IBM Software Day 2013. Defending against cyber threats with security intelligence


Published on

IBM Software Day 2013. Defending against cyber threats with security intelligence

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IBM Software Day 2013. Defending against cyber threats with security intelligence

  1. 1. Defending Against CyberThreats with SecurityIntelligence and BehavioralAnalyticsBob Kalka, CRISCDirector, IBM Security Systemsbkalka@
  2. 2. Four Key Drivers The age of Big Data – the explosion of digitalData information – has arrived and is facilitated byExplosion the pervasiveness of applications accessed from everywhere With the advent of Enterprise 2.0 and socialConsumerization business, the line between personal andof IT professional hours, devices and data has disappeared Organizations continue to move to newEVERYTHING platforms including cloud, virtualization,IS EVERYWHERE mobile, social business and more The speed and dexterity of attacks has increasedAttack coupled with new actors with new motivationsSophistication from cyber crime to terrorism to state-sponsored intrusions
  3. 3. 2011 Sampling of Security Incidents by Attack Type, Time and Impact Attack Type SQL Injection Online Gaming URL Tampering Gaming Central IT Spear Phishing Security Government Online3rd Party Software Enter- Defense Central Gaming tainment Govt Consumer Central Electronics Government Online DDoS Banking Consulting Services Online SecureID Banking Online Online Services Marketing National Gaming Heavy Trojan Software Police Consulting Industry Gaming Gaming Services Unknown Internet Services Entertainment Online Defense Online Consumer Police Gaming Gaming IT Insurance Security Electronics Entertainment Central Agriculture Government Apparel Central State Financial Government Police Government Consulting IT Defense Market Security Gaming Central Central Consumer Govt Tele- Internet Govt Central Electronics Central State communic Services Government Size of circle estimates relative impact of Government Police ations breach in terms of cost to business Online Defense Gaming Central National Central Consumer Police Government Government Electronics Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov DecSource: IBM X-Force® Research 2011 Trend and Risk Report
  4. 4. IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Intelligence ● Integration ● Expertise
  5. 5. Security Intelligence Then: Collection Logs Events Alerts •Log collection Configuration •Signature-based detection information System Identity Now: Intelligenceaudit trails context Network flows •Real-time monitoring and anomalies E-mail and •Context-aware anomaly detection External social activity threat feeds •Automated correlation and analytics Malware Business information process data
  6. 6. PeopleThen: Administration•Identity management•Cost controlNow: Insight•Identify and monitor highest risk users•Know who has access to sensitive dataand systems•Baseline normal behavior•Prioritize privileged identities Monitor Everything
  7. 7. DataThen: Basic Control• Simple access controlsand encryptionNow: Laser Focus• Discover and protect high-value data• Understand who is accessing the data,at what time of day, from where, and inwhat role• Baseline normal behavior Monitor Everything
  8. 8. ApplicationsThen: Bolt-on• Periodic scanning ofWeb applicationsNow: Built-in• Harden applications with access tosensitive data• Scan source and real-time• Baseline normal application behaviorand alert Monitor Everything
  9. 9. InfrastructureThen: Thicker Walls• Firewalls, manual patching, andantivirus• Focus on perimeter securityNow: Smarter Defenses• Baseline system andnetwork behavior• Analyze unknown threats usingadvanced heuristics Monitor Everything• Expand coverage into cloud andmobile environments
  10. 10. IBM Security Systems - Security Intelligence Basic Proficient Optimized SIEM Flow Analytics Log Management Predictive GRC Analytics Identity User Provisioning governance Directory Fine-grained management Access Mgmt. entitlements and Strong Privileged user Authentication management Test Data Data Discovery Masking Database Activity and Classification Encryption Monitoring Data Loss Encryption Key Prevention Management Static Source Hybrid Scanning Dynamic Code Scanning and Correlation Vulnerability Web Analysis Fraud Application Detection Protection Network Professional Multi-faceted Security Assessments Network Protection Host Endpoint Security Anomaly Detection Security Management Managed Security Anti-Virus Virtualized Services
  11. 11. IBM Security Systems - Security Intelligence Basic Proficient Optimized SIEM QRadar SIEM Flow Analytics QFLOW/VFLOW Log QRadar Log Management Manager Predictive GRC Open Pages QRadar Risk Manager Analytics Identity Manager Identity Identity Manager/Role User Provisioning zSecure governance Lifecycle Manager Directory Directory Integrator Fine-grained Security Policy Manager management Directory Server Access Mgmt. Access Manager entitlements and Strong family Federated Identity Privileged user Privileged Identity Authentication Manager management Manager Test Data Guardium Data Masking Data Discovery InfoSphere InfoSphere Guardium Masking Encryption Expert Database Activity InfoSphere Guardium and Classification Discovery Encryption Monitoring STG Solutions Data Loss Encryption Key Key Lifecycle TEM for Core Protection; PGP (GTS) Prevention GTS partnerships Management Manager Static Source AppScan Source Hybrid Scanning AppScan family Dynamic Code Scanning and Correlation AppScan Vulnerability Standard Web Analysis IPS, XGS, Fraud InfoSphere Application DataPower Detection Identity Insight Protection Network Network IPS Professional GTS and BPs Multi-faceted XGS Security Host Protection, Assessments Endpoint Manager Network Protection Host RACF Endpoint Security zSecure Anomaly Detection Network Anomaly Security Endpoint Manager for Management Virtual Server Detection Protection (VSP) Managed Security GTS and BPs Anti-Virus Core Protection Virtualized Services VFLOW
  12. 12. IBM Security Services: Professional and Managed Services Capabilities • Broad security capability consultative assessments and planning Security Consulting • Compliance focused assessments (e.g. PCI, SCADA, HIPAA) • Information Security Assessments Security Intelligence & • SOC and SIEM assessments and planning SOC architecture and design (people, process and Operations technology) • Identity assessment and planning Identity and Access • Identify solution architecture, design and deployment for access, provisioning, single sign on and two factor Management authentication. • Managed identity services • Application secure engineering Data & Application / SDLC • Data security assessments and enterprise planning • Database protection solution design and deployment Security • Endpoint and network data control (DLP, encryption) solution design and deployment • Technical infrastructure assessments and planning Infrastructure Security • Infrastructure solution (UTM, Firewall, IDPS) design and deployment • Network, endpoint, server • Application technical testing and source code scanningCyber Security Assessment & • Infrastructure penetration testing Response • Emergency response services • Security event monitoring and managed protection Managed Security & Cloud • Security intelligence analysis • Security infrastructure device (UTM, firewall, IPDS) device monitoring & management Services • Mobile device management • Hosted / managed SIEM, application. email, vulnerability scanning