SlideShare une entreprise Scribd logo
1  sur  33
Télécharger pour lire hors ligne
Advanced Threat Protection
And Security Intelligence


Filip Schepers
IBM Security Systems “SWAT”
X-Force Representative
fschepers@be.ibm.com


                                    1

           © 2012 IBM Corporation
Agenda


The Threat Landscape:
X-Force Trend and Risk Report

Research Driven Threat Mitigation:
the Advanced Threat Protection Platform

Security Intelligence:
QRadar and the IBM Security Framework




                                          2

            © 2012 IBM Corporation
2011: The Year of the Security Breach




                                        3

          © 2012 IBM Corporation
The Threat Landscape
●   Over 7,000 publicly disclosed vulnerabilities
    in 2011
●   95% of vulnerabilities in 2011 were rated as
    Medium or Higher (CVSS) – Critical
    vulnerabilities tripled vs 2010
●   41% of all vulnerabilities are web application
    vulnerabilities
●   Cross-Site Scripting & SQL injection
    vulnerabilities continue to dominate
●   Shell Injection attacks on the rise




                                                     4

                  © 2012 IBM Corporation
The Need to Understand the Who, What, and When
                                                                                           Web Category
                                                                                                            Allow marketing and
                                                                                            Protection      sales teams to access
                                                                                                            social networking sites

         Server
                                                                                           Access Control
                                                                                                            Block attachments on
                                                                                                            all outgoing emails
                                                                                                            and chats
         Network                                                                           Protocol Aware
                                                                                              Intrusion
                                                                                             Protection
                                                                                                            A more strict security
                                                                                                            policy is applied to
         Geography                                                                           Client-Side
                                   Web Applications                                          Protection
                                                                                                            traffic from countries
                                                               Non-web Applications                         where I do not do business


         Reputation                                                                           Botnet
                                                                                             Protection     Advanced inspection
                                                                                                            of web application traffic
                                                                                                            destined to my web servers
         User or Group                                                                       Network
                                                                                            Awareness
                                                                                                            Block known botnet
                                                                                                            servers and phishing
                                                                                           Web Protection   sites

“We had a case in Europe where
workers went on strike for 3 days                                                                           Allow, but don’t inspect,
                                                                                             Reputation
after Facebook was completely                                                                               traffic to financial and
blocked…so granularity is key.”                                                                             medial sites

              – IBM Business Partner

            Who                                               What                        Traffic Controls                Policy
      172.29.230.15, Bob, Alice                   80, 443, 21, webmail, social networks           ?                                      5

                         © 2012 IBM Corporation                                                                                              July
Customer Challenges

                                  Detecting threats
                                  • Arm yourself with comprehensive security
                                    intelligence

                                  Consolidating data silos
                                  • Collect, correlate and report on data in one
                                    integrated solution


                                  Detecting insider fraud
                                  • Next-generation SIEM with identity correlation


                                  Better predicting risks to your business
                                  • Full life cycle of compliance and risk management
                                    for network and security infrastructures


                                  Addressing regulation mandates
                                  • Automated data collection and configuration audits



                                                                                         6

         © 2012 IBM Corporation
The Advanced Threat Protection Platform

Security
Intelligence                                                              Network Activity
                            Log Manager                 SIEM                                       Risk Manager
Platform                                                                     Monitor



Threat
Intelligence              Vulnerability Data      Malicious Websites    Malware Information         IP Reputation
and Research


Advanced
Threat                                           Content           Web               Network
                            Intrusion                                                                   Application
Protection                                       and Data        Application         Anomaly
                           Prevention                                                                    Control
Platform                                         Security        Protection          Detection
                                                                                                                              IBM Network
                                                                                                                                Security




   Advanced Threat                                 Expanded X-Force                              Security Intelligence
   Protection Platform                             Threat Intelligence                           Integration
   Ability to prevent sophisticated threats        Increased coverage of world-wide threat       Tight integration between the Advanced
   and detect abnormal network behavior            intelligence harvested by X-Force and         Threat Protection Platform and QRadar
   by leveraging an extensible set of              the consumption of this data to make          Security Intelligence platform to provide
   network security capabilities - in              smarter and more accurate security            unique and meaningful ways to detect,
   conjunction with real-time threat               decisions across the IBM portfolio            investigate and remediate threats
   information and Security Intelligence


                                                                                                                                             7

                        © 2012 IBM Corporation
X-Force Mission

               Provide the most respected security brand to IBM, our Customers and
                                       Business Partners.
                                                  IBM X-Force Research and Development
The world’s leading enterprise                                                           Global security operations center
security R&D organization                                                                (infrastructure monitoring)


            Engine                                                                               Content Delivery
• Support content stream needs                                                           • Continue third party testing Dominance
  and capabilities
                                                                                         • Execute to deliver new content streams
• Support requirements for                                                                 for new engines
  engine enhancement
• Maintenance and tool development                                                        Industry/Customer Deliverables
                                                                                         • Blog, Marketing and Industry
          Research                                                                         Speaking Engagements
• Support content streams                                                                • X-Force Database
                                                                                           Vulnerability Tracking
• Expand current capabilities in research to
  provide industry knowledge to the greater                                              • Trend Analysis and Security Analytics
  IBM




                                                                                                                               8
8
                         © 2012 IBM Corporation
Unmatched Global Coverage and Security Awareness




    Security Operations Centers

    Security Research Centers

    Security Solution Development Centers

    Institute for Advanced Security Branches




        IBM                                       World Wide Managed
        Research                               Security Services Coverage
                                                20,000+ devices under contract
                                                3,700+ MSS clients worldwide
                                                9B+ events managed per day
                                                1,000+ security patents
                                                133 monitored countries (MSS)




                                                                                 9

                      © 2012 IBM Corporation
We Have the Technology

      IBM Security Network Protection offerings are based on a
         modular, research-driven protocol analysis engine
           for vulnerability based deep packet inspection




                      Protecting against exploits is reactive
                      Protecting against vulnerabilities and
                       malicious behaviors is preemptive
                                                                 10

          © 2012 IBM Corporation
We Have a LOT of Data…
                                                     Online Services
                                                     Filter Database Server

 Crawling                                                                                     Analysis
 • Crawler robots search                                                                      • Server cluster analyze the
   the web in parallel.                                                                         data acquired by the crawlers.
 • They download the websites                                                                 • The analyzed results are
   and images, and place them                                                                   stored in the database.
   in the cache. The information
   is stored in the database.




                                     17 billion   analyzed web pages & images
                                     5M/d         spam & phishing attacks
                                     60K          documented vulnerabilities
                                     9B+          of security events daily
                                     Millions     of unique malware samples
                                     71M          catalogued URLs
                                     270+         web applications
                                     Millions     IP addresses in IP reputation feed – Geo location, Spam,
                                                  anonymous proxies, dynamic IPs, malware, C&C, …



                                                                                                                            11

                   © 2012 IBM Corporation
The Advanced Threat Protection Platform

Security
Intelligence                                                              Network Activity
                            Log Manager                 SIEM                                       Risk Manager
Platform                                                                     Monitor



Threat
Intelligence              Vulnerability Data      Malicious Websites    Malware Information         IP Reputation
and Research


Advanced
Threat                                           Content           Web               Network
                            Intrusion                                                                   Application
Protection                                       and Data        Application         Anomaly
                           Prevention                                                                    Control
Platform                                         Security        Protection          Detection
                                                                                                                              IBM Network
                                                                                                                                Security




   Advanced Threat                                 Expanded X-Force                              Security Intelligence
   Protection Platform                             Threat Intelligence                           Integration
   Ability to prevent sophisticated threats        Increased coverage of world-wide threat       Tight integration between the Advanced
   and detect abnormal network behavior            intelligence harvested by X-Force and         Threat Protection Platform and QRadar
   by leveraging an extensible set of              the consumption of this data to make          Security Intelligence platform to provide
   network security capabilities - in              smarter and more accurate security            unique and meaningful ways to detect,
   conjunction with real-time threat               decisions across the IBM portfolio            investigate and remediate threats
   information and Security Intelligence


                                                                                                                                             12

                        © 2012 IBM Corporation
Introducing IBM Security Network Protection XGS 5000




                                              NEW WITH XGS                 NEW WITH XGS

    PROVEN SECURITY                       ULTIMATE VISIBILITY         COMPLETE CONTROL


 Extensible, 0-Day protection                Understand the
                                                                         Ensure appropriate
           powered                      Who, What and When for all
                                                                     application and network use
        by X-Force®                          network activity


                    IBM Security Network Protection XGS 5000
 builds on the proven security of IBM intrusion prevention solutions by delivering
 the addition of next generation visibility and control to help balance security and
                              business requirements
                                                                                                   13

               © 2012 IBM Corporation
Extensible 0-day protection and ultimate visibility




                                                                      Employee B         Good Application
                                          Protocol Analysis
          Network Traffic
                                          based Deep                 Employee A        Good Application
          and Flows
                                          Packet Inspection                             Bad Application
                                                                      Employee C




    Network Flow Data                                                   Complete Identity         Application Awareness
    provides real time                                                  Awareness associates      fully classifies network
    awareness of anomalous                Protocol analysis module      valuable users and        traffic, regardless of
    activities and QRadar                 provides “Ahead of the        groups with their         address, port , protocol,
    integration facilitates               Threat” protection            network activity,         application, application
    enhanced analysis and                 against known and             application usage and     action or security event
    correlation                           emerging threats              application actions

                      Increase Security                     Reduce Costs              Enable Innovation

                                                                                                                              14

                 © 2012 IBM Corporation
QRadar Network Anomaly Detection
 Optimized version of QRadar Network Activity
 Monitoring for IBM Security Network Protection solutions

 Behavioral analytics and real-time correlation help better
 detect and prioritize stealthy attacks

 Integrated analysis of network flow data brings
 additional security intelligence to IBM Security Network
 Protection solutions:
  – Traffic profiling to detect zero-day threats
  – Correlation of threat & flow data for enhanced incident
    analysis
  – Network activity monitoring to profile user and system
    behavior to improve threat intelligence and complement
    risk based access strategies
  – Consolidation and correlation of data bring out the “needle in
    the haystack”


 Incorporates X-Force IP Reputation Feed, providing
insight into suspect entities on the Internet, feeding
correlation intelligence



                                                                     15

                   © 2012 IBM Corporation
The Advanced Threat Protection Platform

Security
Intelligence                                                              Network Activity
                            Log Manager                 SIEM                                       Risk Manager
Platform                                                                     Monitor



Threat
Intelligence              Vulnerability Data      Malicious Websites    Malware Information         IP Reputation
and Research


Advanced
Threat                                           Content           Web               Network
                            Intrusion                                                                   Application
Protection                                       and Data        Application         Anomaly
                           Prevention                                                                    Control
Platform                                         Security        Protection          Detection
                                                                                                                              IBM Network
                                                                                                                                Security




   Advanced Threat                                 Expanded X-Force                              Security Intelligence
   Protection Platform                             Threat Intelligence                           Integration
   Ability to prevent sophisticated threats        Increased coverage of world-wide threat       Tight integration between the Advanced
   and detect abnormal network behavior            intelligence harvested by X-Force and         Threat Protection Platform and QRadar
   by leveraging an extensible set of              the consumption of this data to make          Security Intelligence platform to provide
   network security capabilities - in              smarter and more accurate security            unique and meaningful ways to detect,
   conjunction with real-time threat               decisions across the IBM portfolio            investigate and remediate threats
   information and Security Intelligence


                                                                                                                                             16

                        © 2012 IBM Corporation
The Security Intelligence Timeline


                                         Are we configured       What is
   What are the external                                                                       What was the
                                         to protect against    happening
   and internal threats?                                                                         impact?
                                           these threats?      right now?




         Prediction & Prevention                                   Reaction & Remediation
      Risk Management. Vulnerability Management.                 SIEM. Log Management. Incident Response.
       Configuration Monitoring. Patch Management.                 Network and Host Intrusion Prevention.
        X-Force Research and Threat Intelligence.               Network Anomaly Detection. Packet Forensics.
    Compliance Management. Reporting and Scorecards.          Database Activity Monitoring. Data Loss Prevention.




                                                                                                                    17

                © 2012 IBM Corporation
Intelligence: Leading products and services in every segment




                                                               18

            © 2012 IBM Corporation
Fully Integrated Security Intelligence
          Risk &                     • Predictive threat modeling & simulation
       Configuration                 • Scalable configuration monitoring and audit
       Management                    • Advanced threat visualization and impact analysis




                                     •   Integrated log, threat, risk & compliance mgmt.
                                     •   Sophisticated event analytics
           SIEM                      •   Asset profiling and flow analytics
                                     •   Offense management and workflow




                                     • Turnkey log management
          Log                        • SME to Enterprise
       Management                    • Upgradeable to enterprise SIEM




        Network
                                     • Network analytics
        Activity &                   • Behavioral anomaly detection
        Anomaly                      • Fully integrated with SIEM
        Detection



       Network and                   • Layer 7 application monitoring
       Application                   • Content capture for deep insight
        Visibility                   • Physical and virtual environments



                                                                                           19

            © 2012 IBM Corporation
Fully Integrated Security Intelligence
       Risk &
    Configuration
    Management
                                                 One Console Security


        SIEM




       Log
    Management



     Network
     Activity &
     Anomaly
     Detection



    Network and
    Application
                                           Built on a Single Data Architecture
     Visibility


                                                                                 20

                  © 2012 IBM Corporation
QRadar SIEM Overview

 QRadar SIEM provides full visibility and actionable
 insight to protect networks and IT assets from a wide
 range of advanced threats, while meeting critical
 compliance mandates.

 Key Capabilities:
  – Sophisticated correlation of events, flows, assets,
    topologies, vulnerabilities and external data to
    identify & prioritize threats
  – Network flow capture and analysis for deep
    application insight
  – Workflow management to fully track threats and
    ensure resolution
  – Scalable architecture to support the largest
    deployments




                                                          21

              © 2012 IBM Corporation
Security Intelligence: Context and Correlation drive Deep
Insight




                                                          Most Accurate &
                Sources            +   Intelligence   =   Actionable Insight


                                                                               22

          © 2012 IBM Corporation
IBM X-Force® Threat                             Real-time Security Overview
    Information Center                              w/ IP Reputation Correlation




 Identity and                     Real-time Network Visualization      Inbound
User Context                      and Application Statistics           Security Events

                                                                                         23

         © 2012 IBM Corporation
QRadar SIEM: Clear, concise and comprehensive delivery
of relevant information:

                                             What was
                                             the attack?

                                                                              Was it
                                  Who was                                     successful?
                                  responsible?



                                                                 Where do I
                                                                 find them?     How valuable
                    How many                                                    are the targets to
                    targets                                                     the business?
                    involved?

                                                    Are any of them
                                                    vulnerable?


                                                           Where is all
                                                           the evidence?

                                                                                                     24

         © 2012 IBM Corporation
QRadar SIEM: Threat Detection and Correlation

                                                                Sounds Nasty…
                                                                But how do we know this?
                                                                The evidence is a single click
                                                                away.




Network Scan                                      Buffer Overflow
Detected by QFlow                                 Exploit attempt seen by IDS




                                                              Total Security Intelligence
Targeted Host Vulnerable
                                          Convergence of Network, Event and Vulnerability data
Detected by Vulnerability Scanner
                                                                                            25

                 © 2012 IBM Corporation
QRadar: Compliance Rules and Reporting
                                  • Out-of-the-box templates for
                                    specific regulations and best
                                    practices:
                                     •   COBIT, SOX, GLBA, NERC,
                                         FISMA, PCI, HIPAA, UK GCSx

                                  • Easily modified to include new
                                    definitions
                                  • Extensible to include new
                                    regulations and best practices

                                  • Can leverage existing
                                    correlation rules




                                                                    26

         © 2012 IBM Corporation
The Advanced Threat Protection Platform

Security
Intelligence                                                              Network Activity
                            Log Manager                 SIEM                                       Risk Manager
Platform                                                                     Monitor



Threat
Intelligence              Vulnerability Data      Malicious Websites    Malware Information         IP Reputation
and Research


Advanced
Threat                                           Content           Web               Network
                            Intrusion                                                                   Application
Protection                                       and Data        Application         Anomaly
                           Prevention                                                                    Control
Platform                                         Security        Protection          Detection
                                                                                                                              IBM Network
                                                                                                                                Security




   Advanced Threat                                 Expanded X-Force                              Security Intelligence
   Protection Platform                             Threat Intelligence                           Integration
   Ability to prevent sophisticated threats        Increased coverage of world-wide threat       Tight integration between the Advanced
   and detect abnormal network behavior            intelligence harvested by X-Force and         Threat Protection Platform and QRadar
   by leveraging an extensible set of              the consumption of this data to make          Security Intelligence platform to provide
   network security capabilities - in              smarter and more accurate security            unique and meaningful ways to detect,
   conjunction with real-time threat               decisions across the IBM portfolio            investigate and remediate threats
   information and Security Intelligence


                                                                                                                                             27

                        © 2012 IBM Corporation
Benefits of the IBM Advanced Threat Protection
Platform
     Dramatically reduces risks and costs
     associated with a security breach through
     constantly updated, preemptive, research driven
     protection
     Reduces cost and complexity through
     simplified security management and
     consolidation of security point solutions
     Delivers full visibility and actionable insight
     for Total Security Intelligence.
     As your trusted partner in security, IBM Security
     delivers solutions that fit your organization to
     keep it protected as security risks evolve



                  The uniqueness “is in the ability to set up security at the user
                  level, correlate that information (with QRadar), and utilize
                     cloud-based threat intelligence to uncover malicious
                        websites and files.” - Network World, July 31, 2012
                                                                                     28
28
                    © 2012 IBM Corporation
Get Engaged with IBM X-Force Research and Development




 Follow us at @ibmsecurity,                         Download X-Force                    Subscribe to X-Force alerts at
 @ibmxforce and @Q1Labs                            security trend & risk                  http://iss.net/rss.php or
                                                          reports                               Frequency X at
                                                          http://www-                    http://blogs.iss.net/rss.php
                                               935.ibm.com/services/us/iss/xforce/




     Attend in-person                               Join the Institute for                Subscribe to the security
          events                                    Advanced Security                     channel for latest security
  http://www.ibm.com/events/calendar/            www.instituteforadvancedsecurity.com              videos
                                                                                        www.youtube.com/ibmsecuritysolutions


                                                                                                                               29

                      © 2012 IBM Corporation
IBM X-Force 2012 Mid Year Trend Report



 20 September 2012

 http://bit.ly/OzWzNS




                                         30

             © 2012 IBM Corporation
Comments or Questions?
  Come see the Security Systems Team
          in the Expo area:


    Jesper Glahn                Marcus Eriksson                   Sven-Erik Vestergaard
Denmark Sales Leader           Sales Leader, ISS   Sara Anwar
                                                                    Security Architect
                                   & Qradar        Nordic Sales




                                                                                          31

                   © 2012 IBM Corporation
Please note:
  IBM’s statements regarding its plans, directions, and intent are
  subject to change or withdrawal without notice at IBM’s sole discretion.
  Information regarding potential future products is intended to outline
  our general product direction and it should not be relied on in making a
  purchasing decision.
  The information mentioned regarding potential future products is not a
  commitment, promise, or legal obligation to deliver any material, code or
  functionality. Information about potential future products may not be
  incorporated into any contract. The development, release, and timing of
  any future features or functionality described for our products remains at
  our sole discretion.
  Performance is based on measurements and projections using standard
  IBM benchmarks in a controlled environment. The actual throughput or
  performance that any user will experience will vary depending upon many
  factors, including considerations such as the amount of multiprogramming
  in the user's job stream, the I/O configuration, the storage configuration,
  and the workload processed. Therefore, no assurance can be given that
  an individual user will achieve results similar to those stated here.

                                                                                32

             © 2012 IBM Corporation
ibm.com/security


© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only,
and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or
otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or
representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in
which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion
based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM,
the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other       33
countries or both. Other company, product, or service names may be trademarks or service marks of others.
                        © 2012 IBM Corporation

Contenu connexe

Tendances

Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMDSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMAndris Soroka
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate ITPeter Wood
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security SuiteCharles McNeil
 
Symantec Brightmail Gateway 9
Symantec Brightmail Gateway 9Symantec Brightmail Gateway 9
Symantec Brightmail Gateway 9Symantec
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010Andris Soroka
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013avelinakauffman
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 
Cellopoint Email UTM
Cellopoint Email UTMCellopoint Email UTM
Cellopoint Email UTMAllyssa Yang
 
Sophos Complete Security
Sophos Complete SecuritySophos Complete Security
Sophos Complete SecurityCTI Group
 
Tom McCann - Sopra
Tom McCann - SopraTom McCann - Sopra
Tom McCann - SopraSocitm
 
Actiance enabling social_networks
Actiance enabling  social_networksActiance enabling  social_networks
Actiance enabling social_networksDavid ChoActiance
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...Editor IJMTER
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtRoopa Nadkarni
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010   Ben Rothke - social networks and information security Infotec 2010   Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security Ben Rothke
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 

Tendances (20)

Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
 
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTMDSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
DSS ITSEC Conference 2012 - Cyberoam Layer8 UTM
 
Fad final print
Fad final printFad final print
Fad final print
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
MBM's InterGuard Security Suite
MBM's InterGuard Security SuiteMBM's InterGuard Security Suite
MBM's InterGuard Security Suite
 
Symantec Brightmail Gateway 9
Symantec Brightmail Gateway 9Symantec Brightmail Gateway 9
Symantec Brightmail Gateway 9
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010FaceTime - DSS @Vilnius 2010
FaceTime - DSS @Vilnius 2010
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del web
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environment
 
Cellopoint Email UTM
Cellopoint Email UTMCellopoint Email UTM
Cellopoint Email UTM
 
Sophos Complete Security
Sophos Complete SecuritySophos Complete Security
Sophos Complete Security
 
Tom McCann - Sopra
Tom McCann - SopraTom McCann - Sopra
Tom McCann - Sopra
 
Actiance enabling social_networks
Actiance enabling  social_networksActiance enabling  social_networks
Actiance enabling social_networks
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
 
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
Enhanced Dynamic Leakage Detection and Piracy Prevention in Content Delivery ...
 
Solving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holtSolving the enterprise security challenge - Derek holt
Solving the enterprise security challenge - Derek holt
 
Infotec 2010 Ben Rothke - social networks and information security
Infotec 2010   Ben Rothke - social networks and information security Infotec 2010   Ben Rothke - social networks and information security
Infotec 2010 Ben Rothke - social networks and information security
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 

Similaire à Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM

What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...Khazret Sapenov
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 PraesentationSophan_Pheng
 
Telesemana ce nominum:mef
Telesemana ce nominum:mefTelesemana ce nominum:mef
Telesemana ce nominum:mefRafael Junquera
 
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...
Microsoft Forefront - Secure Messaging &  Online Protection for Exchange Over...Microsoft Forefront - Secure Messaging &  Online Protection for Exchange Over...
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...Microsoft Private Cloud
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntelAPAC
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...HyTrust
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmgNeha Dhawan
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosNextel S.A.
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard   Reputation Enabled Defense (White Paper)DnaWatch Guard   Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)DnaSylCotter
 
Smart Protection Network
Smart Protection NetworkSmart Protection Network
Smart Protection Networkkevin liao
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011commandersaini
 
Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring  Privacy & Transparency within Hybrid Clouds Ensuring  Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds Marcin Kotlarski
 

Similaire à Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM (20)

What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
What customers want the cloud to be - Jason Waxman GM at Intel, Cloud Slam 20...
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
 
Telesemana ce nominum:mef
Telesemana ce nominum:mefTelesemana ce nominum:mef
Telesemana ce nominum:mef
 
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...
Microsoft Forefront - Secure Messaging &  Online Protection for Exchange Over...Microsoft Forefront - Secure Messaging &  Online Protection for Exchange Over...
Microsoft Forefront - Secure Messaging & Online Protection for Exchange Over...
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploits
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
Virtualize More While Improving Your Cybersecurity Risk Posture - The "4 Must...
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
 
Antivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizadosAntivirus específicos para entornos virtualizados
Antivirus específicos para entornos virtualizados
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011
 
Watch Guard Reputation Enabled Defense (White Paper)Dna
Watch Guard   Reputation Enabled Defense (White Paper)DnaWatch Guard   Reputation Enabled Defense (White Paper)Dna
Watch Guard Reputation Enabled Defense (White Paper)Dna
 
Smart Protection Network
Smart Protection NetworkSmart Protection Network
Smart Protection Network
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011
 
Stream 1 - Cloud Computing
Stream 1 - Cloud ComputingStream 1 - Cloud Computing
Stream 1 - Cloud Computing
 
Presd1 10
Presd1 10Presd1 10
Presd1 10
 
Ensuring Privacy & Transparency within Hybrid Clouds
Ensuring  Privacy & Transparency within Hybrid Clouds Ensuring  Privacy & Transparency within Hybrid Clouds
Ensuring Privacy & Transparency within Hybrid Clouds
 

Plus de IBM Danmark

DevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinleyDevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinleyIBM Danmark
 
Velkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia RønhøjVelkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia RønhøjIBM Danmark
 
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenSmarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenIBM Danmark
 
Mobile, Philip Nyborg
Mobile, Philip NyborgMobile, Philip Nyborg
Mobile, Philip NyborgIBM Danmark
 
IT innovation, Kim Escherich
IT innovation, Kim EscherichIT innovation, Kim Escherich
IT innovation, Kim EscherichIBM Danmark
 
Echo.IT, Stefan K. Madsen
Echo.IT, Stefan K. MadsenEcho.IT, Stefan K. Madsen
Echo.IT, Stefan K. MadsenIBM Danmark
 
Big Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter JönssonBig Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter JönssonIBM Danmark
 
Social Business, Alice Bayer
Social Business, Alice BayerSocial Business, Alice Bayer
Social Business, Alice BayerIBM Danmark
 
Numascale Product IBM
Numascale Product IBMNumascale Product IBM
Numascale Product IBMIBM Danmark
 
Intel HPC Update
Intel HPC UpdateIntel HPC Update
Intel HPC UpdateIBM Danmark
 
IBM general parallel file system - introduction
IBM general parallel file system - introductionIBM general parallel file system - introduction
IBM general parallel file system - introductionIBM Danmark
 
NeXtScale HPC seminar
NeXtScale HPC seminarNeXtScale HPC seminar
NeXtScale HPC seminarIBM Danmark
 
Future of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian NielsenFuture of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian NielsenIBM Danmark
 
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyFuture of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyIBM Danmark
 
Future of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren RavnFuture of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren RavnIBM Danmark
 
Future of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim MortensenFuture of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim MortensenIBM Danmark
 
Future of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik RexFuture of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik RexIBM Danmark
 
Future of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim EscherichFuture of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim EscherichIBM Danmark
 
Future of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-JensenFuture of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-JensenIBM Danmark
 

Plus de IBM Danmark (20)

DevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinleyDevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinley
 
Velkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia RønhøjVelkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia Rønhøj
 
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenSmarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
 
Mobile, Philip Nyborg
Mobile, Philip NyborgMobile, Philip Nyborg
Mobile, Philip Nyborg
 
IT innovation, Kim Escherich
IT innovation, Kim EscherichIT innovation, Kim Escherich
IT innovation, Kim Escherich
 
Echo.IT, Stefan K. Madsen
Echo.IT, Stefan K. MadsenEcho.IT, Stefan K. Madsen
Echo.IT, Stefan K. Madsen
 
Big Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter JönssonBig Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter Jönsson
 
Social Business, Alice Bayer
Social Business, Alice BayerSocial Business, Alice Bayer
Social Business, Alice Bayer
 
Numascale Product IBM
Numascale Product IBMNumascale Product IBM
Numascale Product IBM
 
Mellanox IBM
Mellanox IBMMellanox IBM
Mellanox IBM
 
Intel HPC Update
Intel HPC UpdateIntel HPC Update
Intel HPC Update
 
IBM general parallel file system - introduction
IBM general parallel file system - introductionIBM general parallel file system - introduction
IBM general parallel file system - introduction
 
NeXtScale HPC seminar
NeXtScale HPC seminarNeXtScale HPC seminar
NeXtScale HPC seminar
 
Future of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian NielsenFuture of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian Nielsen
 
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyFuture of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
 
Future of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren RavnFuture of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren Ravn
 
Future of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim MortensenFuture of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim Mortensen
 
Future of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik RexFuture of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik Rex
 
Future of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim EscherichFuture of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim Escherich
 
Future of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-JensenFuture of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-Jensen
 

Dernier

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 

Dernier (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 

Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM

  • 1. Advanced Threat Protection And Security Intelligence Filip Schepers IBM Security Systems “SWAT” X-Force Representative fschepers@be.ibm.com 1 © 2012 IBM Corporation
  • 2. Agenda The Threat Landscape: X-Force Trend and Risk Report Research Driven Threat Mitigation: the Advanced Threat Protection Platform Security Intelligence: QRadar and the IBM Security Framework 2 © 2012 IBM Corporation
  • 3. 2011: The Year of the Security Breach 3 © 2012 IBM Corporation
  • 4. The Threat Landscape ● Over 7,000 publicly disclosed vulnerabilities in 2011 ● 95% of vulnerabilities in 2011 were rated as Medium or Higher (CVSS) – Critical vulnerabilities tripled vs 2010 ● 41% of all vulnerabilities are web application vulnerabilities ● Cross-Site Scripting & SQL injection vulnerabilities continue to dominate ● Shell Injection attacks on the rise 4 © 2012 IBM Corporation
  • 5. The Need to Understand the Who, What, and When Web Category Allow marketing and Protection sales teams to access social networking sites Server Access Control Block attachments on all outgoing emails and chats Network Protocol Aware Intrusion Protection A more strict security policy is applied to Geography Client-Side Web Applications Protection traffic from countries Non-web Applications where I do not do business Reputation Botnet Protection Advanced inspection of web application traffic destined to my web servers User or Group Network Awareness Block known botnet servers and phishing Web Protection sites “We had a case in Europe where workers went on strike for 3 days Allow, but don’t inspect, Reputation after Facebook was completely traffic to financial and blocked…so granularity is key.” medial sites – IBM Business Partner Who What Traffic Controls Policy 172.29.230.15, Bob, Alice 80, 443, 21, webmail, social networks ? 5 © 2012 IBM Corporation July
  • 6. Customer Challenges Detecting threats • Arm yourself with comprehensive security intelligence Consolidating data silos • Collect, correlate and report on data in one integrated solution Detecting insider fraud • Next-generation SIEM with identity correlation Better predicting risks to your business • Full life cycle of compliance and risk management for network and security infrastructures Addressing regulation mandates • Automated data collection and configuration audits 6 © 2012 IBM Corporation
  • 7. The Advanced Threat Protection Platform Security Intelligence Network Activity Log Manager SIEM Risk Manager Platform Monitor Threat Intelligence Vulnerability Data Malicious Websites Malware Information IP Reputation and Research Advanced Threat Content Web Network Intrusion Application Protection and Data Application Anomaly Prevention Control Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Ability to prevent sophisticated threats Increased coverage of world-wide threat Tight integration between the Advanced and detect abnormal network behavior intelligence harvested by X-Force and Threat Protection Platform and QRadar by leveraging an extensible set of the consumption of this data to make Security Intelligence platform to provide network security capabilities - in smarter and more accurate security unique and meaningful ways to detect, conjunction with real-time threat decisions across the IBM portfolio investigate and remediate threats information and Security Intelligence 7 © 2012 IBM Corporation
  • 8. X-Force Mission Provide the most respected security brand to IBM, our Customers and Business Partners. IBM X-Force Research and Development The world’s leading enterprise Global security operations center security R&D organization (infrastructure monitoring) Engine Content Delivery • Support content stream needs • Continue third party testing Dominance and capabilities • Execute to deliver new content streams • Support requirements for for new engines engine enhancement • Maintenance and tool development Industry/Customer Deliverables • Blog, Marketing and Industry Research Speaking Engagements • Support content streams • X-Force Database Vulnerability Tracking • Expand current capabilities in research to provide industry knowledge to the greater • Trend Analysis and Security Analytics IBM 8 8 © 2012 IBM Corporation
  • 9. Unmatched Global Coverage and Security Awareness Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches IBM World Wide Managed Research Security Services Coverage 20,000+ devices under contract 3,700+ MSS clients worldwide 9B+ events managed per day 1,000+ security patents 133 monitored countries (MSS) 9 © 2012 IBM Corporation
  • 10. We Have the Technology IBM Security Network Protection offerings are based on a modular, research-driven protocol analysis engine for vulnerability based deep packet inspection Protecting against exploits is reactive Protecting against vulnerabilities and malicious behaviors is preemptive 10 © 2012 IBM Corporation
  • 11. We Have a LOT of Data… Online Services Filter Database Server Crawling Analysis • Crawler robots search • Server cluster analyze the the web in parallel. data acquired by the crawlers. • They download the websites • The analyzed results are and images, and place them stored in the database. in the cache. The information is stored in the database. 17 billion analyzed web pages & images 5M/d spam & phishing attacks 60K documented vulnerabilities 9B+ of security events daily Millions of unique malware samples 71M catalogued URLs 270+ web applications Millions IP addresses in IP reputation feed – Geo location, Spam, anonymous proxies, dynamic IPs, malware, C&C, … 11 © 2012 IBM Corporation
  • 12. The Advanced Threat Protection Platform Security Intelligence Network Activity Log Manager SIEM Risk Manager Platform Monitor Threat Intelligence Vulnerability Data Malicious Websites Malware Information IP Reputation and Research Advanced Threat Content Web Network Intrusion Application Protection and Data Application Anomaly Prevention Control Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Ability to prevent sophisticated threats Increased coverage of world-wide threat Tight integration between the Advanced and detect abnormal network behavior intelligence harvested by X-Force and Threat Protection Platform and QRadar by leveraging an extensible set of the consumption of this data to make Security Intelligence platform to provide network security capabilities - in smarter and more accurate security unique and meaningful ways to detect, conjunction with real-time threat decisions across the IBM portfolio investigate and remediate threats information and Security Intelligence 12 © 2012 IBM Corporation
  • 13. Introducing IBM Security Network Protection XGS 5000 NEW WITH XGS NEW WITH XGS PROVEN SECURITY ULTIMATE VISIBILITY COMPLETE CONTROL Extensible, 0-Day protection Understand the Ensure appropriate powered Who, What and When for all application and network use by X-Force® network activity IBM Security Network Protection XGS 5000 builds on the proven security of IBM intrusion prevention solutions by delivering the addition of next generation visibility and control to help balance security and business requirements 13 © 2012 IBM Corporation
  • 14. Extensible 0-day protection and ultimate visibility Employee B Good Application Protocol Analysis Network Traffic based Deep Employee A Good Application and Flows Packet Inspection Bad Application Employee C Network Flow Data Complete Identity Application Awareness provides real time Awareness associates fully classifies network awareness of anomalous Protocol analysis module valuable users and traffic, regardless of activities and QRadar provides “Ahead of the groups with their address, port , protocol, integration facilitates Threat” protection network activity, application, application enhanced analysis and against known and application usage and action or security event correlation emerging threats application actions Increase Security Reduce Costs Enable Innovation 14 © 2012 IBM Corporation
  • 15. QRadar Network Anomaly Detection Optimized version of QRadar Network Activity Monitoring for IBM Security Network Protection solutions Behavioral analytics and real-time correlation help better detect and prioritize stealthy attacks Integrated analysis of network flow data brings additional security intelligence to IBM Security Network Protection solutions: – Traffic profiling to detect zero-day threats – Correlation of threat & flow data for enhanced incident analysis – Network activity monitoring to profile user and system behavior to improve threat intelligence and complement risk based access strategies – Consolidation and correlation of data bring out the “needle in the haystack” Incorporates X-Force IP Reputation Feed, providing insight into suspect entities on the Internet, feeding correlation intelligence 15 © 2012 IBM Corporation
  • 16. The Advanced Threat Protection Platform Security Intelligence Network Activity Log Manager SIEM Risk Manager Platform Monitor Threat Intelligence Vulnerability Data Malicious Websites Malware Information IP Reputation and Research Advanced Threat Content Web Network Intrusion Application Protection and Data Application Anomaly Prevention Control Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Ability to prevent sophisticated threats Increased coverage of world-wide threat Tight integration between the Advanced and detect abnormal network behavior intelligence harvested by X-Force and Threat Protection Platform and QRadar by leveraging an extensible set of the consumption of this data to make Security Intelligence platform to provide network security capabilities - in smarter and more accurate security unique and meaningful ways to detect, conjunction with real-time threat decisions across the IBM portfolio investigate and remediate threats information and Security Intelligence 16 © 2012 IBM Corporation
  • 17. The Security Intelligence Timeline Are we configured What is What are the external What was the to protect against happening and internal threats? impact? these threats? right now? Prediction & Prevention Reaction & Remediation Risk Management. Vulnerability Management. SIEM. Log Management. Incident Response. Configuration Monitoring. Patch Management. Network and Host Intrusion Prevention. X-Force Research and Threat Intelligence. Network Anomaly Detection. Packet Forensics. Compliance Management. Reporting and Scorecards. Database Activity Monitoring. Data Loss Prevention. 17 © 2012 IBM Corporation
  • 18. Intelligence: Leading products and services in every segment 18 © 2012 IBM Corporation
  • 19. Fully Integrated Security Intelligence Risk & • Predictive threat modeling & simulation Configuration • Scalable configuration monitoring and audit Management • Advanced threat visualization and impact analysis • Integrated log, threat, risk & compliance mgmt. • Sophisticated event analytics SIEM • Asset profiling and flow analytics • Offense management and workflow • Turnkey log management Log • SME to Enterprise Management • Upgradeable to enterprise SIEM Network • Network analytics Activity & • Behavioral anomaly detection Anomaly • Fully integrated with SIEM Detection Network and • Layer 7 application monitoring Application • Content capture for deep insight Visibility • Physical and virtual environments 19 © 2012 IBM Corporation
  • 20. Fully Integrated Security Intelligence Risk & Configuration Management One Console Security SIEM Log Management Network Activity & Anomaly Detection Network and Application Built on a Single Data Architecture Visibility 20 © 2012 IBM Corporation
  • 21. QRadar SIEM Overview QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets from a wide range of advanced threats, while meeting critical compliance mandates. Key Capabilities: – Sophisticated correlation of events, flows, assets, topologies, vulnerabilities and external data to identify & prioritize threats – Network flow capture and analysis for deep application insight – Workflow management to fully track threats and ensure resolution – Scalable architecture to support the largest deployments 21 © 2012 IBM Corporation
  • 22. Security Intelligence: Context and Correlation drive Deep Insight Most Accurate & Sources + Intelligence = Actionable Insight 22 © 2012 IBM Corporation
  • 23. IBM X-Force® Threat Real-time Security Overview Information Center w/ IP Reputation Correlation Identity and Real-time Network Visualization Inbound User Context and Application Statistics Security Events 23 © 2012 IBM Corporation
  • 24. QRadar SIEM: Clear, concise and comprehensive delivery of relevant information: What was the attack? Was it Who was successful? responsible? Where do I find them? How valuable How many are the targets to targets the business? involved? Are any of them vulnerable? Where is all the evidence? 24 © 2012 IBM Corporation
  • 25. QRadar SIEM: Threat Detection and Correlation Sounds Nasty… But how do we know this? The evidence is a single click away. Network Scan Buffer Overflow Detected by QFlow Exploit attempt seen by IDS Total Security Intelligence Targeted Host Vulnerable Convergence of Network, Event and Vulnerability data Detected by Vulnerability Scanner 25 © 2012 IBM Corporation
  • 26. QRadar: Compliance Rules and Reporting • Out-of-the-box templates for specific regulations and best practices: • COBIT, SOX, GLBA, NERC, FISMA, PCI, HIPAA, UK GCSx • Easily modified to include new definitions • Extensible to include new regulations and best practices • Can leverage existing correlation rules 26 © 2012 IBM Corporation
  • 27. The Advanced Threat Protection Platform Security Intelligence Network Activity Log Manager SIEM Risk Manager Platform Monitor Threat Intelligence Vulnerability Data Malicious Websites Malware Information IP Reputation and Research Advanced Threat Content Web Network Intrusion Application Protection and Data Application Anomaly Prevention Control Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Ability to prevent sophisticated threats Increased coverage of world-wide threat Tight integration between the Advanced and detect abnormal network behavior intelligence harvested by X-Force and Threat Protection Platform and QRadar by leveraging an extensible set of the consumption of this data to make Security Intelligence platform to provide network security capabilities - in smarter and more accurate security unique and meaningful ways to detect, conjunction with real-time threat decisions across the IBM portfolio investigate and remediate threats information and Security Intelligence 27 © 2012 IBM Corporation
  • 28. Benefits of the IBM Advanced Threat Protection Platform Dramatically reduces risks and costs associated with a security breach through constantly updated, preemptive, research driven protection Reduces cost and complexity through simplified security management and consolidation of security point solutions Delivers full visibility and actionable insight for Total Security Intelligence. As your trusted partner in security, IBM Security delivers solutions that fit your organization to keep it protected as security risks evolve The uniqueness “is in the ability to set up security at the user level, correlate that information (with QRadar), and utilize cloud-based threat intelligence to uncover malicious websites and files.” - Network World, July 31, 2012 28 28 © 2012 IBM Corporation
  • 29. Get Engaged with IBM X-Force Research and Development Follow us at @ibmsecurity, Download X-Force Subscribe to X-Force alerts at @ibmxforce and @Q1Labs security trend & risk http://iss.net/rss.php or reports Frequency X at http://www- http://blogs.iss.net/rss.php 935.ibm.com/services/us/iss/xforce/ Attend in-person Join the Institute for Subscribe to the security events Advanced Security channel for latest security http://www.ibm.com/events/calendar/ www.instituteforadvancedsecurity.com videos www.youtube.com/ibmsecuritysolutions 29 © 2012 IBM Corporation
  • 30. IBM X-Force 2012 Mid Year Trend Report 20 September 2012 http://bit.ly/OzWzNS 30 © 2012 IBM Corporation
  • 31. Comments or Questions? Come see the Security Systems Team in the Expo area: Jesper Glahn Marcus Eriksson Sven-Erik Vestergaard Denmark Sales Leader Sales Leader, ISS Sara Anwar Security Architect & Qradar Nordic Sales 31 © 2012 IBM Corporation
  • 32. Please note: IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 32 © 2012 IBM Corporation
  • 33. ibm.com/security © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other 33 countries or both. Other company, product, or service names may be trademarks or service marks of others. © 2012 IBM Corporation