Ya no alcanza con proteger el perímetro. Los ataques avanzados aprovechan servidores, pcs, notebooks, tabletas y teléfonos “débiles” para propagarse y conseguir sus objetivos. En esta presentación entenderás por qué los “endpoints” se consideran “el nuevo perímetro” y cómo hacer para mitigar los riesgos.
2. 2
BC Super Maratón 2016
2 | BC SuperMaratón 2016
Sesión # 6
Gestión de Seguridad de dispositivos: asegurando el nuevo
perímetro
3. 3
BC Super Maratón 2016
3
Agenda
Los temas de preocupación en la seguridad
El sistema de seguridad inmune
Seguridad en los endpoints
Cobertura operativa y de seguridad
Beneficios
4. 4
BC Super Maratón 2016
4
Temas claves en el ámbito de la seguridad
Detener amenazas avanzadas
Usar seguridad analítica e integrada
Proteger activos críticos
Usar controles que prevengan acceso no autorizado y
pérdida de datos
Resguardar la nube y los dispositivos
móviles
Fortalecer la postura de seguridad y facilitar la
apertura de la red
Optimizar el programa de seguridad
Pasar del “compliance” a la gestión de riesgos
5. 5
BC Super Maratón 2016
5
La seguridad como sistema inmune
Application security
management
Application scanning
Incident and threat management
Device management
Transaction protection
Log, flow and
data analysis
Vulnerability
assessment
Security researchSandboxing
Firewalls
Anomaly detection
Antivirus
Fraud protection
Criminal
detection
Network visibility
Virtual patching
Content security
Data access control
Data monitoringIdentity management
Access management
Entitlements and roles
Privileged identity management
Endpoint patching and
management
Malware protection
6. 6
BC Super Maratón 2016
6
Cloud
Firewalls
Incident and threat management
Virtual patching
Sandboxing
Network visibility
Data access control
Data monitoring
Malware protection
Antivirus
Endpoint patching and management
Criminal detection
Fraud protection
Security Research
Access management
Entitlements and roles
Identity management
Privileged identity management
Application security
management
Application scanning
Transaction protection
Device management
Content security
Log, flow and
data analysis
Vulnerability
assessment
Anomaly detection
Security
Intelligence
La seguridad como sistema inmune
7. 7
BC Super Maratón 2016
Por qué atacar las redes protegidas si puedo entrar
fácimente con los empleados a través de sus
dispositivos?
de todos los cyber ataques se
originan en un endpoint55%
8. 8
BC Super Maratón 2016
Una mala gestión de parches es el mayor
precursor de los ataques de seguridad
75%
de los ataques usan vulnerabilidades conocidas
que podrían prevenirse a través de los parches.
de las vulnerabilidades explotadas se
aprovecharon un año después de que se
publicara el CVE (Common Vulnerabilities and
Exposures)
99.9%
9. 9
BC Super Maratón 2016
Las herramientas actuales
fallan al securizar dispositivos
Equipos de seguridad y de operaciones separados
Herramientas dispares y procesos manuales
Poca visibilidad en ambientes altamente distribuidos
10. 10
BC Super Maratón 2016
División entre equipos de seguridad y de operaciones
SEGURIDAD OPERACIONES DE TI
• Escaneo de situación de Compliance
• Identificar Vulnerabilidades
• Creación de políticas de seguridad
• Aplicar parches y fixes
• Implementar las políticas de seguridad y
operaciones
• Proceso manual que lleva semanas y meses
Herramientas distintas, procesos manuales, falta de integración y poca visibilidad
11. 11
BC Super Maratón 2016
Aporte en la integración de Seguridad y Operaciones
ENDPOINT
SECURITY
Discovery
and Patching
Lifecycle
Management
Software Compliance and Usage
Continuous
Monitoring
Threat
Protection
Incident
Response
ENDPOINT
MANAGEMENT
IBM BigFix®
FIND IT. FIX IT. SECURE IT.
…FAST
Shared visibility and control between IT
Operations
and Security
IT OPERATIONS SECURITY
Reduce operational costs while improving your security posture
12. 12
BC Super Maratón 2016
Lifecycle Inventory Patch Compliance Protection
Ayuda a encontrar y
arreglar problemas en
minutos en todos los
endpoints.
Mantiene un
inventario de todo el
software, siempre
listo para auditorías y
compliance de
licencias.
Automatiza y
simplifica el proceso
de patching desde
una única consola.
Analiza la seguridad
de los endpoints y
refuerza el
compliance continuo.
Protección casi en
tiempo real de
malware y otras
amenazas.
IT OPERATIONS SECURITY
IBM BigFix®
FIND IT. FIX IT. SECURE IT… FAST
13. 13
BC Super Maratón 2016
IBM BigFix – Los Módulos
Lifecycle Inventory Patch Compliance Protection
Patch Mgmt
Asset Discovery
SW Distribution
Advance Patching
Remote Control
OS Deployment
Power Mgmt
Sequenced Task
Automation
SW/HW Inventory
SW Usage Reporting
Software Catalogue
Correlation
SW Tagging
OS Patching
3rd party App Patching
Offline Patching
Patch Mgmt
Sec Config Mgmt
Vuln Assessment
Comp Analytics
3rd Party AV Mgmt
Self Quarantine
Add-on:
PCI DSS
Anti-Malware
Firewall
Add-on:
Data Loss Prevention
& Device Control
IT OPERATIONS SECURITY
IBM BigFix®
FIND IT. FIX IT. SECURE IT… FAST
Available as
“Starter Kit”
14. 14
BC Super Maratón 2016
IBM is the ONLY vendor leading in all three Magic Quadrants!
Enterprise Mobility
Management Suites
Client Management
Tools
Security Information
and Event Management
IBM is a LEADER in Endpoint Management, Mobility and Security
LEADER - Four Years in a ROW!!
15. 15
BC Super Maratón 2016
15
Resumen de beneficios
Eficiencia y costos:
• Aumento en la tasa de éxito de patcheo: del 40% al 98%
• Reducción en el tiempo de patcheo y actualización: de días a horas y minutos
• Reducción de costo anual en licencias
• Reducción/eliminación de costos de compliance
Características claves:
• Vea a todos los endpoints en tiempo real (servidores remotos, laptops distribuidas, MACs, ATMs, POS, Kioskos e
inclusive dispositivos móviles)
• Consolidar herramientas y procesos entre plataformas
• Entregue parches para Windows, UNIX, Linux y Mac OS y para aplicaciones para proveedores incluyendo Adobe,
Mozilla, Apple y Java.
• Entregue parches para distribuir a los endpoints sin importar su ubicación, tipo de conexión o estado.
• Entregue/actualice el software a todos los usuarios sin esperar a que visiten las oficinas.
• Identifique qué software está instalado dónde
16. 16
BC Super Maratón 2016
16
Resumen de beneficios (cont)
Compliance:
• Automatice el auto-análisis, no se requiere escaneo centralizado ni remoto (más de 11000 chequeos out-of-the-
box, 90+ sistemas operativos)
• Refuerce continuamente el cumplimiento de políticas de seguridad, regulatorias y operacionales.
• Remedie problemas poniendo en cuarentena, parcheando o reconfigurando endpoints en tiempo real.
Integración:
• Extienda el alcance y capacidades de IBM QRadar, para que pueda ver inmediatamente si alguien está tratando de
explotar una vulnerabilidad
• En base a alertas desde IBM QRadar, el equipo de seguridad puede remediar una vulnerabilidad usando IBM BigFix
17. 17
BC Super Maratón 2016
17 | BC SuperMaratón 2016
Muchas gracias!
Contáctanos:
info@xelere.com
www.xelere.com
Notes de l'éditeur
Companies have been building up their security arsenals for the past 20 years - what do you see? A jumbled mess of scattered tools…chaos. This is actually what most IT environments look like today, which adds to the complexity.
Click 1: Let’s think about a security portfolio in a more organized fashion, structured around domains, with core discipline of security intelligence in the middle to make sense of threats using logs, data, threats, flows, packets, etc.
Click 2: And it’s not integrated until they start talking to each, sending the important info across the environment to make sense of threats. And you start to see the Immune system metaphor. Different organs as your layers of defense, working together, interconnected points to automate policies and block threats. When you get a cold or virus, these are the organs that understand the virus and send data up through your central nervous system (security intelligence) to create white blood cells / antibodies to gather info, prioritize and take actions. This is what’s called the “Immune Response”.
Click 3: And it’s not fully integrated until you sit on top of a partner ecosystem that allows collaboration across companies and competitors, to understand global threats and data, and adapt to new threats.
Integration can help increase visibility. Notice how capabilities organize around their domains. You’ll start to get an idea of how this immune system works. Like a body fighting a virus, there are different parts of a security portfolio working at once…
<Click> And it’s not a complete immune system until these domain capabilities can interact, communicate, and integrate with one another across your hybrid IT environments; Extending beyond your company walls across your entire ecosystem.
Employees and the endpoints they are using are the weakest link. In fact, one study found that 58% of breaches were caused by employees.
From an attackers perspective, why would they go after the well fortified areas when they can march into an office with the employee?
If users are not aware of safe computing practices, they can inadvertently undermine significant investments in information security just by clicking on the wrong link or visiting an insecure website. A lack of user awareness is a key shortcoming during ransomware-related engagements. A well-trained workforce is a very inexpensive multiplier for an organization’s security investment.
Many organizations, including IBM, are simulating phising attacks to create ‘teachable moments.’ (ex simulate an email coming from HR). This can help educate employees and limit the attack surface.
We hear from many customers that they are running multiple tools across multiple vendors and none of them talk to each other. This is highly disruptive and unproductive when it comes to securing your enterprise.
1st source: http://csis.org/publication/raising-bar-cybersecurity
2nd source: Verizon Data Breach Investigation Report 2015
99.9% of vulnerabilities exploited more than 1 year after CVE published ie clients not taking patching seriously.
Almost half of new CVE’s are exploited in the first 4 weeks.
Organizations are challenged in effectively disrupting the attack chain as security stakeholders are typically siloed and manual security processes are used.
The Attack Chain:
Break-in: Attacker sends a phishing email to an unsuspecting user, a link is clicked, an exploit is sent to the browser
Latch-on: Remote employee executes untrusted code from an attachment, which tries to download and install malware
Expand: Attacker finds a way in and tries to search for usernames and passwords to access critical systems
Gather: Internal system attempts to access and export data from critical resources
Exfiltrate: Malware made its way through an unprotected system and attempts to quietly siphon out data
Organizations are challenged in effectively disrupting the attack chain as security stakeholders are typically siloed and manual security processes are used.
The Attack Chain:
Break-in: Attacker sends a phishing email to an unsuspecting user, a link is clicked, an exploit is sent to the browser
Latch-on: Remote employee executes untrusted code from an attachment, which tries to download and install malware
Expand: Attacker finds a way in and tries to search for usernames and passwords to access critical systems
Gather: Internal system attempts to access and export data from critical resources
Exfiltrate: Malware made its way through an unprotected system and attempts to quietly siphon out data
Note: This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.The Gartner report is available upon request from IBM. G00264801.
Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.