ibm software day 2013. defending against cyber threats with security intelligence
DESCRIPTION
IBM Software Day 2013. Defending against cyber threats with security intelligenceTRANSCRIPT
![Page 1: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/1.jpg)
![Page 2: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/2.jpg)
Defending Against Cyber Threats with Security Intelligence and Behavioral Analytics
Bob Kalka, CRISCDirector, IBM Security [email protected]
![Page 3: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/3.jpg)
Four Key Drivers
Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more
EVERYTHING IS EVERYWHERE
With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared
Consumerization of IT
The age of Big Data – the explosion of digital information – has arrived and is facilitated by the pervasiveness of applications accessed from everywhere
Data Explosion
The speed and dexterity of attacks has increased coupled with new actors with new motivations from cyber crime to terrorismto state-sponsored intrusions
Attack Sophistication
![Page 4: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/4.jpg)
Marketing
Services
Online Gaming
Online Gaming
Online Gaming
Online Gaming
Central Governme
nt
Gaming
Gaming
InternetServices
Online Gaming
Online Gaming
OnlineServices
Online Gaming
IT Security
Banking
IT Security
GovernmentConsulting
IT Security
Tele-communications
Enter-tainment
ConsumerElectronic
s AgricultureApparel
Insurance
Consulting
ConsumerElectronics
InternetServices
CentralGovt
CentralGovt
CentralGovt
Attack TypeSQL Injection
URL TamperingSpear Phishing
3rd Party Software
DDoSSecureID
Trojan SoftwareUnknown
Source: IBM X-Force® Research 2011 Trend and Risk Report
Size of circle estimates relative impact of breach in terms of cost to business
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Entertainment
Defense
Defense
Defense
ConsumerElectronics
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
ConsumerElectronics
National Police
National Police
StatePolice
StatePolice
Police
Gaming
FinancialMarket
OnlineServices
Consulting
Defense
HeavyIndustry
Entertainment
Banking
2011 Sampling of Security Incidents by Attack Type, Time and Impact
![Page 5: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/5.jpg)
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
Intelligence ● Integration ● Expertise
![Page 6: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/6.jpg)
Now: Intelligence
•Real-time monitoring
•Context-aware anomaly detection
•Automated correlation and analytics
Then: Collection
•Log collection
•Signature-based detection
Security Intelligence
LogsEvents Alerts
Configuration information
System audit trails
Externalthreat feeds
E-mail and social activity
Network flows and anomalies
Identity context
Business process data
Malware information
![Page 7: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/7.jpg)
Now: Insight
•Identify and monitor highest risk users
•Know who has access to sensitive data and systems
•Baseline normal behavior
•Prioritize privileged identities
Then: Administration
•Identity management
•Cost control
Monitor EverythingMonitor Everything
People
![Page 8: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/8.jpg)
Now: Laser Focus
• Discover and protect high-value data
• Understand who is accessing the data, at what time of day, from where, and in what role
• Baseline normal behavior
Then: Basic Control
• Simple access controls and encryption
Data
Monitor Everything
![Page 9: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/9.jpg)
Now: Built-in
• Harden applications with access to sensitive data
• Scan source and real-time
• Baseline normal application behavior and alert
Then: Bolt-on
• Periodic scanning of Web applications
Applications
Monitor Everything
![Page 10: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/10.jpg)
Now: Smarter Defenses
• Baseline system and network behavior
• Analyze unknown threats using advanced heuristics
• Expand coverage into cloud and mobile environments
Then: Thicker Walls
• Firewalls, manual patching, and antivirus
• Focus on perimeter security
Infrastructure
Monitor Everything
![Page 11: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/11.jpg)
![Page 12: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/12.jpg)
Directory management
Directory management Access Mgmt.
and Strong Authentication
Access Mgmt. and Strong
Authentication
Fine-grained entitlementsFine-grained entitlements
Database Activity Monitoring
Database Activity Monitoring
BasicBasic ProficientProficient OptimizedOptimized
Privileged user
management
Privileged user
managementTest Data Masking
Test Data Masking
EncryptionEncryption
Hybrid Scanning and Correlation
Hybrid Scanning and Correlation
Encryption Key
Management
Encryption Key
Management
Data Discovery and
Classification
Data Discovery and
Classification
Fraud Detection
Fraud Detection
Data Loss PreventionData Loss Prevention
Anomaly DetectionAnomaly Detection
Network SecurityNetwork Security
Host Security
Host Security
VirtualizedVirtualized
Static Source Code
Scanning
Static Source Code
ScanningDynamic
Vulnerability Analysis
Dynamic Vulnerability
AnalysisWeb
Application Protection
Web Application Protection
User Provisioning
User Provisioning
Anti-VirusAnti-Virus
Endpoint Security
Management
Endpoint Security
Management
Log Management
Log Management
Flow AnalyticsFlow Analytics
PredictiveAnalytics
PredictiveAnalytics
Multi-faceted Network
Protection
Multi-faceted Network
Protection
Professional AssessmentsProfessional Assessments
Identity governance
Identity governance
Managed Security Services
Managed Security Services
SIEMSIEM
GRCGRC
IBM Security Systems - Security Intelligence
![Page 13: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/13.jpg)
Directory management
Directory management Access Mgmt.
and Strong Authentication
Access Mgmt. and Strong
Authentication
Fine-grained entitlementsFine-grained entitlements
Database Activity Monitoring
Database Activity Monitoring
BasicBasic ProficientProficient OptimizedOptimized
Privileged user
management
Privileged user
managementTest Data Masking
Test Data Masking
EncryptionEncryption
Hybrid Scanning and Correlation
Hybrid Scanning and Correlation
Encryption Key
Management
Encryption Key
Management
Data Discovery and
Classification
Data Discovery and
Classification
Fraud Detection
Fraud Detection
Data Loss PreventionData Loss Prevention
Anomaly DetectionAnomaly Detection
Network SecurityNetwork Security
Host Security
Host Security
VirtualizedVirtualized
Static Source Code
Scanning
Static Source Code
ScanningDynamic
Vulnerability Analysis
Dynamic Vulnerability
AnalysisWeb
Application Protection
Web Application Protection
User Provisioning
User Provisioning
Anti-VirusAnti-Virus
Endpoint Security
Management
Endpoint Security
Management
IBM Security Systems - Security IntelligenceSIEMSIEM
Log Management
Log Management
Flow AnalyticsFlow Analytics
PredictiveAnalytics
PredictiveAnalytics
Multi-faceted Network
Protection
Multi-faceted Network
Protection
Professional AssessmentsProfessional Assessments
Identity governance
Identity governance
Managed Security Services
Managed Security Services
Security Policy Manager Security Policy Manager
QRadar SIEMQRadar SIEM
Privileged Identity Manager
Privileged Identity Manager
InfoSphere Identity Insight
InfoSphere Identity Insight
InfoSphere Discovery
InfoSphere Discovery
Key Lifecycle Manager
Key Lifecycle Manager
Network Anomaly Detection
Network Anomaly Detection
AppScan familyAppScan family
Access Manager family
Access Manager family
Federated Identity Manager
Federated Identity Manager
InfoSphere GuardiumInfoSphere Guardium
TEM for Core Protection; GTS partnerships
TEM for Core Protection; GTS partnerships
Guardium Data MaskingGuardium Data Masking
Virtual Server Protection (VSP)
VFLOW
Virtual Server Protection (VSP)
VFLOW
IPS, XGS,DataPowerIPS, XGS,
DataPower
AppScan Source AppScan Source
Endpoint ManagerzSecure
Endpoint ManagerzSecure
Directory Integrator
Directory Server
Directory Integrator
Directory Server
InfoSphere Guardium Encryption Expert
STG Solutions
PGP (GTS)
InfoSphere Guardium Encryption Expert
STG Solutions
PGP (GTS)
Network IPSNetwork IPS
Host Protection, RACF
Host Protection, RACF
AppScan StandardAppScan Standard
Endpoint Manager for Core Protection
Endpoint Manager for Core Protection
QRadar Log Manager
QRadar Log Manager
QFLOW/VFLOWQFLOW/VFLOW
XGSXGS
QRadar Risk ManagerQRadar Risk Manager
zSecurezSecure
GTS and BPsGTS and BPs
Identity Manager/Role Lifecycle Manager
Identity Manager/Role Lifecycle Manager
GTS and BPsGTS and BPs
Identity ManagerIdentity Manager
GRCGRC Open PagesOpen Pages
![Page 14: IBM Software Day 2013. Defending against cyber threats with security intelligence](https://reader030.vdocuments.site/reader030/viewer/2022020207/54b6f1d94a79590d5e8b45b0/html5/thumbnails/14.jpg)
IBM Security Services: Professional and Managed Services Capabilities
Security Consulting• Broad security capability consultative assessments and planning• Compliance focused assessments (e.g. PCI, SCADA, HIPAA)• Information Security Assessments
Security Intelligence & Operations
• SOC and SIEM assessments and planning SOC architecture and design (people, process and technology)
Identity and Access Management
• Identity assessment and planning• Identify solution architecture, design and deployment for access, provisioning, single sign on and two factor
authentication.• Managed identity services
Data & Application / SDLC Security
• Application secure engineering• Data security assessments and enterprise planning• Database protection solution design and deployment• Endpoint and network data control (DLP, encryption) solution design and deployment
Infrastructure Security• Technical infrastructure assessments and planning• Infrastructure solution (UTM, Firewall, IDPS) design and deployment• Network, endpoint, server
Cyber Security Assessment & Response
• Application technical testing and source code scanning• Infrastructure penetration testing• Emergency response services
Managed Security & Cloud Services
• Security event monitoring and managed protection• Security intelligence analysis• Security infrastructure device (UTM, firewall, IPDS) device monitoring & management• Mobile device management• Hosted / managed SIEM, application. email, vulnerability scanning