detection and threat resolution SIEM SIM and VA integration Log Identity management, complete log management, and compliance reporting Risk Configuration analysis, policy monitoring, and risk assessment Vulnerability Real-time vulnerability scanning and vulnerability prioritizations Network Forensics Incident forensics and packet captures Security Intelligence.NEXT 2002 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Future 7

An integrated, unified architecture in a single web-based console INTEGRATED Log Security Intelligence Network Activity Monitoring Risk Vulnerability Network Forensics 8

IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving simplicity and accelerating time-to-value IBM QRadar Security Intelligence Platform INTEGRATED Unified architecture delivered in a single console 9

Driving simplicity and accelerated time to value AUTOMATED Simplified deployment Automated configuration of log data sources and asset databases Immediate discovery of network assets Proactive vulnerability scans, configuration comparisons, and policy compliance checks IBM QRadar is nearly three times faster to implement across the enterprise than other SIEM solutions. 2014 Ponemon Institute, LLC Independent Research Report Automated updates Stay current with latest threats, vulnerabilities, and protocols Out-of-the-box rules and reports Immediate time to value with built-in intelligence QRadar s ease-of-use in set-up and maintenance resulted in reduced time to resolve network issues and freed-up IT staff for other projects. Private U.S. University with large online education community 10

IBM QRadar supports hundreds of third-party products IBM QRadar Security Intelligence Platform 11

Delivering multiple security capabilities through a purpose-built, extensible platform AUTOMATED IBM QRadar Security Intelligence Platform Log Security Intelligence Network Activity Monitoring Risk Vulnerability Network Forensics Future Northbound APIs Security Intelligence Operating System Reporting Engine Workflow Rules Engine Real-Time Viewer Analytics Engine Warehouse Archival Normalization LEEF AXIS Configuration NetFlow Offense Southbound APIs Real Time Structured Security Data Unstructured Operational / Security Data 12

Intelligence, integration, automation to stay ahead of the threat Identify and quickly remediate Deploy comprehensive security intelligence and incident forensics Address regulation mandates Automate data collection and configuration audits Detect insider fraud Adopt next-generation SIEM with identity correlation Consolidate data silos Collect, correlate and report on data in one integrated solution Better predict business risks Engage entire lifecycle of risk management for network and security infrastructures 13

Analyst recognition IBM Security Intelligence Leader in the Gartner Magic Quadrant since 2009 Security Information and Event (SIEM) IBM QRadar rated #1 by Gartner in the following categories: Ability to execute Analytics and behavior profiling Compliance use cases SIEM use case, product rating, and overall use case #1 IDC Security Vulnerability (including SIEM) Champion / Leading Product by InfoTech 2013 Global SIEM/LM Customer Value Leadership Award by Frost and Sullivan 14

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security 15 Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information