Your SlideShare is downloading. ×
0
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cio ciso security_strategyv1.1

287

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
287
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IBM Security SystemsAgenda The Security Landscape Security Capabilities Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
  • 2. IBM Security SystemsSolving a security issue is a complex, four-dimensional puzzle Employees Hackers Outsourcers Outsourcers Suppliers People Consultants Terrorists Customers Customers Data Structured Structured Unstructured Unstructured At rest In motion In motion Systems Systems Web Mobile Applications Web 2.0 Web 2.0 Mobile apps applications Applications Applications Applications Infrastructur e Attempting to protect the perimeter is not enough – siloed point products JK 2012-04-26 and traditional defenses cannot adequately secure the enterprise © 2011 IBM Corporation
  • 3. IBM Security SystemsSecurity teams must shift from a conventional “defense-in-depth”mindset and begin thinking like an attacker… Audit, Patch & Block Detect, Analyze & Remediate Think like a defender, Think like an attacker, defense-in-depth mindset counter intelligence mindset  Protect all assets  Protect high value assets  Emphasize the perimeter  Emphasize the data  Patch systems  Harden targets and weakest links  Use signature-based detection  Use anomaly-based detection  Scan endpoints for malware  Baseline system behavior  Read the latest news  Consume threat feeds  Collect logs  Collect everything  Conduct manual interviews  Automate correlation and analytics  Shut down systems  Gather and preserve evidence Broad Targete d © 2011 IBM Corporation
  • 4. IBM Security Systems…By identifying and combining subtle indicators of targeted attacks  User behaves in risky manner1 Spear phishing  Receives enterprise e-mail from and 0-day attack personal social network  Anomalous device and network Backdoor or behavior2 malware is  DNS query to known malicious Command installed & Control (CnC) hosts  Abnormal traffic patterns  Anomalous user behavior3 Lateral movement  Device is contacting new hosts  Anomalous network pattern  Anomalous user behavior4 Data acquisition  Data access patterns abnormal and aggregation  Data rapidly aggregating  Movement of valuable data5  Users accessing too many Data exfiltration Command resources & Control (CnC)  Device contacting unknown hosts © 2011 IBM Corporation
  • 5. IBM Security SystemsIBM Security: Delivering intelligence, integration and expertiseacross a comprehensive framework IBM Security Systems  IBM Security Framework built on the foundation of COBIT and ISO standards  End-to-end coverage of the security domains  Managed and Professional Services to help clients secure the enterprise © 2011 IBM Corporation
  • 6. IBM Security SystemsIntelligence: A comprehensive portfolio of products and servicesacross all domains © 2011 IBM Corporation
  • 7. IBM Security SystemsIntegration: Increase security, collapse silos, and reduce complexity  Consolidate and correlate  Customize protection  Stay ahead of the changing siloed information from capabilities to block specific threat landscape vulnerabilities using scan hundreds of sources  Designed to help detect the results  Designed to help detect, notify latest vulnerabilities, exploits  Converge access and respond to threats missed and malware management with web service by other security solutions  Add security intelligence to gateways  Automate compliance tasks non-intelligent systems  Link identity information with and assess risks JK 2012-04-26 database security © 2011 IBM Corporation
  • 8. IBM Security SystemsIBM Identity and Access Management VisionKey Themes Standardized IAM Secure Cloud, Mobile, Insider Threat and Compliance Social Interaction and IAM Governance Management Enhance context-based access Continue to develop Privileged Identity Expand IAM vertically to provide control for cloud, mobile and Management (PIM) capabilities identity and access intelligence SaaS access, as well as and enhanced Identity and Role to the business; Integrate integration with proofing, management horizontally to enforce user validation and authentication access to data, app, and solutions infrastructure © 2011 IBM Corporation
  • 9. IBM Security SystemsData Security Vision Across Multiple Deployment Models Key Themes Reduced Total Cost Enhanced Compliance Dynamic of Ownership Management Data Protection Expanded support for databases and Enhanced Database Vulnerability Data masking capabilities for unstructured data, automation, Assessment (VA) and Database databases (row level, role level) handling and analysis of large Protection Subscription Service and for applications (pattern volumes of audit records, and (DPS) with improved update based, form based) to safeguard new preventive capabilities frequency, labels for specific sensitive and confidential data regulations, and product integrations © 2011 IBM Corporation
  • 10. IBM Security SystemsApplication Security Vision Key Themes Coverage for Mobile Simplified interface and Security Intelligence applications and accelerated ROI Integration new threats New capabilities to improve customer Automatically adjust threat levels Continue to identify and reduce risk time to value and consumability based on knowledge of by expanding scanning with out-of-the-box scanning, application vulnerabilities by capabilities to new platforms static analysis templates and integrating and analyzing scan such as mobile, as well as ease of use features results with SiteProtector and introducing next generation the QRadar Security Intelligence dynamic analysis scanning and Platform glass box testing © 2011 IBM Corporation
  • 11. IBM Security SystemsThreat Protection VisionSecurity NetworkIntelligence Risk Log Manager SIEM Activity FuturePlatform Manager MonitorThreatIntelligence Vulnerability Data Malicious Websites Malware Information IP Reputationand ResearchAdvancedThreat Content Web Network IntrusionProtection and Data Application Anomaly Future PreventionPlatform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Helps to prevent sophisticated threats Increased coverage of world-wide Tight integration between the and detect abnormal network threat intelligence harvested by Advanced Threat Protection behavior by using an extensible X-Force and the consumption of Platform and QRadar Security set of network security this data to make smarter and Intelligence platform to provide capabilities - in conjunction with more accurate security decisions unique and meaningful ways to real-time threat information and detect, investigate and Security Intelligence remediate threats © 2011 IBM Corporation
  • 12. IBM Security SystemsInfrastructure Protection – Endpoint and Server Vision Key Themes Security for Expansion of Security Intelligence Mobile Devices Security Content Integration Provide security for and manage Continued expansion of security Improved usage of analytics - traditional endpoints alongside configuration and vulnerability providing valuable insights to mobile devices such as Apple content to increase coverage for meet compliance and IT security iOS, Google Android, Symbian, applications, operating systems, objectives, as well as further and Microsoft Windows Phone - and industry best practices integration with SiteProtector using a single platform and the QRadar Security Intelligence Platform © 2011 IBM Corporation
  • 13. IBM Security SystemsExpertise: New services organization designed to help the CISO Managed and Professional Services to help clients assess their security maturity, identify areas of vulnerability, and design and deploy internal and/or managed security solutions The 10 Security Essentials for the CIO are customer on-ramps building a more optimized security posture Essential Practices © 2011 IBM Corporation
  • 14. IBM Security SystemsSolutions for the full Security Intelligence timeline Are we configured What are the external and What is happening right to protect against What was the impact? internal threats? now? these threats? Prediction & Prevention Reaction & Remediation Risk Management. Vulnerability Management. Network and Host Intrusion Prevention. Configuration and Patch Management. Network Anomaly Detection. Packet Forensics. X-Force Research and Threat Intelligence. Database Activity Monitoring. Data Leak Prevention. Compliance Management. Reporting and Scorecards. SIEM. Log Management. Incident Response. © 2011 IBM Corporation
  • 15. IBM Security SystemsSecurity Intelligence: Integrating across IT silos withSecurity Intelligence solutions Security Devices Servers & Hosts Event Correlation • Logs • IP Reputation Network & Virtual Activity • Flows • Geo Location Database Activity Offense Identification Activity Baselining & Anomaly • Credibility Detection • Severity Application Activity • Relevance • User Activity Configuration Info • Database Activity • Application Activity Vulnerability Info • Network Activity User Activity Suspected Incidents Extensive Data Deep Exceptionally Accurate and Sources + Intelligence = Actionable Insight JK 2012-04-26 © 2011 IBM Corporation
  • 16. IBM Security SystemsSecurity Intelligence: QRadar provides security visibility IBM X-Force® Threat Real-time Security Overview Information Center w/ IP Reputation Correlation Identity and Real-time Network Visualization User Context and Application Statistics Inbound Security Events © 2011 IBM Corporation
  • 17. IBM Security SystemsAgenda The Security Landscape Security Capabilities Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
  • 18. IBM Security SystemsAdvanced Persistent Threat (APT) is different1 Advanced – Exploiting unreported vulnerabilities – Advanced, custom malware is not detected by antivirus products – Coordinated, researched attacks using multiple vectors2 Persistent – Attacks lasting for months or years – Attackers are dedicated to the target – they will get in Threat3 – Targeted at specific individuals and groups within an organization, aimed at compromising confidential information – Not random attacks – they are “out to get you”4 Responding is different too – Watch, Wait, Plan … and call the FBI © 2011 IBM Corporation
  • 19. IBM Security SystemsAdvanced Threat: The challenging state of network security Increasingly sophisticated attacks SOPHISTICATED are using multiple attack vectors ATTACKS and increasing risk exposure Stealth Bots • Targeted AttacksWorms • Trojans • Designer Malware Streaming media sites are STREAMING consuming large amounts of MEDIA bandwidth Social media sites present SOCIAL productivity, privacy and security NETWORKING risks including new threat vectors POINT Point solutions are siloed with URL Filtering • IDS / IPS SOLUTIONS minimal integration or data sharing IM / P2P • Web App Protection Vulnerability Management © 2011 IBM Corporation
  • 20. IBM Security SystemsNetwork Defenses: Not up to today’s challengesCurrent Limitations Internet  Threats continue to evolve and standard methods Stealth Bots of detection are not enough Worms, Trojans Targeted Attacks  Streaming media sites and Web applications Designer Malware introduce new security challenges  Basic “Block Only” mode limits innovative use of Firewall/VPN – port streaming and new Web apps and protocol filtering  Poorly integrated solutions create “security sprawl”, lower overall levels of security, and raise cost and complexity Requirement: Multi-faceted Protection Email Gateway – message Web Gateway – securing  0-day threat protection tightly integrated with and attachment security only web traffic only, port 80 / 443 other technologies i.e. network anomaly detection Everything Else  Ability to reduce costs associated with non- business use of applications  Controls to restrict access to social media sites Multi-faceted by a user’s role and business need Network Protection  Eliminate point solutions to reduce overall cost – security for all traffic, applications and users and complexity © 2011 IBM Corporation
  • 21. IBM Security SystemsIBM Advanced Threat Protection 3Our strategy is to protect our customers with advanced threatprotection at the network layer - by strengthening and integratingnetwork security, analytics and threat Intelligence capabilities1. Advanced Threat Protection Platform 1Evolves Intrusion Prevention to become a Threat ProtectionPlatform – providing packet, content, file and session inspectionto stop threats from entering the network2. QRadar Security Intelligence PlatformBuilds tight integration between the Network Security products,X-Force intelligence feeds and QRadar Security Intelligence Users Infrastructureproducts with purpose-built analytics and reporting for threatdetection and remediation3. X-Force Threat IntelligenceIncreases aperture of threat intelligence information andfeedback loops for our products. Leverages the existingX-Force web and email filtering data, but also expands intoadditional IP Reputation data sets 2 © 2011 IBM Corporation
  • 22. IBM Security Systems Advanced Threats: IBM’s vision for ThreatSecurityIntelligence Network Activity Log Manager SIEM Risk ManagerPlatform MonitorThreatIntelligence Vulnerability Malicious Malware IPand Research Data Websites Information ReputationAdvancedThreat Content Web Network Intrusion ApplicationProtection and Data Application Anomaly Prevention ControlPlatform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration • Leverage extensible set of • World-wide threat intelligence • Tight integration between the network security capabilities harvested by X-Force® Advanced Threat Protection Platform and QRadar Security • Granular application control • Consumption of this data to make Intelligence platform to provide • Combine with real-time threat smarter and more accurate unique and meaningful ways to information and Security security decisions help detect, investigate and Intelligence remediate threats © 2011 IBM Corporation
  • 23. IBM Security SystemsUltimate Visibility: Understanding Who, What and When Immediately discover which applications and web sites are being accessed Identify misuse by application, website, and Flows Network Traffic and user B ye yee yee plo plo plo Em Em Em n o i t a c i l p p A d o o G Understand who and what e AC n o i t a c i l p p A d o o G are consuming bandwidth n o i t a c i l p p A d a B SIEM integration for anomaly detection and event correlation “We were able to detect Network flows can be Identity context ties Application context the Trojan “Poison Ivy” sent to QRadar for users and groups with fully classifies network within the first three hours enhanced analysis, their network activity - traffic, regardless of of deploying IBM Security correlation and going beyond IP port, protocol or anomaly detection address only policies evasion techniques Network Protection” – Australian Hospital Increase Security Reduce Costs Enable Innovation © 2011 IBM Corporation
  • 24. IBM Security SystemsAgenda The Security Landscape Security Capabilities Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
  • 25. IBM Security SystemsMobile OS Vulnerabilities and Exploits Continued interest in Mobile vulnerabilities as enterprise users bring smartphones and tablets into the work place Attackers finally warming to the opportunities these devices represent © 2011 IBM Corporation
  • 26. IBM Security SystemsEnterprises face mobile security challenges  Multiple device platforms and variants Adapting to BYOD and the  Managed devices (B2E) consumerization of IT  Data separation and protection  Threat protection  Identity of user and devices Enabling secure  Authentication, authorization and federation transactions to enterprise  User policies applications and data  Secure connectivity  Application life-cycle Developing secure  Vulnerability and penetration testing applications  Application management  Application policies  Policy management: location, geo, roles, Designing and instituting response, time policies an adaptive security  Security Intelligence posture  Reporting © 2011 IBM Corporation
  • 27. IBM Security SystemsA simplified view of mobile device lifecyclemanagement Mobile User Signs Up Mobile for On-line User Loses Access Mobile Device Application User Developers Accesses Develop Corporate Mobile Apps E-mail Mobile Client Gets Updates Build Secure Register the Securely Connect Monitor / Patch Lock / Wipe Mobile Apps Device the Device the Device the Device IBM Worklight Tivoli Endpoint IBM Mobile Tivoli Endpoint Tivoli Endpoint IBM Security Manager for Mobile Lotus Connect Manager for Mobile Manager for Mobile AppScan © 2011 IBM Corporation
  • 28. IBM Security SystemsMobility: Thinking through mobile security Over the Network At the Device For the Mobile App and Enterprise Manage device Secure Access Secure Application Set appropriate security policies • Properly identify mobile users and Utilize secure coding practices • Register • Compliance • Wipe • devices • Allow or deny access • Identify application vulnerabilities • Lock Connectivity Update applications Secure Data Monitor & Protect Integrate Securely Data separation • Leakage • Identify and stop mobile threats • Secure connectivity to enterprise Encryption Log network access, events, and applications and services anomalies Application Security Manage Applications Offline authentication • Secure Connectivity Manage applications and enterprise Application level controls Secure Connectivity from devices app store Internet Corporate Intranet Strategy  Safe usage of smartphones and tablets in the enterprise Security Manage Mobile  Secure transactions enabling customer confidence ment IBM and  Visibility and security of enterprise mobile platform © 2011 IBM Corporation
  • 29. IBM Security SystemsSecuring the Mobile Enterprise with IBM Solutions © 2011 IBM Corporation
  • 30. IBM Security SystemsAgenda The Security Landscape Security Capabilities Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation
  • 31. IBM Security SystemsCloud: Clients are concerned about changes that cloud adoptionbrings to their visibility and risk posture Private cloud Hybrid IT Public cloud In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning IT resources increases – affecting all aspects of security  Network & workload isolation  Compliance & certifications  Virtual infrastructure protection & integrity  Data jurisdiction & data security  Identity integration & privileged access  Visibility & transparency into security posture  Vulnerability management & compliance  Identity federation & access  Auditing & logging  Need for Service Level Agreements (SLAs) Clients want more visibility, confidence in their compliance posture, and integration with existing security infrastructure © 2011 IBM Corporation
  • 32. IBM Security SystemsCloud: Each pattern has its own set of key security concerns Infrastructure as a Platform-as-a-Service Innovate Software as a Service Service (IaaS): Cut IT (PaaS): Accelerate time business models (SaaS): Gain immediate expense and complexity to market with cloud by becoming a cloud access with business through cloud data centers platform services service provider solutions on cloud Cloud Enabled Cloud Platform Cloud Service Business Solutions Data Center Services Provider on Cloud Integrated service Pre-built, pre-integrated IT Advanced platform for Capabilities provided to management, automation, infrastructures tuned to creating, managing, and consumers for using a provisioning, self service application-specific needs monetizing cloud services provider’s applications Key security focus: Key security focus: Key security focus: Key security focus: Infrastructure & Identity Applications & Data Data & Compliance Compliance & Auditing  Manage identities  Secure shared databases  Isolate cloud tenants  Harden applications  Secure virtual machines  Encrypt private information  Policy and regulations  Securely federate identity  Patch default images  Build secure applications  Manage operations  Deploy access controls  Monitor all logs  Keep an audit trail  Build secure data  Encrypt communications  Network isolation  Integrate existing security centers  Manage app policies  Offer backup and resiliency Security Intelligence – threat intelligence, user activity monitoring, real time insights © 2011 IBM Corporation
  • 33. IBM Security SystemsCloud: Our focus is in two areas of cloud security 1 Security from the Cloud 2 Security for the Cloud Cloud-based Public cloud Security Services Off premise Use cloud to deliver security Secure usage of Public as-a-Service – focusing on Cloud applications – services such as vulnerability focusing on Audit, Access and scanning, web and email Secure Connectivity security, etc. Securing the Private Cloud Private cloud stack – focusing on building On premise security into the cloud infrastructure and its workloads © 2011 IBM Corporation
  • 34. IBM Security SystemsCloud: Leverage solutions in each area of cloud risk IBM QRadar Security Intelligence Total visibility into virtual and cloud environments IBM Identity and Access IBM AppScan Suite Management Suite Scan cloud deployed Identity integration, provision web services users to SaaS applications and applications for Desktop single sign on vulnerabilities supporting desktop virtualization Securing Cloud with IBM Security Systems People ● Data ● Apps ● Infrastructure Security Intelligence IBM InfoSphere IBM Endpoint Manager Guardium Suite Patch and configuration Protect and monitor management of VMs access to shared IBM databases Network IPS IBM Virtual Server Protect and monitor Protection for VMware access to shared Protect VMs from databases advanced threats 2011 IBM Corporation ©
  • 35. IBM Security SystemsSecurity Intelligence is enabling progress to optimized security Security Intelligence: Information and event management Advanced correlation and deep analytics SecurityIntelligence External threat research Optimize d Role based Advanced network analytics Secure app monitoring Data flow analytics engineering Identity governance processes Forensics / data Data governance mining Privileged user Fraud detection controls Secure systems Database Virtualization User provisioning vulnerability security monitoring Application firewall Proficien Access mgmt Asset mgmt t Access monitoring Source code Strong scanning Endpoint / network authentication Data loss security prevention management Encryption Application Perimeter security Basic Centralized directory Access control scanning Anti-virus People Data Applications Infrastructure © 2012 IBM Corporation
  • 36. IBM Security SystemsIntelligent solutions provide the DNA to secure a Smarter Planet Security Intelligenc e People Data Applications Infrastructure © 2012 IBM Corporation
  • 37. IBM Security SystemsThank You© 2012 IBM Corporation © 2011 IBM Corporation

×