SlideShare une entreprise Scribd logo

Securing Systems of Engagement

Télécharger en tant que PPT, PDF
John Palfreyman
John Palfreyman

My presentation to Warwick Manufacturing Group MSc course on 25th June 2015

Technologie
1  sur  36
© 2015 IBM Corporation Securing Systems of Engagement . . With the meteoric rise in the usage of smartphones and social media V1, 1 May15 John Palfreyman, IBM
© 2015 IBM Corporation 2 1. Cyber Security & Cyber Crime in Context 2. Technology & Business Landscape 3. A Smarter Approach 4. The Future & Concluding Remarks Agenda
© 2015 IBM Corporation Cyber Security & Cyber Crime in Context Who are the bad guys & what are they up to?
© 2015 IBM Corporation 4 Cyber Security – IBM Definition Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
© 2015 IBM Corporation 5 Cyber Security - Expanded Hacking Malware Botnets Denial of Service Trojans Cyber-dependent crimes Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 6 Cyber Crime Hacking Malware Botnets Denial of Service Trojans Cyber-dependent crime Fraud Bullying Theft Sexual Offences Trafficking Drugs Cyber-enabled crime Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
© 2015 IBM Corporation 7  Confusion & hype abound  Common attack methods  Common methods of defense / counter / investigation  Data > Insight chain  Prosecution – burden of evidence  Learning & sharing possible, but patchy Cyber Security & (counter) Cyber Crime
© 2015 IBM Corporation 8 Cyber Threat MOTIVATION S O P H I S T I C A T I O N National Security, Economic Espionage Notoriety, Activism, Defamation Hacktivists Lulzsec, Anonymous Monetary Gain Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack Nuisance, Curiosity Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red Nation-state actors, APTs Stuxnet, Aurora, APT-1
© 2015 IBM Corporation A new type of threat Attacker generic Malware / Hacking / DDoS IT Infrastructure Traditional Advanced Persistent Threat Critical data / infrastructure Attacker !
© 2015 IBM Corporation 10 Attack Phases 11 Break-in Spear phishing and remote exploits to gain access Command & Control (CnC) 22 Latch-on Malware and backdoors installed to establish a foothold 33 Expand Reconnaissance & lateral movement increase access & maintain presence 44 Gather Acquisition & aggregation of confidential data Command & Control (CnC) 55 Exfiltrate Get aggregated data out to external network(s)
© 2015 IBM Corporation IBM X-Force 11 March 2015IBM Security Systems IBM X-Force Threat Intelligence Quarterly, 1Q 2015 Explore the latest security trends—from “designer vulns” to mutations in malware— based on 2014 year-end data and ongoing research
© 2015 IBM Corporation Technology & Business Landscape New opportunities for cyber crime!
© 2015 IBM Corporation 13 Smarter Planet Instrumented – Interconnected - Intelligent
© 2015 IBM Corporation 14 Cloud DRIVERS Speed & agility Fast Innovation CAPEX to OPEX USE CASES SCM, HR, CRM as a SERVICE Predictive Analytics as a SERVICE
© 2015 IBM Corporation 15 Mobile DRIVERS Mobility in Business Agility & flexibility Rate of technology change USE CASES Information capture, workflow management Education where & when needed Case advice Map
© 2015 IBM Corporation 16 Big Data / Analytics DRIVERS Drowning in Data Insight for SMARTER More UNRELIABLE data USE CASES Citizen Sentiment Predictive Policing OSINT augmentation Open Source Internal Sources Intelligence Analysis SIGINT BiometricsEmail GeoINT Telephone Records Data Records
© 2015 IBM Corporation 17 Social Business DRIVERS Use of Social Channels Smart Employment Personnel Rotation USE CASES Citizen Sentiment Counter Terrorism Knowledge Retention Gather INTELLIGENCE •Social Media as OSINT •Individuals, Groups, Events •Supplement traditional sources Efficient WORKING •Breaking down Silos •Collaboration •“Self help” Culture Leverage KNOWLEDGE •Access to Experts, Content •Collaborative Ventures •Enables Innovation Positive IMAGE •Promotion / marketing •Recruiting •Citizen engagement InternalExternal
© 2015 IBM Corporation 18 Systems of Engagement  Collaborative  Interaction oriented  User centric  Unpredictable  Dynamic Big Data / Analytics Cloud Social Business Mobile
© 2015 IBM Corporation 19 Use Case – European Air Force Secure Mobile CHALLENGE •Support Organisational Transformation •HQ Task Distribution •Senior Staff demanding Mobile Access SOLUTION •IBM Connections •MS Sharepoint Integration •MaaS 360 based Tablet Security BENEFITS •Improved work efficiency •Consistent & timely information access •Secure MODERN tablet
© 2015 IBM Corporation 20 The Millennial Generation EXPECT . . . to embrace technology for improved productivity and simplicity in their personal lives tools that seem made for and by them freedom of choice, embracing change and innovation INNOVATE . . . •Actively involve a large user population •Work at Internet Scale and Speed •Discover the points of value via iteration •Engage the Millennial generation
© 2015 IBM Corporation Smart Phones (& Tablets) . . . 21  Used in the same way as a personal computer  Ever increasing functionality (app store culture) . . .  . . . and often more accessible architectures  Offer “anywhere” banking, social media, e-mail . . .  Include non-PC (!) features Context, MMS, TXT  Emergence of authentication devices
© 2015 IBM Corporation . . . are harder to defend ? . . . 22  Anti-virus software missing, or inadequate  Encryption / decryption drains the battery  Battery life is always a challenge  Stolen or “found” devices– easy to loose  Malware, mobile spyware, impersonation  Extends set of attack vectors  Much R&D into securing platform
© 2015 IBM Corporation . . . and Bring your Own Device now mainstream 23  Bring-your-own device expected  Securing corporate data  Additional complexities  Purpose-specific endpoints  Device Management
© 2015 IBM Corporation Social Media – Lifestyle Centric Computing 24 www.theconversationprism.com  Different Channels  Web centric  Conversational  Personal  Open  Explosive growth
© 2015 IBM Corporation Social Media – Special Security Challenges 25Source: Digital Shadows, Sophos, Facebook  Too much information  Online impersonation  Trust / Social Engineering / PSYOP  Targeting (Advanced, Persistent Threat) Source: Digital Shadows, Sophos, Facebook
© 2015 IBM Corporation A Smarter Approach to countering cyber crime
© 2015 IBM Corporation 27 Balance Technical Mitigation Better firewalls Improved anti-virus Advanced Crypto People Mitigation Leadership Education Culture Process
© 2015 IBM Corporation 28  Monitor threats  Understand (your) systems  Assess Impact & Probability  Design containment mechanisms  Don’t expect perfect defences  Containment & quarantine planning  Learn & improve Risk Management Approach
© 2015 IBM Corporation Securing a Mobile Device DEVICE •Enrolment & access control •Security Policy enforcement •Secure data container •Remote wipe TRANSACTION •Allow transactions on individual basis •Device monitoring & event detection •Sever risk engine – allow, restrict, flag for review APPLICATION •Endpoint management – software •Application: secure by design •Application scanning for vulnerabilities ACCESS •Enforce access policies •Approved devices and users •Context aware authorisation 29
© 2015 IBM Corporation Secure, Social Business 30 LEADERSHIP •More senior, most impact •Important to leader, important to all •Setting “tone” for culture CULTURE •Everyone knows importance AND risk •Full but SAFE usage •Mentoring PROCESS •What’s allowed, what’s not •Internal & external usage •Smart, real time black listing EDUCATION •Online education (benefits, risks) •Annual recertification •For all, at all levels
© 2015 IBM Corporation The Future & Concluding Remarks What next . . .
© 2015 IBM Corporation 32 Global Technology Outlook – Beyond Systems of Engagement
© 2015 IBM Corporation 33 Contextual, Adaptive Security Monitor and Distill Correlate and Predict Adapt and Pre-empt Security 3.0 Risk Prediction and Planning Encompassing event correlation, risk prediction, business impact assessment and defensive strategy formulation Multi-level monitoring & big data analytics Ranging from active, in device to passive monitoring Adaptive and optimized response Adapt network architecture, access protocols / privileges to maximize attacker workload
© 2015 IBM Corporation 34 1. Are you ready to respond to a cyber crime or security incident and quickly remediate? 2. Do you have the visibility and analytics needed to monitor threats? 3. Do you know where your corporate crown jewels are and are they adequately protected? 4. Can you manage your endpoints from servers to mobile devices and control network access? 5. Do you build security in and continuously test all critical web/mobile applications? 6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise? 7. Do you have a risk aware culture and management system that can ensure compliance? Fitness for Purpose
© 2015 IBM Corporation 35 1. Many Similarities – Cyber Crime vs Security – Threat Sophistication 2. Social Business & Mobile offer transformational value 3. New vulnerabilities need to be understood to be mitigated 4. Mitigation needs to be balanced, risk management based and “designed in” Summary
© 2015 IBM Corporation Thanks John Palfreyman, IBM 2dsegma@uk.ibm.com

Recommandé

Smarter Cyber Security
Smarter Cyber SecuritySmarter Cyber Security
Smarter Cyber Security
John Palfreyman
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
John Palfreyman
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM Security
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
IBM Security
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail Industry
IBM Security
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your Employees
Neil Kemp
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
IBM Security
 

Recommandé

Smarter Cyber Security
Smarter Cyber SecuritySmarter Cyber Security
Smarter Cyber Security
John Palfreyman
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
John Palfreyman
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM Security
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
IBM Security
 
Security Trends in the Retail Industry
Security Trends in the Retail IndustrySecurity Trends in the Retail Industry
Security Trends in the Retail Industry
IBM Security
 
Top 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your EmployeesTop 2016 Mobile Security Threats and your Employees
Top 2016 Mobile Security Threats and your Employees
Neil Kemp
 
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Ba...
IBM Security
 
Bordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareBordless Breaches and Migrating Malware
Bordless Breaches and Migrating Malware
Sarah Freemantle
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
IBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
IBM Security
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
IBM Security
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
Vince Verbeke
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
IT Governance Ltd
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
IBM Security
 
Presentación AMIB Los Cabos
Presentación AMIB Los CabosPresentación AMIB Los Cabos
Presentación AMIB Los Cabos
Juan Carlos Carrillo
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud access
AGILLY
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Ekonomikas ministrija
 
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
Andris Soroka
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't See
IBM Security
 
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceLevel Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
IBM Security
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the Decade
IRJET Journal
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_final
Christopher Wang
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of Engagement
John Palfreyman
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
Don Grauel
 
Cyber security and Homeland security
Cyber security and Homeland securityCyber security and Homeland security
Cyber security and Homeland security
ADGP, Public Grivences, Bangalore
 
SITE-rminology
SITE-rminologySITE-rminology
SITE-rminology
Keanna Rae Mejia
 
Reglamento del aprendiz sena
Reglamento del aprendiz senaReglamento del aprendiz sena
Reglamento del aprendiz sena
Larry-97
 

Contenu connexe

Tendances

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
IBM Security
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
IBM Security
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
IBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud access
AGILLY
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't See
IBM Security
 
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceLevel Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
IBM Security
 

Tendances (20)

Bordless Breaches and Migrating Malware
Bordless Breaches and Migrating MalwareBordless Breaches and Migrating Malware
Bordless Breaches and Migrating Malware
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
 
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection SuiteThe Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
The Next Stage of Fraud Protection: IBM Security Trusteer Fraud Protection Suite
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Mobile Security for Smartphones and Tablets
Mobile Security for Smartphones and TabletsMobile Security for Smartphones and Tablets
Mobile Security for Smartphones and Tablets
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
Presentación AMIB Los Cabos
Presentación AMIB Los CabosPresentación AMIB Los Cabos
Presentación AMIB Los Cabos
 
Simple and secure mobile cloud access
Simple and secure mobile cloud accessSimple and secure mobile cloud access
Simple and secure mobile cloud access
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
 
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
 
Tolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't SeeTolly Report: Stopping Attacks You Can't See
Tolly Report: Stopping Attacks You Can't See
 
Level Up Your Security with Threat Intelligence
Level Up Your Security with Threat IntelligenceLevel Up Your Security with Threat Intelligence
Level Up Your Security with Threat Intelligence
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the Decade
 
Telefónica security io_t_final
Telefónica security io_t_finalTelefónica security io_t_final
Telefónica security io_t_final
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of Engagement
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Cyber security and Homeland security
Cyber security and Homeland securityCyber security and Homeland security
Cyber security and Homeland security
 

En vedette

Reglamento del aprendiz sena
Reglamento del aprendiz senaReglamento del aprendiz sena
Reglamento del aprendiz sena
Larry-97
 
Health Total
Health TotalHealth Total
Health Total
AlisiaG
 
Idea presentation for economics
Idea presentation for economics Idea presentation for economics
Idea presentation for economics
BritneyBondin
 
I viaggi di passione avventura
I viaggi di passione avventuraI viaggi di passione avventura
I viaggi di passione avventura
Fabio Bonfante
 

En vedette (20)

SITE-rminology
SITE-rminologySITE-rminology
SITE-rminology
 
Reglamento del aprendiz sena
Reglamento del aprendiz senaReglamento del aprendiz sena
Reglamento del aprendiz sena
 
Redes sociales y empleo 2015
Redes sociales y empleo 2015Redes sociales y empleo 2015
Redes sociales y empleo 2015
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 
Internet Then and Now
Internet Then and NowInternet Then and Now
Internet Then and Now
 
Database Component
Database ComponentDatabase Component
Database Component
 
Maria Grazia Maffucci - relazione reti: progettazione per obiettivi
Maria Grazia Maffucci - relazione reti: progettazione per obiettiviMaria Grazia Maffucci - relazione reti: progettazione per obiettivi
Maria Grazia Maffucci - relazione reti: progettazione per obiettivi
 
Expression Filters
Expression FiltersExpression Filters
Expression Filters
 
Quartz component
Quartz componentQuartz component
Quartz component
 
Absolute Vacation Club
Absolute Vacation ClubAbsolute Vacation Club
Absolute Vacation Club
 
Until Successful Component
Until Successful ComponentUntil Successful Component
Until Successful Component
 
Mule Message Properties Component
Mule Message Properties ComponentMule Message Properties Component
Mule Message Properties Component
 
Maria Grazia Maffucci - analisi libri
Maria Grazia Maffucci - analisi libriMaria Grazia Maffucci - analisi libri
Maria Grazia Maffucci - analisi libri
 
Stratégie hospitalière de lutte contre les violences faites aux femmes
Stratégie hospitalière de lutte contre les violences faites aux femmesStratégie hospitalière de lutte contre les violences faites aux femmes
Stratégie hospitalière de lutte contre les violences faites aux femmes
 
Health Total
Health TotalHealth Total
Health Total
 
Idea presentation for economics
Idea presentation for economics Idea presentation for economics
Idea presentation for economics
 
Disol
DisolDisol
Disol
 
Museos y rrss etpm 2016
Museos y rrss etpm 2016Museos y rrss etpm 2016
Museos y rrss etpm 2016
 
Maria Grazia Maffucci - progettazione per obiettivi
Maria Grazia Maffucci - progettazione per obiettiviMaria Grazia Maffucci - progettazione per obiettivi
Maria Grazia Maffucci - progettazione per obiettivi
 
I viaggi di passione avventura
I viaggi di passione avventuraI viaggi di passione avventura
I viaggi di passione avventura
 

Similaire à Securing Systems of Engagement

Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
IBM Security
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
IBM Security
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
IBM Security
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
IBM Security
 
8 Principales Raisons de Passer du MDM à l'EMM
8 Principales Raisons de Passer du MDM à l'EMM8 Principales Raisons de Passer du MDM à l'EMM
8 Principales Raisons de Passer du MDM à l'EMM
AGILLY
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
IBM Security
 

Similaire à Securing Systems of Engagement (20)

Cyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed WorldCyber crime in a Smart Phone & Social Media Obsessed World
Cyber crime in a Smart Phone & Social Media Obsessed World
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
Security (Ignorance) Isn't Bliss: 5 Ways to Advance Security Decisions with T...
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?2015 Mobile Security Trends: Are You Ready?
2015 Mobile Security Trends: Are You Ready?
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting
 
Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet Ola Wittenby - Hotlandskapet på Internet
Ola Wittenby - Hotlandskapet på Internet
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
8 Principales Raisons de Passer du MDM à l'EMM
8 Principales Raisons de Passer du MDM à l'EMM8 Principales Raisons de Passer du MDM à l'EMM
8 Principales Raisons de Passer du MDM à l'EMM
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
 
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael MontecilloLuncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
Luncheon - 2016-05-19 IBM Security - Threat Intelligence by Michael Montecillo
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajan
 

Dernier

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Securing Systems of Engagement

  • 1. © 2015 IBM Corporation Securing Systems of Engagement . . With the meteoric rise in the usage of smartphones and social media V1, 1 May15 John Palfreyman, IBM
  • 2. © 2015 IBM Corporation 2 1. Cyber Security & Cyber Crime in Context 2. Technology & Business Landscape 3. A Smarter Approach 4. The Future & Concluding Remarks Agenda
  • 3. © 2015 IBM Corporation Cyber Security & Cyber Crime in Context Who are the bad guys & what are they up to?
  • 4. © 2015 IBM Corporation 4 Cyber Security – IBM Definition Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
  • 5. © 2015 IBM Corporation 5 Cyber Security - Expanded Hacking Malware Botnets Denial of Service Trojans Cyber-dependent crimes Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
  • 6. © 2015 IBM Corporation 6 Cyber Crime Hacking Malware Botnets Denial of Service Trojans Cyber-dependent crime Fraud Bullying Theft Sexual Offences Trafficking Drugs Cyber-enabled crime Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13
  • 7. © 2015 IBM Corporation 7  Confusion & hype abound  Common attack methods  Common methods of defense / counter / investigation  Data > Insight chain  Prosecution – burden of evidence  Learning & sharing possible, but patchy Cyber Security & (counter) Cyber Crime
  • 8. © 2015 IBM Corporation 8 Cyber Threat MOTIVATION S O P H I S T I C A T I O N National Security, Economic Espionage Notoriety, Activism, Defamation Hacktivists Lulzsec, Anonymous Monetary Gain Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack Nuisance, Curiosity Insiders, Spammers, Script-kiddies Nigerian 419 Scams, Code Red Nation-state actors, APTs Stuxnet, Aurora, APT-1
  • 9. © 2015 IBM Corporation A new type of threat Attacker generic Malware / Hacking / DDoS IT Infrastructure Traditional Advanced Persistent Threat Critical data / infrastructure Attacker !
  • 10. © 2015 IBM Corporation 10 Attack Phases 11 Break-in Spear phishing and remote exploits to gain access Command & Control (CnC) 22 Latch-on Malware and backdoors installed to establish a foothold 33 Expand Reconnaissance & lateral movement increase access & maintain presence 44 Gather Acquisition & aggregation of confidential data Command & Control (CnC) 55 Exfiltrate Get aggregated data out to external network(s)
  • 11. © 2015 IBM Corporation IBM X-Force 11 March 2015IBM Security Systems IBM X-Force Threat Intelligence Quarterly, 1Q 2015 Explore the latest security trends—from “designer vulns” to mutations in malware— based on 2014 year-end data and ongoing research
  • 12. © 2015 IBM Corporation Technology & Business Landscape New opportunities for cyber crime!
  • 13. © 2015 IBM Corporation 13 Smarter Planet Instrumented – Interconnected - Intelligent
  • 14. © 2015 IBM Corporation 14 Cloud DRIVERS Speed & agility Fast Innovation CAPEX to OPEX USE CASES SCM, HR, CRM as a SERVICE Predictive Analytics as a SERVICE
  • 15. © 2015 IBM Corporation 15 Mobile DRIVERS Mobility in Business Agility & flexibility Rate of technology change USE CASES Information capture, workflow management Education where & when needed Case advice Map
  • 16. © 2015 IBM Corporation 16 Big Data / Analytics DRIVERS Drowning in Data Insight for SMARTER More UNRELIABLE data USE CASES Citizen Sentiment Predictive Policing OSINT augmentation Open Source Internal Sources Intelligence Analysis SIGINT BiometricsEmail GeoINT Telephone Records Data Records
  • 17. © 2015 IBM Corporation 17 Social Business DRIVERS Use of Social Channels Smart Employment Personnel Rotation USE CASES Citizen Sentiment Counter Terrorism Knowledge Retention Gather INTELLIGENCE •Social Media as OSINT •Individuals, Groups, Events •Supplement traditional sources Efficient WORKING •Breaking down Silos •Collaboration •“Self help” Culture Leverage KNOWLEDGE •Access to Experts, Content •Collaborative Ventures •Enables Innovation Positive IMAGE •Promotion / marketing •Recruiting •Citizen engagement InternalExternal
  • 18. © 2015 IBM Corporation 18 Systems of Engagement  Collaborative  Interaction oriented  User centric  Unpredictable  Dynamic Big Data / Analytics Cloud Social Business Mobile
  • 19. © 2015 IBM Corporation 19 Use Case – European Air Force Secure Mobile CHALLENGE •Support Organisational Transformation •HQ Task Distribution •Senior Staff demanding Mobile Access SOLUTION •IBM Connections •MS Sharepoint Integration •MaaS 360 based Tablet Security BENEFITS •Improved work efficiency •Consistent & timely information access •Secure MODERN tablet
  • 20. © 2015 IBM Corporation 20 The Millennial Generation EXPECT . . . to embrace technology for improved productivity and simplicity in their personal lives tools that seem made for and by them freedom of choice, embracing change and innovation INNOVATE . . . •Actively involve a large user population •Work at Internet Scale and Speed •Discover the points of value via iteration •Engage the Millennial generation
  • 21. © 2015 IBM Corporation Smart Phones (& Tablets) . . . 21  Used in the same way as a personal computer  Ever increasing functionality (app store culture) . . .  . . . and often more accessible architectures  Offer “anywhere” banking, social media, e-mail . . .  Include non-PC (!) features Context, MMS, TXT  Emergence of authentication devices
  • 22. © 2015 IBM Corporation . . . are harder to defend ? . . . 22  Anti-virus software missing, or inadequate  Encryption / decryption drains the battery  Battery life is always a challenge  Stolen or “found” devices– easy to loose  Malware, mobile spyware, impersonation  Extends set of attack vectors  Much R&D into securing platform
  • 23. © 2015 IBM Corporation . . . and Bring your Own Device now mainstream 23  Bring-your-own device expected  Securing corporate data  Additional complexities  Purpose-specific endpoints  Device Management
  • 24. © 2015 IBM Corporation Social Media – Lifestyle Centric Computing 24 www.theconversationprism.com  Different Channels  Web centric  Conversational  Personal  Open  Explosive growth
  • 25. © 2015 IBM Corporation Social Media – Special Security Challenges 25Source: Digital Shadows, Sophos, Facebook  Too much information  Online impersonation  Trust / Social Engineering / PSYOP  Targeting (Advanced, Persistent Threat) Source: Digital Shadows, Sophos, Facebook
  • 26. © 2015 IBM Corporation A Smarter Approach to countering cyber crime
  • 27. © 2015 IBM Corporation 27 Balance Technical Mitigation Better firewalls Improved anti-virus Advanced Crypto People Mitigation Leadership Education Culture Process
  • 28. © 2015 IBM Corporation 28  Monitor threats  Understand (your) systems  Assess Impact & Probability  Design containment mechanisms  Don’t expect perfect defences  Containment & quarantine planning  Learn & improve Risk Management Approach
  • 29. © 2015 IBM Corporation Securing a Mobile Device DEVICE •Enrolment & access control •Security Policy enforcement •Secure data container •Remote wipe TRANSACTION •Allow transactions on individual basis •Device monitoring & event detection •Sever risk engine – allow, restrict, flag for review APPLICATION •Endpoint management – software •Application: secure by design •Application scanning for vulnerabilities ACCESS •Enforce access policies •Approved devices and users •Context aware authorisation 29
  • 30. © 2015 IBM Corporation Secure, Social Business 30 LEADERSHIP •More senior, most impact •Important to leader, important to all •Setting “tone” for culture CULTURE •Everyone knows importance AND risk •Full but SAFE usage •Mentoring PROCESS •What’s allowed, what’s not •Internal & external usage •Smart, real time black listing EDUCATION •Online education (benefits, risks) •Annual recertification •For all, at all levels
  • 31. © 2015 IBM Corporation The Future & Concluding Remarks What next . . .
  • 32. © 2015 IBM Corporation 32 Global Technology Outlook – Beyond Systems of Engagement
  • 33. © 2015 IBM Corporation 33 Contextual, Adaptive Security Monitor and Distill Correlate and Predict Adapt and Pre-empt Security 3.0 Risk Prediction and Planning Encompassing event correlation, risk prediction, business impact assessment and defensive strategy formulation Multi-level monitoring & big data analytics Ranging from active, in device to passive monitoring Adaptive and optimized response Adapt network architecture, access protocols / privileges to maximize attacker workload
  • 34. © 2015 IBM Corporation 34 1. Are you ready to respond to a cyber crime or security incident and quickly remediate? 2. Do you have the visibility and analytics needed to monitor threats? 3. Do you know where your corporate crown jewels are and are they adequately protected? 4. Can you manage your endpoints from servers to mobile devices and control network access? 5. Do you build security in and continuously test all critical web/mobile applications? 6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise? 7. Do you have a risk aware culture and management system that can ensure compliance? Fitness for Purpose
  • 35. © 2015 IBM Corporation 35 1. Many Similarities – Cyber Crime vs Security – Threat Sophistication 2. Social Business & Mobile offer transformational value 3. New vulnerabilities need to be understood to be mitigated 4. Mitigation needs to be balanced, risk management based and “designed in” Summary
  • 36. © 2015 IBM Corporation Thanks John Palfreyman, IBM 2dsegma@uk.ibm.com

Notes de l'éditeur

  1. Traditionally, the attackers came from the Internet. They usually used some standard or generic malware, hacking technique or ddos tool, attacked critical infrastructure and tested what they could get their hands on. With that scenario, protecting the infrastructure was usually sufficient. With APT, this scenario has changed. Attackers are looking for specific data or infrastructure to target and they are very persistent in getting there. They are still using some kind of malware or exploit to get there, but they are usually very advanced, zero day versions, and often employ multiple exploits at once. And the number of possible entry points has increased greatly – there are still servers to be attacked, but also desktop PCs, mobile devices such as laptops and mobile phones (often vulnerable and with closed systems, e.g. iPhone) and entry points such as social networks, which are all connected in some way these days. And the attack might not come from the Internet alone anymore – malware inserted through USB sticks is an emerging threat.