IBM Security Systems Trends and IBM Framework

IBM Security Systems Trends and IBM Framework Alex Kioni CISSP, CISM, CEH, ITILv3 Security Systems Lead Technical Consultant Central, East & West Africa Region 1

Agenda IBM X-Force 2013 Mid Year Trend and Risk Report Region Trends Trusteer Acquisition Advanced Fraud Protection Regional Challenges Solutions 2

Increased risk environment has elevated the role and importance of the security function DATA EXPLOSION The age of Big Data the explosion of digital information has arrived and is facilitated by the pervasiveness of applications accessed from everywhere CONSUMERIZATION OF IT With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared EVERYTHING IS EVERYWHERE Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more ATTACK SOPHISTICATION The speed and dexterity of attacks has increased coupled with new actors with new motivations from cyber crime to terrorism to state-sponsored intrusions 3

The impact on business and innovation is real and growing External threats Sharp rise in external attacks from non-traditional sources Internal threats Ongoing risk of careless and malicious insider behavior Compliance Growing need to address an increasing number of mandates Cyber attacks Organized crime Corporate espionage State-sponsored attacks Social engineering Administrative mistakes Careless inside behavior Internal breaches Disgruntled employee actions Mix of private / corporate data National regulations Industry standards Local mandates Mobility Cloud / Virtualization Social Business Business Intelligence 4

Highly public exploits are bringing security to the board room 5

Economic and reputational impact - Hacked Associated Press twitter account. April of 2013, sixty characters cost the U.S. stock market $200,000,000,000. Yes, that s two hundred billion. From a single tweet! - tweet said there were explosions at the White House 6

IBM X-Force 2013 Mid-Year Trend and Risk Report 7

IBM X-Force 2013 Mid-Year Trend and Risk Report IBM X-Force Trend & Risk report is regarded as one of the most comprehensive and highly anticipated reports in the industry 8

X-Force is the foundation for advanced security and threat research across the IBM Security Framework The mission of X-Force is to: Monitor and evaluate the rapidly changing threat landscape Research new attack techniques and develop protection for tomorrow s security challenges Educate our customers and the general public 9

We manage security for thousands of customers across the world, giving us a unique and current picture of threats and attacks 9 Security Operations Centers 9 Security Research Centers 11 Security Solution Development Centers 3 Institutes for Advanced Security (IAS) 133 Monitored Countries IAS Americas IAS Europe ~4,000+ clients 9+ billion events per day Nigeria, Cameroon, Togo 10 Kenya, Tanzania, Rwanda, Ethiopia IBM has unmatched global and local presence and expertise to help you manage the cost and complexity of security IAS Asia Pacific

A perspective in numbers In the first six months of 2013, IBM X-Force: Analyzed 4,100 new security vulnerabilities Analyzed 900 million new web pages and images Created 27 million new or updated entries in the IBM web filter database Created 180 million new, updated, or deleted signatures in the IBM spam filter database Mobile Mobile devices are a lucrative target for malware authors. 470 million Android devices shipped in 2012 alone. 2013 witnessed the release of a Trojan named Obad, which is notable for some new and technically sophisticated features. Obad was spread primarily through short message service (SMS) spam, and gained attention in June 2013 when it was dubbed The most sophisticated Android Trojan. 3 11 Source: IBM X-Force Research 2013 Trend and Risk Report

IBM X-Force 2013 Mid-Year Trend and Risk Report Highlights IBM X-Force continues to see operationally sophisticated attacks as the primary point of entry Some of the key insights of X-Force analysis of trends and attack behaviors include: Social media: a tool for business, reconnaissance, and attacks Mobile device malware: explosive growth of Android devices attracts malware authors Poisoning the watering hole: compromising a central strategic target Distraction and diversion: attackers amplify distributed denial of service (DDoS) as a distraction to breach other systems Old techniques, new success: security complexity enables old gaps to be exploited 12

What are we seeing? Key Findings from the 2013 Trend Report Threats and Activity 40% increase in breach events Sophistication is not always about technology SQL Injection, DDoS, Phishing activity increased from 2011 Java means to infect as many systems as possible Operational Security Software vulnerability disclosures up from 2012 Web application vulnerabilities surge upward XSS vulnerabilities highest ever seen at 53% Content Management Systems plug-ins provide soft target Emerging Trends Social Media leveraged for enhanced spear-phishing techniques and intelligence gathering Mobile Security should be more secure than traditional user computing devices by 2014 13

A perspective in numbers 137.4 million cyber security attacks took place last year, averaging 380,000 on a daily basis 3.6 million attacks targeted the finance and insurance sectors 42% of all malicious links are hosted in the US 23% percent of all malicious links hosted on the Internet are located on pornography sites. 14 Source: IBM X-Force Research 2012 Trend and Risk Report

2011: The year of the targeted attack Threats Operational Security Emerging Trends 2011 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Attack Type SQL Injection URL Tampering Spear Phishing 3 rd Party Software DDoS SecureID Trojan Software Unknown IT Security Size of circle estimates relative impact of breach in terms of cost to business Marketing Services IT Security Entertainment Consumer Electronics Defense Banking Consumer Electronics Defense Banking National Police Internet Services Gaming Gaming Central Govt Central Govt Consulting Entertainment Central Government Agriculture State Police Defense Gaming Central Government Police Central Central Government Government Entertainment State Police Telecommunic ations Consulting Consumer Electronics Financial Market Defense National Police IT Security Heavy Industry Insurance Internet Services Central Government Central Government Online Gaming Online Gaming Online Gaming Apparel Central Government Central Govt Central Government Consumer Electronics Online Gaming Online Services Online Gaming Online Services Online Gaming Government Consulting Online Gaming Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Source: IBM X-Force Research 2011 Trend and Risk Report 15

2012: The explosion of breaches continues! Threats Operational Security Emerging Trends 2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Source: IBM X-Force Research 2012 Trend and Risk Report 16

17

Fibre optic installation, broadband penetration, and security Security trends and incidents in Kenya, incident examples 18

19

20

Trends Regionally, according to the Financial Crime Survey, the financial services industry lost more than Sh2.7 billion ($30 million) in the 18 months through June Data from the Banking Fraud Investigations Department (BFID) indicate that financial institutions reported Sh1.5 billion (~ $17.6million) was stolen from customers accounts in the year to April. Businesses in Kenya are experiencing cases of insider threat including data leakage and insider fraud. Poorly designed and insecure web applications expose local financial institutions to possible compromise and defacement by cyber criminals. Automated attacks targeting organizations in Kenya are going undetected due to poor detection and prevention methods. Cyber criminals are selling stolen credit cards issued by Kenyan banks online for $10 US dollars. Kenya has a higher percentage of malware infected PCs compared to global averages. Kenyan ISPs have poor reputation scores leading to email and web traffic getting blocked. There is evidence of botnet activity originating from Kenya presenting the greatest threat to critical infrastructure and corporate networks. 21

Accused of stealing $3,791,329.05 (Sh328, 644,155.17) on July 8 at the Standard Chartered Bank head office. 22

Businesses in Kenya are experiencing cases of insider threat including data leakage and insider fraud 23

Cyber criminals are selling stolen credit cards issued by Kenyan banks online for $10 US dollars. 24

The "Unlimited Operation" $45 million Amount stolen in 10 hours in ATMwithdrawal sprees on Feb. 19-20, 2013 Hundreds of people involved in 27 countries without using a gun or bomb threat, or even setting foot inside a bank lobby. 40,500 Total ATM withdrawals 27 Countries where ATMs were raided in the operations, including Kenya 25

26

27

Challenges 28

Challenges to Security in the region Executive buy in before incident reactive, budget constraints Low investment in security vs. core technology For every 10000 KES spent on IT vs. 30 KES on security Client skills level and knowledge low skills Highly technical/unemployed graduates - computer labs and internet sources in colleges. Availability of cheap hacking tools - Readily available online Lack of security awareness - Sharing password, weak passwords and unsecured devices User of Web designers to architect websites - Web architects vs. web designers 29

Solutions 30

The importance of integrated, all source analysis cannot be overstated. Without it, it is not possible to "connect the dots." No one component holds all the relevant information. (9/11 Commission) 31 2013 IBM Corporation

IBM Security Framework GRC GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE Design, and deploy a strong foundation for security & privacy PEOPLE AND IDENTITY Mitigate the risks associated with user access to corporate resources DATA AND INFORMATION Understand, deploy, and properly test controls for access to and usage of sensitive data APPLICATION AND PROCESS Keep applications secure, protected from malicious or fraudulent use, and hardened against failure NETWORK, SERVER AND END POINT Optimize service availability by mitigating risks to network components PHYSICAL INFRASTRUCTURE Provide actionable intelligence on the desired state of physical infrastructure security and make improvements 32 3

IBM Security Research Security Intelligence and Compliance Analytics Identity and Access Management Data Protection Application Security Infrastructure Protection 33 33 2012 2012 IBM IBM Corporation

IBM Security Portfolio 34

SECURITY INTELLIGENCE Security intelligence is the continuous real-time collection, normalization and analysis of data generated by users, applications and infrastructure. Security intelligence integrates event management (SIEM) solutions, including: * log management * security event correlation * network activity monitoring * network behavior analytics 35

36

IBM offers a broad portfolio of technologies and services to meet the security needs of organizations Security Solutions Secure Mobile devices and infrastructure Security Offerings QRadar Endpoint Manager for Mobile Access Manager for Mobile AppScan for Mobile WorkLight Mobile Connect Managed Mobility Services 37 Safeguard Consumer Data Ensure Secure Collaboration QRadar Guardium Database Security Trusteer Optim Data Masking AppScan Encryption and DLP Service Threat Analysis Services Firewall, IDS/IPS Managed Services Identity & Access Assurance Access Manager Single Sign-on Federated Identity Manager Policy Manager DataPower

Trusteer will further advance the IBM security strategy and strengthen IBM s portfolio of integrated solutions IBM Security Framework IBM Enters Web Fraud Protection leading web fraud capabilities assists IBM's financial services and web commerce customers Strengthens IBM Mobile Security as part of IBM MobileFirst, Trusteer enables secure transactions from devices to the back office Extends Advanced Threat Protection provides a unique endpoint solution to help identify and prevent Advanced Threats Security-as-a-Service cloud-based deployment enables rapid adoption and real-time updates 38

Trusteer focuses on the predominant attack vectors responsible for today s Cybercrime Financial Fraud Enterprise Security Creden7al The: Account Takeover Automated Malware- driven Fraud Mobile Malware Spear- Phishing: Creden7al The: Malware Infec7on: Endpoint Remote Control Fraud from Customer or Criminal Device Targeted a?acks and Advanced Persistent Threats First target is the customer. Malware installed on their PC and mobile devices can generate fraudulent transactions. In addition, malware and phishing help attackers steal credentials and other personal data. A new and emerging target are employees. Criminals use spear-phishing email to target employees and deploy malware on their endpoints. Attackers use this malware to access systems and exfiltrate data out of the enterprise. 39

Trusteer allows IBM to strengthen its security strategy with broader intelligence, additional expertise and unique integrations Advanced Threat Protection Enhanced Threat Intelligence Integrated Fraud Protection Mobile Transaction Security Holistic Protection For Zero-Day Exploits and Data Exfiltration Rapid Adaptation to Malware and Emerging Threats Fraud Detection Extending to IAM and E-commerce Embedded Security for Mobile Devices and Applications Trusteer Apex combined with Trusteer Cyber Intelligence combined with Trusteer Pinpoint and Rapport combined with Trusteer Mobile Risk Engine combined with IBM QRadar Security Intelligence Platform IBM Network IPS IBM Endpoint Manager IBM X-Force Research & Development IBM X-Force Global Threat Intelligence IBM Security Access Manager IBM WebSphere Application Server IBM MobileFirst Platform and Management Solutions IBM WorkLight IBM Endpoint Manager 40

IBM offers a comprehensive portfolio of security products 41

ibm.com/security Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the 42 United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.