Your SlideShare is downloading. ×

Security Operations Optimization


Published on

Presented by IBM Security Business Manager, KSA ; Mr. Ahmed Abdel Hamid at the Mobily-IBM Security & Resiliency Conference 2014

Presented by IBM Security Business Manager, KSA ; Mr. Ahmed Abdel Hamid at the Mobily-IBM Security & Resiliency Conference 2014

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Security Operations Optimization Ahmed Abdel Hamid Security Business Manager, KSA April 23, 2014
  • 2. © 2014 IBM Corporation Agenda New attacks landscape Security Operations Optimization Managed SIEM Managed Security Services Call to Action
  • 3. 3 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14
  • 4. 4 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14
  • 5. 5 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14
  • 6. © 2014 IBM Corporation The famous 2014 “Retailers” breach 6 Target and Neiman Marcus Breaches Are Only the Beginning - 22 Jan 2014 Neiman Marcus Hack Went Undetected For 5 Months - Reuters , 17 January 2014 Target: 40 million credit cards compromised - CNNMoney, 19 December 2013
  • 7. © 2014 IBM CorporationIBM Confidential Anonymous Israel Attack on April 7th - said today in its response to questions, claiming its official estimate of damage so far includes hacking of 60,000 websites, 40,000 Facebook pages, 5,000 Twitter accounts and 30,000 Israeli bank accounts, "causing an estimated $3 billion in damage.“ ……However, now Israeli hactivists are fired up and counter-striking at Palestinian, Iranian and Turkish website targets. Network World USA April 2013
  • 8. 8 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14 Database Breach….
  • 9. © 2014 IBM Corporation Top 5 Global SPAM Destination Countries Saudi Arabia is maintaining #1 Position into 2013 May 2013 June 2013 2012 Summary of SPAM for GCC Receiving Countries • Saudi Arabia: Number 1 SPAM receiving country except for 1 month was #2.
  • 10. © 2014 IBM Corporation
  • 11. © 2014 IBM Corporation more than half a billion records of personally identifiable information (PII) were leaked in 2013
  • 12. 12 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14
  • 13. © 2014 IBM Corporation Security Strategy, Risk and Compliance CybersecurityAssessmentand Response Security Operations Optimization Infrastructure and Endpoint Security Identity and Access Management Data and Application Security Managed Security IBM has a broad base of security services to help you Managed Services Security Consulting & Professional Services Expertise Intelligence Integration •Globally available managed security services platform •Manage security operations, detect and respond to emerging risk •6000+ Security Consultants & Architects •Assess security risk and compliance, evolve security program
  • 14. © 2014 IBM Corporation IBM Security Operations Optimization
  • 15. © 2014 IBM Corporation There is no app for that… Log Integrity Firewall IDPS Brand Monitoring Device Management Security Monitoring Incident Escalation Incident Response Compliance Management Correlation Rules Security Intelligence Policy Management Application Monitoring OFF ON Client Success Undefined > Functionality ON ON ONOFF OFF OFF In-House OutsourceCo-Deliver People Technology Scope Compliance & Reporting > Escalations & Notifications > DLP Identity & Access
  • 16. © 2014 IBM Corporation Selecting the optimal SOC operating model depends on balancing business and technical requirements, risk and financial constraints Business Requirements Centralized Decentralized Technical Requirements Standard Highly Customized Risk Tolerance Externally Managed Internally Managed Financial Constraints Low Cost High Cost
  • 17. © 2014 IBM Corporation Security Intelligence Network Activity Application Activity Server & Hosts Firewall IDPS Vulnerability Scan User Activity Threat Intel Feeds Geo-IP Location Capture Analyze ActMonitor Data Import IBM MSS Security Intelligence capabilities are centered around the IBM X-Force Protection System (XPS) and Managed SIEM QRadar technologies, uniting the sophisticated intelligence of each of these technologies through global intelligence and a single centralized vSOC Customer Portal. CUSTOMER DATA IBM DATA Enrichment Availability of both CPE and Cloud-based SIEM Analysis across thousands of customers worldwide Advanced Threat Analytics Advance Business Analytics Compliance Reporting System Activity & Privileged User Monitoring Historical Analysis & Reporting Security Visualization Real-time & Historical Query Incident Management VALUE PROPOSITION Real-time Correlation & Analysis Historical Analytics & Data Mining Real-time Correlation & Analysis Historical Analytics & Data Mining 1 CPE-based Managed QRadar Cloud-based SIEM 2 X-Force Protection System (XPS) 11 Security Operation Centers 3,700+ MSS Clients Worldwide Billions+ Events Managed per Day 1,000+ Security Patents* 133 Monitored Countries (MSS) Global Intelligence 3
  • 18. © 2014 IBM Corporation SOC Consulting Offerings in Development  Security Operations Center (SOC) Workshop – 2-3 day management workshop to establish goals and objectives for developing the SOC, identifying stakeholders, types of threats monitored, and the management model  Security Operations Center (SOC) Assessment – Consulting assessment for customers that have en existing SOC but are looking for IBM to review their capabilities and maturity and make recommendations for improvements  Security Operations Center (SOC) Strategy Engagement – Consulting strategy engagement for customers that either do not have a SOC or just some monitoring components in their environment, or have out-tasked functions to service providers and now want to bring it in- house.  Security Operations Center (SOC) Design / Build Project – Professional services for customers who have already have a SOC strategy and are seeking assistance to design and build 1 or multiple SOC’s for their organization – Components would include. • Organization/People (Develop and implement staffing models, shift schedules, skills training etc.) • Processes, Procedures, Guidelines (Define, develop and document, update existing) • Technology (Plan, design, deploy technology components, integrate feeds and other referential sources)
  • 19. © 2014 IBM Corporation Get Started  What is the primary purpose of the SOC?  What are the specific tasks assigned to the SOC? (e.g., threat intelligence, security device management, compliance management, detecting insider abuse on the financial systems, incident response and forensic analysis, vulnerability assessments, etc.)  Who are the consumers of the information collected and analyzed by the SOC? What requirements do they have for the SOC?  Who is the ultimate stakeholder for the SOC? Who will “sell” the SOC to the rest of the organization?  What types of security events will eventually be fed into the SOC for monitoring?  Will the organization seek an external partner to help manage the SOC? 20
  • 20. © 2014 IBM Corporation Moving Forward Phase 1 Phase 2 Phase 3 Determine Requirements Information Gathering Information Analysis Blueprint Creation Execute Blueprint Phase 1 and 2 must be completed to determine Phase 3 requirements
  • 21. © 2014 IBM Corporation Managing your SIEM solution
  • 22. © 2014 IBM Corporation How will a SIEM solution help me?! 23 Identified . threats Known vulnerabilities Business-critical IT assets Risk-based Prioritization Threat Determined Firewalls/ VPN Intrusion Detection Systems Vulnerability Assessment Network Equipment Server and Desktop OS Anti-Virus Applications Databases User Activity Monitoring Critical file modifications Policy Changes Malicious IP Traffic Web Traffic Tens of Millions: Raw Events Millions: Security Relevant Events Hundreds: Correlated Events
  • 23. © 2014 IBM Corporation Gain enterprise-wide security visibility and intelligence Integrated Intelligent Security Monitoring: People: Identity and Access Management Data: Database and Data Loss Prevention Security Applications: Vulnerability Scanning and Logs Infrastructure: Network, Server and Endpoint Threat Intelligence: X-Force, MSS Global Analytics and 3rd Parties
  • 24. © 2014 IBM Corporation Combining three functional capabilities Log management Log collection, retention and search capabilities Near-real-time security event and incident management End-to-end incident and event management, including alerting, ticket logging, escalation management and assist remediation Compliance management Regulatory compliance monitoring, alerting and reporting framework combined with expert analytical capabilities, improvement programs and threat assessments
  • 25. © 2014 IBM Corporation In order to make the best use of your SIEM solution, IBM will: BUILD Assess, Design and Deploy OPERATE Manage, Monitor, Alert and Remediate RESPOND Incident Planning, Response and Forensics OVERSEE Governance, Compliance and Awareness
  • 26. © 2014 IBM Corporation A consistent service delivery methodology with high touch consultative focus to deliver a SIEM solution Kick off Requirements Definition and Planning Session Deliverable: Service/Project Plan Architecture Design System Design Design Review Deliverable: Updated Service/Project Plan Rack and Stack Deployment Initial Configuration and Tuning Deliverable: Operational SIEM System Staged Transition to Operational Support Reports Definition and Validation Readiness Assessment Initiate Steady State Operations Deliverable: Application Support and Control Document, Communications Plan, and first Report Set Real-time Event Monitoring and Notification Reports Generation, review and Analysis SIEM System Management SIEM System Change Requests X-Force Threat Analysis Service Deliverable: Monthly Report Set, XFTAS Reports, Monthly, Quarterly, and Annual Reviews Project Initiation and Planning SIEM System Design Implementation Integration and Transition Ongoing Operational Support Month 1 Month 4 Month 5+Month 2 Month 3 IBM’s Migration Methodology includes staggered on-boarding while processes are documented and integration and transition activities are performed.
  • 27. © 2014 IBM Corporation Managed Security Services Offerings
  • 28. © 2014 IBM Corporation IBM Security Services Portfolio : Managed and Cloud. Cloud security services  Hosted vulnerability management services  Hosted security event and log management services  Hosted IBM X-Force® threat analysis services Multiple device types and vendors supported 1Intrusion Protection System 2Intrusion Detection System 3Unified threat management Security Requirements  Managed and monitored firewall services  Managed IPS1 and IDS2 services  Managed UTM3 services Managed Security Services
  • 29. © 2014 IBM Corporation SOC Basic Architecture Firewalls and IDS and IPS1 Applications Networking devices Vulnerability Aggregation Aggregation Correlation Archival Reporting Workflow Virtual-SOC technology platform Security Operations Center (SOC) Normalize Aggregate Correlate Archive Escalate Remediate Internet Virtual-SOC portal Virtual Security Operations Center (V-SOC) Anti Virus and filtering
  • 30. © 2014 IBM Corporation Mobily-IBM Managed Security Services Customer Portal
  • 31. © 2014 IBM Corporation Combining best of MSS and PSS in one company IBM Security Consulting Services IBM Managed Security Services “IBM has the largest client base of the participants... Clients praised the flexibility, knowledge, and responsiveness …while also noting the company’s excellent documentation. Organizations looking for a high-quality vendor that can do it all and manage it afterwards should consider IBM.” Source: Forrester Research Inc. “Forrester WaveTM”: Information Security Consulting Services, Q1 2013”. And Forester Wave: Managed Security Services providers Q1, 2012 Full report can be accessed at
  • 32. © 2014 IBM Corporation Call to Action Perform Security Operations Assessment workshop Evaluate how much value you gain from your current SIEM Solution Managed Security Services can be an interim effective solution