Reduzca costos y la complejidad de la seguridad en su negocio Juan Carlos Carrillo Security Sales Leader Viernes, 11 de Septiembre de 2009
agenda 1 2 3 X-Force 2008 Trend & Risk Report Highlights IBM Security Framework IBM ISS product solutions 4 IBM ISS service solutions 5 IBM ISS security consulting solutions 6 Q&A 2
X-Force 2008 Trend & Risk Report
The Annual X-Force 2008 Trend & Risk Report The mission of the IBM Internet Security Systems X-Force research and development team is to: Research and evaluate threat and protection issues Deliver security protection for today s security problems Develop new technology for tomorrow s security challenges Educate the media and user communities The report data by the numbers 9.1B analyzed Web pages & images 150M intrusion attempts daily 40M spam & phishing attacks 40K documented vulnerabilities Millions of unique malware samples Provides Specific Analysis of: Vulnerabilities & exploits Malicious/Unwanted websites Spam and phishing Malware Other emerging trends 4
Criminal Economics Reduzca costos y la complejidad de la seguridad en su negocio On a basic microeconomic level, an understanding of the opportunity for a computer criminal comes from considering the amount of revenue that can be generated from exploiting a vulnerability relative to the cost of doing so. Obviously, vulnerabilities that present a high revenue opportunity at a low cost are likely to be popular with attackers. Both revenue (opportunity) and cost are made up of a complicated set of components, and some of these components can be influenced by the security industry. 5
Vulnerabilities Reduzca costos y la complejidad de la seguridad en su negocio 2008 proved to be the busiest year in X-Force history chronicling vulnerabilities a 13.5 percent increase compared to 2007. The overall severity of vulnerabilities increased, with high and critical severity vulnerabilities up 15.3 percent and medium severity vulnerabilities up 67.5 percent. Similar to 2007, nearly 92 percent of 2008 vulnerabilities can be exploited remotely. Of all the vulnerabilities disclosed in 2008, only 47 percent can be corrected through vendor patches. Vendors do not always go back to patch previous year s vulnerabilities. 46 percent of vulnerabilities from 2006 and 44 percent from 2007 were still left with no available patch at the end of 2008. The two largest categories of vulnerabilities in 2008 are Web application at 55 percent and vulnerabilities affecting PC software at roughly 20 percent. 6
Vulnerabilities Reduzca costos y la complejidad de la seguridad en su negocio 7
Web-Related Security Threats The number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 percent. Last year, China replaced the US as the most prolific host of malicious Web sites. Spammers are turning to the Web. URL spam (a spam email with little more than a link to a Web page that delivers the spam message) took the lead as the main type of Spam this year, and Spammers more and more are using familiar domain names like news and blogging Web sites to host their content. Web applications in general have become the Achilles heel of Corporate IT Security. Nearly 55% of all vulnerability disclosures in 2008 affect Web applications, and this number does not include custom-developed Web applications (only off-the-shelf packages). 74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of 2008. Last year, SQL injection jumped 134 percent and replaced cross-site scripting as the predominant type of Web application vulnerability. In addition to these vulnerabilities, many Web sites request the use of known vulnerable ActiveX controls, which leave Web site visitors who do not have updated browsers in a compromised position. 8
Vulnerabilities Reduzca costos y la complejidad de la seguridad en su negocio 9
Spam and Phishing Reduzca costos y la complejidad de la seguridad en su negocio Simple spam (text or URL-based) replaced complex (PDF, image, etc.) spam in 2008, with a focus on URL spam near the end of the year. Spammers increasingly use familiar URL domains, like blogging Websites and news Websites, to host spam messages. More than 97 percent of Spam URLs are up for one week or less. In terms of the servers sending spam, Russia surpassed the US in 2008, and was accountable for 12 percent of all spam sent last year. The most popular subject lines of phishing and spam are not so popular anymore. The top ten subject lines of 2008 took up a much smaller percentage in comparison to 2007. Spammers and phishers alike are becoming more granular and targeted, working harder in essence, to reach more targets. In 2007, the most popular phishing subject lines represented about 40% of all phishing emails. In 2008, the most popular subject lines made up only 6.23% of all phishing subject lines. Trend that developed in 2008 is the focus on user action. Rather than having a generic subject like security alert, phishers attempt to engage the user into doing something, like fixing an account that has been suspended or updating their account information. The majority of phishing nearly 90 percent was targeted at financial institutions. Over 99% of all financial phishing targets are in North America or Europe, with the majority of targets in North America (58.4 percent). 10
Spam and Phishing Reduzca costos y la complejidad de la seguridad en su negocio 11
You can read the full report in the following link http://www-935.ibm.com/services/us/iss/xforce/trendreports/xforce-2008-annualreport.pdf 12
IBM Security Framework Reduzca costos y la complejidad de la seguridad en su negocio
The IBM Security framework Is the only security vendor in the market with a end-to-end coverage of the security foundation 15,000 researchers, developers and SMEs on security initiatives 3,000 + security & risk management patents 200+ security customers reference and 50+ published cases 40+ years of proven sucess securing the Zseries enviorement Already managing more than 2.5 billion security events per day for clients $1.5 USD billion security spent in 2008 14
IBM ISS Solutions Reduzca costos y la complejidad de la seguridad en su negocio IBM has the unmatched local and global expertise to deliver complete solutions and manage the cost and complexity of security. In addition, X-force, IBM ISS security and development organization, is one of the best-known commercial groups in the world. It discovers 30-60% of all vulnerabilities and captures more than 2 billion events per day 15 9/11/2009
IBM ISS product solutions Reduzca costos y la complejidad de la seguridad en su negocio
ISS case I A client needs to implement the following: 17 Additional security controls on the network perimeter IPS and AV inspection, and Encryption (to support PCI certification) for all traffic between the main office and branch office IPS to augment the existing firewall and proxy / AV implementation on the main office Internet link Products that addresses the client s need for a low cost solution Main Office primary link: Add Proventia Network IPS, and leave existing infrastructure in place Main Office secondary link: Add Proventia Network MFS Branch Office primary link: Add Proventia Network MFS
ISS case II A client wants to implement an antispam solution. Their branch offices relay mail through the main office, and the client wants the ability to implement multiple filtering rules, and to minimize the amount of internal network traffic Products that addresses the client s need for a low cost solution Main Office primary link: Add Proventia MFS, and set it as the principal MX record in the DNS Main Office secondary link: Leave as it is Branch Office primary link: Leave as it is 18
ISS case III A company wants a proposal bases on the following requirements Has 10 MB SDSL connection Wants to separate IPS policies per segment, and is fundamentally interested in IPS capability What can we offer Add a switch behind the firewall to which the segments will be connected, and add a Proventia GX between the switch and the Proventia MX 19
ISS case IV A company needs to implement IPS technology to protect a Windows server farm. The solution must be easy to implement and maintain What can we offer Deploy a Proventia Network IPS model GX6116 between the two core switches 20
ISS case V A company needs a host protection solution for their server systems. The man requirement is IPS functionality, and the addition of OS monitoring would be a plus. The Operating systems deployed are IBM Proventia Server Intrusion Prevention System (IPS) for: Microsoft Windows Linux VMware Guest Operating System (OS) Solaris Linux AIX What can we offer Proventia Server and RealSecure Server Sensor IBM RealSecure Server Sensor provides server protection for: Microsoft Windows AIX Solaris HP-UX 21
Performance Flexibility: IPS beyond the perimeter It is important to mandate that all ingress (inbound) traffic run through a segment of inline network intrusion protection. Trace packet flows to ensure that each packet entering your network passes through at least one IPS sensor 22
IPS Proventia GX Appliances Solution to stop automatically intrusion attacks either internal or external, also the Proventia GX has the best performance in bandwidth utilization and network availability of the market. Proventia Network Multifunction Security Solution all-in-one to help the enforce the security IPS Firewall Traditional Antivirus Heuristic Antivirus Anti-Spam Filtrado de URL VPN estándar y SSL 23
PAM drives security convergence in a single solution & eliminates point products 24 Virtual Patch : Shielding a vulnerability from exploitation independent of a software patch Threat Detection & Prevention: Advanced intrusion prevention for zero-day attacks Proventia Content Analysis: Monitors and identifies unencrypted personally identifiable information (PII) and other confidential data Proventia Web application security: Protection for web apps, Web 2.0, databases (same protection as web application firewall) Network Policy Enforcement: Reclaim bandwidth & block Skype, peer-to-peer networks, tunneling
Managing the agent overload Reduzca costos y la complejidad de la seguridad en su negocio 25
Multiple threats result in multiple endpoint security agents. Typical deployment for midsize company Function Vendor Deployment Impact Memory Updates Scheduled Asset & Data Loss Prevention 1 Laptops Periodic Check N/A Manual Data Loss Prevention 2 Workstations Periodic Check 6mb None Computer Forensics 3 Workstations Agent remains dormant until off network 3mb Manual Host Based Intrusion Prevention 4 Servers & Workstations Periodic Check 75mb Automatic Laptop Encryption 5 Workstations Periodic Check 18mb None Removable Media Control 6 Workstations Periodic Check 2.5bm None Virus Protection 7 Servers & Workstations Periodic Check 42mb On Demand & Scheduled Web Surfing 8 Workstations Agent remains dormant until off network Total Memory Usage N/A 146mb Manual 26
Proventia Desktop/Phoenix Rising Comparison 27 Feature Proventia Desktop ESC Firewall IPS Behavioral AV Signature AV Anti-spyware Extensible framework - NAC - DLP - USB port control - Patch management - Asset discovery - Vulnerability assessment - Power management - Configuration management - Flexible systems management - Software deployment/removal - Security policy compliance -
Case Study in Proventia ESC Savings: Financial Customer Moved from low 80% success rate to 95% success rate with real-time reporting Key Matrix # of Managed Endpoints Before Proventia ESC 40,000 out of 90,000 50K unknown endpoints After Proventia ESC The Results 90,000 Uncovered 50K previously unknown endpoints # of Locations 100+ 800 Expanded locations by 700 Time to Install # of Required Administrators 8+ months for all infrastructure 1 week for all infrastructure Saved more than 7 months for new agent installation 20 4 Reduced required admins by 1/5th 28 # of Dedicated Servers Time to complete an enterprise wide full discovery, remediation and reporting cycle 25 1 Reduced dedicated servers by 24 ~7 days ~5 minutes Saved 6 days, 23 hours, and 55 minutes for enterprise wide discovery
IBM ISS service solutions Reduzca costos y la complejidad de la seguridad en su negocio
Virtual Security Operations Center (VSOC) 30
X-Force Protection System How IBM ISS Managed Security Services Work Reduzca costos y la complejidad de la seguridad en su negocio 31
Cost Savings at a Glance Reduzca costos y la complejidad de la seguridad en su negocio Security Management Monthly Annual In-house $82,592 $995,102 ISS Managed Security $37,671 $452,051 In this example, leveraging a managed protection provider yields a 55% savings over in-house security Cost Savings $44,921 $543,05 Assumes full security staff of 10 providing 24x7x35 coverage, managing 12 HA Firewalls and 6 IDS engines, attending 2 training classes/yr, 20% employee turnover, equipment costs allocated over 3 years, and maintenance costing15% of total equipment costs. 1 Source: IBM Internet Security Systems, 2008 32
IBM ISS security consulting solutions
Why IBM ISS Professional Security Services? Exclusive security focus and expertise Senior-Level consultants Deep industry experience Average of 8.5 years of security experience, 6 years IBM ISS tenure Certified security experts with leadership, consulting, investigative, law enforcement and research and development backgrounds Big 4, FBI, X-Force R&D, Government Agencies, Former CISOs Qualified Incident Response Company As a Qualified Incident Response Company, IBM ISS can assist organizations with security incidents involving payment card data Leverages security intelligence of IBM X-Force Complete, quality deliverables Analysis, prioritization and remediation recommendations Actionable recommendations Results presented in both technical and management terms Proven methodology 34
Penetration Testing Quantifies risk to customer information, financial transactions, online applications and other critical business data and processes Increases real-world perspective into hacker techniques and motivations Encourages executive support on direction of information security strategy and resources Identifies steps needed to effectively reduce risk Provides the customer with insight into how technical vulnerabilities can lead to serious risks to their business Helps to meet regulatory compliance requirements 35
IBM Emergency Response Services Incident response Responding to and helping minimize the impact of information security incidents such as external/internal attackers, virus/worm outbreaks, web site defacements and PCI data breaches Preparedness planning Assisting with the development of an computer security incident response plan Prepares organizations for security incidents in advance Helps to meet regulatory guidelines and security best practices Incident Analysis Collects data from security incidents in a forensically-sound manner Perform data analysis from all collected data 36 ERS Can Assist With: PCI Data Breaches Web Page Defacement Network Intrusion Employee Misconduct Regulatory Issues Digital Forensics
Information Security Assessment Review of Network Security Architecture Assessment of current network security measures to get a clear picture of the current security state Review of Security Policies, Procedures and Practices Evaluation of current security processes in relation to ISO 17799 standards, industry best practices and business objectives Review of Technical Security Controls and Mechanisms Review of the effectiveness of existing security practices and mechanisms to recognize needed improvements External Vulnerability Testing External network scan to understand network security posture and determine vulnerabilities Internal Vulnerability Scan and Testing Internal network assessment to provide details on the vulnerability of critical assets Social Engineering Assessment Attempt to discover sensitive information by acting as a trusted employee or untrusted user 37
Information Security Assessment II Physical Security Assessment Determination of how physical security can impact overall data and system security Modem Testing ( War Dialing ) Attempt to connect with modems by dialing a range of numbers Wireless Penetration Test Attempt to penetrate wireless devices to uncover vulnerabilities Wireless Assessment Test of wireless network environment to assess security Application Assessment Review of custom client/server applications to provide details on vulnerabilities Mainframe Assessment Identification of vulnerabilities within the mainframe environment 38
Q&A Reduzca costos y la complejidad de la seguridad en su negocio