Cloud Security Vaughan Harper IBM Security Architect
A new security reality is here Sophisticated attackers break through conventional safeguards every day Cloud, mobile, social and big data drive unprecedented change Yesterday s security practices are unsustainable 61 % of organisations say data theft and cybercrime are their greatest threats 2012 IBM Global Reputational Risk & IT Study 70 % of security executives have cloud and mobile security concerns 2013 IBM CISO Survey 83 % of enterprises have difficulty finding the security skill they need 2012 ESG Research $ 3.5M Average cost of a data breach 614 % Mobile malware growth in just one year 85 45 security tools from! vendors 2014 Cost of Data Breach, Ponemon Institute 2012-2013 Juniper Mobile Threat Report IBM client example
We are in an era of continuous breaches Operational Sophistication IBM X-Force declared Year of the Security Breach Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 500,000,000+ records were leaked, while the future shows no sign of change 2011 2012 2013 Attack Types SQL Injection Spear Phishing DDos Third-party software Physical access Malware XSS Watering Hole Undisclosed Source: IBM X-Force Threat Intelligence Quarterly 1Q 2014 Note: Size of circle estimates relative impact of incident in terms of cost to business.
We are faced with the challenge of balancing innovation and risk INNOVATION RISK 1 Cloud and mobile create opportunities for enhanced security 2 3 Cloud security scenarios include Security for the Cloud and Security from the cloud IBM cloud security portfolio enables clients to secure workloads on cloud and securely use SaaS applications
Cloud is an opportunity for enhanced security Professional, Managed, and Cloud Services Managed your risk across cloud apps, services! 1. Establish your risk posture 2. Protect your data 3. Know your user 4. Gain assurance of your apps 5. Protect against threats and fraud
IBM Point of View - Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing have become the most widely talked about inhibitor of widespread usage.! To gain the trust of organizations, cloud services must deliver security and privacy expectations that meet or exceed what is available in traditional IT environments.! The same way transformational technologies of the past overcame concerns PCs, outsourcing, the Internet. Traditional IT Security and Privacy Expectations Trust In the Cloud
Minimizing the risks of cloud computing requires a strategic approach Define a cloud strategy with security in mind Identify the different workloads and how they need to interact. Which models are appropriate based on their security and trust requirements and the systems they need to interface to?! Identify the security measures needed Using a methodology such as the IBM Security Framework allows teams to measure what is needed in areas such as governance, architecture, applications and assurance.! Enabling security for the cloud Define the up front set of assurance measures that must be taken. Assess that the applications, infrastructure and other elements meet the security requirements, as well as operational security measures. Governance Data Architecture Applications Assurance Achieving compliance and management in the cloud Information shared inside and outside the organisation New web, architecture, infrastructure and threats Applications on the phone, internet and in a virtualised cloud Audit and monitoring in a virtualised/cloud environment
IBM Security offers a comprehensive product portfolio Security Intelligence and Analytics QRadar Log Manager QRadar SIEM QRadar Risk Manager QRadar Vulnerability Manager QRadar Incident Forensics Advanced Fraud Protection Trusteer Rapport Trusteer Pinpoint Malware Detection Trusteer Pinpoint ATO Detection Trusteer Mobile Risk Engine People Data Applications Network Infrastructure Endpoint Identity Manager Guardium Database Activity Monitoring AppScan Source Network Intrusion Prevention (GX) Trusteer Apex Access Manager Family Privileged Identity Manager Federated Identity Management Guardium Encryption Expert Guardium / Optim Data Masking AppScan Enterprise / Standard DataPower Web Security Gateway Next Generation Network Protection (XGS) SiteProtector Threat Management FiberLink MaaS360 Endpoint Manager Host Protection Directory Integrator / Directory Server Key Lifecycle Manager Security Policy Manager QRadar Network Anomaly Detection zsecure IBM X-Force Research
At IBM, the world is our security lab Delft, NL Belfast, N IR Wroclaw, PL Ottawa, CA Fredericton, CA IAS Europe Almaden, US IAS Americas Brussels, BE Waltham, US Zurich, CH Boulder, US TJ Watson, US Haifa, IL Raleigh, US Herzliya, IL Costa Mesa, US Atlanta, US Austin, US Riyadh, SA Pune, IN New Delhi, IN Taipei, TW Tokyo, JP Heredia, CR Nairobi, KE Bangalore, IN Singapore, SG Hortolandia, BR IAS Asia Pacific Perth, AU Brisbane, AU Gold Coast, AU Security Operations Centres Security Research Centres Security Solutions Development Centres Institute for Advanced Security Breaches IBM security 3,000+ patents IBM researchers, developers, and subject matter experts 6,000+ focused on security
IBM X-Force Research and Development Expert analysis and data sharing on the global threat landscape IP Reputation Zero-day Research URL / Web Filtering Malware Analysis Web Application Control Vulnerability Protection Anti-Spam The IBM X-Force Mission Monitor and evaluate the rapidly changing threat landscape Research new attack techniques and develop protection for tomorrow s security challenges Educate our customers and the general public Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter
We see three sets of security capabilities to help enterprise clients to adopt cloud with confidence Cloud Security Capabilities SaaS: Secure usage of business applications Bluemix PaaS: Secure service composition and apps Identity Manage identities and govern user access Protection Protect infrastructure, applications, and data from threats Insight Auditable intelligence on cloud access, activity, cost and compliance IaaS: Securing infrastructure and workloads
Threat Aware Identity and Access Management Capabilities to help organisations secure the enterprise identity as a new perimeter Safeguard mobile, cloud and social access Prevent advance insider threats Deliver actionable identity intelligence Simplify cloud integrations and identity silos Client Success A large Asian paint company governed user access and compliance in 17 countries for Employees, interns, contractors, 8,500 and privileged adminstrators 25,000 Business parners and service providers. IBM Security Solutions Access Manager for Web Access Manager for Mobile Federated Identity Manager Identity Manager Privileged Identity Manager zsecure Suite
AppScan Suite - Find Application Vulnerabilities 80% of development costs are spent identifying and correcting defects! Average Cost of a Data Breach $7.2M from law suits, loss of customer trust, damage to brand Find during Development $80/defect Find during build $240/defect Find during QA/Test $960/defect Find in production $7,600/defect AppScan Source - Analyze Code - White box - Ounce Labs AppScan Standard - Analyze running Web Apps (desktops) - black box - Watchfire AppScan Enterprise Analyze running Web Apps (server/concurrent), pull in source analysis from App Scan Source, reporting/compliance
Data Security - Discover and harden your most valuable assets while enabling access Client Success Protect data at rest, in motion, and in use A global financial services company secured 2,000 critical databases and saved Identify and Classify Data Record Events $ 21M in compliance costs Protect Sensitive Data Assess Vulnerabilities Monitor Privileged Users IBM Security Solutions Guardium Database Activity Monitoring Guardium Encryption Expert Guardium / Optim Data Masking Key Lifecycle Manager
Advanced Fraud Protection Helping protect against financial fraud and advanced security threats Account Takeover Detection Cybercrime Intelligence Real-time threat data from millions of endpoints Customer Protection Malware Detection Clientless Fraud Prevention Mobile Risk Engine Client Success A large North American bank reduced financial malware fraud incidents from 500 to 0 in less than 3 months, moving the security border out to the customer Employee Protection Endpoint Security Customer Protection IBM Security Solutions Trusteer Apex Trusteer Rapport Trusteer Mobile Trusteer Pinpoint Trusteer Mobile Risk Engine
Infrastructure In-depth security across network, servers, virtual servers, mainframes, endpoints, and mobile devices Client Success An international commodities exchange maintains system uptime s of over 99.9% with 0 Threat Management Anomaly Detection reported breaches in 3 years Network Protection IBM Security Solutions Host Protection Endpoint Protection Next Generation Network Protection (XGS) Network Intrusion Prevention (GX) SiteProtector Threat Mgmt QRadar Network Anomaly Detection Trusteer Apex Fiberlink MaaS360 Endpoint Manager Host Protection zsecure
Embedded intelligence offers automated offense identification Extensive Data Sources Security devices Servers and mainframes Network and virtual activity Data activity Application activity Configuration information Vulnerabilities and threats Users and identities Global threat intelligence Automated Offense Identification Unlimited data collection, storage and analysis Built in data classification Automatic asset, service and user discovery and profiling Real-time correlation and threat intelligence Activity baselining and anomaly detection Detects incidents out of the box Embedded Intelligence Prioritized Incidents Suspected Incidents
Securing Intelligence and Analytics Visibility into security posture and clarity around incident investigation Extensive Data Sources Client Success Integrated Dashboard Embedded Intelligence A Canadian financial services firm analyses 30,000,000 security events per day to find 30 prioritised security offences Log Management & Compliance Reporting Real-time Analytics & Anomaly Detection IBM Security Solutions Vulnerability & Risk Management Prioritized Incidents Incident Evidence & Forensics QRadar Log Manager QRadar SIEM QRadar Risk Manager QRadar Vulnerability Manager QRadar Incident Forensics
Reduce Blind Spots, Quickly Investigate Attacks Evidence Gathering SIEM SIEM Incident Forensics Full packet capture Detailed incident metadata / evidence Reconstruction of content and user activity Quicker Investigations Leverages intuition PhDs not required Prioritized Incidents
IBM Security capabilities to help reach security maturity Prevent transactions from malware infected endpoints Predictive analytics Flow analysis Big data workbench Threat modelling Protocol analysis Anomaly detection Virtualization security App state awareness ADVANCED Login challenge questions Device ID rules SIEM Vulnerability management Log management Endpoint / network security management Perimeter security Host security Anti-virus Advanced Threat Cloud BASIC Identity governance Fine-grained entitlements Privileged user management Crown Jewel protection Data governance Hybrid scanning and correlation Mobile app scanning Mobile Compliance User provisioning Access management Directory management Data masking DB activity monitoring Data loss prevention Encryption / key management Web application protection Source code scanning Application scanning
Disclaimer Please Note:! IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion.! Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.! The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM IBM Security systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 2014 IBM Corporation