Security Operations Optimization
Ahmed Abdel Hamid
Security Business Manager, KSA
April 23, 2014
© 2014 IBM Corporation
Agenda
New attacks landscape
Security Operations Optimization
Managed SIEM
Managed Security Ser...
3 Highly Confidential
ReferenceNo.(9ptArial)
28-Apr-14
4 Highly Confidential
ReferenceNo.(9ptArial)
28-Apr-14
5 Highly Confidential
ReferenceNo.(9ptArial)
28-Apr-14
© 2014 IBM Corporation
The famous 2014 “Retailers” breach
6
Target and Neiman Marcus
Breaches Are Only the
Beginning - 22 ...
© 2014 IBM CorporationIBM Confidential
Anonymous Israel Attack on April 7th - said
today in its response to questions, cla...
8 Highly Confidential
ReferenceNo.(9ptArial)
28-Apr-14
Database
Breach….
© 2014 IBM Corporation
Top 5 Global SPAM Destination Countries
Saudi Arabia is maintaining #1 Position into 2013
May 2013 ...
© 2014 IBM Corporation
© 2014 IBM Corporation
more than
half a billion records
of personally identifiable information (PII) were leaked in 2013
12 Highly Confidential
ReferenceNo.(9ptArial)
28-Apr-14
© 2014 IBM Corporation
Security Strategy, Risk and Compliance
CybersecurityAssessmentand
Response
Security Operations Opti...
© 2014 IBM Corporation
IBM Security Operations Optimization
© 2014 IBM Corporation
There is no app for that…
Log Integrity Firewall IDPS
Brand
Monitoring
Device Management
Security M...
© 2014 IBM Corporation
Selecting the optimal SOC operating model depends on balancing
business and technical requirements,...
© 2014 IBM Corporation
Security Intelligence
Network Activity
Application
Activity
Server & Hosts
Firewall
IDPS
Vulnerabil...
© 2014 IBM Corporation
SOC Consulting Offerings in Development
 Security Operations Center (SOC) Workshop
– 2-3 day manag...
© 2014 IBM Corporation
Get Started
 What is the primary purpose of the SOC?
 What are the specific tasks assigned to the...
© 2014 IBM Corporation
Moving Forward
Phase 1
Phase 2
Phase 3
Determine
Requirements
Information Gathering
Information Ana...
© 2014 IBM Corporation
Managing your SIEM solution
© 2014 IBM Corporation
How will a SIEM solution help me?!
23
Identified .
threats
Known vulnerabilities
Business-critical ...
© 2014 IBM Corporation
Gain enterprise-wide security visibility and intelligence
Integrated Intelligent Security Monitorin...
© 2014 IBM Corporation
Combining three functional capabilities
Log management
Log collection, retention and search capabil...
© 2014 IBM Corporation
In order to make the best use of your SIEM solution, IBM
will:
BUILD
Assess, Design and Deploy
OPER...
© 2014 IBM Corporation
A consistent service delivery methodology with high touch
consultative focus to deliver a SIEM solu...
© 2014 IBM Corporation
Managed Security Services Offerings
© 2014 IBM Corporation
IBM Security Services Portfolio : Managed and
Cloud.
Cloud security
services
 Hosted vulnerability...
© 2014 IBM Corporation
SOC Basic Architecture
Firewalls and IDS
and IPS1
Applications
Networking
devices
Vulnerability
Agg...
© 2014 IBM Corporation
Mobily-IBM Managed Security Services Customer Portal
© 2014 IBM Corporation
Combining best of MSS and PSS in one company
IBM Security Consulting
Services
IBM Managed Security
...
© 2014 IBM Corporation
Call to Action
Perform Security Operations Assessment workshop
Evaluate how much value you gain f...
Security Operations Optimization
Upcoming SlideShare
Loading in...5
×

Security Operations Optimization

1,595

Published on

Presented by IBM Security Business Manager, KSA ; Mr. Ahmed Abdel Hamid at the Mobily-IBM Security & Resiliency Conference 2014

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,595
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
216
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security Operations Optimization

  1. 1. Security Operations Optimization Ahmed Abdel Hamid Security Business Manager, KSA April 23, 2014
  2. 2. © 2014 IBM Corporation Agenda New attacks landscape Security Operations Optimization Managed SIEM Managed Security Services Call to Action
  3. 3. 3 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14
  4. 4. 4 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14
  5. 5. 5 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14
  6. 6. © 2014 IBM Corporation The famous 2014 “Retailers” breach 6 Target and Neiman Marcus Breaches Are Only the Beginning - 22 Jan 2014 Neiman Marcus Hack Went Undetected For 5 Months - Reuters , 17 January 2014 Target: 40 million credit cards compromised - CNNMoney, 19 December 2013
  7. 7. © 2014 IBM CorporationIBM Confidential Anonymous Israel Attack on April 7th - said today in its response to questions, claiming its official estimate of damage so far includes hacking of 60,000 websites, 40,000 Facebook pages, 5,000 Twitter accounts and 30,000 Israeli bank accounts, "causing an estimated $3 billion in damage.“ ……However, now Israeli hactivists are fired up and counter-striking at Palestinian, Iranian and Turkish website targets. Network World USA April 2013
  8. 8. 8 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14 Database Breach….
  9. 9. © 2014 IBM Corporation Top 5 Global SPAM Destination Countries Saudi Arabia is maintaining #1 Position into 2013 May 2013 June 2013 2012 Summary of SPAM for GCC Receiving Countries • Saudi Arabia: Number 1 SPAM receiving country except for 1 month was #2.
  10. 10. © 2014 IBM Corporation
  11. 11. © 2014 IBM Corporation more than half a billion records of personally identifiable information (PII) were leaked in 2013
  12. 12. 12 Highly Confidential ReferenceNo.(9ptArial) 28-Apr-14
  13. 13. © 2014 IBM Corporation Security Strategy, Risk and Compliance CybersecurityAssessmentand Response Security Operations Optimization Infrastructure and Endpoint Security Identity and Access Management Data and Application Security Managed Security IBM has a broad base of security services to help you Managed Services Security Consulting & Professional Services Expertise Intelligence Integration •Globally available managed security services platform •Manage security operations, detect and respond to emerging risk •6000+ Security Consultants & Architects •Assess security risk and compliance, evolve security program
  14. 14. © 2014 IBM Corporation IBM Security Operations Optimization
  15. 15. © 2014 IBM Corporation There is no app for that… Log Integrity Firewall IDPS Brand Monitoring Device Management Security Monitoring Incident Escalation Incident Response Compliance Management Correlation Rules Security Intelligence Policy Management Application Monitoring OFF ON Client Success Undefined > Functionality ON ON ONOFF OFF OFF In-House OutsourceCo-Deliver People Technology Scope Compliance & Reporting > Escalations & Notifications > DLP Identity & Access
  16. 16. © 2014 IBM Corporation Selecting the optimal SOC operating model depends on balancing business and technical requirements, risk and financial constraints Business Requirements Centralized Decentralized Technical Requirements Standard Highly Customized Risk Tolerance Externally Managed Internally Managed Financial Constraints Low Cost High Cost
  17. 17. © 2014 IBM Corporation Security Intelligence Network Activity Application Activity Server & Hosts Firewall IDPS Vulnerability Scan User Activity Threat Intel Feeds Geo-IP Location Capture Analyze ActMonitor Data Import IBM MSS Security Intelligence capabilities are centered around the IBM X-Force Protection System (XPS) and Managed SIEM QRadar technologies, uniting the sophisticated intelligence of each of these technologies through global intelligence and a single centralized vSOC Customer Portal. CUSTOMER DATA IBM DATA Enrichment Availability of both CPE and Cloud-based SIEM Analysis across thousands of customers worldwide Advanced Threat Analytics Advance Business Analytics Compliance Reporting System Activity & Privileged User Monitoring Historical Analysis & Reporting Security Visualization Real-time & Historical Query Incident Management VALUE PROPOSITION Real-time Correlation & Analysis Historical Analytics & Data Mining Real-time Correlation & Analysis Historical Analytics & Data Mining 1 CPE-based Managed QRadar Cloud-based SIEM 2 X-Force Protection System (XPS) 11 Security Operation Centers 3,700+ MSS Clients Worldwide Billions+ Events Managed per Day 1,000+ Security Patents* 133 Monitored Countries (MSS) Global Intelligence 3
  18. 18. © 2014 IBM Corporation SOC Consulting Offerings in Development  Security Operations Center (SOC) Workshop – 2-3 day management workshop to establish goals and objectives for developing the SOC, identifying stakeholders, types of threats monitored, and the management model  Security Operations Center (SOC) Assessment – Consulting assessment for customers that have en existing SOC but are looking for IBM to review their capabilities and maturity and make recommendations for improvements  Security Operations Center (SOC) Strategy Engagement – Consulting strategy engagement for customers that either do not have a SOC or just some monitoring components in their environment, or have out-tasked functions to service providers and now want to bring it in- house.  Security Operations Center (SOC) Design / Build Project – Professional services for customers who have already have a SOC strategy and are seeking assistance to design and build 1 or multiple SOC’s for their organization – Components would include. • Organization/People (Develop and implement staffing models, shift schedules, skills training etc.) • Processes, Procedures, Guidelines (Define, develop and document, update existing) • Technology (Plan, design, deploy technology components, integrate feeds and other referential sources)
  19. 19. © 2014 IBM Corporation Get Started  What is the primary purpose of the SOC?  What are the specific tasks assigned to the SOC? (e.g., threat intelligence, security device management, compliance management, detecting insider abuse on the financial systems, incident response and forensic analysis, vulnerability assessments, etc.)  Who are the consumers of the information collected and analyzed by the SOC? What requirements do they have for the SOC?  Who is the ultimate stakeholder for the SOC? Who will “sell” the SOC to the rest of the organization?  What types of security events will eventually be fed into the SOC for monitoring?  Will the organization seek an external partner to help manage the SOC? 20
  20. 20. © 2014 IBM Corporation Moving Forward Phase 1 Phase 2 Phase 3 Determine Requirements Information Gathering Information Analysis Blueprint Creation Execute Blueprint Phase 1 and 2 must be completed to determine Phase 3 requirements
  21. 21. © 2014 IBM Corporation Managing your SIEM solution
  22. 22. © 2014 IBM Corporation How will a SIEM solution help me?! 23 Identified . threats Known vulnerabilities Business-critical IT assets Risk-based Prioritization Threat Determined Firewalls/ VPN Intrusion Detection Systems Vulnerability Assessment Network Equipment Server and Desktop OS Anti-Virus Applications Databases User Activity Monitoring Critical file modifications Policy Changes Malicious IP Traffic Web Traffic Tens of Millions: Raw Events Millions: Security Relevant Events Hundreds: Correlated Events
  23. 23. © 2014 IBM Corporation Gain enterprise-wide security visibility and intelligence Integrated Intelligent Security Monitoring: People: Identity and Access Management Data: Database and Data Loss Prevention Security Applications: Vulnerability Scanning and Logs Infrastructure: Network, Server and Endpoint Threat Intelligence: X-Force, MSS Global Analytics and 3rd Parties
  24. 24. © 2014 IBM Corporation Combining three functional capabilities Log management Log collection, retention and search capabilities Near-real-time security event and incident management End-to-end incident and event management, including alerting, ticket logging, escalation management and assist remediation Compliance management Regulatory compliance monitoring, alerting and reporting framework combined with expert analytical capabilities, improvement programs and threat assessments
  25. 25. © 2014 IBM Corporation In order to make the best use of your SIEM solution, IBM will: BUILD Assess, Design and Deploy OPERATE Manage, Monitor, Alert and Remediate RESPOND Incident Planning, Response and Forensics OVERSEE Governance, Compliance and Awareness
  26. 26. © 2014 IBM Corporation A consistent service delivery methodology with high touch consultative focus to deliver a SIEM solution Kick off Requirements Definition and Planning Session Deliverable: Service/Project Plan Architecture Design System Design Design Review Deliverable: Updated Service/Project Plan Rack and Stack Deployment Initial Configuration and Tuning Deliverable: Operational SIEM System Staged Transition to Operational Support Reports Definition and Validation Readiness Assessment Initiate Steady State Operations Deliverable: Application Support and Control Document, Communications Plan, and first Report Set Real-time Event Monitoring and Notification Reports Generation, review and Analysis SIEM System Management SIEM System Change Requests X-Force Threat Analysis Service Deliverable: Monthly Report Set, XFTAS Reports, Monthly, Quarterly, and Annual Reviews Project Initiation and Planning SIEM System Design Implementation Integration and Transition Ongoing Operational Support Month 1 Month 4 Month 5+Month 2 Month 3 IBM’s Migration Methodology includes staggered on-boarding while processes are documented and integration and transition activities are performed.
  27. 27. © 2014 IBM Corporation Managed Security Services Offerings
  28. 28. © 2014 IBM Corporation IBM Security Services Portfolio : Managed and Cloud. Cloud security services  Hosted vulnerability management services  Hosted security event and log management services  Hosted IBM X-Force® threat analysis services Multiple device types and vendors supported 1Intrusion Protection System 2Intrusion Detection System 3Unified threat management Security Requirements  Managed and monitored firewall services  Managed IPS1 and IDS2 services  Managed UTM3 services Managed Security Services
  29. 29. © 2014 IBM Corporation SOC Basic Architecture Firewalls and IDS and IPS1 Applications Networking devices Vulnerability Aggregation Aggregation Correlation Archival Reporting Workflow Virtual-SOC technology platform Security Operations Center (SOC) Normalize Aggregate Correlate Archive Escalate Remediate Internet Virtual-SOC portal Virtual Security Operations Center (V-SOC) Anti Virus and filtering
  30. 30. © 2014 IBM Corporation Mobily-IBM Managed Security Services Customer Portal
  31. 31. © 2014 IBM Corporation Combining best of MSS and PSS in one company IBM Security Consulting Services IBM Managed Security Services “IBM has the largest client base of the participants... Clients praised the flexibility, knowledge, and responsiveness …while also noting the company’s excellent documentation. Organizations looking for a high-quality vendor that can do it all and manage it afterwards should consider IBM.” Source: Forrester Research Inc. “Forrester WaveTM”: Information Security Consulting Services, Q1 2013”. And Forester Wave: Managed Security Services providers Q1, 2012 Full report can be accessed at http://www.ibm.com
  32. 32. © 2014 IBM Corporation Call to Action Perform Security Operations Assessment workshop Evaluate how much value you gain from your current SIEM Solution Managed Security Services can be an interim effective solution
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×