Keynote: Cyber Intelligence and Cyber Security Overview



Similar documents
IBM Watson IoT Platform Analytics Real-Time Insights. Wayne Riley

ADY-1727: IBM Watson Analytics and Cognos Business Intelligence for Line of Business Smart Data Discovery

Transformation Journey from Multiple Document Management Systems to IBM ECM Products DCP-2535

Requirements Change Management and Artifact Workflow. DOP-1027 DOORS Next Generation

Cryptographic Keys Life Cycle Management for your Company

The Weakest Link: Ethically Hacking the Connected Building. Paul Ionescu IBM X-Force Ethical Hacking Team

JOURNEY DESIGNER: Transforming how Marketing Plans Customer Experiences

How IBM Bluemix and Watson Helps Zurich to Improve Communities' Flood Resilience

BBP-2665 IBM BPM Process Modeling Experience on the Web

MNB-5587 : imobile by ICICI Bank - The First Foray into Servicing Customers on Mobile by Any Bank in India

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Taking the next hot mobile video game live with Docker and IBM SoftLayer. Scott Porter, Daniel Krook, Shaun Murakami

Bring Your Own Client with IBM mail support for Microsoft Outlook Andy Yiu, Senior Product Manager Nathan Barry, Senior Software Engineer

IBM Security X-Force Threat Intelligence

Strengthen security with intelligent identity and access management

YS4331 Leverage zos and Cloud Storage for Backup/Archive Efficiency and Cost Reductions. Eddie Lin IBM STSM, DS8000 Architecture

Can We Become Resilient to Cyber Attacks?

IBM QRadar Security Intelligence April 2013

How To Create An Insight Analysis For Cyber Security

The webinar will begin shortly

Security strategies to stay off the Børsen front page

Under the Hood of the IBM Threat Protection System

Deliverability 101. #amplify International Business Machines Corporation

IBM Security Intelligence Strategy

Security Intelligence Solutions

IBM SECURITY QRADAR INCIDENT FORENSICS

What is Security Intelligence?

QRadar SIEM and FireEye MPS Integration

Beyond the Hype: Advanced Persistent Threats

AMPLIFYING SECURITY INTELLIGENCE

IBM Security IBM Corporation IBM Corporation

Security Intelligence

Enterprise Java Monitoring on z/os: Discover, Alert, Optimize. Chris Walker IBM

Q1 Labs Corporate Overview

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

How to Choose the Right Security Information and Event Management (SIEM) Solution

and Security in the Era of Cloud

Sicurezza & Big Data: la Security Intelligence aiuta le aziende a difendersi dai cyber-attacchi

IBM Security re-defines enterprise endpoint protection against advanced malware

ACFCS Webinar. The Awakening of Cyber Analysis IBM i2 Safer Planet Expert speaker: Bob Stasio, Senior product manager, Cyber Analysis IBM

Provably Secure Data Protection in the Cloud. ICDES (IBM Cloud Data Encryption Services)

Empowering intelligent utility networks with visibility and control

Win the race against time to stay ahead of cybercriminals

Breaking down silos of protection: An integrated approach to managing application security

IBM Advanced Threat Protection Solution

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Extending security intelligence with big data solutions

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Making critical connections: predictive analytics in government

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

White paper December Addressing single sign-on inside, outside, and between organizations

IBM Tivoli Netcool Configuration Manager

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Niara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined

Niara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning

IBM Security Framework

IBM Security QRadar Version (MR1) Checking the Integrity of Event and Flow Logs Technical Note

IBM Security Strategy

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

Packet Capture Users Guide

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Risk-based solutions for managing application security

Deliverability 201. #amplify International Business Machines Corporation

Implement a unified approach to service quality management.

Soar into the API Economy by Moving Services and Metadata. from WSRR to IBM API Connect

IBM Security QRadar Risk Manager

Applying IBM Security solutions to the NIST Cybersecurity Framework

IBM Software Integrated Service Management: Visibility. Control. Automation.

QRadar SIEM and Zscaler Nanolog Streaming Service

Safeguarding the cloud with IBM Dynamic Cloud Security

Stay ahead of insiderthreats with predictive,intelligent security

Detect & Investigate Threats. OVERVIEW

The Benefits of an Integrated Approach to Security in the Cloud

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

IBM Security QRadar Risk Manager

SPEAR PHISHING AN ENTRY POINT FOR APTS

IBM Security Privileged Identity Manager helps prevent insider threats

Optimizing government and insurance claims management with IBM Case Manager

Beyond passwords: Protect the mobile enterprise with smarter security solutions

IBM Analytical Decision Management

Cyber Security Services: Data Loss Prevention Monitoring Overview

Do not forget the basics!!!!!

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

IBM Security QRadar Version Common Ports Guide

IBM & Security Gov. Point Of Views

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

The Current State of Cyber Security

Security of Cloud Computing for the Power Grid

How To Buy Nitro Security

IBM Enterprise Marketing Management. Domain Name Options for

IBM Tivoli Service Request Manager 7.1

Making Critical Connections: Predictive Analytics in Government

Leverage security intelligence for retail organizations

Transcription:

3/08/205 Keynote: Cyber and Cyber Security Overview David Waxman Executive Architect EIA Bob Stasio EIA for Cyber Security Product Manager Ralph Klaassen Senior Architect EIA

3/08/205 Important Disclaimer IBM's statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM's sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. 3 The growth of asymmetric threats is changing the landscape Information security has become a human vs. human problem Remote control device Hackers negate tens of millions of dollars in security infrastructure with a $30USD device! 2 A male posing as an IT technician deployed a $30USD remote control device on a bank branch office computer The crooks connected to the device from a nearby hotel, then accessed the bank s servers 3 The hackers logged into a bank terminal and shifted ~$2.M USD through 28 transfers into mule accounts The gang responsible for the theft was caught 3 months later only due to attempting the same attack at another bank 4 2

3/08/205 Today s attackers are sophisticated and relentless National Security, Economic Espionage Monetary Gain Notoriety, Activism, Defamation Nuisance, Curiosity Hactivists, advanced social engineers Lulzsec, Anonymous Nation-state actors, APTs Stuxnet, Duqu, APT- Organized crime Zeus, Dyre, Blackhole Exploit Pack Insiders, Spam, Script-kiddies, Commodity threats Nigerian 49 Scams, Code Red This group can bypass any static network security ygiven enough time and resources Use security intelligence and cyber analysis to detect their presence through anomalies Command and control Proliferation Exfiltration Most effectively mitigated by implementing an integrated framework of security controls 5 Both security and analysis must address the problem Non-Linear Relationship Between Effectiveness and Cost 99.9% Percent of Threat ts Stopped 90% 80% Example of Personnel Tier One SOC Analyst Information Security Incident Responders High Effort Cyber Analysis Cyber Analysts Implement a Security Framework Advanced Security Cyber Analysis Level of Effort / Investment 3

3/08/205 as a Time Horizon Information Security Cyber Analysis Tier One SOC Analyst Tier Two SOC Analyst Incident Responders Threat Researchers Cyber Analysts 7 Learning from medical analogies Threat Example MEDICAL Mitigation Strategy Threat Example SECURITY Mitigation Strategy Tier One Hygiene Common hospital associated infections Washing hands, wearing masks and scrubs Commodity threat, individual hackers with widely-used tools Changing passwords, removing unused services, patching Tier Two Specialization Emergent situations (e.g. chest pain, gunshot wound) Creation of critical care and preventative medicine discipline Organized crime, semi-tailored fraud and crimeware tools Visibility, monitoring, alerting, response, realtime security analytics Tier Three Research Genetic diseases and cancer Research and tailored genetic treatments Advanced Persistent Threat, nation-state, high resources Cyber analysis, threat intelligence trend analysis, campaign tracking 8 4

3/08/205 The cyber analysis discipline addresses the human dimension High expertise from CISO and SOC organizations Information Security Forensics Science Analysis High expertise from the military and intelligence communities The Cyber Analysis Discipline Cyber Analysis is a new discipline and profession with three subcomponents Information Security blends aspects of network defense, confidentiality, assurance, and malware threats 9 Human Enabled High expertise from law enforcement and IR community Analysis brings the art of the intel cycle where information is directed, collected, processed, analyzed, produced, and disseminated Cyber Analysis Mostly IT Sources PCAP Alerts System Logs SIEM SSO/AD Vulnerability Scans Mostly Human Sources Behavioral Data HR Data Reviews Account Creation Badge Logs Access Logs Security Persona Data Analysis Platform Threat Human Enabled Cyber Analysis Results Integrated data feeds Enterprise awareness Compliance monitoring Threat discovery Risk management Enable decisions Mostly External Sources Hacker Forums Intel Vendors Threat Indicators Social Media Government Alerts Community Info Leveraging an analytical platform and internal and external information feeds, Cyber Analysts can help form a deep understanding of the threats targeting your organization 5

3/08/205 Workflows Security Cyber Analysis Threat Research IBM Security QRadar IBM Enterprise Insight Analysis IBM X-Force Enrich Produce Continuous Feedback Loop Visualize Analyze Domain Generalities SECURITY Structured data Automatic detection Real-time operations Universal configuration Anomaly detection Roll-over data Organizational visibility Threat management Logical domain Traditional data sources CYBER Unstructured data Manual analysis Long-term research Customized Anomaly discovery Big data storage Ecosystem visibility Threat discovery Physical domain Non-traditional data sources 6

3/08/205 IBM s Strategic Threat Analysis Capability Machine enabled Security Platform Real-time processing Real-time data correlation Anomaly detection Event and flow normalization security context and enrichment Distributed architecture Human enabled Cyber Analysis Platform Multi-Dimensional Analysis Strategic Security Operations All-source intelligence Anomaly discovery Ecosystem visibility Scales to 50TBs of data Customized configuration Human-Led Discovery i Pre-defined rules and reports Offense scoring and prioritization Activity and event graphing Compliance reporting Workflow management Visualize linked data Identity and relationship resolution Geospatial and physical data analysis Persona domain threat identification Create decision-making products for leaders IBM i2 brings the Cyber and domains together Contextual Event Analysis & Forensics Build multi source target profiles Global threat intelligence includingg a cyber y Visual Forensics footprint even when 3rd data is scarce Customer, Employee, Party Records Data at Rest Actionable Enterprise Incidents p Activity Reports Data in Motion Collect Collate Telephone CDR Financial Parse Query Social Network Analyze R d Recommend Predict External Cyber - Hashtagging Corporate & Public Structured & Unstructured Data Sources Video & Biometric Multi source Security Devices 7

3/08/205 Solution Overview IBM i2 Cyber Analysis and Forensics Repository Geospatial Analytics Visualisation Unstructured, Open Source and Social Media Asynchronous Big Data Analytics All source fusion of data The Analyst s Whiteboard Identity and Relationship resolution (The Analyst s Assistant) Cyber Security Analytics (SIEM systems) High Speed Actionable IBM i2 Cyber Incident Forensics Deployment Model Security Operations Joins Cyber to All source intelligence Visual query API integration to QRadar through portal SIEM Systems - QRadar Security domain pillar Supports key SOC operations API Cyber Analysis Forensics Appliance, virtual appliance or software Supports standard PCAP format Retrieves PCAPs for an incident & reconstructs sessions for forensics Security Analyst s Whiteboard Advanced visualization capabilities Network analysis Relationship Analytics ANB plugin to QRadar API Entity Link Analytics At Scale Data Packet Capture Long tail custom analytics Asynchronous allowing analysts to ask the questions they want Scalable storage Performs Full Packet Capture Optimized appliance solution Scalable storage 8

3/08/205 Screenshots Disclaimer slide Copyright 205 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally controlled isolated environments obtained in a controlled, environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property p p y right. g IBM, the IBM logo, ibm.com, DOORS, Enterprise Document Management System, Global Business Services, Global Technology Services, Maximo, MQIntegrator, MQSeries, Netcool, PureAnalytics, PureApplication, purecluster, PureCoverage, PureData, PureExperience, PureFlex, purequery, purescale, PureSystems, QRadar, Rational, Rhapsody, Tivoli, Trusteer, urban{code}, WebSphere, Worklight, X-Force and System z are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information at: www.ibm.com/legal/copytrade.shtml 9

3/08/205 Thank You 0

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information