ibm internet security services · pdf fileibm internet security services massimo nardone ... ...

IBM Global Technology Services

© Copyright IBM Corporation 2007

IBM Internet Security Services

Massimo NardoneAdvisory IT Security Architect & Finnish Invention Development Team (FIDT) leaderIBM Global Technology Services, Security & [email protected]

2



� IBM Corporation

IBM Global Security Presence

� Over 4700 ICT-security professionals

� 14 Security Operations Centers (SOC)

� 450 security intelligence analysts

� Own security research and development- IBM Security Research

- IBM ISS X-Force

� Physically isolated and protected environments with stand-alone working capabilities for over 60 days

� 24/7/365 operating monitoring and management

� Over 400 million information sources

� Product independent services

� Founding member in several IT-security organisations- CERT/CC

- NIST

- MITRE

- FIRST

IBM Research Division

Established: 1995Employees: 40





ZürichBeijing

Austin Delhi

Tokyo

Established: 1955Employees: 300 Established: 1995

Employees: 90

1952San JoseCalifornia


Almaden Watson

Haifa

3



� IBM Corporation

IBM Professional Security Services offerings

� Comprehensive, enterprisewide security consulting services- Assessment

� Penetration testing, application security assessments, information security assessments, peripheralcomponent interconnect (PCI) assessments

- Design

� Policy design, network security architecture design,security workshops

- Deployment and migration

� Deployment and migration for IBM products

- Manage and support

� Emergency response, forensic analysis,staff augmentation

- Education

� Product training, security awareness program

4



� IBM Corporation

IBM Information Security Framework

5



� IBM Corporation

Your environment is changing

New technologies

Evolving business models and value nets

Regulatory compliance mandates growing

Margin pressures

Primary focus: revenue growth

Risks are growing faster than investments for the protection

6



� IBM Corporation

The state of evolving threats

7



� IBM Corporation

IBM Internet Security Systems X-Force research and development team

� The IBM Internet Security Systems X-Force® R&D team: the world’s leading enterprise security organization research and development team closely observed and recorded new vulnerabilities and the status of varying threats throughout the year. 2006 was a record year on many security fronts. - The core of all IBM Internet Security Systems products

and services

- Focus is on analyzing and researching vulnerabilities to develop preemptive protection technologies

- The IBM ISS X-Force has been cataloguing, analyzing and researching vulnerability disclosures since 1997. The X-Force database is the largest, most authoritative database in the world, with more than 30,000 security vulnerabilities catalogued.

- With 7,247 vulnerabilities disclosed in 2006, total vulnerability count increased nearly 40 percent over the previous year. Since the turn of the millennium, there has been a 261 percent increase in vulnerabilities, an average of 23 percent per annum. This trend is expected to continue throughout 2007.

8



� IBM Corporation

� There were a total of 7,247 vulnerabilities in 2006, which represents a 39.5 percent increase over 2005.� June was the busiest month of the year with 696 vulnerabilities.� Week 46 (the week before Thanksgiving) was the busiest week of 2006 for new vulnerabilities.� The most popular day for vulnerability disclosures was Tuesday.� Weekend disclosure of vulnerabilities in 2006 more than doubled that of 2005 to reach 17.6 percent of all

disclosures.� “High impact” vulnerabilities continue to decrease as a percentage of total vulnerabilities in 2006.� 3 percent of vulnerabilities under the Common Vulnerability Scoring System (CVSS) were evaluated as

being “critical impact” vulnerabilities with� a score of 10.� The top three vulnerable vendors in 2006 were Microsoft, Oracle and Apple.� The top 10 vulnerable software vendors accounted for 14 percent of all 2006 vulnerabilities.� 17 percent of the vulnerabilities identified within the top 10 vulnerable vendors’ products were un-patched

at the end of 2006. This contrasts with� 65 percent un-patched for all other vulnerabilities recorded in the year.� 88.4 percent of all 2006 vulnerabilities could be exploited remotely.� Over half (50.6 percent) of 2006 vulnerabilities would allow an attacker to gain access to the host after

successful exploitation.

Vulnerabilities and trends: 2006 End-of-the-Year Highlights

Vulnerabilities:

9



� IBM Corporation

Per Annum Vulnerability Count: The year-on-year increase in vulnerabilities

10



� IBM Corporation

Manage – enforce and automate� Protect systems� Manage users� Establish trust and compliance� Manage threats

Manage – enforce and automate� Protect systems� Manage users� Establish trust and compliance� Manage threats

Understand – across the extended enterprise� Assess and identify threats� Identify business impacts� Determine implications of compliance� Evaluate alternatives

Understand – across the extended enterprise� Assess and identify threats� Identify business impacts� Determine implications of compliance� Evaluate alternatives

The IT Security solutions enable organizations to assess, understand,mitigate and manage security risks.

Mitigate – anticipate and plan� Establish and implement governance� Define effective standards, principles and policies� Define integrated management processes and

practices� Establish compliance strategies� Ensure adequate scope of plans� Choose and implement appropriate IT

architecture, technology and organization

Mitigate – anticipate and plan� Establish and implement governance� Define effective standards, principles and policies� Define integrated management processes and

practices� Establish compliance strategies� Ensure adequate scope of plans� Choose and implement appropriate IT

architecture, technology and organization

IBM Internal Use Only

11



� IBM Corporation

Who is IBM Internet Security Systems?

� Founded 1994, 1400 employees

� Most respected Security Company world wide

� Most respected Security Knowledge world wide (X-Force)

� Pioneer in Vulnerability Assessment

� Pioneer in Intrusion Detection and in IntrusionPrevention

� First and most comprehensive Security Platform

� Protection of Network, Server, Desktop combined withPSS and MSS

� Acquired by IBM on August 23, 2006

Internet Security Systems’ (ISS) preemptive, integrated

product and service security solutions deliver effective

visibility, integrity and protection at all levels of the

enterprise: network, server and desktop.

IBM ISS’ PRODUCTS• Proventia Network Intrusion Prevention System • Proventia Network Multi-Function Security• Proventia Network Anomaly Detection System• Proventia Network Enterprise Scanner• Proventia Web Filter• Proventia Mail Filter• Proventia Server Intrusion Prevention System• Proventia Desktop Endpoint Security• Proventia Management SiteProtector

IBM ISS’ PROFESSIONAL SERVICES• ISS’ Information Security Assessment• ISS’ Penetration Testing• ISS’ Security Awareness Training• ISS’ Application Assessment• ISS’ Policy Development• ISS’ Regulatory Compliance Strategy• ISS’ Technology Implementation Planning• ISS’ Network Architecture Design Services• ISS’ Emergency Response• ISS’ Deployment Consulting• ISS’ Vertical & Regulatory Quickstart Program• ISS’ Staff Augmentation

IBM ISS’ MANAGED SERVICES• ISS’ Managed Protection Services• ISS’ Managed & Monitored Firewall Services• ISS’ Managed IDS & IPS Services.• ISS’ Vulnerability Management Service• ISS’ X-Force Threat Analysis Service

12



� IBM Corporation

IBM Internet Security Systems protection platform

Security intelligence,

services and

infrastructure

The world’s leading enterprise security research

and development team

IBM Internet Security Systems security operations centers(infrastructure monitoring and mgmt.)

Among the most advanced and complete security architectures ever developed—delivering preemptive security

13



� IBM Corporation

Carrier cloud Enterprise

Hosted environment

Local areanetwork(LAN)

Perimeter

Service providernetwork

Web serverMail server

• Intrusion prevention• Firewall• Universal threat

management

• Host protection(server and desktop)

• Layer 4 – 7 protection(content, URL, Web)

• Intrusion prevention• Anomaly detection service• Vulnerability management• Remediation• Compliance and risk

management• Vulnerability protection service

Enhancing security with the IBM Internet Security Systems protection platform

14



� IBM Corporation

ISS Value Proposition: IBM Managed Security Services

� Monitoring and Management- FireWall and VPN

- Intrusion Detection

- Intrusion Prevention

- Anti-Virus

� X-Force Security Intelligence

� Vulnerability scanning and analysis

� Vulnerability management

� e-Mail filtering and protection

� Web filtering and protection

� Virtual Security Operations Center

15



� IBM Corporation

Global Managed Service Savings Report

5-30%24.4%Secure E-mail / Message Management

5-30%16.7%Anti-Virus Management

5-30%13.4%Security Incident Management

5-30%10.3%Vulnerability Scanning

5-30%17.1%Managed Intrusion Detection

5-30%15.8%Managed Firewall

Span of Savings

Average SavingsSecurity

��

Cost savings thru Managed Security Services

16



� IBM Corporation

The Next Generation of Managed Security Services (MSS)

17



� IBM Corporation

Managed Security Services� Outsourcing the most

complicated IT security operations

� Keeping the control of own environment

� Enhancing the capabilites of current IT security environment

� Managing security thru business operations requirements

� Pro-active operations and fast adaptability for new situations

� Strong change management process

� Flexible reporting for both technical and management purposes

DA

TA W

AR

EH

OU

SE

INTE

LLIGE

NC

E A

ND

AN

ALY

SIS

Vulnerability Scanning

Anti-Virus

Vulnerability Assessment

Health Checking

Intrusion Detection

Incident Management

Vulnerability Advisories

Normalization, summarization and correlation

IP Profiler

Attack Classification

Attack Epidemiology

Data Visualization

Dashboard


Intrusion Detection and Protection

SIA / ISA

Zurich Clustering Engine

Data feeds are added with analytical information

Data is used to answer business risk management questionsRaw data is collected

from information sources

18



� IBM Corporation


� Scans devices on automated basis for proactive vulnerability discovery and correlation

� Checks services running on a system and any vulnerabilities that may be present

� Correlates against customer specific compliance and IBM vulnerability database

� Comprehensive reporting

� Possibility to use one-time or annual scans

� Expandable to vulnerability management and/or professional ethical hacking service

19



� IBM Corporation

Schedule automated scans to

identify OS's, applications, and their respective vulnerabilities.

X-Force® Threat Analysis and Vulnerability Management Services

Scan results dynamically

reconfigure the customer's XFTAS

alerting preferences, providing real-time

alert notifications for actionable

vulnerabilities.

Remediation workflow mgmt. features of the VMS service allow for generation of tickets for vulnerable assets

with powerful grouping and prioritization

capabilities.

Validated remediation

tasks have been completed byre-scanning of

vulnerable assets.

Vulnerability Management

20



� IBM Corporation

Intrusion Detection and Prevention

� Monitors attacks directed against and/or via the customer

� Prevents attacks (Prevention)

� Delivers clear security reports designed to enable business decisions on security defenses

� Monitors intrusions 24x7x365 within the IBM Security Operations Centers

� Attack visualization

� Fast reaction times and SLA

� Support for existing components

21



� IBM Corporation

ISS provides the ability to manage,

monitor, or view all of the customer's firewall, IDS and

IPS devices.

Security Event & Log Management Services & Managed Intrusion Detection/Prevention Services or Managed Firewall Services

Provide customers with a consolidated security view and

full reporting capabilities.

Customers can access secure

log/event archival of all aggregated

security events for up to 7 years.

Customer can leverage combined

trouble ticketing capabilities to track

issue resolution transparently

across managed and unmanaged

devices.

IDS/IPS log management service

22



� IBM Corporation

Scan network to detect vulnerabilities.

Use the Virtual-SOC portal to request application of patch

updates to protect entire network or individual servers.

Managed Protection Services with Vulnerability Management Services

Upon receipt of the patch request, an ISS SOC analyst will

implement an IPS rule, if applicable; to block access to the specific

vulnerability and apply protection for the system until it is patched.

Virtual Patching techonology (IPS)

23



� IBM Corporation

Security Intelligence and Profiling� Delivers daily threat report generated

from intelligence gathering, vendor and security web sites

� Compiles monthly Security Threats and Attack Trends report

� Web portal with catalog of analyzed threats with customer preferred options

� Critical alerts 24/7 on high-risk threats via personal contacting methods

� Technical analysis and consulting of high-risk threats

� Security advisories outlining vulnerabilities and solutions

� Analysis of unreliable network sources and destinations

24



� IBM Corporation

The Next Generation of MSSIBM offers a Virtual-SOC (Security Operations Center) for the customers

� Open vendor architecture

� Consolidated security view

� Powerful query and reporting

� Automated analyses

� Unlimited log archive

� Ganular permissions system

� Guaranteed availability

� Intergrated ticketing and workflow

� Integrated security intelligence

25



� IBM Corporation

What is a Virtual-SOC and what does it do?� Virtual-SOC is the engine enabling Managed Security Services and the delivery of

Protection on-Demand by combining advanced analysis and correlation capabilities, artificial intelligence, industryleading security expertise, and a high impact Web-based management portal in a single unified system.

� Virtual-SOC allows you to- optimize resources and reduce complexity

- enforce security policy

- improve overall security posture

� Virtual-SOC offers- Tangible platform for Protection On-Demand (PoD)

- Brings all security data together, managed and unmanaged

- MSS offerings can be activated when, where and how they are needed

- Delivers customers a decade of best practices and expertise

- Blends tickets, logs, and workflow from the SOC and the customer

26



� IBM Corporation

IBM Internet Security Systems: Virtual-SOC

27



� IBM Corporation

Thank you.

��

ibm internet security services · pdf fileibm internet security services massimo nardone ... ...

Documents