© 2014 ibm corporation ibm security 1 © 2015 ibm corporation delivering security improvements...

© 2014 IBM Corporation

IBM Security

1 © 2015 IBM Corporation

Delivering Security Improvements Enterprise-wide approach to help build a stronger security posture

Kris Lovejoy

General Manager

IBM Security

20th February, 2015


IBM Security

2

Thinking like a security expert

Security Risk Management is the application of control to detect and block the threat, to detect and fix a vulnerability, or to respond to incidents (impacts) when all else fails.

Threat

Can exploit

Vulnerability Impact

(Weakness)(Actor) (Loss)

And cause

Security risk exists when …


IBM Security

3

While threat actors are more sophisticated, insiders are an “unwitting” accomplice in 95% of incidents

Security Principles for Leaders Source: IBM Security Services 2014 CyberSecurity Intelligence Index

Who’s attacking Who’s letting them in

95%“…over of all incidents investigated recognize “human error” as a contributing factor.”

Combination

OutsidersMalicious insiders

Inadvertent actor 5%

17%

22%

56%


IBM Security

4

1. Double-clicking “on anything”

2. Disabling endpoint security settings when they get in the way

3. Using vulnerable, legacy software and hardware

4. Failing to install security patches

5. Disabling anti-virus

6. Failing to report lost or stolen device

7. Connecting endpoints to a network from an insecure access point (such Café Nero)

8. Using a second access point (such as AirCard), creating a bypass

9. Using a weak or default passwords, or using business passwords for personal use

10. Using anyone’s USB

Here are the top 10 reasons why insiders make compromise so easy…

End users Systems Admins/Developers

1. Connecting systems and virtual images to the Internet before hardening them

2. Connecting test systems to the Internet with default accounts or passwords

3. Failing to update or patch systems/applications on a timely basis.

4. Failing to run/update virus detection software

5. Using legacy or end-of-life software and hardware

6. Running unnecessary services

7. Using insecure back-end management software

8. Failing to remove old/unused user accounts

9. Implementing firewalls with rules that don't stop malicious incoming or outgoing traffic

10. Failing to segment network and/or adequately monitor/block malicious traffic


IBM Security

5

Security reality – we have all been compromised

only 1out of 100

security compromises are ever detected

General Keith Alexander, Head of U.S. Cyber Command, in a speech to the American

Enterprise Institute

1,764,121Represents the number of security events the average organization of 15K employees will capture weekly

324 of these events represent actual attacks, per week

2.1 of these attacks will result in an incident, per week, – a 22% annual increase

2014 IBM Cybersecurity Intelligence Index

Security Principles for Leaders


IBM Security

6

People

Endpoints

Applications

Infrastructure

Data

Anatomy of a targeted attack

Adversary compromises endpoint used by privileged user with undetectable malware Keystroke logger capture credentials and command & control capability is gained Adversary acts as systems administrator Data is stolen and/or production systems are compromised

Privileged user

Employees

Suppliers

Customers

Web applications Mobile apps

Unstructured At rest In motionStructured

Customer environment

System applications

Hacker/activist


IBM Security

7

Data is bought an sold in “carding forums”


IBM Security

8


IBM Security

9

No country is immune from cybercrime


United States

Japan

China

Canada

United Arab Emirates

Germany

India

United Kingdom

Italy

Australia

United States

Japan

Singapore

China

Canada

Australia

Italy

United Kingdom

Germany

Netherlands

589,180

119,578

86,237

29,319

25,055

23,478

16,058

15,800

14,780

11,125

1,456,577

407,644

88,819

86,824

71.585

42,783

37,404

32,991

23,787

17,905

Countries where the mostattacks originated

Countries where the mostattacks took place


IBM Security

10

23.8%

21.7%

18.6%

6.2%

5.8%

Manufacturing

Finance andinsurance

Information andcommunication

Health andsocial services

Retail andwholesale

Incident rates across monitored industries

Finance and insurance companies tend to offer attackers the most significant potential payoff

Over 75% of incidents target the same five industries



IBM Security

11

10 Manage the digital identity lifecycle

8 Manage third-party security compliance

7 Address security complexity of cloud and virtualization

3 Secure collaboration in social and mobile workplace

6 Create a security-rich and resilient network

Based on our extensive experience, we recommend 10 essential practices for a stronger security posture

9 Assure data security and privacy

5 Manage IT hygienically

4 Develop security-rich products, by design

2 Establish intelligent security operations

and rapid threat response

1 Build a risk-aware culture and management system

Security Essentials


IBM Security

12

Essential practice 1Build a risk-aware culture and management system

Building a risk-aware culture involves identifying the risks and goals, and spreading the word about them

Management of IT and security risk across the company

Risk process identification and remediation

Continuous communication and education

Implementation of policies, measurements and tools

IBM Security Essentials and Maturity Consulting

Security Training & Awareness Services (available soon)

Management must push this change relentlessly from the top down, while also implementing tools to track progress

What does it mean?

Key IBM offerings

1


IBM Security

13

C

Essential practice 2 Establish intelligent security operations and rapid threat response

A company-wide effort to implement intelligent analytics and automated response capabilities is essential

Build a skilled incident management and response team with sufficient resources to conduct the forensics required

Leverage consistent tools and security intelligence for incident management and investigative forensics

Develop a unified incident handling policy and process

IBM Security Intelligence & Operations Consulting

IBM Managed SIEM

Creating an automated and unified system will enable an enterprise to monitor its operations — and respond quickly

What does it mean?

Key IBM offerings

2

Threat Insight Platform (available soon)

APT Survival Kit (available soon)


IBM Security

14

Essential practice 3 Secure collaboration in mobile and social workplace

Securing the workforce promotes the right balance between openness and risk management

BYOD and use of social media with ability to segment business and personal data

Secure end-user computing platforms

Endpoint security across all workstations, laptops and smart devices

Business, client and personal data isolation and protection

70% of mobile professionals will conduct their work on personal smart devices by 20182

What does it mean?

Key IBM offerings

3

Smart and Embedded Device Security

Executive Protection (available soon)

Bring Your Own Device1 Gartner Report 20132


IBM Security

15

Essential practice 4 Develop security-rich products, by design

The best solution is to build in security from the beginning, and carry out regular automated tests to track compliance

SDLC1 security policy and governance

Embedded security in the design process

Ethical hacking and penetration testing of applications

Implement secure interfaces and COTS2 solutions

IBM Secure Engineering and Application Security Services

80% of development costs are spent identifying and correcting defects!3

What does it mean?

Key IBM offerings

4

1Software development life cycle (SDLC); 3Commercial off the shelf (COTS); 3National Institute of Standards and Technology


IBM Security

16

Essential practice 5 Manage IT hygienically

With a hygienic, security-rich system, administrators can keep track of every program that is running

Register all IT infrastructure components in centralized inventory and retire legacy components

Integrate compliance data for end-to-end visibility

Data integration compliance and patch management compliance

Routine health checks

IBM Security Strategy, Risk and Compliance Services

In a secure system, administrators have a comprehensive system in place to install updates and patches as they’re released

What does it mean?

Key IBM offerings

5


IBM Security

17

Essential practice 6 Create a security-rich and resilient network

Companies that channel registered data through monitored access points will have a far easier time spotting and isolating malware

Network threat protection

Malicious network activity detection

Filtering, logging, monitoring and advanced analytics solutions

Network infrastructure optimization

IBM Managed Security Services

IBM Managed Network Security Services

Network security tools provide organizations with a way to control access to the “rooms” where confidential data and critical systems are stored

What does it mean?

Key IBM offerings

6


IBM Security

18

Essential practice 7 Address security complexity of cloud and virtualization

Despite what you might have heard, it is possible to embrace cloud technology while reducing risk

Better secure cloud services

Security controls of cloud providers

Vulnerabilities of cloud architecture, policies and practices

Defined cloud security objectives

IBM Cloud Security Strategy Consulting Services

IBM Cloud Managed Security Services

To thrive in a cloud environment, organizations must have the tools andprocedures to isolate and protect themselves, and to monitor potential threats

What does it mean?

Key IBM offerings

7


IBM Security

19

Essential practice 8 Manage third-party security compliance

An enterprise’s culture of security must establish best practices among its contractors and suppliers

Integrate security as a part of mergers and acquisitions

Education on 3rd-party compliance policies and processes

Education on incident handling and reporting

Vendor conformance with requirements and regulations

Manage vendor and contractor risk lifecycle

IBM PCI Compliance Advisory Services

Security, like excellence, should be infused in the entire partnerecosystem

What does it mean?

Key IBM offerings

8


IBM Security

20

Essential practice 9 Assure data security and privacy

Every company has critical data, and it’s vitally important to improve the protection of your data

Identify the value of your confidential data and the business impact of loss

Assess gaps and define a data protection strategy that manages data loss risk and meets governmental and customer requirements

Design a robust data management architecture that protects sensitive information

Deploy and manage leading data protection technologies

IBM Critical Data Protection Program

Critical data should be guarded, tracked and encrypted as if the company’s survival hinged on it

What does it mean?

Key IBM offerings

9


IBM Security

21

Essential practice 10 Manage the digital identity lifecycle

Managing who has access to critical data is essential element of security

Identity and access management

Standard, policy based control mechanisms

Intelligent monitoring

Separation of duties management

Single-sign-on

IBM Identity and Access Management Services

Companies that mismanage the identity and access of users are making themselves vulnerable to intrusions

What does it mean?

Key IBM offerings

10

IBM Cloud Identity Services


IBM Security

22

Learn more about IBM Security

Visit our websiteIBM Security Website

Watch our videosIBM Security YouTube Channel

Read new blog postsSecurityIntelligence.com

Follow us on Twitter@ibmsecurity

IBM Security ServicesIntelligence. Integration. Expertise.

http://www-03.ibm.com/security/

https://www.youtube.com/channel/UClAgZm2OXFpX8WoMsOpWoXA

http://securityintelligence.com/

http://www.twitter.com/ibmsecurity


Case studies


IBM Security

24 IBM Security Essentials and Maturity Consulting

Largest Bank in Canada improves security by establishing SOC & implementing monitoring tools and processes

Cloud-delivered Identity and Access Management (IAM)

Business Challenge

Lack of any SOC model and strategy roadmap

There were no trained SOC Operations team or staff

No Security monitoring tool or processes for security incidents

IBM Security Solution Benefits Reduced risks & costs associated with security incidents and data breaches

Addressed compliance issues by establishing clear audit trails for incident response

Improved security posture with enterprise-wide security intelligence correlating events from IT & business critical systems/applications.

Clients served by this Largest Bank in Canada, 3rd largest in North

America, top 10 globally

18M 80,100Help secure access for all employees

of the bank


IBM Security

25

A global bank enables security-rich mobile access for millions of users

Business Challenge Protect employee and contractor access to web and mobile applications Roll out new application to customers and help protect access for mobile devices

Safeguard Mobile Deployments

North American entity protects user access to mobile and web channels for

10,000internal users

IBM Security Solution Benefits Centralized user access control across web and mobile channels Reduced IT cost with self-care, single sign-on and session management Introduced risk-based access and multi-factor authentication for 10M+ customers

Mobile Users

Web and Mobile Apps

Mobile Devices


IBM Security

26

A financial services firm teams with IBM to build its first SOCA financial services firm teams with IBM to build its first SOC

Lloyds & IBM Cyber Security Programme handouts


Appendix


IBM Security

28

IBM Security invests in best-of-breed technologies

1976 1999 2002 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014

IBM Security Investment

• 6,000+ IBM Security experts worldwide

• 3,000+ IBM Security patents

• 4,000+ IBM Managed Security Services clients worldwide

• 25 IBM Security labs worldwide

Advancedfraud

protection

Mobile security and management

Cloud-enabled identity

management

Identity governance

Securityintelligence

IBM Securityis created

Security services

and network security

Enterprisesingle-sign-on

Mainframeand server

security

Identity management

Directory integration

Endpoint managementand security

Information and analyticsmanagement

Application security

Risk management

Data management

Database monitoring

and protection

Applicationsecurity

Access management

Service oriented architecture

(SOA) management and security


IBM Security

29

IBM Security has global reach

monitored countries (MSS)

service delivery experts

devices under contract+

endpoints protected+

events managed per day+

IBM Security by the Numbers

+

+


IBM Security

30

www.ibm.com/security

© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY

http://www.ibm.com/security

© 2014 ibm corporation ibm security 1 © 2015 ibm corporation delivering security improvements...

Documents

ibm corporation ibm

ibm security services

security compromises

security reality

security patches

incidents security principles

cause security risk

number of security events