PCTY 2012, IBM Security and Strategy v. Fabio Panada


Published on

Præsentation fra PCTY 2012 v. Fabio Panada, Security Technical Professional Leader, IBM

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • IBM PULSE 2011 Steve Robinson_v11 05/22/12 12:43 05/22/12
  • IBM has security consultancy practices and dedicated security research capabilities across the globe
  • PCTY 2012, IBM Security and Strategy v. Fabio Panada

    1. 1. IBM SecurityIntelligence, Integration andExpertiseOptimizing the World’s InfrastructureMay 2012 CopenhagenFabio Panada – Security Tech Sales Leader© 2012 IBM Corporation
    2. 2. The world is becoming more digitized and interconnected,opening the door to emerging threats and leaks… DATA The age of Big Data – the explosion of digital information – has arrived and is facilitated by EXPLOSION the pervasiveness of applications accessed from everywhere With the advent of Enterprise 2.0 and social CONSUMERIZATION business, the line between personal and OF IT professional hours, devices and data has disappeared Organizations continue to move to new EVERYTHING platforms including cloud, virtualization, IS EVERYWHERE mobile, social business and more The speed and dexterity of attacks has ATTACK increased coupled with new motivations from SOPHISTICATION cyber crime to state sponsored to terror inspired …making security a top concern, from the boardroom down 2
    3. 3. 2011 – The Year of the Breach 3
    4. 4. The future of security –The Darwinian challenge: Evolve or lose• The business environment is evolving• The IT environment is evolving• The cyber threat environment is evolving• The challenge every function is facing is how to evolve with them to deliver New Security Solutions 4
    5. 5. The future of security - The scale of evolution 5
    6. 6. The future of security – Business Evolution• A greater reliance on: – Data (business information, competitive advantage, as the business) – Technology for employees and customers• Globalisation and 24x7 operations – Offices, users and IT assets around the globe• Changing customer perceptions – Baby boomers to Generation X, and now Generation Y not forgetting Generation G• Competitive advantage is difficult - the economy makes it even harder – Top UK supermarket profits are between £3.46 and £6.30 for every £100 sold – that’s not much to work with 6
    7. 7. The future of security - Technology evolution• Know your technical environment (technologies, vulnerabilities, threats) but don’t be defined by it ‒ Define normal to identify abnormal 7
    8. 8. IT Security is a board room discussionBusiness Brand image Supply chain Legal Impact of Audit riskresults exposure hacktivismSony estimates HSBC data Epsilon breach TJX estimates Lulzsec 50-day Zurichpotential $1B breach impacts 100 $150M class hack-at-will Insurance PLclong term discloses 24K national brands action spree impacts fined £2.275Mimpact – private banking settlement in Nintendo, CIA, ($3.8M) for the$171M / 100 customers release of PBS, UK NHS, loss andcustomers* credit / debit UK SOCA, exposure of card info Sony … 46K customer records 8 *Sources for all breaches shown in speaker notes
    9. 9. Key drivers affecting the security software businessIt is no longer enough to protect the perimeter – sophisticated attacks are bypassing traditional defenses, IT resources aremoving outside the firewall, and enterprise applications and data are becoming distributed across multiple devices 1. Advanced Threats 2. Cloud Computing Sophisticated, targeted attacks, designed to gain Security is one of the top concerns of cloud, as continuous access to critical information, are customers drastically rethink the way IT resources increasing in severity and occurrence. are designed, deployed and consumed. Advanced Persistent Threats Stealth Bots Designer Malware Targeted Attacks Zero-days 3. Mobile Computing Enterprise 4. Regulations and Compliance Customers Managing employee owned devices and securing Regulatory and compliance pressures continue to connectivity to corporate applications are top of mind mount as companies store sensitive data and as CIOs broaden their support for mobile devices. become susceptible to audit failures. 9
    10. 10. Solving a security issue is a complex, four-dimensional puzzle People Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers Data Structured Unstructured At rest In motion Applications Systems Web applications Web 2.0 Mobile apps applicationsInfrastructure It is no longer enough to protect the perimeter – siloed point products will not secure the enterprise 10
    11. 11. Helping Organizations Progress in Their Security Maturity Security People Data Applications Infrastructure Intelligence Advanced Role based Advanced threat network analytics Data flow Secure app detection monitoring Identity analytics engineering Network anomaly Optimized Forensics / data governance Data processes detection mining Privileged user governance Fraud detection Predictive risk Securing controls management systems Virtualization User Access Application security provisioning Real-time event monitoring firewall Asset mgmt Proficient Access mgmt correlation Data loss Source code Endpoint / Strong Network forensics prevention scanning network security authentication management Perimeter Log management Centralized Encryption Application Basic security Compliance directory Access control scanning Anti-virus reporting 11
    12. 12. IBM’s Comprehensive, Integrated Security PortfolioEnterprise Governance, Risk and Compliance Management IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition) IBM Security Portfolio IT Security / Compliance Analytics & Reporting QRadar QRadar Log QRadar Risk IBM Privacy, Audit and SIEM Manager Manager Compliance Assessment Services IT Infrastructure – Operational Security Domains Security Consulting People Data Applications Network Infrastructure EndpointIdentity & Access Guardium AppScan Network EndpointManagement Suite Database Security Source Edition Intrusion Prevention Manager (BigFix) Managed zSecure, Server andFederated Optim AppScan DataPower Services VirtualizationIdentity Manager Data Masking Standard Edition Security Gateway Security Native ServerEnterprise Key Lifecycle Security QRadar Anomaly Security (RACF, IBMSingle Sign-On Manager Policy Manager Detection / QFlow Systems) X-Force Data Security Application and IBMIdentity Assessment, Assessment Service Assessment Service Managed Firewall, Research Unified Threat and PenetrationDeployment and AppScan OnDemand Intrusion Prevention Testing ServicesHosting Services Encryption and Software as a Services DLP Deployment Service Products Services 12
    13. 13. How is IBM solving complexsecurity challenges? 13
    14. 14. Solutions for the Full Compliance and Security IntelligenceTimeline Are we configured What are the external and What is happening right to protect against What was the impact? internal threats? now? these threats? Prediction & Prevention Reaction & Remediation Risk Management. Vulnerability Management. SIEM. Log Management. Incident Response. Configuration Monitoring. Patch Management. Network and Host Intrusion Prevention. X-Force Research and Threat Intelligence. Network Anomaly Detection. Packet Forensics. Compliance Management. Reporting and Scorecards. Database Activity Monitoring. Data Loss Prevention. 14
    15. 15. IBM is integrating across IT silos with SecurityIntelligence solutions 15
    16. 16. Solving complex problems that point solutions cannot Discovered 500 hosts with “Here You Improving threat Have” virus, which all other security detection products missed Consolidating 2 billion log and events per day reduced data silos to 25 high priority offenses Predicting risks Automating the policy monitoring and against your evaluation process for configuration business changes in the infrastructure Addressing Real-time monitoring of all network regulatory mandates activity, in addition to PCI mandates 16
    17. 17. Solutions Integration17 17 © 2011 IBM Corporation
    18. 18. Integration: Increasing security, collapsing silos,and reducing complexityIncreased Awareness and Accuracy  Detect advanced threats with real-time intelligence correlation across security domains  Increase situational awareness by leveraging real-time feeds of X-Force® Research and global threat intelligence across IBM security products, such as QRadar SIEM and Network Security appliances  Conduct comprehensive incident investigations with unified identity, database, network and endpoint activity monitoring and log managementEase of Management  Simplify risk management and decision-making with automated reporting though a unified console  Enhance auditing and access capabilities by sharing Identity context across multiple IBM security products 18
    19. 19. Hundreds of 3rd party information sources Increase security awareness and accuracy QRadar SIEM consolidates siloed information to more effectively detect and manage complex threats. Information is normalized and correlated to quickly deliver intelligence that allows organizations to detect, notify and respond to threats missed by other security solutions with isolated visibility Support for over 400+ information sources, including many IBM products and technologies User and Asset Context - Contextual data from IAM products and vulnerability scanners Application Logs - ERP, workflow, application databases, management platforms, etc. Network Events - Switches, routers, servers, hosts, etc. Network Activity Context - Layer 7 application context from network and application traffic Security Events - Events from firewalls, VPNs, IPS, etc. Automate compliance tasks and assess risks QRadar Risk Manager leverages and extends the value of a SIEM deployment to greatly improve the ability to automate risk management functions in mission critical areas, including network and security configuration, compliance management, and vulnerability assessment 19
    20. 20. Stay ahead of the changing threat landscape The X-Force team is one of the best-known commercial security research groups in the world. These security experts research vulnerabilities and security issues, collect worldwide threat data and develop countermeasure technologies for IBM products Examples of integrated X-Force research X-Force Database - 63,000+ unique vulnerabilities, threats and security checks Virtual Patch - Eliminates fire drills for new threats by mitigating vulnerabilities through network intrusion prevention X-Force Hosted threat analysis service - offers threat information collected from globally networked security operations centers Intelligence to assess and harden databases Guardium contains hundreds of preconfigured vulnerability tests, encompassing CIS and STIG best practices, updated regularly through IBM’s Knowledge Base service Detect the latest web application vulnerabilitiesGlobal Threat Information on the latest threats, updated automatically whenIntelligence you launch a AppScan product – including OWASP and SANS top vulnerabilities 20
    21. 21. Customized protection to block web attacks AppScan Enterprise Edition software integrates with the IBM security solution for network and server security to protect specific vulnerabilities using scan results 1 AppScan scans and tests web applications to identify risks and vulnerabilities 2 SiteProtector consumes AppScan results and builds recommended policies 3 Customized protection policies are pushed to IPS appliances and server agents Automated policy enforcement IBM’s suite of Identity and Access Management tools are leveraged by DataPower SOA gateways to provide central policy management and user access enforcement across web services deployments, including credentials for the gateways themselves.Identify users associated with database activityInfoSphere Guardium leverages identity information for in-depthdatabase security analysis when monitoring suspicious activity 21
    22. 22. X-Force – Intelligence Research22 22 © 2011 IBM Corporation
    23. 23. IBM Security: Delivering intelligence, integration andexpertise across a comprehensive framework Only vendor in the market with end-to- end coverage of the security foundation 6K+ security engineers and consultants Award-winning X-Force® research Largest vulnerability database in the industry Intelligence ● Integration ● Expertise 23
    24. 24. Expertise: Unmatched global coverage and securityawareness Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches World Wide Managed IBM Research Security devices under contract 20,000+ Services Coverage  3,700+ MSS clients worldwide  9B+ events managed per day  1,000+ security patents  133 monitored countries (MSS) 24
    25. 25. Everything is Everywhere Identity Web Application Virtualization Network Image & Patch Database Federation Scanning Security Security Management Monitoring IBM Security Intelligence 25
    26. 26. Security is Everywhere 26
    27. 27. Less a technical problem, More a business challenge Many of the breaches could have been prevented However, significant effort required to inventory, identify and close every vulnerability Financial & operational resistance is always encountered, so how much of an investment is enough? 27
    28. 28. Security Evolution “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” Charles Darwin 28
    29. 29. ibm.com/security© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposesonly, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the useof, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating anywarranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreementgoverning the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available inall countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s solediscretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in anyway. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the UnitedStates, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 29
    30. 30. Please note:• IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.• Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.• The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.• Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon 30 many factors, including considerations such as the amount of