SlideShare une entreprise Scribd logo

PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson

Télécharger en tant que PPT, PDF
IBM Danmark
IBM Danmark

Præsentation fra PCTY 2012 v. Michael Andersson

Technologie
1  sur  41
X-Force 2011 Trend and Risk Report & Advanced Threat Protection Platform Optimizing the World’s Infrastructure May 2012 © 2012 IBM Corporation
Please note: • IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. • Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. • The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. • Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 2
Agenda • X-Force overview • Highlights from the 2011 IBM X-Force Trend and Risk Report – New attack activity – Progress in internet security – New challenges from mobile and cloud 3
X-Force research X-Force Research IBMThe missionteam isand development of the to: X-Force® research 14B analyzed Web pages & images 40M spam & phishing attacks 54K documented vulnerabilities 13B security events daily  Research and evaluate threat and protection issues  Deliver security protection for today’s security problems Provides Specific Analysis of:  Develop new technology for tomorrow’s security challenges  Educate the media and user communities • Vulnerabilities & exploits • Malicious/Unwanted websites 4
2011: Year of the security breach 5
Key Messages from the 2011 Trend Report • New Attack Activity – Rise in Shell Command Injection attacks – Spikes in SSH Brute Forcing – Rise in phishing based malware distribution and click fraud • Progress in Internet Security – Fewer exploit releases – Fewer web application vulnerabilities 6
SQL injection attacks against web servers 7
Shell Command Injection attacks 8
SSH brute force activity 9
Explosion of phishing based malware distribution and click fraud 10
MAC malware • 2011 has seen the most activity in the Mac malware world. – Not only in volume compared to previous years, but also in functionality. • In 2011, we started seeing Mac malware with functionalities that we’ve only seen before in Windows® malware. 11
Key Messages from the 2011 Trend Report • New Attack Activity –Rise in Shell Command Injection attacks – Spikes in SSH Brute Forcing – Rise in phishing based malware distribution and click fraud • Progress in Internet Security – Fewer exploit releases – Fewer web application vulnerabilities 12
Public exploit disclosures • Total number of exploit releases down to a number not seen since 2006 – Also down as a percentage of vulnerabilities 13
Public exploits 14
Decline in web application vulnerabilities • In 2011, 41% of security vulnerabilities affected web applications – Down from 49% in 2010 – Lowest percentage seen since 2005 15
Key Messages from the 2011 Trend Report • New Attack Activity –Rise in Shell Command Injection attacks – Spikes in SSH Brute Forcing – Rise in phishing based malware distribution and click fraud • Progress in Internet Security – Fewer exploit releases – Fewer web application vulnerabilities 16
Mobile OS vulnerabilities & exploits • Continued interest in Mobile vulnerabilities as enterprise users request a “bring your own device” (BYOD) strategy for the workplace • Attackers finding these devices represent lucrative new attack opportunities 17
Social Networking – no longer a fringe pastime • Attackers finding social networks ripe with valuable informaiton they can mine to build intelligence about organizations and its staff: – Scan corporate websites, Google, Google News – Who works there? What are their titles? 18 18
Introducing IBM’s Advanced Threat Protection Platform
IBM Security Framework Enterprise Governance, Risk and Compliance Management IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition) IBM Security Portfolio IT GRC Analytics & Reporting QRadar QRadar Log QRadar IBM Privacy, Audit and SIEM Manager Risk Manager Compliance Assessment Services Security Consulting IT Infrastructure – Operational Security Domains People Data Applications Infrastructure Network Endpoint Identity & Access Guardium AppScan Network Endpoint Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix) Managed Services Federated Optim DataPower Server and zSecure suite Identity Manager Data Masking Security Gateway Virtualization Security Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems) X-Force Data Security Application and IBM Managed Firewall, Identity Assessment, Assessment Service Assessment Service Research Unified Threat and Penetration Deployment and Intrusion Prevention Testing Services Hosting Services Encryption and AppScan OnDemand Services DLP Deployment Software as a Service 20
Advanced Threats: The sophistication of Cyber threats, attackers and motives is rapidly escalating 1995 – 2005 2005 – 2015 1 Decade of the Commercial Internet st 2 Decade of the Commercial Internet nd Motive Nation-state Actors; National Security Targeted Attacks / Advanced Persistent Threat Espionage, Competitors, Hacktivists Political Activism Monetary Gain Organized Crime, using sophisticated tools Revenge Insiders, using inside information Curiosity Script-kiddies or hackers using tools, web-based “how-to’s” Adversary 21
IT Security is a board room discussion Business Brand image Supply chain Legal Impact of Audit risk results exposure hacktivism Sony estimates HSBC data Epsilon breach TJX estimates Lulzsec 50-day Zurich potential $1B breach impacts 100 $150M class hack-at-will Insurance PLc long term discloses 24K national brands action spree impacts fined £2.275M impact – private banking settlement in Nintendo, CIA, ($3.8M) for the $171M / 100 customers release of PBS, UK NHS, loss and customers* credit / debit UK SOCA, exposure of card info Sony … 46K customer records 22
QRadar Security Intelligence Enterprise Governance, Risk and Compliance Management IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition) IBM Security Portfolio IT GRC Analytics & Reporting QRadar QRadar Log QRadar IBM Privacy, Audit and SIEM Manager Risk Manager Compliance Assessment Services Security Consulting IT Infrastructure – Operational Security Domains People Data Applications Infrastructure Network Endpoint Identity & Access Guardium AppScan Network Endpoint Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix) Managed Services Federated Optim DataPower Server and zSecure suite Identity Manager Data Masking Security Gateway Virtualization Security Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems) X-Force Data Security Application and IBM Managed Firewall, Identity Assessment, Assessment Service Assessment Service Research Unified Threat and Penetration Deployment and Intrusion Prevention Testing Services Hosting Services Encryption and AppScan OnDemand Services DLP Deployment Software as a Service 23
Solutions for the Full Compliance and Security Intelligence Timeline 24
Context & Correlation Drive Deepest Insight 25
Solving Customer Challenges 26
Fully Integrated Security Intelligence • Turnkey log management Log Management One Console Security • SME to Enterprise • Integrated log, threat, risk & compliance mgmt. SIEM • Upgradeable to enterprise SIEM • Sophisticated event analytics • Predictive threat modeling & simulation Risk Management • Asset profiling and flow analytics • Scalable configuration monitoring and audit Network • • Offense management and workflow Network analytics Activity & Anomaly • Advanced threat visualization and impact analysis Detection • Behavior and anomaly detection Network and • Layer 7 application monitoring Application Visibility Built on a Single Data Architecture • Fully integrated with SIEM • Content capture 27
IBM Security Threat Platform Enterprise Governance, Risk and Compliance Management IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition) IBM Security Portfolio IT GRC Analytics & Reporting QRadar QRadar Log QRadar IBM Privacy, Audit and SIEM Manager Risk Manager Compliance Assessment Services Security Consulting IT Infrastructure – Operational Security Domains People Data Applications Infrastructure Network Endpoint Identity & Access Guardium AppScan Network Endpoint Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix) Managed Services Federated Optim DataPower Server and zSecure suite Identity Manager Data Masking Security Gateway Virtualization Security Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems) X-Force Data Security Application and IBM Managed Firewall, Identity Assessment, Assessment Service Assessment Service Research Unified Threat and Penetration Deployment and Intrusion Prevention Testing Services Hosting Services Encryption and AppScan OnDemand Services DLP Deployment Software as a Service 28
IBM Security Network IPS: Addressing Today’s Evolving Threats >260 29 29
Why Vulnerability-based Research = Preemptive Security Approach • Protecting against exploits is reactive – Too late for many – Variants undo previous updates 30
31 IBM IPS Zero Day (Vuln/Exploit) Web App Protection ■ IBM IPS Injection Logic Engine has stopped every large scale SQL injection or XSS attack day-zero. • Asprox – reported 12/11/2008 – stopped 6/7/2007 New Vulnerability or Exploit Reported Date Ahead of the Threat Since Nagios expand cross-site scripting 5/1/2011 6/7/2007 Easy Media Script go parameter XSS 5/26/2011 6/7/2007 N-13 News XSS 5/25/2011 6/7/2007 I GiveTest 2.1.0 SQL Injection 6/21/2011 6/7/2007 RG Board SDQL Injection Published: 6/28/2011 6/7/2007 • Lizamoon – reported 3/29/2011 – stopped 6/7/2007 BlogiT PHP Injection 6/28/2011 6/7/2007 IdevSpot SQL Injection (iSupport) 2011-05-23 6/7/2007 2Point Solutions SQL Injection 6/24/2011 6/7/2007 PHPFusion SQL Injection 1/17/2011 6/7/2007 ToursManager PhP Script Blind SQli 2011-07-xx 6/7/2007 Oracle Database SQL Injection 2011-07-xx 6/7/2007 • SONY (published) LuxCal Web Calendar – reported May/June/2011 7/7/2011 – stopped 6/7/2007 6/7/2007 Apple Web Developer Website SQL 2011-07-xx 6/7/2007 MySQLDriverCS Cross-Param SQLi 6/27/2011 6/7/2007 31
Ahead of the Threat IBM’s Preemptive Approach vs. Reactive Approach to address Threats IBM Clients have typically been provided protection guidance prior to or within 24 hours of a vendor vulnerability disclosure being announced (89% of the time in 2010) # of days IBM clients were provided protection guidance “Ahead of the Threat” Source: IBM X-Force 32 32
Network Security Product Line up Product Description The core of any Intrusion Prevention strategy, IBM IBM Security Network Security Network IPS appliances help to protect the Intrusion Prevention network infrastructure from a wide range of attacks, up to System 23 Gbps inspected throughput Focused on protecting individual assets on the network IBM Security Endpoint including servers and desktops from both internal and Defence external threats Virtual Server Protection is integrated with the hypervisor IBM Security Virtual and provides visibility into intra-VM network traffic. Server Protection Supports ESX 4.1 and 5.0 and 10Gb Ethernet Centralized management for IBM Security intrusion IBM Security prevention solutions that provides a single management SiteProtector System point to control security policy, analysis, alerting and reporting 33
IBM’s Vision for Infrastructure Threat Protection – Roadmap 34
1 1Q12: Launched IBM Security Network IPS Powered by X-Force • Meet signature sharing mandates (i.e. Core Capabilities Government & Financial Institutions) Unmatched Performance delivering 20Gbps+ of inspected throughput and 10GbE connectivity without compromising breadth and depth of • IBM Hybrid protection security Evolving protection powered by world renowned – Using X-Force Protocol Analysis with the X-Force research to stay “ahead of the threat” ability to write or import custom Snort rules Reduced cost and complexity through consolidation of point solutions and integrations with other security tools Make the move to IBM Security Network IPS • IBM Network IPS and Protocol Analysis Modules (PAM) Core tenant for the Advanced Threat Protection Platform Custom Rules Locked in to Signature-only IPS? Custom Rules 35
1 Extensible Protection with Protocol Analysis Module Ahead of the Threat extensible protection backed by the power of X-Force Client-Side Application Web Application Threat Detection & Virtual Patch Protection Data Security Application Control Protection Prevention What It Does: What It Does: What It Does: What It Does: What It Does: What It Does: Mitigates vulnerability Protects end users Protects web applications Detects and prevents Monitors, identifies, and Manages control of exploitation independent against attacks targeting against sophisticated entire classes of threats provides control over unauthorized applications of a software patch, and applications used every application-level attacks as opposed to a specific unencrypted personally and risks within defined enables a responsible day such as Microsoft such as SQL Injection, exploit or vulnerability. identifiable information segments of the network, patch management Office, Adobe PDF, XSS (Cross-site (PII) and other such as ActiveX process that can be Multimedia files and scripting), PHP file- Why Important: confidential information fingerprinting, Peer To adhered to without fear of Web browsers. includes, CSRF (Cross- Eliminates need of for data awareness. Also Peer, Instant Messaging, a breach. site request forgery), and constant signature provides capability to and tunnelling. Why Important: Directory Traversals. updates. Protection explore data flow through Why Important: In 2011, vulnerabilities includes the proprietary the network to help Why Important: At the end of which affect client-side Why Important: technology such as Java determine if any potential Enforces network 2011, 36% of all applications represent Expands security bytecode exploit risks exist. application and service vulnerabilities disclosed one of the largest capabilities to meet both detection, Flash exploit access based on during the year had no category of all compliance requirements detection, and Shell Code Why Important: corporate policy and vendor-supplied patches vulnerability disclosures. and threat evolution. Heuristics (SCH) Flexible and scalable governance. available to remedy the technology, which has an customized data search vulnerability. unbeatable track record of criteria; serves as a protecting against zero complement to data day vulnerabilities. security strategy. 36
2 2Q12: Launch the X-Force IP Reputation Feed for QRadar • 2Q12: IBM X-Force powers QRadar with the X-Force IP Reputation Feed – Providing insight into suspect entities on the internet • 15+ Billion URLs Monitored and Classified on a continuous basis • Information about Malicious IPs, Malware hosts, SPAM sources, Dynamic IPs & Anonymous Proxies • Enhances QRadar correlation intelligence 37
3 2Q12: Launch QRadar Network Anomaly Detection Optimized for the Advanced Threat Protection Platform • QRadar Network Anomaly Detection  SiteProtector as core for command & control  QRadar Network Anomaly Detection for – An optimized version of QRadar which complements enhanced analytics SiteProtector  QRadar QFlow and VFlow collectors provide Network Awareness via deep packet inspection  Integrated policy management & workflows within SiteProtector facilitate a rapid • Greater visiblity for SiteProtector/IPS customers response to threat and more proactive visibility. • Network flow capture with behavioral analysis AppScan and anomaly detection provides greater security intelligence: SiteProtector QRadar NI QRadar NIPS Scanner Server Desktop – Traffic profiling for added protection from Low and Slow Visibility Protection and zero-day threats Suspicious Behavior  Proactive Prevention 38
Summary • Fever public vulnerabilities disclosures and exploits in 2011 compared to 2010, but… • We see more attack activity, with high profile breaches 39
Acknowledgements, disclaimers and trademarks © Copyright IBM Corporation 2012. All rights reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information concerning non-IBM products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-IBM products and services. Questions on the capabilities of non-IBM products and services should be addressed to the supplier of those products and services. All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography. IBM, the IBM logo, ibm.com, Tivoli, the Tivoli logo, Tivoli Enterprise Console, Tivoli Storage Manager FastBack, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml 40
Thank You- Q&A 41

Recommandé

Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
tovmug
 
IBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Sverige
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
Andrew Wong
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_ds
Arun Gopinath
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
1CloudRoad.com
 
Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psNet motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Accenture
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
TUESDAY Business Network
 
TrendMicro
TrendMicroTrendMicro
TrendMicro
1CloudRoad.com
 

Recommandé

Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUG
tovmug
 
IBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Smarter Business 2012 - IBM Security: Threat landscape
IBM Sverige
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
Andrew Wong
 
Ibm app security assessment_ds
Ibm app security assessment_dsIbm app security assessment_ds
Ibm app security assessment_ds
Arun Gopinath
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
1CloudRoad.com
 
Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_psNet motion wireless-and_frost-sullivan_a-new-mobilty_ps
Net motion wireless-and_frost-sullivan_a-new-mobilty_ps
Accenture
 
Nebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi VerzeNebezpecny Internet Novejsi Verze
Nebezpecny Internet Novejsi Verze
TUESDAY Business Network
 
TrendMicro
TrendMicroTrendMicro
TrendMicro
1CloudRoad.com
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
Amazon Web Services
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
Symantec
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Security
tbeckwith
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
Amazon Web Services
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
Internap
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
Symantec
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
Agora Group
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
Trend Micro
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
Andris Soroka
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
Andrew Wong
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Anindya Ghosh,
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
JD Sherry
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security Landscape
Arrow ECS UK
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
IBM Security
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
Andrew Wong
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft Private Cloud
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
IBM Security
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
Information Security Awareness Group
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_final
Arrow ECS UK
 

Contenu connexe

Tendances

AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
Amazon Web Services
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
Agora Group
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
Svetlana Belyaeva
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Anindya Ghosh,
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
JD Sherry
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
IBM Security
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
Andrew Wong
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
IBM Security
 

Tendances (20)

AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
 
Enterprise Mobile Security
Enterprise Mobile SecurityEnterprise Mobile Security
Enterprise Mobile Security
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
Introduction - The Smart Protection Network
Introduction - The Smart Protection NetworkIntroduction - The Smart Protection Network
Introduction - The Smart Protection Network
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security Landscape
 
The Year the Internet Fell Apart
The Year the Internet Fell ApartThe Year the Internet Fell Apart
The Year the Internet Fell Apart
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...
 
7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat7 Ways to Stay 7 Years Ahead of the Threat
7 Ways to Stay 7 Years Ahead of the Threat
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 

Similaire à PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson

Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_final
Arrow ECS UK
 
Global Cyber Security Industry
Global Cyber Security IndustryGlobal Cyber Security Industry
Global Cyber Security Industry
ReportLinker.com
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
Andrew Wong
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
HyTrust
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
Andris Soroka
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 

Similaire à PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson (20)

IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_final
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Global Cyber Security Industry
Global Cyber Security IndustryGlobal Cyber Security Industry
Global Cyber Security Industry
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentation
 
S series presentation
S series presentationS series presentation
S series presentation
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - security
 
Day 3 p2 - security
Day 3 p2 - securityDay 3 p2 - security
Day 3 p2 - security
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
 
Presentación AMIB Los Cabos
Presentación AMIB Los CabosPresentación AMIB Los Cabos
Presentación AMIB Los Cabos
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
Pulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentationPulse 2013 Mobile Build and Connect presentation
Pulse 2013 Mobile Build and Connect presentation
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 

Plus de IBM Danmark

DevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinleyDevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinley
IBM Danmark
 
Velkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia RønhøjVelkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia Rønhøj
IBM Danmark
 
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenSmarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
IBM Danmark
 
Mobile, Philip Nyborg
Mobile, Philip NyborgMobile, Philip Nyborg
Mobile, Philip Nyborg
IBM Danmark
 
IT innovation, Kim Escherich
IT innovation, Kim EscherichIT innovation, Kim Escherich
IT innovation, Kim Escherich
IBM Danmark
 
Echo.IT, Stefan K. Madsen
Echo.IT, Stefan K. MadsenEcho.IT, Stefan K. Madsen
Echo.IT, Stefan K. Madsen
IBM Danmark
 
Big Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter JönssonBig Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter Jönsson
IBM Danmark
 
Social Business, Alice Bayer
Social Business, Alice BayerSocial Business, Alice Bayer
Social Business, Alice Bayer
IBM Danmark
 
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyFuture of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
IBM Danmark
 

Plus de IBM Danmark (20)

DevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinleyDevOps, Development and Operations, Tina McGinley
DevOps, Development and Operations, Tina McGinley
 
Velkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia RønhøjVelkomst, Universitetssporet 2013, Pia Rønhøj
Velkomst, Universitetssporet 2013, Pia Rønhøj
 
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenSmarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
Smarter Commerce, Salg og Marketing, Thomas Steglich-Andersen
 
Mobile, Philip Nyborg
Mobile, Philip NyborgMobile, Philip Nyborg
Mobile, Philip Nyborg
 
IT innovation, Kim Escherich
IT innovation, Kim EscherichIT innovation, Kim Escherich
IT innovation, Kim Escherich
 
Echo.IT, Stefan K. Madsen
Echo.IT, Stefan K. MadsenEcho.IT, Stefan K. Madsen
Echo.IT, Stefan K. Madsen
 
Big Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter JönssonBig Data & Analytics, Peter Jönsson
Big Data & Analytics, Peter Jönsson
 
Social Business, Alice Bayer
Social Business, Alice BayerSocial Business, Alice Bayer
Social Business, Alice Bayer
 
Numascale Product IBM
Numascale Product IBMNumascale Product IBM
Numascale Product IBM
 
Mellanox IBM
Mellanox IBMMellanox IBM
Mellanox IBM
 
Intel HPC Update
Intel HPC UpdateIntel HPC Update
Intel HPC Update
 
IBM general parallel file system - introduction
IBM general parallel file system - introductionIBM general parallel file system - introduction
IBM general parallel file system - introduction
 
NeXtScale HPC seminar
NeXtScale HPC seminarNeXtScale HPC seminar
NeXtScale HPC seminar
 
Future of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian NielsenFuture of Power: PowerLinux - Jan Kristian Nielsen
Future of Power: PowerLinux - Jan Kristian Nielsen
 
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyFuture of Power: Power Strategy and Offerings for Denmark - Steve Sibley
Future of Power: Power Strategy and Offerings for Denmark - Steve Sibley
 
Future of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren RavnFuture of Power: Big Data - Søren Ravn
Future of Power: Big Data - Søren Ravn
 
Future of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim MortensenFuture of Power: IBM PureFlex - Kim Mortensen
Future of Power: IBM PureFlex - Kim Mortensen
 
Future of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik RexFuture of Power: IBM Trends & Directions - Erik Rex
Future of Power: IBM Trends & Directions - Erik Rex
 
Future of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim EscherichFuture of Power: Håndtering af nye teknologier - Kim Escherich
Future of Power: Håndtering af nye teknologier - Kim Escherich
 
Future of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-JensenFuture of Power - Lars Mikkelgaard-Jensen
Future of Power - Lars Mikkelgaard-Jensen
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson

  • 1. X-Force 2011 Trend and Risk Report & Advanced Threat Protection Platform Optimizing the World’s Infrastructure May 2012 © 2012 IBM Corporation
  • 2. Please note: • IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. • Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. • The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. • Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 2
  • 3. Agenda • X-Force overview • Highlights from the 2011 IBM X-Force Trend and Risk Report – New attack activity – Progress in internet security – New challenges from mobile and cloud 3
  • 4. X-Force research X-Force Research IBMThe missionteam isand development of the to: X-Force® research 14B analyzed Web pages & images 40M spam & phishing attacks 54K documented vulnerabilities 13B security events daily  Research and evaluate threat and protection issues  Deliver security protection for today’s security problems Provides Specific Analysis of:  Develop new technology for tomorrow’s security challenges  Educate the media and user communities • Vulnerabilities & exploits • Malicious/Unwanted websites 4
  • 5. 2011: Year of the security breach 5
  • 6. Key Messages from the 2011 Trend Report • New Attack Activity – Rise in Shell Command Injection attacks – Spikes in SSH Brute Forcing – Rise in phishing based malware distribution and click fraud • Progress in Internet Security – Fewer exploit releases – Fewer web application vulnerabilities 6
  • 7. SQL injection attacks against web servers 7
  • 9. SSH brute force activity 9
  • 10. Explosion of phishing based malware distribution and click fraud 10
  • 11. MAC malware • 2011 has seen the most activity in the Mac malware world. – Not only in volume compared to previous years, but also in functionality. • In 2011, we started seeing Mac malware with functionalities that we’ve only seen before in Windows® malware. 11
  • 12. Key Messages from the 2011 Trend Report • New Attack Activity –Rise in Shell Command Injection attacks – Spikes in SSH Brute Forcing – Rise in phishing based malware distribution and click fraud • Progress in Internet Security – Fewer exploit releases – Fewer web application vulnerabilities 12
  • 13. Public exploit disclosures • Total number of exploit releases down to a number not seen since 2006 – Also down as a percentage of vulnerabilities 13
  • 15. Decline in web application vulnerabilities • In 2011, 41% of security vulnerabilities affected web applications – Down from 49% in 2010 – Lowest percentage seen since 2005 15
  • 16. Key Messages from the 2011 Trend Report • New Attack Activity –Rise in Shell Command Injection attacks – Spikes in SSH Brute Forcing – Rise in phishing based malware distribution and click fraud • Progress in Internet Security – Fewer exploit releases – Fewer web application vulnerabilities 16
  • 17. Mobile OS vulnerabilities & exploits • Continued interest in Mobile vulnerabilities as enterprise users request a “bring your own device” (BYOD) strategy for the workplace • Attackers finding these devices represent lucrative new attack opportunities 17
  • 18. Social Networking – no longer a fringe pastime • Attackers finding social networks ripe with valuable informaiton they can mine to build intelligence about organizations and its staff: – Scan corporate websites, Google, Google News – Who works there? What are their titles? 18 18
  • 20. IBM Security Framework Enterprise Governance, Risk and Compliance Management IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition) IBM Security Portfolio IT GRC Analytics & Reporting QRadar QRadar Log QRadar IBM Privacy, Audit and SIEM Manager Risk Manager Compliance Assessment Services Security Consulting IT Infrastructure – Operational Security Domains People Data Applications Infrastructure Network Endpoint Identity & Access Guardium AppScan Network Endpoint Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix) Managed Services Federated Optim DataPower Server and zSecure suite Identity Manager Data Masking Security Gateway Virtualization Security Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems) X-Force Data Security Application and IBM Managed Firewall, Identity Assessment, Assessment Service Assessment Service Research Unified Threat and Penetration Deployment and Intrusion Prevention Testing Services Hosting Services Encryption and AppScan OnDemand Services DLP Deployment Software as a Service 20
  • 21. Advanced Threats: The sophistication of Cyber threats, attackers and motives is rapidly escalating 1995 – 2005 2005 – 2015 1 Decade of the Commercial Internet st 2 Decade of the Commercial Internet nd Motive Nation-state Actors; National Security Targeted Attacks / Advanced Persistent Threat Espionage, Competitors, Hacktivists Political Activism Monetary Gain Organized Crime, using sophisticated tools Revenge Insiders, using inside information Curiosity Script-kiddies or hackers using tools, web-based “how-to’s” Adversary 21
  • 22. IT Security is a board room discussion Business Brand image Supply chain Legal Impact of Audit risk results exposure hacktivism Sony estimates HSBC data Epsilon breach TJX estimates Lulzsec 50-day Zurich potential $1B breach impacts 100 $150M class hack-at-will Insurance PLc long term discloses 24K national brands action spree impacts fined £2.275M impact – private banking settlement in Nintendo, CIA, ($3.8M) for the $171M / 100 customers release of PBS, UK NHS, loss and customers* credit / debit UK SOCA, exposure of card info Sony … 46K customer records 22
  • 23. QRadar Security Intelligence Enterprise Governance, Risk and Compliance Management IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition) IBM Security Portfolio IT GRC Analytics & Reporting QRadar QRadar Log QRadar IBM Privacy, Audit and SIEM Manager Risk Manager Compliance Assessment Services Security Consulting IT Infrastructure – Operational Security Domains People Data Applications Infrastructure Network Endpoint Identity & Access Guardium AppScan Network Endpoint Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix) Managed Services Federated Optim DataPower Server and zSecure suite Identity Manager Data Masking Security Gateway Virtualization Security Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems) X-Force Data Security Application and IBM Managed Firewall, Identity Assessment, Assessment Service Assessment Service Research Unified Threat and Penetration Deployment and Intrusion Prevention Testing Services Hosting Services Encryption and AppScan OnDemand Services DLP Deployment Software as a Service 23
  • 24. Solutions for the Full Compliance and Security Intelligence Timeline 24
  • 25. Context & Correlation Drive Deepest Insight 25
  • 27. Fully Integrated Security Intelligence • Turnkey log management Log Management One Console Security • SME to Enterprise • Integrated log, threat, risk & compliance mgmt. SIEM • Upgradeable to enterprise SIEM • Sophisticated event analytics • Predictive threat modeling & simulation Risk Management • Asset profiling and flow analytics • Scalable configuration monitoring and audit Network • • Offense management and workflow Network analytics Activity & Anomaly • Advanced threat visualization and impact analysis Detection • Behavior and anomaly detection Network and • Layer 7 application monitoring Application Visibility Built on a Single Data Architecture • Fully integrated with SIEM • Content capture 27
  • 28. IBM Security Threat Platform Enterprise Governance, Risk and Compliance Management IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition) IBM Security Portfolio IT GRC Analytics & Reporting QRadar QRadar Log QRadar IBM Privacy, Audit and SIEM Manager Risk Manager Compliance Assessment Services Security Consulting IT Infrastructure – Operational Security Domains People Data Applications Infrastructure Network Endpoint Identity & Access Guardium AppScan Network Endpoint Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix) Managed Services Federated Optim DataPower Server and zSecure suite Identity Manager Data Masking Security Gateway Virtualization Security Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems) X-Force Data Security Application and IBM Managed Firewall, Identity Assessment, Assessment Service Assessment Service Research Unified Threat and Penetration Deployment and Intrusion Prevention Testing Services Hosting Services Encryption and AppScan OnDemand Services DLP Deployment Software as a Service 28
  • 29. IBM Security Network IPS: Addressing Today’s Evolving Threats >260 29 29
  • 30. Why Vulnerability-based Research = Preemptive Security Approach • Protecting against exploits is reactive – Too late for many – Variants undo previous updates 30
  • 31. 31 IBM IPS Zero Day (Vuln/Exploit) Web App Protection ■ IBM IPS Injection Logic Engine has stopped every large scale SQL injection or XSS attack day-zero. • Asprox – reported 12/11/2008 – stopped 6/7/2007 New Vulnerability or Exploit Reported Date Ahead of the Threat Since Nagios expand cross-site scripting 5/1/2011 6/7/2007 Easy Media Script go parameter XSS 5/26/2011 6/7/2007 N-13 News XSS 5/25/2011 6/7/2007 I GiveTest 2.1.0 SQL Injection 6/21/2011 6/7/2007 RG Board SDQL Injection Published: 6/28/2011 6/7/2007 • Lizamoon – reported 3/29/2011 – stopped 6/7/2007 BlogiT PHP Injection 6/28/2011 6/7/2007 IdevSpot SQL Injection (iSupport) 2011-05-23 6/7/2007 2Point Solutions SQL Injection 6/24/2011 6/7/2007 PHPFusion SQL Injection 1/17/2011 6/7/2007 ToursManager PhP Script Blind SQli 2011-07-xx 6/7/2007 Oracle Database SQL Injection 2011-07-xx 6/7/2007 • SONY (published) LuxCal Web Calendar – reported May/June/2011 7/7/2011 – stopped 6/7/2007 6/7/2007 Apple Web Developer Website SQL 2011-07-xx 6/7/2007 MySQLDriverCS Cross-Param SQLi 6/27/2011 6/7/2007 31
  • 32. Ahead of the Threat IBM’s Preemptive Approach vs. Reactive Approach to address Threats IBM Clients have typically been provided protection guidance prior to or within 24 hours of a vendor vulnerability disclosure being announced (89% of the time in 2010) # of days IBM clients were provided protection guidance “Ahead of the Threat” Source: IBM X-Force 32 32
  • 33. Network Security Product Line up Product Description The core of any Intrusion Prevention strategy, IBM IBM Security Network Security Network IPS appliances help to protect the Intrusion Prevention network infrastructure from a wide range of attacks, up to System 23 Gbps inspected throughput Focused on protecting individual assets on the network IBM Security Endpoint including servers and desktops from both internal and Defence external threats Virtual Server Protection is integrated with the hypervisor IBM Security Virtual and provides visibility into intra-VM network traffic. Server Protection Supports ESX 4.1 and 5.0 and 10Gb Ethernet Centralized management for IBM Security intrusion IBM Security prevention solutions that provides a single management SiteProtector System point to control security policy, analysis, alerting and reporting 33
  • 34. IBM’s Vision for Infrastructure Threat Protection – Roadmap 34
  • 35. 1 1Q12: Launched IBM Security Network IPS Powered by X-Force • Meet signature sharing mandates (i.e. Core Capabilities Government & Financial Institutions) Unmatched Performance delivering 20Gbps+ of inspected throughput and 10GbE connectivity without compromising breadth and depth of • IBM Hybrid protection security Evolving protection powered by world renowned – Using X-Force Protocol Analysis with the X-Force research to stay “ahead of the threat” ability to write or import custom Snort rules Reduced cost and complexity through consolidation of point solutions and integrations with other security tools Make the move to IBM Security Network IPS • IBM Network IPS and Protocol Analysis Modules (PAM) Core tenant for the Advanced Threat Protection Platform Custom Rules Locked in to Signature-only IPS? Custom Rules 35
  • 36. 1 Extensible Protection with Protocol Analysis Module Ahead of the Threat extensible protection backed by the power of X-Force Client-Side Application Web Application Threat Detection & Virtual Patch Protection Data Security Application Control Protection Prevention What It Does: What It Does: What It Does: What It Does: What It Does: What It Does: Mitigates vulnerability Protects end users Protects web applications Detects and prevents Monitors, identifies, and Manages control of exploitation independent against attacks targeting against sophisticated entire classes of threats provides control over unauthorized applications of a software patch, and applications used every application-level attacks as opposed to a specific unencrypted personally and risks within defined enables a responsible day such as Microsoft such as SQL Injection, exploit or vulnerability. identifiable information segments of the network, patch management Office, Adobe PDF, XSS (Cross-site (PII) and other such as ActiveX process that can be Multimedia files and scripting), PHP file- Why Important: confidential information fingerprinting, Peer To adhered to without fear of Web browsers. includes, CSRF (Cross- Eliminates need of for data awareness. Also Peer, Instant Messaging, a breach. site request forgery), and constant signature provides capability to and tunnelling. Why Important: Directory Traversals. updates. Protection explore data flow through Why Important: In 2011, vulnerabilities includes the proprietary the network to help Why Important: At the end of which affect client-side Why Important: technology such as Java determine if any potential Enforces network 2011, 36% of all applications represent Expands security bytecode exploit risks exist. application and service vulnerabilities disclosed one of the largest capabilities to meet both detection, Flash exploit access based on during the year had no category of all compliance requirements detection, and Shell Code Why Important: corporate policy and vendor-supplied patches vulnerability disclosures. and threat evolution. Heuristics (SCH) Flexible and scalable governance. available to remedy the technology, which has an customized data search vulnerability. unbeatable track record of criteria; serves as a protecting against zero complement to data day vulnerabilities. security strategy. 36
  • 37. 2 2Q12: Launch the X-Force IP Reputation Feed for QRadar • 2Q12: IBM X-Force powers QRadar with the X-Force IP Reputation Feed – Providing insight into suspect entities on the internet • 15+ Billion URLs Monitored and Classified on a continuous basis • Information about Malicious IPs, Malware hosts, SPAM sources, Dynamic IPs & Anonymous Proxies • Enhances QRadar correlation intelligence 37
  • 38. 3 2Q12: Launch QRadar Network Anomaly Detection Optimized for the Advanced Threat Protection Platform • QRadar Network Anomaly Detection  SiteProtector as core for command & control  QRadar Network Anomaly Detection for – An optimized version of QRadar which complements enhanced analytics SiteProtector  QRadar QFlow and VFlow collectors provide Network Awareness via deep packet inspection  Integrated policy management & workflows within SiteProtector facilitate a rapid • Greater visiblity for SiteProtector/IPS customers response to threat and more proactive visibility. • Network flow capture with behavioral analysis AppScan and anomaly detection provides greater security intelligence: SiteProtector QRadar NI QRadar NIPS Scanner Server Desktop – Traffic profiling for added protection from Low and Slow Visibility Protection and zero-day threats Suspicious Behavior  Proactive Prevention 38
  • 39. Summary • Fever public vulnerabilities disclosures and exploits in 2011 compared to 2010, but… • We see more attack activity, with high profile breaches 39
  • 40. Acknowledgements, disclaimers and trademarks © Copyright IBM Corporation 2012. All rights reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information concerning non-IBM products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-IBM products and services. Questions on the capabilities of non-IBM products and services should be addressed to the supplier of those products and services. All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography. IBM, the IBM logo, ibm.com, Tivoli, the Tivoli logo, Tivoli Enterprise Console, Tivoli Storage Manager FastBack, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml 40

Notes de l'éditeur

  1. We leverage numerous intelligence source -- including a database of more than 50,000 computer security vulnerabilities, a global Web crawler and international spam collectors, as well as the real-time monitoring of 13-billion events every day for nearly 4,000 clients in more than 130 countries to stay ahead of these emerging threats for our customers. All of this comes from work done in IBM's nine, global Security Operations Centers.
  2. This chart demonstrates some of the publically recorded breaches that have happened over the course of 2011. In the Mid Year report, which is represented about half way through this chart, IBM XForce decided to declare 2011 the “Year of the security breach”. When you look at this chart, it becomes quite evident why we came to that conclusion. The color of each circle represents the technical means that was used to breach these organizations based on what has been pubically made available. We made a rough estimate of the financial impact of each breach which is represented by the size of the circle. You’ll notice in the latter half of the year, many of the circles are grey which means we don’t know how that particular entity was breached. This leads to an important point. There are a lot of things that motivate organizations to publically disclose that their security has been breached. But usually those things have to do with the privacy of personal information, and often the organizations don’t take the time to disclose the technical problem that was exploited by the attacker. Having access to that information is valuable because it enables other organizations to prioritize the security work they are doing to make sure they address threats that have actually been used against other organizations. Many of these breaches were disclosed with out that information so unfortunately the information is less actionable for security professionals. We’d like to see more of that technical information brought to the forefront when possible. All of these breaches – this activity – has been driving a lot of conversation about computer security in 2011.
  3. Three main themes began to emerge as we were pulling together this 2011 annual report. First, we saw some new attack activity begin to emerge, especially in the latter months of 2011. But also, we saw some improvements in computer security – especially in the area of application security and we’ll dive into that in more detail a bit later in this presentation. Finally, we’ll cover new security challenges that are emerging as organizations look to adopt technologies like cloud and with the proliferation of social media individuals looking to use their personal mobile devices in the enterprise.
  4. Lets start with some of the new attack activity we are seeing. For a long time we have seen a lot of SQL attack activity. This is an attack that targets the database behind a web server. Attackers often engage in this activity in an automated fashion by using bots that scan the internet for looking for websites with SQL injection vulnerabilities. What the attacker attempts to do is hijack the legitimate users who are visiting these sites. The attacker then redirects them unknowingling to malware and exploit tookits that will infect their machines. This is a pretty big problem. 2011 was a banner year for exploiting SQL weaknesses and several high profile and newsworthy episodes of successful SQL injection attacks were made public. The hacktivist groups Anonymous and Lulzsec were major players in SQL injection tactics and continue to hone their skills with new injection attack vectors.
  5. This year, we have seen an uptake in a different kind of web application attack activity and this called Shell Command Injections. Instead of injecting database commands through the web application, attackers inject command line commands that run on the operating system that the web application is running on. You can see in this chart a pretty significant increase in this activity at the end of 2011 – so we are starting to see some automated Shell Command Inject attacks that work largely the same way as the SQL injection attack activity worked but this is a vulnerability that has probably received less focus over that last few years although as a consequence of the increased activity we’ve seen, we think organizations should start paying more attention to it.
  6. We also saw this spike in volume at the end of the year in SSH brute forcing. This is one of the most common types of attacks we see on the internet where people are scanning for computers running SSH and they will try to brute-force user names and passwords on those computers. We’re not sure if this huge spike is an anomaly or if this will continue to be a problem in 2012 but it certainly is alarming and again, if you have SSH running on a computer it is important to be sure you have good passwords because if you don’t those passwords will quickly be automatically compromised.
  7. We also saw another big increase in activity around phishing. In 2008 and 2009 we saw a large amount of phishing activity and we started to get excited in our mid year 2011 report because as you can see here through 2010 there was a relatively small amount of phishing activity and in early 2011 this activity was pretty low as well. It seemed as though the phishing problem has been solved. We still thought there were as many phishing attacks happening in 2010 as there were in 2009 and 2008 but the people sending these emails could not generate as many of them as they used to because if they did, people monitoring for phishing emails would notice them and react by shutting down the server that they were using to collect credentials. So really, the community of people who were working to fight phishing had really made a big dent in 2010. So what happened in the later part of 2011? We’ve seen a new type of phishing-like emails that link to websites which do not necessarily perform a phishing attack. These emails use the good name of a well-known brand – perhaps it looks like it is coming from your bank, or a parcel service you are probably quite familiar with --to click on a malware link or in some cases a link to an otherwise innocuous site such as a retail site. One possible explanation for the latter type of emails might be click-fraud, wherein spammers drive traffic to these sites in exchange for advertising fees. Regardless of the explanation, this nuisance contributed to a large increase in phishing-like emails seen in the later months of the year.
  8. More than in any previous year, 2011 has seen the most activity in the Mac malware world.6 This applies not only to volume, but also in functionality. In 2011, we started seeing Mac malware with functionalities that we’ve only seen before in Windows malware. This may indicate that cyber criminals are now becoming aware of how profitable targeting OS X might be. A couple of note included: MacDefender : What makes MacDefender interesting is that it is the type of malware with a spreading mechanism that has been rampant in the Windows world in the last couple of years. MacDefender belongs to the category of malware called “Rogue Antivirus,” which disguise themselves as legitimate antivirus programs. Once installed, it pretends to scan your system, flagging random files as malicious to make it look like your system is heavily infected. The user interface is professional looking and well made to make it more believable to the user that it is a legitimate app. Register button that will take the user to a website where they can supposedly purchase a license for MacDefender using a credit card. MacDefender displays a message that says to remove the detected malware, you should pay for the licensed version, so a user may feel forced to register. The user’s credit card will then be charged for the amount and on top of that, his credit card number may be used for other purposes as well. Flashback : Flashback disguises itself as a Flash Player installer that can be downloaded when visiting malicious websites, showing a download or install Flash player icon. When installed, Flashback injects code into the application launched by the user. The injected code is responsible for contacting a remote server to download updates or to send data from the infected machine. Flashback also tries to prevent future updates to XProtect by overwriting some relevant files. XProtect is Apple’s built-in basic malware protection system that uses string matching to detect malware. Apple updates XProtect whenever a high-profile Mac malware is discovered. Flashback also tries to thwart analysis by researchers by detecting if it is running on a VMWare virtual machine. Using this detection evasion mechanism is common in Windows malware but this is the first Mac malware we’ve seen that employs this technique. This demonstrates that Mac malware technology is catching up to Windows malware technology. Devilrobber : DevilRobber was discovered inside Mac applications that were illegally shared in BitTorrent, such as GraphicConverter, Flux, CorelPainter, and Pixelmator. DevilRobber is the most sophisticated Mac malware we’ve seen so far and contains several components. It is primarily a backdoor that opens a port in the infected machine to receive commands from a remote attacker but one interesting functionality it has is BitCoin mining, where it installs the BitCoin mining application DiabloMiner to use the computing power of the CPU and GPU (for users with high performance graphics cards) of the infected machine to mine for Bitcoins. It also attempts to steal the Bitcoin wallet if found. DevilRobber also steals the Keychain of the user along with other information from the infected machine and uploads them to a remote FTP server. DevilRobber also has the ability to detect if the infected machine is behind a gateway device, and then enable port-forwarding via UPnP. This enables the attacker to remotely access the infected machine using the port opened by DevilRobber, even if the infected machine is behind a gateway device.
  9. Now we will spend a little time talking about progress we have seen. We are doing a lot of work to make the internet safer, to improve software design – and really, that work is having an impact, and we are seeing it in our statistics.
  10. Another thing that we took note of this year is that there have been few exploits released on the internet that can be used to target publically disclosed vulnerabilities. Typically in the past few years you can see that about 15% of the vulnerabilities that were publically disclosed ended up having exploits released that could be used for malicious intent. This year that number is down to around 11%. This is a big change and we think it is a consequence of the fact that software is getting more resilient to attack. Certain programs have adopted things like sandboxes – so when you exploit a vulnerability its harder to gain control over the surrounding machine – as well as other technologies that are making exploitation more difficult. Over time, we are still see a lot of vulnerabilities get but, but people aren't able to actually leverage them. This is great news and means that computes are getting more secure.
  11. These charts show you particular categories of exploit. You can see that browser exploits are down significantly from where they were a few year ago and that is really importance since a lot of attack activity targets the browser, and the browser environment. We’ve also seen significantly fewer exploits targeting document readers and editors this year – which is also a significant bit of progress. One place were we have yet to see progress is with multimedia players. We saw just as many exploits here this year as we did last year, but we do expect to see some improvements in this area coming in 2012. The fact is, we still see a lot of attack activity out there on the internet, but the software that we use is getting stronger – more secure – and we can see a future were some of this attack activity will be significantly mitigated.
  12. We also saw few web application vulnerabilities in 2011. As I mentioned earlier, the most common type of attack activity we see on the internet targets SQL injection activity. Well, it used to be for the past few years that web application vulnerabilities were about 50% of the vulnerabilities that were being publically disclosed. But this year, that number is down to about 40%. That’s a big change – and again, means that web application developers are getting a bit smarter about how they develop their applications. Maybe they are using tools scan and test for vulnerabilities earlier in the development process, and that will contribute to a safer internet. We still have a lot fo work to do here though! 40% of vulnerabilities disclosed is still a lot of vulnerabilities – and we are seeing the attack types pivoting. We are seeing more Shell Command Attack activity than SQL injection activity because SQL injection is harder to find than it used to be. But the fact is, this is progress – it is moving in the right direction and moving us toward a safer internet.
  13. As I mentioned below, we do continue to create new technologies that we put in our IT environments that create potential new surface areas for attack.
  14. Mobile devices are certainly one of those areas. People want to ‘bring their own device’ into the enterprise and they want to access work through their personal tablet or smart phone – and they want to decide what phone they can use! This is a real IT management challenge. These charts represent vulnerabilities and exploits that have been released that target mobile devices. We saw slightly fewer mobile vulnerabilities this year than we saw last year but it was still a pretty large number. And we saw an increase in the number of exploits that were released on the internet that could be used to target mobile devices. We aren’t seeing that much attack activity – we are still seeing less attack activity that targets the mobile device than traditional desktops however a year ago we were seeing almost no activity of that sort and now it is definitely happening. There have been some significant incidents - in fact a few weeks ago someone reported a 100,000 node botnet that infect mobile devices. That is a significant number of infections – and something to definitely pay attention to – but it is not yet rivaling the scope of the problem targeting traditional desktops.
  15. These guys spend a lot of time researching on Twitter and Facebook and the like in order to try to come up with an organization structure for the organization that they’re targeting. And so that they know who to send these emails to and how to make them compelling. And often they’ll send the email from an account that appears to be an acquaintance or co-worker of the victim.
  16. There is a period of time before every technology is applied for purposes of national security, e.g. the first manned flight by the Wright brothers in 1903 lasted 12 seconds. Within 10 years, the sky became another battlefield no less important than the battlefields on land and sea. What we are witnessing, in many ways, is the weaponization of cyber space for a range of purposes. And we are just seeing the tip of the ice berg. Clearly, there has been an evolution of players (and motives) involve well-funded and resourced actors -- insiders, organized crime, espionage, political activists and nation states which is only matched with an escalation in the high value of the assets being targeted and the sophistication of attack vectors. In many ways, this escalation in the threat is challenging and exposing the weaknesses of the current generation of security controls. Bigger firewalls and better locks are no longer sufficient to protect against sophisticated attacks conducted by nation state level actors. Some statistics: 52% -- Private-sector statistics show that the insider threat is up more than 52% in the past year. $226 Billion -- Economic impact of cyber-attacks on businesses has grown to over $226 billion annually. Source: Congressional Research Service study 158% increase -- Security breaches are on the increase: cyber-attacks have i n creased 158% since 2006, and worldwide cyber-attacks increased 30% over the second half of 2008. Sources: 1US Department of Homeland Security, 2IBM Internet Security Systems X-Force
  17. Sources Sony breach: http://www.search.sony.net/result/net/search.x?ie=utf8&site=&pid=ACsW7rd0W_Zt_QIz-sORfA..&qid=rOX1wPP0JvM.&q=security+breach&msk=1#5 HSBC breach: http://news.bbc.co.uk/2/hi/business/8562381.stm Epsilon breach: http://www.securityweek.com/massive-breach-epsilon-compromises-customer-lists-major-brands TJX breach: TJX Companies, Inc. press release, 8/14/2007, http://www.businesswire.com/news/tjx/20070814005701/en Lulzec breach: http://www.reuters.com/article/2011/08/01/us-britain-hacking-lulzsec-idUSTRE7702IL20110801 Zurich Insurance breach: (Financial Services Authority of Britain) http://www.fsa.gov.uk/pubs/final/zurich_plc.pdf
  18. The X-force approach to protecting against vulnerabilities means IBM solutions can help to stop threats at their source This is a far different approach then reactive measures that “chase” exploits and are negated as soon as an exploit evolves
  19. One of the toughest challenges in security today is keeping pace with the increasing diversity and sheer number of attacks IBM’s preemptive protection approach helps our clients well ahead of major vendor vulnerability disclosures This is far superior to the reactive approach used by many vendors. Our clients are not left unprotected while a reactive measure if developed. In many cases, IBM clients are provided protection guidance before (in many cases 100+ days ahead of time) or within 24 hours of a vendor vulnerability disclosure
  20. Highly accurate stateful inspection algorithms through IBM’s PAM module for resilient protection against network vulnerabilities. Advanced heuristic and deep content analysis engines to protect against advanced threat classes such as browser attacks, data leakage, and web app attacks. The ability to leverage publically available signature sources for known threats. The ability to share custom rules with other security teams to enhance and tune protection for the customer’s network. Helps monitor and control applications in the corporate enterprise to reduce risk of data theft and save money on network bandwidth costs Enables centrally managed protection against known and unknown attacks, included those targeted at web applications Helps protect against targeted and broad based attacks that are designed to evade most security technologies Helps companies meet today’s regulatory compliance requirements, including GLBA, Sarbanes Oxley and PCI-DSS With Firmware 4.4, adds the ability to write or import custom open source signatures and monitor network capacity Many Network IPS Devices only support SNORT – an open source, signature based intrusion detection method with drawbacks SNORT signatures are easy to share, but lack the behavioral intelligence needed for more sophisticated attacks Only IBM Security Network IPS has the leading behavioral-based X-Force Protocol Analysis engine Today IBM announces technology that allows: Customers to dump their SNORT based devices Migrate to IBM’s PAM-based Network IPS Take the customized SNORT rules with them to ease transition Run SNORT in parallel to PAM Hybrid protection using market leading X-Force Protocol Analysis with the ability to write or import custom Snort rules Advanced heuristic and deep content analysis engines provide protection of advanced threats such as browser attacks, data leakage, and malicious web applications designed to evade most security technologies Facilitate adherence to today’s regulatory and compliance mandates, including GLBA, Sarbanes Oxley and PCI-DSS Enables customers to address the changing threat landscape with limited expertise and resources IBM reduces the TCO of IPS by enabling customers easy migration from snort-only alternatives to IBM NIPS Hybrid protection using market leading X-Force Protocol Analysis Users can write or import custom Snort rules Advanced Behavioral Analysis and Deep Content Analysis Engines provide protection from advanced threats such as browser attacks, data leakage, and malicious web applications designed to evade most security technologies Facilitate adherence to today’s regulatory and compliance mandates, including GLBA, Sarbanes Oxley and PCI-DSS IBM Network Protection enables customers to: Dump their SNORT based devices Migrate to IBM’s PAM-based Network IPS Take custom SNORT rules with them
  21. Performs deep packet inspection Performs deep protocol and content analysis Detects protocol and content anomalies Simulates the protocol/content stacks in vulnerable systems Normalizes at each protocol and content layer Provides the ability to add new security functionality within the existing solution