SlideShare une entreprise Scribd logo

Battling the Dangers Within: How to Win Against Insider Threats

Télécharger en tant que PPTX, PDF
IBM Security
IBM Security

View on-demand webinar: https://securityintelligence.com/events/battling-the-dangers-within-how-to-win-against-insider-threats/ While you’re busy guarding the perimeter of your enterprise, insiders can cause significant damage and financial loss by stealing or exposing highly sensitive data. Whether breaches are caused by malicious individuals, trusted third parties or just careless employees, insiders can compromise your organization’s reputation and disrupt business operations. Battling these threats should be at the top of your security agenda. Fortunately, there are a number of steps you can take and security solutions you can deploy, such as Privileged Identity Management (PIM), to thwart insider threats. View this on-demand webinar to learn from our experts how using a multi-layered approach against insider threats can effectively secure your company from the inside out.

Technologie
1  sur  24
© 2015 IBM Corporation Michelle Alvarez, Researcher/Editor, Threat Research Group Robin Cohan – IBM Identity Product Manager Battling the Dangers Within: How to Win Against Insider Threats Click here to download our whitepaper: “Stay Ahead of Insider Threats with Predictive, Intelligent Security”
2© 2015 IBM Corporation  The problem of Insider Threat – the Research  Addressing Insider Threat Requires a Multi-layered Solution  Fighting Insider Threats with IBM Security solutions  Learn more – IBM Security information resources  Questions Today’s Agenda
3© 2015 IBM Corporation “Human error-related breaches can cost a U.S. organization up to $1.5 million.” – Source: Raytheon | Websense Survey on Unintentional Insider Risk, July 2015 48% of C-level executives rank rogue or privileged insiders as the top threat to their sensitive data --- Source: IBM X-Force 2015 Trend and Risk Report  Insider fraud is a common occurrence. On average, organizations have had approximately 55 employee related incidents of fraud in the past 12 months. Source: The Ponemon Institute  36% of breaches stem from inadvertent misuse of data by employees. – Forrester report “Understand the State of Data Security and Privacy” Insider Threats are on the rise and caused by Trusted Identity misuse By Karen A. Frenkel CIO Insights.com | Posted 08-19-2015
© 2015 IBM Corporation Insider Threats: The Research IBM Security Managed Security Services Michelle Alvarez, Researcher/Editor, Threat Research Group
5© 2015 IBM Corporation New classifications of Insider Threats Disgruntled employees Malicious insiders Inadvertent insiders Quasi-insiders Traditionally, “insider threats” meant disgruntled or negligent employees were inflicting harm to the company’s assets; today many different classifications have come forward
6© 2015 IBM Corporation Recent data from IBM Security Services shows 55% of all attacks were found to be carried out by malicious insiders or inadvertent actors Source: IBM 2015 Cyber Security Intelligence Index, Figure 4
7© 2015 IBM Corporation Survey Results: Privileged Insiders pose a security threat every day V2015-07-30 $6.5M average cost of a U.S. data breach 89% Source: 2015 Cost of Data Breach Study, Ponemon Institute of companies surveyed feel at least somewhat vulnerable to insider attacks Source: 2015 Vormetric Insider Threat Report
8© 2015 IBM Corporation Any insider, even those well intentioned, can inadvertently aid in an attack by clicking on a malicious link sent in a phishing email. Source: IBM X-Force Threat Intelligence Quarterly, 2Q 2015
9© 2015 IBM Corporation Physical security is just as important as digital monitoring Maintaining a rigorous security posture that considers not just digital but also physical security is key to protect against insider threats.
10© 2015 IBM Corporation Modern trends in enterprise computing increase the attack surface of people with trusted access • Trusted users with privileged access to systems housing critical business, PII and monetary assets • The digital connectivity of IoT opens up new entry points into physical systems. • Third party contractors or suppliers can widen the attack surface • Inadvertent insiders can merely click a malicious link Social Media Trends Attack Vectors Big data MobilityCloud
11© 2015 IBM Corporation
© 2015 IBM Corporation Fight back with IBM Security Solutions to help mitigate insider threats Robin Cohan – IBM Identity Product Manager
13© 2015 IBM Corporation Detecting and preventing insider threat a key focus for CISO today Solution Approach • Manage shared access and session recording for compliance • Block suspected activities in databases and endpoints • Detect user activities and anomalies proactively Data Source Host Application Environment Privileged Access Vault Detect Insider Threats Correlate monitored data activity with detected anomalies Control & audit privileged access within enterprise and cloud Mitigate credential theft and account takeovers with fraud & malware prevention On-going Activity Monitoring
14© 2015 IBM Corporation Solution: Establish layered privileged user management capabilities to thwart insider threat Govern and understand users permissions. Enable automated, role-based user lifecycle management and approval Trust but verify. Trust your privileged users but verify (monitor) their actions Ensure sensitive data are only accessed by properly authorized users Identify anomalous user behavior using context from across your environment Intelligence User Monitoring Credential Vault Privileged users’ devices must be patched and free from malware Endpoint Identity and Access Privileged User Data Secure repository for check-out of privileged access credentials
15© 2015 IBM Corporation IBM Security Identity and Access Management Solutions can help Capabilities to help organizations secure the enterprise identity as a new perimeter Datacenter Web Social Mobile Cloud Directory Services IBM Identity and Access Management Solutions and IBM Security Services Cloud Managed / Hosted Services Software-as-a- Service On Premise Appliances Identity Management • Identity Governance and Intelligence • User Lifecycle Management • Privileged Identity Control Access Management • Adaptive Access Control and Federation • Application Content Protection • Authentication and Single Sign On
16© 2015 IBM Corporation  Manage and audit the credentials and activities of shared privileged identities and accounts throughout the user lifecycle  Eliminate the need to share passwords and hardcode passwords in applications by using an automated privileged identity management solution  Discourage malfeasance and support compliance with session recording and replay support  Enhance security with strong authentication controls and SSO for high-risk account access  Improve ROI using common Identity Management across privileged and non-privileged activities  Reduce TCO and time to value with a scalable virtual appliance deployment IBM Security Privileged Identity Manager (PIM) manages access to privileged credentials IBM Security Privileged Identity Manager
17© 2015 IBM Corporation Harden Repositories • Encrypt and mask sensitive data • Archive / purge dormant data • Revoke dormant entitlements Identify Risk • Discover and classify sensitive data • Assess database vulnerabilities Monitor Access • Monitor and alert on attacks in real-time • Identify suspicious activity • Produce detailed compliance reports Protect Data • Prevent unauthorized access to sensitive data • Enforce change control Guardium can help Identify and protect sensitive data Safeguard your “crown jewels” and protect your brand
18© 2015 IBM Corporation Database access and configuration context Guardium QRadar Capabilities Risk-based User Management Benefits PIM and Guardium help give QRadar visibility into who performs what database actions • Guardium intelligently sends database security events to QRadar, including: SQL errors, failed logins, unauthorized access or modification to sensitive data, privilege escalations • QRadar can use database activity information in conjunction with security context data from PIM to create security alerts on suspicious activity • PIM can revoke user access to credentials • Monitor user activity accessing sensitive data • Verify that only legitimate privileged users are performing privileged functions on the databases and communicate anomalies back to the identity solution to remediate access as necessary • Consolidate activity data from Guardium , PIM and data repositories into QRadar, to provide a holistic view of data access. Privileged Identity Manager User-credential info and identity context
19© 2015 IBM Corporation The Bigger Picture: IBM Security Identity Governance, Privileged Identity Management , Activity Monitoring and Data Protection Segregation of Duties Identity Governance checks for SoD violations, including input from Guardium on “who can do what” on the DB Access Certification Identity Governance runs access certification campaigns to ensure validity of privileged access rights QRadar QRadar centrally monitors and correlates activity across the environment to detect anomalies Guardium monitors and audits privileged user access to sensitive DB objects Guardium Collectors Database Servers Application Servers PIM manages privileged user information & credential check-in/check- out Privileged Identity Manager Identity Governance and Admin
20© 2015 IBM Corporation  Others cannot match IBM’s broad security portfolio and layered security approach  PIM-Guardium integration for data protection • PIM approves access, controls credential checkout • Guardium monitors database activity – alerts QRadar on out-of-policy violations  QRadar integration provides end-to-end activity visibility • Comprehensive view of all endpoint activity • Comprehensive user activity view • Alert on abnormal behavior  PIM, SIM and IGA integration provides governance and lifecycle management • PIM includes full entitlement to Identity Manager (including all adapters) and SAM-ESSO • Complete lifecycle management of privileged users – shared privileged access and individual accounts • Identity Governance and Administration supports access review, role lifecycle management and segregation of duties administration  IBM Security threat research stays abreast of real-time threats – info used across IBM Security portfolio to focus detection and blocking activities IBM provides powerful tools against cybercrime!
21© 2015 IBM Corporation Case Study: Retailer fortifies gaps in privileged user access  Company – Large North American specialty retailer with over 1000 retail outlets  Challenges – Suffered public data breach – Top priority was to fortify privileged user access controls to sensitive data sources and esp. to secure privileged POS account access  IBM Solution – Combination of IBM Security Privileged Identity Manager and IBM Security Guardium database protection – Provides access governance of privileged identities, with closed loop monitoring and real time control of database access – Implementing regular password management of vulnerable privileged accounts – Win vs. Cyber-Ark  Why IBM? – Multi-layered approach for privileged access governance (ISPIM’s privileged user access governance) with real time monitoring (Guardium) – Reputation of IBM and trusted business partners as trusted security solution providers
22© 2015 IBM Corporation Learn more about IBM Security V2015-07-29 133 countries where IBM delivers managed security services 24 industry analyst reports rank IBM Security as a LEADER TOP 2 enterprise security software vendor in total revenue 12K clients protected including… 22 of the top 29 banks in Japan, North America, and Europe Visit our website IBM Security Website Watch our videos on YouTube IBM Security Channel Read new blog posts SecurityIntelligence.com Follow us on Twitter @ibmsecurity
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOUwww.ibm.com/security
© 2015 IBM Corporation The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers

Recommandé

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 

Recommandé

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Contenu connexe

Plus de IBM Security

Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017IBM Security
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemIBM Security
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 

Plus de IBM Security (20)

Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017Top 12 Cybersecurity Predictions for 2017
Top 12 Cybersecurity Predictions for 2017
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
 
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune SystemCybersecurity In The Cognitive Era: Priming Your Digital Immune System
Cybersecurity In The Cognitive Era: Priming Your Digital Immune System
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
 

Dernier

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Dernier (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

Battling the Dangers Within: How to Win Against Insider Threats

  • 1. © 2015 IBM Corporation Michelle Alvarez, Researcher/Editor, Threat Research Group Robin Cohan – IBM Identity Product Manager Battling the Dangers Within: How to Win Against Insider Threats Click here to download our whitepaper: “Stay Ahead of Insider Threats with Predictive, Intelligent Security”
  • 2. 2© 2015 IBM Corporation  The problem of Insider Threat – the Research  Addressing Insider Threat Requires a Multi-layered Solution  Fighting Insider Threats with IBM Security solutions  Learn more – IBM Security information resources  Questions Today’s Agenda
  • 3. 3© 2015 IBM Corporation “Human error-related breaches can cost a U.S. organization up to $1.5 million.” – Source: Raytheon | Websense Survey on Unintentional Insider Risk, July 2015 48% of C-level executives rank rogue or privileged insiders as the top threat to their sensitive data --- Source: IBM X-Force 2015 Trend and Risk Report  Insider fraud is a common occurrence. On average, organizations have had approximately 55 employee related incidents of fraud in the past 12 months. Source: The Ponemon Institute  36% of breaches stem from inadvertent misuse of data by employees. – Forrester report “Understand the State of Data Security and Privacy” Insider Threats are on the rise and caused by Trusted Identity misuse By Karen A. Frenkel CIO Insights.com | Posted 08-19-2015
  • 4. © 2015 IBM Corporation Insider Threats: The Research IBM Security Managed Security Services Michelle Alvarez, Researcher/Editor, Threat Research Group
  • 5. 5© 2015 IBM Corporation New classifications of Insider Threats Disgruntled employees Malicious insiders Inadvertent insiders Quasi-insiders Traditionally, “insider threats” meant disgruntled or negligent employees were inflicting harm to the company’s assets; today many different classifications have come forward
  • 6. 6© 2015 IBM Corporation Recent data from IBM Security Services shows 55% of all attacks were found to be carried out by malicious insiders or inadvertent actors Source: IBM 2015 Cyber Security Intelligence Index, Figure 4
  • 7. 7© 2015 IBM Corporation Survey Results: Privileged Insiders pose a security threat every day V2015-07-30 $6.5M average cost of a U.S. data breach 89% Source: 2015 Cost of Data Breach Study, Ponemon Institute of companies surveyed feel at least somewhat vulnerable to insider attacks Source: 2015 Vormetric Insider Threat Report
  • 8. 8© 2015 IBM Corporation Any insider, even those well intentioned, can inadvertently aid in an attack by clicking on a malicious link sent in a phishing email. Source: IBM X-Force Threat Intelligence Quarterly, 2Q 2015
  • 9. 9© 2015 IBM Corporation Physical security is just as important as digital monitoring Maintaining a rigorous security posture that considers not just digital but also physical security is key to protect against insider threats.
  • 10. 10© 2015 IBM Corporation Modern trends in enterprise computing increase the attack surface of people with trusted access • Trusted users with privileged access to systems housing critical business, PII and monetary assets • The digital connectivity of IoT opens up new entry points into physical systems. • Third party contractors or suppliers can widen the attack surface • Inadvertent insiders can merely click a malicious link Social Media Trends Attack Vectors Big data MobilityCloud
  • 11. 11© 2015 IBM Corporation
  • 12. © 2015 IBM Corporation Fight back with IBM Security Solutions to help mitigate insider threats Robin Cohan – IBM Identity Product Manager
  • 13. 13© 2015 IBM Corporation Detecting and preventing insider threat a key focus for CISO today Solution Approach • Manage shared access and session recording for compliance • Block suspected activities in databases and endpoints • Detect user activities and anomalies proactively Data Source Host Application Environment Privileged Access Vault Detect Insider Threats Correlate monitored data activity with detected anomalies Control & audit privileged access within enterprise and cloud Mitigate credential theft and account takeovers with fraud & malware prevention On-going Activity Monitoring
  • 14. 14© 2015 IBM Corporation Solution: Establish layered privileged user management capabilities to thwart insider threat Govern and understand users permissions. Enable automated, role-based user lifecycle management and approval Trust but verify. Trust your privileged users but verify (monitor) their actions Ensure sensitive data are only accessed by properly authorized users Identify anomalous user behavior using context from across your environment Intelligence User Monitoring Credential Vault Privileged users’ devices must be patched and free from malware Endpoint Identity and Access Privileged User Data Secure repository for check-out of privileged access credentials
  • 15. 15© 2015 IBM Corporation IBM Security Identity and Access Management Solutions can help Capabilities to help organizations secure the enterprise identity as a new perimeter Datacenter Web Social Mobile Cloud Directory Services IBM Identity and Access Management Solutions and IBM Security Services Cloud Managed / Hosted Services Software-as-a- Service On Premise Appliances Identity Management • Identity Governance and Intelligence • User Lifecycle Management • Privileged Identity Control Access Management • Adaptive Access Control and Federation • Application Content Protection • Authentication and Single Sign On
  • 16. 16© 2015 IBM Corporation  Manage and audit the credentials and activities of shared privileged identities and accounts throughout the user lifecycle  Eliminate the need to share passwords and hardcode passwords in applications by using an automated privileged identity management solution  Discourage malfeasance and support compliance with session recording and replay support  Enhance security with strong authentication controls and SSO for high-risk account access  Improve ROI using common Identity Management across privileged and non-privileged activities  Reduce TCO and time to value with a scalable virtual appliance deployment IBM Security Privileged Identity Manager (PIM) manages access to privileged credentials IBM Security Privileged Identity Manager
  • 17. 17© 2015 IBM Corporation Harden Repositories • Encrypt and mask sensitive data • Archive / purge dormant data • Revoke dormant entitlements Identify Risk • Discover and classify sensitive data • Assess database vulnerabilities Monitor Access • Monitor and alert on attacks in real-time • Identify suspicious activity • Produce detailed compliance reports Protect Data • Prevent unauthorized access to sensitive data • Enforce change control Guardium can help Identify and protect sensitive data Safeguard your “crown jewels” and protect your brand
  • 18. 18© 2015 IBM Corporation Database access and configuration context Guardium QRadar Capabilities Risk-based User Management Benefits PIM and Guardium help give QRadar visibility into who performs what database actions • Guardium intelligently sends database security events to QRadar, including: SQL errors, failed logins, unauthorized access or modification to sensitive data, privilege escalations • QRadar can use database activity information in conjunction with security context data from PIM to create security alerts on suspicious activity • PIM can revoke user access to credentials • Monitor user activity accessing sensitive data • Verify that only legitimate privileged users are performing privileged functions on the databases and communicate anomalies back to the identity solution to remediate access as necessary • Consolidate activity data from Guardium , PIM and data repositories into QRadar, to provide a holistic view of data access. Privileged Identity Manager User-credential info and identity context
  • 19. 19© 2015 IBM Corporation The Bigger Picture: IBM Security Identity Governance, Privileged Identity Management , Activity Monitoring and Data Protection Segregation of Duties Identity Governance checks for SoD violations, including input from Guardium on “who can do what” on the DB Access Certification Identity Governance runs access certification campaigns to ensure validity of privileged access rights QRadar QRadar centrally monitors and correlates activity across the environment to detect anomalies Guardium monitors and audits privileged user access to sensitive DB objects Guardium Collectors Database Servers Application Servers PIM manages privileged user information & credential check-in/check- out Privileged Identity Manager Identity Governance and Admin
  • 20. 20© 2015 IBM Corporation  Others cannot match IBM’s broad security portfolio and layered security approach  PIM-Guardium integration for data protection • PIM approves access, controls credential checkout • Guardium monitors database activity – alerts QRadar on out-of-policy violations  QRadar integration provides end-to-end activity visibility • Comprehensive view of all endpoint activity • Comprehensive user activity view • Alert on abnormal behavior  PIM, SIM and IGA integration provides governance and lifecycle management • PIM includes full entitlement to Identity Manager (including all adapters) and SAM-ESSO • Complete lifecycle management of privileged users – shared privileged access and individual accounts • Identity Governance and Administration supports access review, role lifecycle management and segregation of duties administration  IBM Security threat research stays abreast of real-time threats – info used across IBM Security portfolio to focus detection and blocking activities IBM provides powerful tools against cybercrime!
  • 21. 21© 2015 IBM Corporation Case Study: Retailer fortifies gaps in privileged user access  Company – Large North American specialty retailer with over 1000 retail outlets  Challenges – Suffered public data breach – Top priority was to fortify privileged user access controls to sensitive data sources and esp. to secure privileged POS account access  IBM Solution – Combination of IBM Security Privileged Identity Manager and IBM Security Guardium database protection – Provides access governance of privileged identities, with closed loop monitoring and real time control of database access – Implementing regular password management of vulnerable privileged accounts – Win vs. Cyber-Ark  Why IBM? – Multi-layered approach for privileged access governance (ISPIM’s privileged user access governance) with real time monitoring (Guardium) – Reputation of IBM and trusted business partners as trusted security solution providers
  • 22. 22© 2015 IBM Corporation Learn more about IBM Security V2015-07-29 133 countries where IBM delivers managed security services 24 industry analyst reports rank IBM Security as a LEADER TOP 2 enterprise security software vendor in total revenue 12K clients protected including… 22 of the top 29 banks in Japan, North America, and Europe Visit our website IBM Security Website Watch our videos on YouTube IBM Security Channel Read new blog posts SecurityIntelligence.com Follow us on Twitter @ibmsecurity
  • 23. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOUwww.ibm.com/security
  • 24. © 2015 IBM Corporation The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers