More Related Content
Similar to Cio ciso security_strategyv1.1
Similar to Cio ciso security_strategyv1.1 (20)
Cio ciso security_strategyv1.1
- 1. IBM Security Systems
Agenda
The Security Landscape
Security Capabilities
Strategic Direction
• Security Intelligence
• Advanced Threats
• Mobile Security
• Cloud Computing
© 2011 IBM Corporation
- 2. IBM Security Systems
Solving a security issue is a complex, four-dimensional puzzle
Employees Hackers Outsourcers
Outsourcers Suppliers
People
Consultants Terrorists Customers
Customers
Data Structured
Structured Unstructured
Unstructured At rest In motion
In motion
Systems
Systems Web Mobile
Applications Web 2.0
Web 2.0 Mobile apps
applications
Applications Applications Applications
Infrastructur
e
Attempting to protect the perimeter is not enough – siloed point products
JK 2012-04-26
and traditional defenses cannot adequately secure the enterprise
© 2011 IBM Corporation
- 3. IBM Security Systems
Security teams must shift from a conventional “defense-in-depth”
mindset and begin thinking like an attacker…
Audit, Patch & Block Detect, Analyze & Remediate
Think like a defender, Think like an attacker,
defense-in-depth mindset counter intelligence mindset
Protect all assets Protect high value assets
Emphasize the perimeter Emphasize the data
Patch systems Harden targets and weakest links
Use signature-based detection Use anomaly-based detection
Scan endpoints for malware Baseline system behavior
Read the latest news Consume threat feeds
Collect logs Collect everything
Conduct manual interviews Automate correlation and
analytics
Shut down systems
Gather and preserve evidence
Broad Targete
d
© 2011 IBM Corporation
- 4. IBM Security Systems
…By identifying and combining subtle indicators of targeted attacks
User behaves in risky manner
1 Spear phishing Receives enterprise e-mail from
and 0-day attack personal social network
Anomalous device and network
Backdoor or behavior
2 malware is DNS query to known malicious
Command
installed & Control (CnC) hosts
Abnormal traffic patterns
Anomalous user behavior
3 Lateral movement Device is contacting new hosts
Anomalous network pattern
Anomalous user behavior
4 Data acquisition Data access patterns abnormal
and aggregation Data rapidly aggregating
Movement of valuable data
5 Users accessing too many
Data exfiltration Command resources
& Control (CnC)
Device contacting unknown hosts
© 2011 IBM Corporation
- 5. IBM Security Systems
IBM Security: Delivering intelligence, integration and expertise
across a comprehensive framework
IBM Security Systems
IBM Security Framework
built on the foundation of
COBIT and ISO standards
End-to-end coverage of the
security domains
Managed and Professional
Services to help clients
secure the enterprise
© 2011 IBM Corporation
- 7. IBM Security Systems
Integration: Increase security, collapse silos, and reduce complexity
Consolidate and correlate Customize protection
Stay ahead of the changing
siloed information from capabilities to block specific
threat landscape vulnerabilities using scan
hundreds of sources
Designed to help detect the results
Designed to help detect, notify
latest vulnerabilities, exploits Converge access
and respond to threats missed
and malware management with web service
by other security solutions
Add security intelligence to gateways
Automate compliance tasks
non-intelligent systems Link identity information with
and assess risks
JK 2012-04-26
database security
© 2011 IBM Corporation
- 8. IBM Security Systems
IBM Identity and Access Management Vision
Key Themes
Standardized IAM Secure Cloud, Mobile, Insider Threat
and Compliance Social Interaction and IAM Governance
Management Enhance context-based access Continue to develop Privileged Identity
Expand IAM vertically to provide control for cloud, mobile and Management (PIM) capabilities
identity and access intelligence SaaS access, as well as and enhanced Identity and Role
to the business; Integrate integration with proofing, management
horizontally to enforce user validation and authentication
access to data, app, and solutions
infrastructure © 2011 IBM Corporation
- 9. IBM Security Systems
Data Security Vision
Across Multiple
Deployment
Models
Key Themes
Reduced Total Cost Enhanced Compliance Dynamic
of Ownership Management Data Protection
Expanded support for databases and Enhanced Database Vulnerability Data masking capabilities for
unstructured data, automation, Assessment (VA) and Database databases (row level, role level)
handling and analysis of large Protection Subscription Service and for applications (pattern
volumes of audit records, and (DPS) with improved update based, form based) to safeguard
new preventive capabilities frequency, labels for specific sensitive and confidential data
regulations, and product
integrations
© 2011 IBM Corporation
- 10. IBM Security Systems
Application Security Vision
Key Themes
Coverage for Mobile Simplified interface and Security Intelligence
applications and accelerated ROI Integration
new threats New capabilities to improve customer Automatically adjust threat levels
Continue to identify and reduce risk time to value and consumability based on knowledge of
by expanding scanning with out-of-the-box scanning, application vulnerabilities by
capabilities to new platforms static analysis templates and integrating and analyzing scan
such as mobile, as well as ease of use features results with SiteProtector and
introducing next generation the QRadar Security Intelligence
dynamic analysis scanning and Platform
glass box testing © 2011 IBM Corporation
- 11. IBM Security Systems
Threat Protection Vision
Security Network
Intelligence Risk
Log Manager SIEM Activity Future
Platform Manager
Monitor
Threat
Intelligence Vulnerability Data Malicious Websites Malware Information IP Reputation
and Research
Advanced
Threat Content Web Network
Intrusion
Protection and Data Application Anomaly Future
Prevention
Platform Security Protection Detection
IBM
Network
Security
Advanced Threat Expanded X-Force Security Intelligence
Protection Platform Threat Intelligence Integration
Helps to prevent sophisticated threats Increased coverage of world-wide Tight integration between the
and detect abnormal network threat intelligence harvested by Advanced Threat Protection
behavior by using an extensible X-Force and the consumption of Platform and QRadar Security
set of network security this data to make smarter and Intelligence platform to provide
capabilities - in conjunction with more accurate security decisions unique and meaningful ways to
real-time threat information and detect, investigate and
Security Intelligence remediate threats
© 2011 IBM Corporation
- 12. IBM Security Systems
Infrastructure Protection – Endpoint and Server Vision
Key Themes
Security for Expansion of Security Intelligence
Mobile Devices Security Content Integration
Provide security for and manage Continued expansion of security Improved usage of analytics -
traditional endpoints alongside configuration and vulnerability providing valuable insights to
mobile devices such as Apple content to increase coverage for meet compliance and IT security
iOS, Google Android, Symbian, applications, operating systems, objectives, as well as further
and Microsoft Windows Phone - and industry best practices integration with SiteProtector
using a single platform and the QRadar Security
Intelligence Platform
© 2011 IBM Corporation
- 13. IBM Security Systems
Expertise: New services organization designed to help the CISO
Managed and Professional Services to help clients
assess their security maturity, identify areas of vulnerability, and
design and deploy internal and/or managed security solutions
The 10 Security Essentials for the CIO are customer on-ramps
building a more optimized security posture
Essential Practices
© 2011 IBM Corporation
- 14. IBM Security Systems
Solutions for the full Security Intelligence timeline
Are we configured
What are the external and What is happening right
to protect against What was the impact?
internal threats? now?
these threats?
Prediction & Prevention Reaction & Remediation
Risk Management. Vulnerability Management. Network and Host Intrusion Prevention.
Configuration and Patch Management. Network Anomaly Detection. Packet Forensics.
X-Force Research and Threat Intelligence. Database Activity Monitoring. Data Leak Prevention.
Compliance Management. Reporting and Scorecards. SIEM. Log Management. Incident Response.
© 2011 IBM Corporation
- 15. IBM Security Systems
Security Intelligence: Integrating across IT silos with
Security Intelligence solutions
Security Devices
Servers & Hosts
Event Correlation
• Logs • IP Reputation
Network & Virtual Activity
• Flows • Geo Location
Database Activity Offense Identification
Activity Baselining & Anomaly • Credibility
Detection • Severity
Application Activity
• Relevance
• User Activity
Configuration Info • Database Activity
• Application Activity
Vulnerability Info • Network Activity
User Activity Suspected Incidents
Extensive Data Deep Exceptionally Accurate and
Sources + Intelligence = Actionable Insight
JK 2012-04-26
© 2011 IBM Corporation
- 16. IBM Security Systems
Security Intelligence: QRadar provides security visibility
IBM X-Force® Threat Real-time Security Overview
Information Center w/ IP Reputation Correlation
Identity and
Real-time Network Visualization
User Context
and Application Statistics Inbound
Security Events
© 2011 IBM Corporation
- 17. IBM Security Systems
Agenda
The Security Landscape
Security Capabilities
Strategic Direction
• Security Intelligence
• Advanced Threats
• Mobile Security
• Cloud Computing
© 2011 IBM Corporation
- 18. IBM Security Systems
Advanced Persistent Threat (APT) is different
1 Advanced
– Exploiting unreported vulnerabilities
– Advanced, custom malware is not detected by antivirus products
– Coordinated, researched attacks using multiple vectors
2 Persistent
– Attacks lasting for months or years
– Attackers are dedicated to the target – they will get in
Threat
3
– Targeted at specific individuals and groups within an
organization, aimed at compromising confidential information
– Not random attacks – they are “out to get you”
4 Responding is different too – Watch,
Wait, Plan … and call the FBI
© 2011 IBM Corporation
- 19. IBM Security Systems
Advanced Threat: The challenging state of network security
Increasingly sophisticated attacks
SOPHISTICATED are using multiple attack vectors
ATTACKS and increasing risk exposure
Stealth Bots • Targeted Attacks
Worms • Trojans • Designer Malware
Streaming media sites are
STREAMING consuming large amounts of
MEDIA bandwidth
Social media sites present
SOCIAL productivity, privacy and security
NETWORKING risks including new threat vectors
POINT Point solutions are siloed with
URL Filtering • IDS / IPS SOLUTIONS minimal integration or data sharing
IM / P2P • Web App Protection
Vulnerability Management
© 2011 IBM Corporation
- 20. IBM Security Systems
Network Defenses: Not up to today’s challenges
Current Limitations Internet
Threats continue to evolve and standard methods
Stealth Bots
of detection are not enough Worms, Trojans
Targeted Attacks
Streaming media sites and Web applications Designer Malware
introduce new security challenges
Basic “Block Only” mode limits innovative use of Firewall/VPN – port
streaming and new Web apps and protocol filtering
Poorly integrated solutions create “security
sprawl”, lower overall levels of security, and raise
cost and complexity
Requirement: Multi-faceted Protection
Email Gateway – message Web Gateway – securing
0-day threat protection tightly integrated with and attachment security only web traffic only, port 80 / 443
other technologies i.e. network anomaly detection
Everything Else
Ability to reduce costs associated with non-
business use of applications
Controls to restrict access to social media sites
Multi-faceted
by a user’s role and business need Network Protection
Eliminate point solutions to reduce overall cost – security for all traffic,
applications and users
and complexity
© 2011 IBM Corporation
- 21. IBM Security Systems
IBM Advanced Threat Protection
3
Our strategy is to protect our customers with advanced threat
protection at the network layer - by strengthening and integrating
network security, analytics and threat Intelligence capabilities
1. Advanced Threat Protection Platform 1
Evolves Intrusion Prevention to become a Threat Protection
Platform – providing packet, content, file and session inspection
to stop threats from entering the network
2. QRadar Security Intelligence Platform
Builds tight integration between the Network Security products,
X-Force intelligence feeds and QRadar Security Intelligence Users Infrastructure
products with purpose-built analytics and reporting for threat
detection and remediation
3. X-Force Threat Intelligence
Increases aperture of threat intelligence information and
feedback loops for our products. Leverages the existing
X-Force web and email filtering data, but also expands into
additional IP Reputation data sets
2
© 2011 IBM Corporation
- 22. IBM Security Systems
Advanced Threats: IBM’s vision for Threat
Security
Intelligence Network Activity
Log Manager SIEM Risk Manager
Platform Monitor
Threat
Intelligence Vulnerability Malicious Malware IP
and Research Data Websites Information Reputation
Advanced
Threat Content Web Network
Intrusion Application
Protection and Data Application Anomaly
Prevention Control
Platform Security Protection Detection
IBM Network
Security
Advanced Threat Expanded X-Force Security Intelligence
Protection Platform Threat Intelligence Integration
• Leverage extensible set of • World-wide threat intelligence • Tight integration between the
network security capabilities harvested by X-Force® Advanced Threat Protection
Platform and QRadar Security
• Granular application control • Consumption of this data to make
Intelligence platform to provide
• Combine with real-time threat smarter and more accurate
unique and meaningful ways to
information and Security security decisions
help detect, investigate and
Intelligence remediate threats
© 2011 IBM Corporation
- 23. IBM Security Systems
Ultimate Visibility: Understanding Who, What and When
Immediately discover
which applications and web
sites are being accessed
Identify misuse by
application, website,
and Flows
Network Traffic
and user
B ye yee
yee plo plo
plo Em Em
Em
n
o
i
t
a
c
i
l
p
p
A
d
o
o
G
Understand who and what
e AC
n
o
i
t
a
c
i
l
p
p
A
d
o
o
G
are consuming bandwidth
n
o
i
t
a
c
i
l
p
p
A
d
a
B
SIEM integration for
anomaly detection and
event correlation
“We were able to detect Network flows can be Identity context ties Application context
the Trojan “Poison Ivy” sent to QRadar for users and groups with fully classifies network
within the first three hours enhanced analysis, their network activity - traffic, regardless of
of deploying IBM Security correlation and going beyond IP port, protocol or
anomaly detection address only policies evasion techniques
Network Protection”
– Australian Hospital
Increase Security Reduce Costs Enable Innovation
© 2011 IBM Corporation
- 24. IBM Security Systems
Agenda
The Security Landscape
Security Capabilities
Strategic Direction
• Security Intelligence
• Advanced Threats
• Mobile Security
• Cloud Computing
© 2011 IBM Corporation
- 25. IBM Security Systems
Mobile OS Vulnerabilities and Exploits
Continued interest
in Mobile vulnerabilities as
enterprise users bring
smartphones and tablets into
the work place
Attackers finally
warming to the opportunities
these devices represent
© 2011 IBM Corporation
- 26. IBM Security Systems
Enterprises face mobile security challenges
Multiple device platforms and variants
Adapting to BYOD and the Managed devices (B2E)
consumerization of IT Data separation and protection
Threat protection
Identity of user and devices
Enabling secure Authentication, authorization and federation
transactions to enterprise User policies
applications and data Secure connectivity
Application life-cycle
Developing secure Vulnerability and penetration testing
applications Application management
Application policies
Policy management: location, geo, roles,
Designing and instituting
response, time policies
an adaptive security Security Intelligence
posture Reporting
© 2011 IBM Corporation
- 27. IBM Security Systems
A simplified view of mobile device lifecycle
management
Mobile
User
Signs Up Mobile
for On-line User Loses
Access Mobile Device
Application User
Developers Accesses
Develop Corporate
Mobile Apps E-mail Mobile
Client Gets
Updates
Build Secure Register the Securely Connect Monitor / Patch Lock / Wipe
Mobile Apps Device the Device the Device the Device
IBM Worklight Tivoli Endpoint IBM Mobile Tivoli Endpoint Tivoli Endpoint
IBM Security Manager for Mobile Lotus Connect Manager for Mobile Manager for Mobile
AppScan
© 2011 IBM Corporation
- 28. IBM Security Systems
Mobility: Thinking through mobile security
Over the Network
At the Device For the Mobile App
and Enterprise
Manage device Secure Access Secure Application
Set appropriate security policies • Properly identify mobile users and Utilize secure coding practices •
Register • Compliance • Wipe • devices • Allow or deny access • Identify application vulnerabilities •
Lock Connectivity Update applications
Secure Data Monitor & Protect Integrate Securely
Data separation • Leakage • Identify and stop mobile threats • Secure connectivity to enterprise
Encryption Log network access, events, and applications and services
anomalies
Application Security Manage Applications
Offline authentication • Secure Connectivity Manage applications and enterprise
Application level controls Secure Connectivity from devices app store
Internet
Corporate
Intranet
Strategy
Safe usage of smartphones and tablets in the enterprise
Security
Manage
Mobile
Secure transactions enabling customer confidence
ment
IBM
and
Visibility and security of enterprise mobile platform
© 2011 IBM Corporation
- 30. IBM Security Systems
Agenda
The Security Landscape
Security Capabilities
Strategic Direction
• Security Intelligence
• Advanced Threats
• Mobile Security
• Cloud Computing
© 2011 IBM Corporation
- 31. IBM Security Systems
Cloud: Clients are concerned about changes that cloud adoption
brings to their visibility and risk posture
Private cloud Hybrid IT Public cloud
In a cloud environment, access expands, responsibilities change,
control shifts, and the speed of provisioning IT resources increases
– affecting all aspects of security
Network & workload isolation Compliance & certifications
Virtual infrastructure protection & integrity Data jurisdiction & data security
Identity integration & privileged access Visibility & transparency into security posture
Vulnerability management & compliance Identity federation & access
Auditing & logging Need for Service Level Agreements (SLAs)
Clients want more visibility, confidence in their compliance posture,
and integration with existing security infrastructure
© 2011 IBM Corporation
- 32. IBM Security Systems
Cloud: Each pattern has its own set of key security concerns
Infrastructure as a Platform-as-a-Service Innovate Software as a Service
Service (IaaS): Cut IT (PaaS): Accelerate time business models (SaaS): Gain immediate
expense and complexity to market with cloud by becoming a cloud access with business
through cloud data centers platform services service provider solutions on cloud
Cloud Enabled Cloud Platform Cloud Service Business Solutions
Data Center Services Provider on Cloud
Integrated service Pre-built, pre-integrated IT Advanced platform for Capabilities provided to
management, automation, infrastructures tuned to creating, managing, and consumers for using a
provisioning, self service application-specific needs monetizing cloud services provider’s applications
Key security focus: Key security focus: Key security focus: Key security focus:
Infrastructure & Identity Applications & Data Data & Compliance Compliance & Auditing
Manage identities Secure shared databases Isolate cloud tenants Harden applications
Secure virtual machines Encrypt private information Policy and regulations Securely federate identity
Patch default images Build secure applications Manage operations Deploy access controls
Monitor all logs Keep an audit trail Build secure data Encrypt communications
Network isolation Integrate existing security centers Manage app policies
Offer backup and
resiliency
Security Intelligence – threat intelligence, user activity monitoring, real time insights
© 2011 IBM Corporation
- 33. IBM Security Systems
Cloud: Our focus is in two areas of cloud security
1 Security from the Cloud 2 Security for the Cloud
Cloud-based Public cloud
Security Services Off premise
Use cloud to deliver security Secure usage of Public
as-a-Service – focusing on Cloud applications –
services such as vulnerability focusing on Audit, Access and
scanning, web and email Secure Connectivity
security, etc.
Securing the Private Cloud Private cloud
stack – focusing on building On premise
security into the cloud
infrastructure and its workloads
© 2011 IBM Corporation
- 34. IBM Security Systems
Cloud: Leverage solutions in each area of cloud risk
IBM QRadar
Security Intelligence
Total visibility into
virtual and cloud
environments
IBM Identity and Access IBM AppScan Suite
Management Suite Scan cloud deployed
Identity integration, provision web services
users to SaaS applications and applications for
Desktop single sign on vulnerabilities
supporting desktop
virtualization
Securing Cloud
with IBM Security Systems
People ● Data ● Apps ● Infrastructure
Security Intelligence
IBM InfoSphere IBM Endpoint Manager
Guardium Suite Patch and configuration
Protect and monitor management of VMs
access to shared IBM
databases Network IPS IBM Virtual Server
Protect and monitor Protection for VMware
access to shared Protect VMs from
databases advanced threats 2011 IBM Corporation
©
- 35. IBM Security Systems
Security Intelligence is enabling progress to optimized security
Security Intelligence:
Information and event management
Advanced correlation and deep analytics
Security
Intelligence External threat research
Optimize
d Role based Advanced network
analytics Secure app monitoring
Data flow analytics engineering
Identity governance processes Forensics / data
Data governance mining
Privileged user Fraud detection
controls Secure systems
Database Virtualization
User provisioning vulnerability security
monitoring Application firewall
Proficien Access mgmt Asset mgmt
t Access monitoring Source code
Strong scanning Endpoint / network
authentication Data loss security
prevention management
Encryption Application Perimeter security
Basic Centralized directory
Access control scanning Anti-virus
People Data Applications Infrastructure
© 2012 IBM Corporation
- 36. IBM Security Systems
Intelligent solutions provide the DNA to secure a Smarter Planet
Security
Intelligenc
e
People
Data
Applications
Infrastructure
© 2012 IBM Corporation