Your SlideShare is downloading. ×
0
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Undgå sikkerhedstrusler med Security Intelligence. Filip Schepers, IBM

853

Published on

Præsentation fra IBM Smarter Business 2012

Præsentation fra IBM Smarter Business 2012

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
853
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Advanced Threat ProtectionAnd Security IntelligenceFilip SchepersIBM Security Systems “SWAT”X-Force Representativefschepers@be.ibm.com 1 © 2012 IBM Corporation
  • 2. AgendaThe Threat Landscape:X-Force Trend and Risk ReportResearch Driven Threat Mitigation:the Advanced Threat Protection PlatformSecurity Intelligence:QRadar and the IBM Security Framework 2 © 2012 IBM Corporation
  • 3. 2011: The Year of the Security Breach 3 © 2012 IBM Corporation
  • 4. The Threat Landscape● Over 7,000 publicly disclosed vulnerabilities in 2011● 95% of vulnerabilities in 2011 were rated as Medium or Higher (CVSS) – Critical vulnerabilities tripled vs 2010● 41% of all vulnerabilities are web application vulnerabilities● Cross-Site Scripting & SQL injection vulnerabilities continue to dominate● Shell Injection attacks on the rise 4 © 2012 IBM Corporation
  • 5. The Need to Understand the Who, What, and When Web Category Allow marketing and Protection sales teams to access social networking sites Server Access Control Block attachments on all outgoing emails and chats Network Protocol Aware Intrusion Protection A more strict security policy is applied to Geography Client-Side Web Applications Protection traffic from countries Non-web Applications where I do not do business Reputation Botnet Protection Advanced inspection of web application traffic destined to my web servers User or Group Network Awareness Block known botnet servers and phishing Web Protection sites“We had a case in Europe whereworkers went on strike for 3 days Allow, but don’t inspect, Reputationafter Facebook was completely traffic to financial andblocked…so granularity is key.” medial sites – IBM Business Partner Who What Traffic Controls Policy 172.29.230.15, Bob, Alice 80, 443, 21, webmail, social networks ? 5 © 2012 IBM Corporation July
  • 6. Customer Challenges Detecting threats • Arm yourself with comprehensive security intelligence Consolidating data silos • Collect, correlate and report on data in one integrated solution Detecting insider fraud • Next-generation SIEM with identity correlation Better predicting risks to your business • Full life cycle of compliance and risk management for network and security infrastructures Addressing regulation mandates • Automated data collection and configuration audits 6 © 2012 IBM Corporation
  • 7. The Advanced Threat Protection PlatformSecurityIntelligence Network Activity Log Manager SIEM Risk ManagerPlatform MonitorThreatIntelligence Vulnerability Data Malicious Websites Malware Information IP Reputationand ResearchAdvancedThreat Content Web Network Intrusion ApplicationProtection and Data Application Anomaly Prevention ControlPlatform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Ability to prevent sophisticated threats Increased coverage of world-wide threat Tight integration between the Advanced and detect abnormal network behavior intelligence harvested by X-Force and Threat Protection Platform and QRadar by leveraging an extensible set of the consumption of this data to make Security Intelligence platform to provide network security capabilities - in smarter and more accurate security unique and meaningful ways to detect, conjunction with real-time threat decisions across the IBM portfolio investigate and remediate threats information and Security Intelligence 7 © 2012 IBM Corporation
  • 8. X-Force Mission Provide the most respected security brand to IBM, our Customers and Business Partners. IBM X-Force Research and DevelopmentThe world’s leading enterprise Global security operations centersecurity R&D organization (infrastructure monitoring) Engine Content Delivery• Support content stream needs • Continue third party testing Dominance and capabilities • Execute to deliver new content streams• Support requirements for for new engines engine enhancement• Maintenance and tool development Industry/Customer Deliverables • Blog, Marketing and Industry Research Speaking Engagements• Support content streams • X-Force Database Vulnerability Tracking• Expand current capabilities in research to provide industry knowledge to the greater • Trend Analysis and Security Analytics IBM 88 © 2012 IBM Corporation
  • 9. Unmatched Global Coverage and Security Awareness Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches IBM World Wide Managed Research Security Services Coverage 20,000+ devices under contract 3,700+ MSS clients worldwide 9B+ events managed per day 1,000+ security patents 133 monitored countries (MSS) 9 © 2012 IBM Corporation
  • 10. We Have the Technology IBM Security Network Protection offerings are based on a modular, research-driven protocol analysis engine for vulnerability based deep packet inspection Protecting against exploits is reactive Protecting against vulnerabilities and malicious behaviors is preemptive 10 © 2012 IBM Corporation
  • 11. We Have a LOT of Data… Online Services Filter Database Server Crawling Analysis • Crawler robots search • Server cluster analyze the the web in parallel. data acquired by the crawlers. • They download the websites • The analyzed results are and images, and place them stored in the database. in the cache. The information is stored in the database. 17 billion analyzed web pages & images 5M/d spam & phishing attacks 60K documented vulnerabilities 9B+ of security events daily Millions of unique malware samples 71M catalogued URLs 270+ web applications Millions IP addresses in IP reputation feed – Geo location, Spam, anonymous proxies, dynamic IPs, malware, C&C, … 11 © 2012 IBM Corporation
  • 12. The Advanced Threat Protection PlatformSecurityIntelligence Network Activity Log Manager SIEM Risk ManagerPlatform MonitorThreatIntelligence Vulnerability Data Malicious Websites Malware Information IP Reputationand ResearchAdvancedThreat Content Web Network Intrusion ApplicationProtection and Data Application Anomaly Prevention ControlPlatform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Ability to prevent sophisticated threats Increased coverage of world-wide threat Tight integration between the Advanced and detect abnormal network behavior intelligence harvested by X-Force and Threat Protection Platform and QRadar by leveraging an extensible set of the consumption of this data to make Security Intelligence platform to provide network security capabilities - in smarter and more accurate security unique and meaningful ways to detect, conjunction with real-time threat decisions across the IBM portfolio investigate and remediate threats information and Security Intelligence 12 © 2012 IBM Corporation
  • 13. Introducing IBM Security Network Protection XGS 5000 NEW WITH XGS NEW WITH XGS PROVEN SECURITY ULTIMATE VISIBILITY COMPLETE CONTROL Extensible, 0-Day protection Understand the Ensure appropriate powered Who, What and When for all application and network use by X-Force® network activity IBM Security Network Protection XGS 5000 builds on the proven security of IBM intrusion prevention solutions by delivering the addition of next generation visibility and control to help balance security and business requirements 13 © 2012 IBM Corporation
  • 14. Extensible 0-day protection and ultimate visibility Employee B Good Application Protocol Analysis Network Traffic based Deep Employee A Good Application and Flows Packet Inspection Bad Application Employee C Network Flow Data Complete Identity Application Awareness provides real time Awareness associates fully classifies network awareness of anomalous Protocol analysis module valuable users and traffic, regardless of activities and QRadar provides “Ahead of the groups with their address, port , protocol, integration facilitates Threat” protection network activity, application, application enhanced analysis and against known and application usage and action or security event correlation emerging threats application actions Increase Security Reduce Costs Enable Innovation 14 © 2012 IBM Corporation
  • 15. QRadar Network Anomaly Detection Optimized version of QRadar Network Activity Monitoring for IBM Security Network Protection solutions Behavioral analytics and real-time correlation help better detect and prioritize stealthy attacks Integrated analysis of network flow data brings additional security intelligence to IBM Security Network Protection solutions: – Traffic profiling to detect zero-day threats – Correlation of threat & flow data for enhanced incident analysis – Network activity monitoring to profile user and system behavior to improve threat intelligence and complement risk based access strategies – Consolidation and correlation of data bring out the “needle in the haystack” Incorporates X-Force IP Reputation Feed, providinginsight into suspect entities on the Internet, feedingcorrelation intelligence 15 © 2012 IBM Corporation
  • 16. The Advanced Threat Protection PlatformSecurityIntelligence Network Activity Log Manager SIEM Risk ManagerPlatform MonitorThreatIntelligence Vulnerability Data Malicious Websites Malware Information IP Reputationand ResearchAdvancedThreat Content Web Network Intrusion ApplicationProtection and Data Application Anomaly Prevention ControlPlatform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Ability to prevent sophisticated threats Increased coverage of world-wide threat Tight integration between the Advanced and detect abnormal network behavior intelligence harvested by X-Force and Threat Protection Platform and QRadar by leveraging an extensible set of the consumption of this data to make Security Intelligence platform to provide network security capabilities - in smarter and more accurate security unique and meaningful ways to detect, conjunction with real-time threat decisions across the IBM portfolio investigate and remediate threats information and Security Intelligence 16 © 2012 IBM Corporation
  • 17. The Security Intelligence Timeline Are we configured What is What are the external What was the to protect against happening and internal threats? impact? these threats? right now? Prediction & Prevention Reaction & Remediation Risk Management. Vulnerability Management. SIEM. Log Management. Incident Response. Configuration Monitoring. Patch Management. Network and Host Intrusion Prevention. X-Force Research and Threat Intelligence. Network Anomaly Detection. Packet Forensics. Compliance Management. Reporting and Scorecards. Database Activity Monitoring. Data Loss Prevention. 17 © 2012 IBM Corporation
  • 18. Intelligence: Leading products and services in every segment 18 © 2012 IBM Corporation
  • 19. Fully Integrated Security Intelligence Risk & • Predictive threat modeling & simulation Configuration • Scalable configuration monitoring and audit Management • Advanced threat visualization and impact analysis • Integrated log, threat, risk & compliance mgmt. • Sophisticated event analytics SIEM • Asset profiling and flow analytics • Offense management and workflow • Turnkey log management Log • SME to Enterprise Management • Upgradeable to enterprise SIEM Network • Network analytics Activity & • Behavioral anomaly detection Anomaly • Fully integrated with SIEM Detection Network and • Layer 7 application monitoring Application • Content capture for deep insight Visibility • Physical and virtual environments 19 © 2012 IBM Corporation
  • 20. Fully Integrated Security Intelligence Risk & Configuration Management One Console Security SIEM Log Management Network Activity & Anomaly Detection Network and Application Built on a Single Data Architecture Visibility 20 © 2012 IBM Corporation
  • 21. QRadar SIEM Overview QRadar SIEM provides full visibility and actionable insight to protect networks and IT assets from a wide range of advanced threats, while meeting critical compliance mandates. Key Capabilities: – Sophisticated correlation of events, flows, assets, topologies, vulnerabilities and external data to identify & prioritize threats – Network flow capture and analysis for deep application insight – Workflow management to fully track threats and ensure resolution – Scalable architecture to support the largest deployments 21 © 2012 IBM Corporation
  • 22. Security Intelligence: Context and Correlation drive DeepInsight Most Accurate & Sources + Intelligence = Actionable Insight 22 © 2012 IBM Corporation
  • 23. IBM X-Force® Threat Real-time Security Overview Information Center w/ IP Reputation Correlation Identity and Real-time Network Visualization InboundUser Context and Application Statistics Security Events 23 © 2012 IBM Corporation
  • 24. QRadar SIEM: Clear, concise and comprehensive deliveryof relevant information: What was the attack? Was it Who was successful? responsible? Where do I find them? How valuable How many are the targets to targets the business? involved? Are any of them vulnerable? Where is all the evidence? 24 © 2012 IBM Corporation
  • 25. QRadar SIEM: Threat Detection and Correlation Sounds Nasty… But how do we know this? The evidence is a single click away.Network Scan Buffer OverflowDetected by QFlow Exploit attempt seen by IDS Total Security IntelligenceTargeted Host Vulnerable Convergence of Network, Event and Vulnerability dataDetected by Vulnerability Scanner 25 © 2012 IBM Corporation
  • 26. QRadar: Compliance Rules and Reporting • Out-of-the-box templates for specific regulations and best practices: • COBIT, SOX, GLBA, NERC, FISMA, PCI, HIPAA, UK GCSx • Easily modified to include new definitions • Extensible to include new regulations and best practices • Can leverage existing correlation rules 26 © 2012 IBM Corporation
  • 27. The Advanced Threat Protection PlatformSecurityIntelligence Network Activity Log Manager SIEM Risk ManagerPlatform MonitorThreatIntelligence Vulnerability Data Malicious Websites Malware Information IP Reputationand ResearchAdvancedThreat Content Web Network Intrusion ApplicationProtection and Data Application Anomaly Prevention ControlPlatform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Ability to prevent sophisticated threats Increased coverage of world-wide threat Tight integration between the Advanced and detect abnormal network behavior intelligence harvested by X-Force and Threat Protection Platform and QRadar by leveraging an extensible set of the consumption of this data to make Security Intelligence platform to provide network security capabilities - in smarter and more accurate security unique and meaningful ways to detect, conjunction with real-time threat decisions across the IBM portfolio investigate and remediate threats information and Security Intelligence 27 © 2012 IBM Corporation
  • 28. Benefits of the IBM Advanced Threat ProtectionPlatform Dramatically reduces risks and costs associated with a security breach through constantly updated, preemptive, research driven protection Reduces cost and complexity through simplified security management and consolidation of security point solutions Delivers full visibility and actionable insight for Total Security Intelligence. As your trusted partner in security, IBM Security delivers solutions that fit your organization to keep it protected as security risks evolve The uniqueness “is in the ability to set up security at the user level, correlate that information (with QRadar), and utilize cloud-based threat intelligence to uncover malicious websites and files.” - Network World, July 31, 2012 2828 © 2012 IBM Corporation
  • 29. Get Engaged with IBM X-Force Research and Development Follow us at @ibmsecurity, Download X-Force Subscribe to X-Force alerts at @ibmxforce and @Q1Labs security trend & risk http://iss.net/rss.php or reports Frequency X at http://www- http://blogs.iss.net/rss.php 935.ibm.com/services/us/iss/xforce/ Attend in-person Join the Institute for Subscribe to the security events Advanced Security channel for latest security http://www.ibm.com/events/calendar/ www.instituteforadvancedsecurity.com videos www.youtube.com/ibmsecuritysolutions 29 © 2012 IBM Corporation
  • 30. IBM X-Force 2012 Mid Year Trend Report 20 September 2012 http://bit.ly/OzWzNS 30 © 2012 IBM Corporation
  • 31. Comments or Questions? Come see the Security Systems Team in the Expo area: Jesper Glahn Marcus Eriksson Sven-Erik VestergaardDenmark Sales Leader Sales Leader, ISS Sara Anwar Security Architect & Qradar Nordic Sales 31 © 2012 IBM Corporation
  • 32. Please note: IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the users job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 32 © 2012 IBM Corporation
  • 33. ibm.com/security© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only,and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, orotherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties orrepresentations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the useof IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries inwhich IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretionbased on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM,the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other 33countries or both. Other company, product, or service names may be trademarks or service marks of others. © 2012 IBM Corporation

×