SlideShare a Scribd company logo

Cio ciso security_strategyv1.1

Download as PPT, PDF
Anindya Ghosh,
Anindya Ghosh,
1 of 37
IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
IBM Security Systems Solving a security issue is a complex, four-dimensional puzzle Employees Hackers Outsourcers Outsourcers Suppliers People Consultants Terrorists Customers Customers Data Structured Structured Unstructured Unstructured At rest In motion In motion Systems Systems Web Mobile Applications Web 2.0 Web 2.0 Mobile apps applications Applications Applications Applications Infrastructur e Attempting to protect the perimeter is not enough – siloed point products JK 2012-04-26 and traditional defenses cannot adequately secure the enterprise © 2011 IBM Corporation
IBM Security Systems Security teams must shift from a conventional “defense-in-depth” mindset and begin thinking like an attacker… Audit, Patch & Block Detect, Analyze & Remediate Think like a defender, Think like an attacker, defense-in-depth mindset counter intelligence mindset  Protect all assets  Protect high value assets  Emphasize the perimeter  Emphasize the data  Patch systems  Harden targets and weakest links  Use signature-based detection  Use anomaly-based detection  Scan endpoints for malware  Baseline system behavior  Read the latest news  Consume threat feeds  Collect logs  Collect everything  Conduct manual interviews  Automate correlation and analytics  Shut down systems  Gather and preserve evidence Broad Targete d © 2011 IBM Corporation
IBM Security Systems …By identifying and combining subtle indicators of targeted attacks  User behaves in risky manner 1 Spear phishing  Receives enterprise e-mail from and 0-day attack personal social network  Anomalous device and network Backdoor or behavior 2 malware is  DNS query to known malicious Command installed & Control (CnC) hosts  Abnormal traffic patterns  Anomalous user behavior 3 Lateral movement  Device is contacting new hosts  Anomalous network pattern  Anomalous user behavior 4 Data acquisition  Data access patterns abnormal and aggregation  Data rapidly aggregating  Movement of valuable data 5  Users accessing too many Data exfiltration Command resources & Control (CnC)  Device contacting unknown hosts © 2011 IBM Corporation
IBM Security Systems IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework IBM Security Systems  IBM Security Framework built on the foundation of COBIT and ISO standards  End-to-end coverage of the security domains  Managed and Professional Services to help clients secure the enterprise © 2011 IBM Corporation
IBM Security Systems Intelligence: A comprehensive portfolio of products and services across all domains © 2011 IBM Corporation
IBM Security Systems Integration: Increase security, collapse silos, and reduce complexity  Consolidate and correlate  Customize protection  Stay ahead of the changing siloed information from capabilities to block specific threat landscape vulnerabilities using scan hundreds of sources  Designed to help detect the results  Designed to help detect, notify latest vulnerabilities, exploits  Converge access and respond to threats missed and malware management with web service by other security solutions  Add security intelligence to gateways  Automate compliance tasks non-intelligent systems  Link identity information with and assess risks JK 2012-04-26 database security © 2011 IBM Corporation
IBM Security Systems IBM Identity and Access Management Vision Key Themes Standardized IAM Secure Cloud, Mobile, Insider Threat and Compliance Social Interaction and IAM Governance Management Enhance context-based access Continue to develop Privileged Identity Expand IAM vertically to provide control for cloud, mobile and Management (PIM) capabilities identity and access intelligence SaaS access, as well as and enhanced Identity and Role to the business; Integrate integration with proofing, management horizontally to enforce user validation and authentication access to data, app, and solutions infrastructure © 2011 IBM Corporation
IBM Security Systems Data Security Vision Across Multiple Deployment Models Key Themes Reduced Total Cost Enhanced Compliance Dynamic of Ownership Management Data Protection Expanded support for databases and Enhanced Database Vulnerability Data masking capabilities for unstructured data, automation, Assessment (VA) and Database databases (row level, role level) handling and analysis of large Protection Subscription Service and for applications (pattern volumes of audit records, and (DPS) with improved update based, form based) to safeguard new preventive capabilities frequency, labels for specific sensitive and confidential data regulations, and product integrations © 2011 IBM Corporation
IBM Security Systems Application Security Vision Key Themes Coverage for Mobile Simplified interface and Security Intelligence applications and accelerated ROI Integration new threats New capabilities to improve customer Automatically adjust threat levels Continue to identify and reduce risk time to value and consumability based on knowledge of by expanding scanning with out-of-the-box scanning, application vulnerabilities by capabilities to new platforms static analysis templates and integrating and analyzing scan such as mobile, as well as ease of use features results with SiteProtector and introducing next generation the QRadar Security Intelligence dynamic analysis scanning and Platform glass box testing © 2011 IBM Corporation
IBM Security Systems Threat Protection Vision Security Network Intelligence Risk Log Manager SIEM Activity Future Platform Manager Monitor Threat Intelligence Vulnerability Data Malicious Websites Malware Information IP Reputation and Research Advanced Threat Content Web Network Intrusion Protection and Data Application Anomaly Future Prevention Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Helps to prevent sophisticated threats Increased coverage of world-wide Tight integration between the and detect abnormal network threat intelligence harvested by Advanced Threat Protection behavior by using an extensible X-Force and the consumption of Platform and QRadar Security set of network security this data to make smarter and Intelligence platform to provide capabilities - in conjunction with more accurate security decisions unique and meaningful ways to real-time threat information and detect, investigate and Security Intelligence remediate threats © 2011 IBM Corporation
IBM Security Systems Infrastructure Protection – Endpoint and Server Vision Key Themes Security for Expansion of Security Intelligence Mobile Devices Security Content Integration Provide security for and manage Continued expansion of security Improved usage of analytics - traditional endpoints alongside configuration and vulnerability providing valuable insights to mobile devices such as Apple content to increase coverage for meet compliance and IT security iOS, Google Android, Symbian, applications, operating systems, objectives, as well as further and Microsoft Windows Phone - and industry best practices integration with SiteProtector using a single platform and the QRadar Security Intelligence Platform © 2011 IBM Corporation
IBM Security Systems Expertise: New services organization designed to help the CISO Managed and Professional Services to help clients assess their security maturity, identify areas of vulnerability, and design and deploy internal and/or managed security solutions The 10 Security Essentials for the CIO are customer on-ramps building a more optimized security posture Essential Practices © 2011 IBM Corporation
IBM Security Systems Solutions for the full Security Intelligence timeline Are we configured What are the external and What is happening right to protect against What was the impact? internal threats? now? these threats? Prediction & Prevention Reaction & Remediation Risk Management. Vulnerability Management. Network and Host Intrusion Prevention. Configuration and Patch Management. Network Anomaly Detection. Packet Forensics. X-Force Research and Threat Intelligence. Database Activity Monitoring. Data Leak Prevention. Compliance Management. Reporting and Scorecards. SIEM. Log Management. Incident Response. © 2011 IBM Corporation
IBM Security Systems Security Intelligence: Integrating across IT silos with Security Intelligence solutions Security Devices Servers & Hosts Event Correlation • Logs • IP Reputation Network & Virtual Activity • Flows • Geo Location Database Activity Offense Identification Activity Baselining & Anomaly • Credibility Detection • Severity Application Activity • Relevance • User Activity Configuration Info • Database Activity • Application Activity Vulnerability Info • Network Activity User Activity Suspected Incidents Extensive Data Deep Exceptionally Accurate and Sources + Intelligence = Actionable Insight JK 2012-04-26 © 2011 IBM Corporation
IBM Security Systems Security Intelligence: QRadar provides security visibility IBM X-Force® Threat Real-time Security Overview Information Center w/ IP Reputation Correlation Identity and Real-time Network Visualization User Context and Application Statistics Inbound Security Events © 2011 IBM Corporation
IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
IBM Security Systems Advanced Persistent Threat (APT) is different 1 Advanced – Exploiting unreported vulnerabilities – Advanced, custom malware is not detected by antivirus products – Coordinated, researched attacks using multiple vectors 2 Persistent – Attacks lasting for months or years – Attackers are dedicated to the target – they will get in Threat 3 – Targeted at specific individuals and groups within an organization, aimed at compromising confidential information – Not random attacks – they are “out to get you” 4 Responding is different too – Watch, Wait, Plan … and call the FBI © 2011 IBM Corporation
IBM Security Systems Advanced Threat: The challenging state of network security Increasingly sophisticated attacks SOPHISTICATED are using multiple attack vectors ATTACKS and increasing risk exposure Stealth Bots • Targeted Attacks Worms • Trojans • Designer Malware Streaming media sites are STREAMING consuming large amounts of MEDIA bandwidth Social media sites present SOCIAL productivity, privacy and security NETWORKING risks including new threat vectors POINT Point solutions are siloed with URL Filtering • IDS / IPS SOLUTIONS minimal integration or data sharing IM / P2P • Web App Protection Vulnerability Management © 2011 IBM Corporation
IBM Security Systems Network Defenses: Not up to today’s challenges Current Limitations Internet  Threats continue to evolve and standard methods Stealth Bots of detection are not enough Worms, Trojans Targeted Attacks  Streaming media sites and Web applications Designer Malware introduce new security challenges  Basic “Block Only” mode limits innovative use of Firewall/VPN – port streaming and new Web apps and protocol filtering  Poorly integrated solutions create “security sprawl”, lower overall levels of security, and raise cost and complexity Requirement: Multi-faceted Protection Email Gateway – message Web Gateway – securing  0-day threat protection tightly integrated with and attachment security only web traffic only, port 80 / 443 other technologies i.e. network anomaly detection Everything Else  Ability to reduce costs associated with non- business use of applications  Controls to restrict access to social media sites Multi-faceted by a user’s role and business need Network Protection  Eliminate point solutions to reduce overall cost – security for all traffic, applications and users and complexity © 2011 IBM Corporation
IBM Security Systems IBM Advanced Threat Protection 3 Our strategy is to protect our customers with advanced threat protection at the network layer - by strengthening and integrating network security, analytics and threat Intelligence capabilities 1. Advanced Threat Protection Platform 1 Evolves Intrusion Prevention to become a Threat Protection Platform – providing packet, content, file and session inspection to stop threats from entering the network 2. QRadar Security Intelligence Platform Builds tight integration between the Network Security products, X-Force intelligence feeds and QRadar Security Intelligence Users Infrastructure products with purpose-built analytics and reporting for threat detection and remediation 3. X-Force Threat Intelligence Increases aperture of threat intelligence information and feedback loops for our products. Leverages the existing X-Force web and email filtering data, but also expands into additional IP Reputation data sets 2 © 2011 IBM Corporation
IBM Security Systems Advanced Threats: IBM’s vision for Threat Security Intelligence Network Activity Log Manager SIEM Risk Manager Platform Monitor Threat Intelligence Vulnerability Malicious Malware IP and Research Data Websites Information Reputation Advanced Threat Content Web Network Intrusion Application Protection and Data Application Anomaly Prevention Control Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration • Leverage extensible set of • World-wide threat intelligence • Tight integration between the network security capabilities harvested by X-Force® Advanced Threat Protection Platform and QRadar Security • Granular application control • Consumption of this data to make Intelligence platform to provide • Combine with real-time threat smarter and more accurate unique and meaningful ways to information and Security security decisions help detect, investigate and Intelligence remediate threats © 2011 IBM Corporation
IBM Security Systems Ultimate Visibility: Understanding Who, What and When  Immediately discover which applications and web sites are being accessed  Identify misuse by application, website, and Flows Network Traffic and user B ye yee yee plo plo plo Em Em Em n o i t a c i l p p A d o o G  Understand who and what e AC n o i t a c i l p p A d o o G are consuming bandwidth n o i t a c i l p p A d a B  SIEM integration for anomaly detection and event correlation “We were able to detect Network flows can be Identity context ties Application context the Trojan “Poison Ivy” sent to QRadar for users and groups with fully classifies network within the first three hours enhanced analysis, their network activity - traffic, regardless of of deploying IBM Security correlation and going beyond IP port, protocol or anomaly detection address only policies evasion techniques Network Protection” – Australian Hospital Increase Security Reduce Costs Enable Innovation © 2011 IBM Corporation
IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
IBM Security Systems Mobile OS Vulnerabilities and Exploits Continued interest in Mobile vulnerabilities as enterprise users bring smartphones and tablets into the work place Attackers finally warming to the opportunities these devices represent © 2011 IBM Corporation
IBM Security Systems Enterprises face mobile security challenges  Multiple device platforms and variants Adapting to BYOD and the  Managed devices (B2E) consumerization of IT  Data separation and protection  Threat protection  Identity of user and devices Enabling secure  Authentication, authorization and federation transactions to enterprise  User policies applications and data  Secure connectivity  Application life-cycle Developing secure  Vulnerability and penetration testing applications  Application management  Application policies  Policy management: location, geo, roles, Designing and instituting response, time policies an adaptive security  Security Intelligence posture  Reporting © 2011 IBM Corporation
IBM Security Systems A simplified view of mobile device lifecycle management Mobile User Signs Up Mobile for On-line User Loses Access Mobile Device Application User Developers Accesses Develop Corporate Mobile Apps E-mail Mobile Client Gets Updates Build Secure Register the Securely Connect Monitor / Patch Lock / Wipe Mobile Apps Device the Device the Device the Device IBM Worklight Tivoli Endpoint IBM Mobile Tivoli Endpoint Tivoli Endpoint IBM Security Manager for Mobile Lotus Connect Manager for Mobile Manager for Mobile AppScan © 2011 IBM Corporation
IBM Security Systems Mobility: Thinking through mobile security Over the Network At the Device For the Mobile App and Enterprise Manage device Secure Access Secure Application Set appropriate security policies • Properly identify mobile users and Utilize secure coding practices • Register • Compliance • Wipe • devices • Allow or deny access • Identify application vulnerabilities • Lock Connectivity Update applications Secure Data Monitor & Protect Integrate Securely Data separation • Leakage • Identify and stop mobile threats • Secure connectivity to enterprise Encryption Log network access, events, and applications and services anomalies Application Security Manage Applications Offline authentication • Secure Connectivity Manage applications and enterprise Application level controls Secure Connectivity from devices app store Internet Corporate Intranet Strategy  Safe usage of smartphones and tablets in the enterprise Security Manage Mobile  Secure transactions enabling customer confidence ment IBM and  Visibility and security of enterprise mobile platform © 2011 IBM Corporation
IBM Security Systems Securing the Mobile Enterprise with IBM Solutions © 2011 IBM Corporation
IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
IBM Security Systems Cloud: Clients are concerned about changes that cloud adoption brings to their visibility and risk posture Private cloud Hybrid IT Public cloud In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning IT resources increases – affecting all aspects of security  Network & workload isolation  Compliance & certifications  Virtual infrastructure protection & integrity  Data jurisdiction & data security  Identity integration & privileged access  Visibility & transparency into security posture  Vulnerability management & compliance  Identity federation & access  Auditing & logging  Need for Service Level Agreements (SLAs) Clients want more visibility, confidence in their compliance posture, and integration with existing security infrastructure © 2011 IBM Corporation
IBM Security Systems Cloud: Each pattern has its own set of key security concerns Infrastructure as a Platform-as-a-Service Innovate Software as a Service Service (IaaS): Cut IT (PaaS): Accelerate time business models (SaaS): Gain immediate expense and complexity to market with cloud by becoming a cloud access with business through cloud data centers platform services service provider solutions on cloud Cloud Enabled Cloud Platform Cloud Service Business Solutions Data Center Services Provider on Cloud Integrated service Pre-built, pre-integrated IT Advanced platform for Capabilities provided to management, automation, infrastructures tuned to creating, managing, and consumers for using a provisioning, self service application-specific needs monetizing cloud services provider’s applications Key security focus: Key security focus: Key security focus: Key security focus: Infrastructure & Identity Applications & Data Data & Compliance Compliance & Auditing  Manage identities  Secure shared databases  Isolate cloud tenants  Harden applications  Secure virtual machines  Encrypt private information  Policy and regulations  Securely federate identity  Patch default images  Build secure applications  Manage operations  Deploy access controls  Monitor all logs  Keep an audit trail  Build secure data  Encrypt communications  Network isolation  Integrate existing security centers  Manage app policies  Offer backup and resiliency Security Intelligence – threat intelligence, user activity monitoring, real time insights © 2011 IBM Corporation
IBM Security Systems Cloud: Our focus is in two areas of cloud security 1 Security from the Cloud 2 Security for the Cloud Cloud-based Public cloud Security Services Off premise Use cloud to deliver security Secure usage of Public as-a-Service – focusing on Cloud applications – services such as vulnerability focusing on Audit, Access and scanning, web and email Secure Connectivity security, etc. Securing the Private Cloud Private cloud stack – focusing on building On premise security into the cloud infrastructure and its workloads © 2011 IBM Corporation
IBM Security Systems Cloud: Leverage solutions in each area of cloud risk IBM QRadar Security Intelligence Total visibility into virtual and cloud environments IBM Identity and Access IBM AppScan Suite Management Suite Scan cloud deployed Identity integration, provision web services users to SaaS applications and applications for Desktop single sign on vulnerabilities supporting desktop virtualization Securing Cloud with IBM Security Systems People ● Data ● Apps ● Infrastructure Security Intelligence IBM InfoSphere IBM Endpoint Manager Guardium Suite Patch and configuration Protect and monitor management of VMs access to shared IBM databases Network IPS IBM Virtual Server Protect and monitor Protection for VMware access to shared Protect VMs from databases advanced threats 2011 IBM Corporation ©
IBM Security Systems Security Intelligence is enabling progress to optimized security Security Intelligence: Information and event management Advanced correlation and deep analytics Security Intelligence External threat research Optimize d Role based Advanced network analytics Secure app monitoring Data flow analytics engineering Identity governance processes Forensics / data Data governance mining Privileged user Fraud detection controls Secure systems Database Virtualization User provisioning vulnerability security monitoring Application firewall Proficien Access mgmt Asset mgmt t Access monitoring Source code Strong scanning Endpoint / network authentication Data loss security prevention management Encryption Application Perimeter security Basic Centralized directory Access control scanning Anti-virus People Data Applications Infrastructure © 2012 IBM Corporation
IBM Security Systems Intelligent solutions provide the DNA to secure a Smarter Planet Security Intelligenc e People Data Applications Infrastructure © 2012 IBM Corporation
IBM Security Systems Thank You © 2012 IBM Corporation © 2011 IBM Corporation

Recommended

Data Leakage Prevention
Data Leakage Prevention Data Leakage Prevention
Data Leakage Prevention Dhananjay Aloorkar
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threatsisc2dfw
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 

Recommended

Data Leakage Prevention
Data Leakage Prevention Data Leakage Prevention
Data Leakage Prevention Dhananjay Aloorkar
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMANAND MURALI
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
Cyber Security Emerging Threats
Cyber Security Emerging ThreatsCyber Security Emerging Threats
Cyber Security Emerging Threatsisc2dfw
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Mobile Network Attack Evolution
Mobile Network Attack EvolutionMobile Network Attack Evolution
Mobile Network Attack EvolutionPositive Hack Days
 
OWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxOWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxChandan Singh Ghodela
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations centerCyberhat
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacksRahul
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREADchuckbt
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Physical Security
Physical SecurityPhysical Security
Physical Securitykavitha muneeshwaran
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISNull Bhubaneswar
 
Windows Security Crash Course
Windows Security Crash CourseWindows Security Crash Course
Windows Security Crash CourseUTD Computer Security Group
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
cyber security
cyber security cyber security
cyber security sumitbajpeyee
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminskyDan Kaminsky
 
Ma Elena Sabogal U Tolima
Ma Elena Sabogal U TolimaMa Elena Sabogal U Tolima
Ma Elena Sabogal U Tolimamariahelena1
 
Victorianlondon
VictorianlondonVictorianlondon
Victorianlondonguest059a25
 

More Related Content

What's hot

Operational Security
Operational SecurityOperational Security
Operational SecuritySplunk
 
Mobile Network Attack Evolution
Mobile Network Attack EvolutionMobile Network Attack Evolution
Mobile Network Attack EvolutionPositive Hack Days
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10Pawel Rzepa
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations centerCyberhat
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacksRahul
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREADchuckbt
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 

What's hot (20)

Operational Security
Operational SecurityOperational Security
Operational Security
 
Mobile Network Attack Evolution
Mobile Network Attack EvolutionMobile Network Attack Evolution
Mobile Network Attack Evolution
 
OWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptxOWASP Risk Rating Methodology.pptx
OWASP Risk Rating Methodology.pptx
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations center
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacks
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USM
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Physical Security
Physical SecurityPhysical Security
Physical Security
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
 
Windows Security Crash Course
Windows Security Crash CourseWindows Security Crash Course
Windows Security Crash Course
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
cyber security
cyber security cyber security
cyber security
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 

Viewers also liked

Ma Elena Sabogal U Tolima
Ma Elena Sabogal U TolimaMa Elena Sabogal U Tolima
Ma Elena Sabogal U Tolimamariahelena1
 
исследование корпоративной культуры компании билайн
исследование корпоративной культуры компании билайнисследование корпоративной культуры компании билайн
исследование корпоративной культуры компании билайнguest9144227
 
исследование корпоративной культуры компании билайн
исследование корпоративной культуры компании билайнисследование корпоративной культуры компании билайн
исследование корпоративной культуры компании билайнguest9144227
 
Prezentacija nacrta stretegije protiv trgovine ljudima
Prezentacija nacrta stretegije protiv trgovine ljudimaPrezentacija nacrta stretegije protiv trgovine ljudima
Prezentacija nacrta stretegije protiv trgovine ljudima"Freedom has no price!"
 
Innovation Through Vertical Integration
Innovation Through Vertical IntegrationInnovation Through Vertical Integration
Innovation Through Vertical IntegrationOla Blomgren
 
Zagreb cooperation go plus ngo serbia ppt 2003
Zagreb cooperation go plus ngo serbia ppt 2003Zagreb cooperation go plus ngo serbia ppt 2003
Zagreb cooperation go plus ngo serbia ppt 2003"Freedom has no price!"
 
Sedie ambiente ufficio
Sedie ambiente ufficioSedie ambiente ufficio
Sedie ambiente ufficioCarlo Manara
 
Danses catalanes
Danses catalanesDanses catalanes
Danses catalanesmasoco
 
European Castles
European CastlesEuropean Castles
European Castlesdalekbgd
 

Viewers also liked (20)

Ma Elena Sabogal U Tolima
Ma Elena Sabogal U TolimaMa Elena Sabogal U Tolima
Ma Elena Sabogal U Tolima
 
Victorianlondon
VictorianlondonVictorianlondon
Victorianlondon
 
исследование корпоративной культуры компании билайн
исследование корпоративной культуры компании билайнисследование корпоративной культуры компании билайн
исследование корпоративной культуры компании билайн
 
исследование корпоративной культуры компании билайн
исследование корпоративной культуры компании билайнисследование корпоративной культуры компании билайн
исследование корпоративной культуры компании билайн
 
Prezentacija nacrta stretegije protiv trgovine ljudima
Prezentacija nacrta stretegije protiv trgovine ljudimaPrezentacija nacrta stretegije protiv trgovine ljudima
Prezentacija nacrta stretegije protiv trgovine ljudima
 
Innovation Through Vertical Integration
Innovation Through Vertical IntegrationInnovation Through Vertical Integration
Innovation Through Vertical Integration
 
Gskaraoke01
Gskaraoke01Gskaraoke01
Gskaraoke01
 
Zagreb cooperation go plus ngo serbia ppt 2003
Zagreb cooperation go plus ngo serbia ppt 2003Zagreb cooperation go plus ngo serbia ppt 2003
Zagreb cooperation go plus ngo serbia ppt 2003
 
herme,informatica
herme,informaticaherme,informatica
herme,informatica
 
 
Jimmys
JimmysJimmys
Jimmys
 
Prezentacija za sastanak koordinatora
Prezentacija za sastanak koordinatoraPrezentacija za sastanak koordinatora
Prezentacija za sastanak koordinatora
 
Hidden Profit
Hidden ProfitHidden Profit
Hidden Profit
 
Parts components
Parts componentsParts components
Parts components
 
Sedie ambiente ufficio
Sedie ambiente ufficioSedie ambiente ufficio
Sedie ambiente ufficio
 
Danses catalanes
Danses catalanesDanses catalanes
Danses catalanes
 
European Castles
European CastlesEuropean Castles
European Castles
 
Onday
OndayOnday
Onday
 
Putujmo bezbedno YUTA
Putujmo bezbedno YUTAPutujmo bezbedno YUTA
Putujmo bezbedno YUTA
 
Navidad
NavidadNavidad
Navidad
 

Similar to Cio ciso security_strategyv1.1

Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009apompliano
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud SecurityIT@Intel
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
Security and Mobile Application Management with Worklight
Security and Mobile Application Management with WorklightSecurity and Mobile Application Management with Worklight
Security and Mobile Application Management with WorklightIBM WebSphereIndia
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaMicrosoft Singapore
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USIBM Danmark
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012Nicolai Henriksen
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Securityebuc
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIBM Switzerland
 

Similar to Cio ciso security_strategyv1.1 (20)

Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
 
Best Practices for Cloud Security
Best Practices for Cloud SecurityBest Practices for Cloud Security
Best Practices for Cloud Security
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
Security and Mobile Application Management with Worklight
Security and Mobile Application Management with WorklightSecurity and Mobile Application Management with Worklight
Security and Mobile Application Management with Worklight
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
 
Sccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estoninaSccm 2012 overview - chris_estonina
Sccm 2012 overview - chris_estonina
 
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM USUdløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
Udløs potentialet i Enterprise Mobility, Vijay Dheap, IBM US
 
NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012NIC2012 - System Center Endpoint Protection 2012
NIC2012 - System Center Endpoint Protection 2012
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint Protection
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 

Cio ciso security_strategyv1.1

  • 1. IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
  • 2. IBM Security Systems Solving a security issue is a complex, four-dimensional puzzle Employees Hackers Outsourcers Outsourcers Suppliers People Consultants Terrorists Customers Customers Data Structured Structured Unstructured Unstructured At rest In motion In motion Systems Systems Web Mobile Applications Web 2.0 Web 2.0 Mobile apps applications Applications Applications Applications Infrastructur e Attempting to protect the perimeter is not enough – siloed point products JK 2012-04-26 and traditional defenses cannot adequately secure the enterprise © 2011 IBM Corporation
  • 3. IBM Security Systems Security teams must shift from a conventional “defense-in-depth” mindset and begin thinking like an attacker… Audit, Patch & Block Detect, Analyze & Remediate Think like a defender, Think like an attacker, defense-in-depth mindset counter intelligence mindset  Protect all assets  Protect high value assets  Emphasize the perimeter  Emphasize the data  Patch systems  Harden targets and weakest links  Use signature-based detection  Use anomaly-based detection  Scan endpoints for malware  Baseline system behavior  Read the latest news  Consume threat feeds  Collect logs  Collect everything  Conduct manual interviews  Automate correlation and analytics  Shut down systems  Gather and preserve evidence Broad Targete d © 2011 IBM Corporation
  • 4. IBM Security Systems …By identifying and combining subtle indicators of targeted attacks  User behaves in risky manner 1 Spear phishing  Receives enterprise e-mail from and 0-day attack personal social network  Anomalous device and network Backdoor or behavior 2 malware is  DNS query to known malicious Command installed & Control (CnC) hosts  Abnormal traffic patterns  Anomalous user behavior 3 Lateral movement  Device is contacting new hosts  Anomalous network pattern  Anomalous user behavior 4 Data acquisition  Data access patterns abnormal and aggregation  Data rapidly aggregating  Movement of valuable data 5  Users accessing too many Data exfiltration Command resources & Control (CnC)  Device contacting unknown hosts © 2011 IBM Corporation
  • 5. IBM Security Systems IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework IBM Security Systems  IBM Security Framework built on the foundation of COBIT and ISO standards  End-to-end coverage of the security domains  Managed and Professional Services to help clients secure the enterprise © 2011 IBM Corporation
  • 6. IBM Security Systems Intelligence: A comprehensive portfolio of products and services across all domains © 2011 IBM Corporation
  • 7. IBM Security Systems Integration: Increase security, collapse silos, and reduce complexity  Consolidate and correlate  Customize protection  Stay ahead of the changing siloed information from capabilities to block specific threat landscape vulnerabilities using scan hundreds of sources  Designed to help detect the results  Designed to help detect, notify latest vulnerabilities, exploits  Converge access and respond to threats missed and malware management with web service by other security solutions  Add security intelligence to gateways  Automate compliance tasks non-intelligent systems  Link identity information with and assess risks JK 2012-04-26 database security © 2011 IBM Corporation
  • 8. IBM Security Systems IBM Identity and Access Management Vision Key Themes Standardized IAM Secure Cloud, Mobile, Insider Threat and Compliance Social Interaction and IAM Governance Management Enhance context-based access Continue to develop Privileged Identity Expand IAM vertically to provide control for cloud, mobile and Management (PIM) capabilities identity and access intelligence SaaS access, as well as and enhanced Identity and Role to the business; Integrate integration with proofing, management horizontally to enforce user validation and authentication access to data, app, and solutions infrastructure © 2011 IBM Corporation
  • 9. IBM Security Systems Data Security Vision Across Multiple Deployment Models Key Themes Reduced Total Cost Enhanced Compliance Dynamic of Ownership Management Data Protection Expanded support for databases and Enhanced Database Vulnerability Data masking capabilities for unstructured data, automation, Assessment (VA) and Database databases (row level, role level) handling and analysis of large Protection Subscription Service and for applications (pattern volumes of audit records, and (DPS) with improved update based, form based) to safeguard new preventive capabilities frequency, labels for specific sensitive and confidential data regulations, and product integrations © 2011 IBM Corporation
  • 10. IBM Security Systems Application Security Vision Key Themes Coverage for Mobile Simplified interface and Security Intelligence applications and accelerated ROI Integration new threats New capabilities to improve customer Automatically adjust threat levels Continue to identify and reduce risk time to value and consumability based on knowledge of by expanding scanning with out-of-the-box scanning, application vulnerabilities by capabilities to new platforms static analysis templates and integrating and analyzing scan such as mobile, as well as ease of use features results with SiteProtector and introducing next generation the QRadar Security Intelligence dynamic analysis scanning and Platform glass box testing © 2011 IBM Corporation
  • 11. IBM Security Systems Threat Protection Vision Security Network Intelligence Risk Log Manager SIEM Activity Future Platform Manager Monitor Threat Intelligence Vulnerability Data Malicious Websites Malware Information IP Reputation and Research Advanced Threat Content Web Network Intrusion Protection and Data Application Anomaly Future Prevention Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Helps to prevent sophisticated threats Increased coverage of world-wide Tight integration between the and detect abnormal network threat intelligence harvested by Advanced Threat Protection behavior by using an extensible X-Force and the consumption of Platform and QRadar Security set of network security this data to make smarter and Intelligence platform to provide capabilities - in conjunction with more accurate security decisions unique and meaningful ways to real-time threat information and detect, investigate and Security Intelligence remediate threats © 2011 IBM Corporation
  • 12. IBM Security Systems Infrastructure Protection – Endpoint and Server Vision Key Themes Security for Expansion of Security Intelligence Mobile Devices Security Content Integration Provide security for and manage Continued expansion of security Improved usage of analytics - traditional endpoints alongside configuration and vulnerability providing valuable insights to mobile devices such as Apple content to increase coverage for meet compliance and IT security iOS, Google Android, Symbian, applications, operating systems, objectives, as well as further and Microsoft Windows Phone - and industry best practices integration with SiteProtector using a single platform and the QRadar Security Intelligence Platform © 2011 IBM Corporation
  • 13. IBM Security Systems Expertise: New services organization designed to help the CISO Managed and Professional Services to help clients assess their security maturity, identify areas of vulnerability, and design and deploy internal and/or managed security solutions The 10 Security Essentials for the CIO are customer on-ramps building a more optimized security posture Essential Practices © 2011 IBM Corporation
  • 14. IBM Security Systems Solutions for the full Security Intelligence timeline Are we configured What are the external and What is happening right to protect against What was the impact? internal threats? now? these threats? Prediction & Prevention Reaction & Remediation Risk Management. Vulnerability Management. Network and Host Intrusion Prevention. Configuration and Patch Management. Network Anomaly Detection. Packet Forensics. X-Force Research and Threat Intelligence. Database Activity Monitoring. Data Leak Prevention. Compliance Management. Reporting and Scorecards. SIEM. Log Management. Incident Response. © 2011 IBM Corporation
  • 15. IBM Security Systems Security Intelligence: Integrating across IT silos with Security Intelligence solutions Security Devices Servers & Hosts Event Correlation • Logs • IP Reputation Network & Virtual Activity • Flows • Geo Location Database Activity Offense Identification Activity Baselining & Anomaly • Credibility Detection • Severity Application Activity • Relevance • User Activity Configuration Info • Database Activity • Application Activity Vulnerability Info • Network Activity User Activity Suspected Incidents Extensive Data Deep Exceptionally Accurate and Sources + Intelligence = Actionable Insight JK 2012-04-26 © 2011 IBM Corporation
  • 16. IBM Security Systems Security Intelligence: QRadar provides security visibility IBM X-Force® Threat Real-time Security Overview Information Center w/ IP Reputation Correlation Identity and Real-time Network Visualization User Context and Application Statistics Inbound Security Events © 2011 IBM Corporation
  • 17. IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
  • 18. IBM Security Systems Advanced Persistent Threat (APT) is different 1 Advanced – Exploiting unreported vulnerabilities – Advanced, custom malware is not detected by antivirus products – Coordinated, researched attacks using multiple vectors 2 Persistent – Attacks lasting for months or years – Attackers are dedicated to the target – they will get in Threat 3 – Targeted at specific individuals and groups within an organization, aimed at compromising confidential information – Not random attacks – they are “out to get you” 4 Responding is different too – Watch, Wait, Plan … and call the FBI © 2011 IBM Corporation
  • 19. IBM Security Systems Advanced Threat: The challenging state of network security Increasingly sophisticated attacks SOPHISTICATED are using multiple attack vectors ATTACKS and increasing risk exposure Stealth Bots • Targeted Attacks Worms • Trojans • Designer Malware Streaming media sites are STREAMING consuming large amounts of MEDIA bandwidth Social media sites present SOCIAL productivity, privacy and security NETWORKING risks including new threat vectors POINT Point solutions are siloed with URL Filtering • IDS / IPS SOLUTIONS minimal integration or data sharing IM / P2P • Web App Protection Vulnerability Management © 2011 IBM Corporation
  • 20. IBM Security Systems Network Defenses: Not up to today’s challenges Current Limitations Internet  Threats continue to evolve and standard methods Stealth Bots of detection are not enough Worms, Trojans Targeted Attacks  Streaming media sites and Web applications Designer Malware introduce new security challenges  Basic “Block Only” mode limits innovative use of Firewall/VPN – port streaming and new Web apps and protocol filtering  Poorly integrated solutions create “security sprawl”, lower overall levels of security, and raise cost and complexity Requirement: Multi-faceted Protection Email Gateway – message Web Gateway – securing  0-day threat protection tightly integrated with and attachment security only web traffic only, port 80 / 443 other technologies i.e. network anomaly detection Everything Else  Ability to reduce costs associated with non- business use of applications  Controls to restrict access to social media sites Multi-faceted by a user’s role and business need Network Protection  Eliminate point solutions to reduce overall cost – security for all traffic, applications and users and complexity © 2011 IBM Corporation
  • 21. IBM Security Systems IBM Advanced Threat Protection 3 Our strategy is to protect our customers with advanced threat protection at the network layer - by strengthening and integrating network security, analytics and threat Intelligence capabilities 1. Advanced Threat Protection Platform 1 Evolves Intrusion Prevention to become a Threat Protection Platform – providing packet, content, file and session inspection to stop threats from entering the network 2. QRadar Security Intelligence Platform Builds tight integration between the Network Security products, X-Force intelligence feeds and QRadar Security Intelligence Users Infrastructure products with purpose-built analytics and reporting for threat detection and remediation 3. X-Force Threat Intelligence Increases aperture of threat intelligence information and feedback loops for our products. Leverages the existing X-Force web and email filtering data, but also expands into additional IP Reputation data sets 2 © 2011 IBM Corporation
  • 22. IBM Security Systems Advanced Threats: IBM’s vision for Threat Security Intelligence Network Activity Log Manager SIEM Risk Manager Platform Monitor Threat Intelligence Vulnerability Malicious Malware IP and Research Data Websites Information Reputation Advanced Threat Content Web Network Intrusion Application Protection and Data Application Anomaly Prevention Control Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration • Leverage extensible set of • World-wide threat intelligence • Tight integration between the network security capabilities harvested by X-Force® Advanced Threat Protection Platform and QRadar Security • Granular application control • Consumption of this data to make Intelligence platform to provide • Combine with real-time threat smarter and more accurate unique and meaningful ways to information and Security security decisions help detect, investigate and Intelligence remediate threats © 2011 IBM Corporation
  • 23. IBM Security Systems Ultimate Visibility: Understanding Who, What and When  Immediately discover which applications and web sites are being accessed  Identify misuse by application, website, and Flows Network Traffic and user B ye yee yee plo plo plo Em Em Em n o i t a c i l p p A d o o G  Understand who and what e AC n o i t a c i l p p A d o o G are consuming bandwidth n o i t a c i l p p A d a B  SIEM integration for anomaly detection and event correlation “We were able to detect Network flows can be Identity context ties Application context the Trojan “Poison Ivy” sent to QRadar for users and groups with fully classifies network within the first three hours enhanced analysis, their network activity - traffic, regardless of of deploying IBM Security correlation and going beyond IP port, protocol or anomaly detection address only policies evasion techniques Network Protection” – Australian Hospital Increase Security Reduce Costs Enable Innovation © 2011 IBM Corporation
  • 24. IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
  • 25. IBM Security Systems Mobile OS Vulnerabilities and Exploits Continued interest in Mobile vulnerabilities as enterprise users bring smartphones and tablets into the work place Attackers finally warming to the opportunities these devices represent © 2011 IBM Corporation
  • 26. IBM Security Systems Enterprises face mobile security challenges  Multiple device platforms and variants Adapting to BYOD and the  Managed devices (B2E) consumerization of IT  Data separation and protection  Threat protection  Identity of user and devices Enabling secure  Authentication, authorization and federation transactions to enterprise  User policies applications and data  Secure connectivity  Application life-cycle Developing secure  Vulnerability and penetration testing applications  Application management  Application policies  Policy management: location, geo, roles, Designing and instituting response, time policies an adaptive security  Security Intelligence posture  Reporting © 2011 IBM Corporation
  • 27. IBM Security Systems A simplified view of mobile device lifecycle management Mobile User Signs Up Mobile for On-line User Loses Access Mobile Device Application User Developers Accesses Develop Corporate Mobile Apps E-mail Mobile Client Gets Updates Build Secure Register the Securely Connect Monitor / Patch Lock / Wipe Mobile Apps Device the Device the Device the Device IBM Worklight Tivoli Endpoint IBM Mobile Tivoli Endpoint Tivoli Endpoint IBM Security Manager for Mobile Lotus Connect Manager for Mobile Manager for Mobile AppScan © 2011 IBM Corporation
  • 28. IBM Security Systems Mobility: Thinking through mobile security Over the Network At the Device For the Mobile App and Enterprise Manage device Secure Access Secure Application Set appropriate security policies • Properly identify mobile users and Utilize secure coding practices • Register • Compliance • Wipe • devices • Allow or deny access • Identify application vulnerabilities • Lock Connectivity Update applications Secure Data Monitor & Protect Integrate Securely Data separation • Leakage • Identify and stop mobile threats • Secure connectivity to enterprise Encryption Log network access, events, and applications and services anomalies Application Security Manage Applications Offline authentication • Secure Connectivity Manage applications and enterprise Application level controls Secure Connectivity from devices app store Internet Corporate Intranet Strategy  Safe usage of smartphones and tablets in the enterprise Security Manage Mobile  Secure transactions enabling customer confidence ment IBM and  Visibility and security of enterprise mobile platform © 2011 IBM Corporation
  • 29. IBM Security Systems Securing the Mobile Enterprise with IBM Solutions © 2011 IBM Corporation
  • 30. IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
  • 31. IBM Security Systems Cloud: Clients are concerned about changes that cloud adoption brings to their visibility and risk posture Private cloud Hybrid IT Public cloud In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning IT resources increases – affecting all aspects of security  Network & workload isolation  Compliance & certifications  Virtual infrastructure protection & integrity  Data jurisdiction & data security  Identity integration & privileged access  Visibility & transparency into security posture  Vulnerability management & compliance  Identity federation & access  Auditing & logging  Need for Service Level Agreements (SLAs) Clients want more visibility, confidence in their compliance posture, and integration with existing security infrastructure © 2011 IBM Corporation
  • 32. IBM Security Systems Cloud: Each pattern has its own set of key security concerns Infrastructure as a Platform-as-a-Service Innovate Software as a Service Service (IaaS): Cut IT (PaaS): Accelerate time business models (SaaS): Gain immediate expense and complexity to market with cloud by becoming a cloud access with business through cloud data centers platform services service provider solutions on cloud Cloud Enabled Cloud Platform Cloud Service Business Solutions Data Center Services Provider on Cloud Integrated service Pre-built, pre-integrated IT Advanced platform for Capabilities provided to management, automation, infrastructures tuned to creating, managing, and consumers for using a provisioning, self service application-specific needs monetizing cloud services provider’s applications Key security focus: Key security focus: Key security focus: Key security focus: Infrastructure & Identity Applications & Data Data & Compliance Compliance & Auditing  Manage identities  Secure shared databases  Isolate cloud tenants  Harden applications  Secure virtual machines  Encrypt private information  Policy and regulations  Securely federate identity  Patch default images  Build secure applications  Manage operations  Deploy access controls  Monitor all logs  Keep an audit trail  Build secure data  Encrypt communications  Network isolation  Integrate existing security centers  Manage app policies  Offer backup and resiliency Security Intelligence – threat intelligence, user activity monitoring, real time insights © 2011 IBM Corporation
  • 33. IBM Security Systems Cloud: Our focus is in two areas of cloud security 1 Security from the Cloud 2 Security for the Cloud Cloud-based Public cloud Security Services Off premise Use cloud to deliver security Secure usage of Public as-a-Service – focusing on Cloud applications – services such as vulnerability focusing on Audit, Access and scanning, web and email Secure Connectivity security, etc. Securing the Private Cloud Private cloud stack – focusing on building On premise security into the cloud infrastructure and its workloads © 2011 IBM Corporation
  • 34. IBM Security Systems Cloud: Leverage solutions in each area of cloud risk IBM QRadar Security Intelligence Total visibility into virtual and cloud environments IBM Identity and Access IBM AppScan Suite Management Suite Scan cloud deployed Identity integration, provision web services users to SaaS applications and applications for Desktop single sign on vulnerabilities supporting desktop virtualization Securing Cloud with IBM Security Systems People ● Data ● Apps ● Infrastructure Security Intelligence IBM InfoSphere IBM Endpoint Manager Guardium Suite Patch and configuration Protect and monitor management of VMs access to shared IBM databases Network IPS IBM Virtual Server Protect and monitor Protection for VMware access to shared Protect VMs from databases advanced threats 2011 IBM Corporation ©
  • 35. IBM Security Systems Security Intelligence is enabling progress to optimized security Security Intelligence: Information and event management Advanced correlation and deep analytics Security Intelligence External threat research Optimize d Role based Advanced network analytics Secure app monitoring Data flow analytics engineering Identity governance processes Forensics / data Data governance mining Privileged user Fraud detection controls Secure systems Database Virtualization User provisioning vulnerability security monitoring Application firewall Proficien Access mgmt Asset mgmt t Access monitoring Source code Strong scanning Endpoint / network authentication Data loss security prevention management Encryption Application Perimeter security Basic Centralized directory Access control scanning Anti-virus People Data Applications Infrastructure © 2012 IBM Corporation
  • 36. IBM Security Systems Intelligent solutions provide the DNA to secure a Smarter Planet Security Intelligenc e People Data Applications Infrastructure © 2012 IBM Corporation
  • 37. IBM Security Systems Thank You © 2012 IBM Corporation © 2011 IBM Corporation