Emergency Response How to Identify and Resolve Security Risks

941 views

Published on

To stay uniquely positioned in this complex threatening environment, every organization is required to successfully identify and resolve risks – before they wind up in an emergency situation. Intelligent threat prevention and security intelligence will disrupt the entire lifecycle of sophisticated attacks so this is the best medicine to avoid a call for emergency response.

Join us to learn about the newest results and updates from the IBM X-Force Threat Intelligence Quarterly – 2Q 2014 report which will include information to arm yourself on hosted application scanning and management, a major span update and Emergency Response Services.

View the full on-demand webcast: https://www2.gotomeeting.com/register/668269682

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
941
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
27
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Emergency Response How to Identify and Resolve Security Risks

  1. 1. © 2012 IBM Corporation IBM Security Systems 1© 2014 IBM Corporation Emergency Response: How to Identify and Resolve Security Risks John Cloonan, Program Director, X-Force Strategy and Product Management Robert Lewlewski, Engagement Lead, Emergency Response Services
  2. 2. © 2014 IBM Corporation IBM Security Systems IBM X-Force is the foundation for advanced security and threat research across the IBM Security Framework.
  3. 3. © 2014 IBM Corporation IBM Security Systems Coverage 20,000+ devices under contract 3,700+ managed clients worldwide 15B+ events managed per day 133 monitored countries (MSS) 1,000+ security related patents 100M+ customers protected from fraudulent transactions Depth 22B analyzed web pages & images 7M spam & phishing attacks daily 73K documented vulnerabilities 860K malicious IP addresses 1000+ malware samples collected daily Millions of unique malware samples IBM X-Force monitors and analyzes the changing threat landscape.
  4. 4. © 2014 IBM Corporation IBM Security Systems We are in an era of continuous breaches. Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014 Operational Sophistication IBM X-Force declared Year of the Security Breach Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 500,000,000+ records were leaked, while the future shows no sign of change 2011 2012 2013 SQL injection Spear phishing DDoS Third-party software Physical access Malware XSS Watering hole Undisclosed Attack types Note: Size of circle estimates relative impact of incident in terms of cost to business.
  5. 5. © 2014 IBM Corporation IBM Security Systems Attackers exploit application vulnerabilities to access sensitive data.  Not testing puts the organization at risk of exposing valuable assets  Broken authentication can result in take over of banking session and funds transfer as if the attacker were the legitimate user.  OpenSSL bug put a huge number of websites at risk for data leakage of private and critical information.  Mitigating potential damages of breached user credentials, SSL certificates, and other sensitive information made cleanup a challenge. of organizations underestimate the number of web applications they have deployed50%  If your incident response is built around planning for the known situations, you're at a loss. Contents of random access memory (RAM) are now fair game, like data stored on the disk. Test and Remediate AppVulns Protect Web Servers Expect the Unexpected
  6. 6. © 2014 IBM Corporation IBM Security Systems Underestimating web applications is not uncommon. Broken authentication and CSRF occurred in 23% of the 900+ dynamic web app scans tested
  7. 7. © 2014 IBM Corporation IBM Security Systems Client requests to perform large-scale, ongoing scanning of live sites has increased.
  8. 8. © 2014 IBM Corporation IBM Security Systems Spam continues to be a main channel of malware into company networks. In March 2014, we saw the highest levels of spam measured during the last two and a half years.
  9. 9. © 2014 IBM Corporation IBM Security Systems Attackers are recycling old image-spam techniques to test detection and exploit email inboxes.
  10. 10. © 2014 IBM Corporation IBM Security Systems Attackers look for creative ways to evade spam filters - again.
  11. 11. © 2014 IBM Corporation IBM Security Systems Attackers are using doctor and medic .ru domains in these attacks. Since the beginning of February 2014, spammers have used the domains they have purchased for other, non-image based types of spam.
  12. 12. © 2014 IBM Corporation IBM Security Systems Spam bot infections are higher in locations still reliant on Windows XP. In 16 of 20 countries researched for spambot infection, usage of Windows XP is significantly higher than the WW average. In some cases, usage is more than 30%.
  13. 13. © 2012 IBM Corporation IBM Security Systems 13© 2014 IBM Corporation When the Worst Happens…
  14. 14. © 2014 IBM Corporation IBM Security Systems Incident Response teams must be prepared.  Energy, Transportation are great examples  Must be ready to respond to incidents where your normal incident response toolkits are not available.  Prepare for the inevitable—and for worst-case scenarios Incidents may occur that are in far away areas… What are the extra precautions to prepare for in extremely remote incident response situations?
  15. 15. © 2014 IBM Corporation IBM Security Systems Bandwidth is king. Bandwidth limitations can mean eliminating larger system artifacts which leads to: • Increased time to provide findings • Less certainty in findings • Increased costs
  16. 16. © 2014 IBM Corporation IBM Security Systems RAM may be off limits. External drives may not be available for storing RAM dump files: • RAM files sizes may be very large, and transfers can be unacceptable slow or even file given bandwidth limitations and reliability issues. • External dump location like USB devices, may not be available.
  17. 17. © 2014 IBM Corporation IBM Security Systems Overnight mail may not exist. Shipping forensic data and impacted systems can be difficult: • May not be logistically feasible to ship a system or file from remote locations • Customs holds may delay processing systems to destination
  18. 18. © 2014 IBM Corporation IBM Security Systems Working hours may impact schedules. Time-zone differences can impact work schedules: • Central contacts, like system administrators, may not be available during the response teams’ work day in differing time zones. • Response times are increased. • Requests from response team are aggregated and can de- prioritize important requests.
  19. 19. © 2014 IBM Corporation IBM Security Systems Skill sets may be lacking. System administrators may not be trained in incident response. • Incident responders must be aware of this limitation and ensure instructions and questions are extremely specific • Having a knowledgeable SME in basic first-responder investigatory methodologies can make the different between resolution in weeks or days.
  20. 20. © 2012 IBM Corporation IBM Security Systems 20 © 2014 IBM Corporation20 Questions?
  21. 21. © 2014 IBM Corporation IBM Security Systems 21 Connect with IBM X-Force Research & Development and IBM Managed Security Services IBM X-Force Security Insights blog at www.SecurityIntelligence.com/topics/x-force Follow us at @ibmsecurity and @ibmxforce Find out more about IBM Managed Security Services http://www.ibm.com/services/us/en/it -services/security-services/ Download IBM X-Force Threat Intelligence Quarterly Reports http://www.ibm.com/security/xforce/
  22. 22. © 2014 IBM Corporation IBM Security Systems 22 www.ibm.com/security © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

×