• Save
IBM Security intelligence v1 - ahmed el nahas
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

IBM Security intelligence v1 - ahmed el nahas

  • 522 views
Uploaded on

This presentation was a part of the GBM Security Event, held on 18-Apr-13 at Gloria Hotel, Dubai Media City, Dubai

This presentation was a part of the GBM Security Event, held on 18-Apr-13 at Gloria Hotel, Dubai Media City, Dubai

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
522
On Slideshare
515
From Embeds
7
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 7

https://twitter.com 7

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • In summary, Q1 Labs is uniquely qualified to provide you with solutions to address your growing compliance and security intelligence needs, before—during—and after threats take place. Now. Let’s talk about your specific issues that we can work on together.
  • In summary, Q1 Labs is uniquely qualified to provide you with solutions to address your growing compliance and security intelligence needs, before—during—and after threats take place. Now. Let’s talk about your specific issues that we can work on together.
  • In summary, Q1 Labs is uniquely qualified to provide you with solutions to address your growing compliance and security intelligence needs, before—during—and after threats take place. Now. Let’s talk about your specific issues that we can work on together.
  • In summary, Q1 Labs is uniquely qualified to provide you with solutions to address your growing compliance and security intelligence needs, before—during—and after threats take place. Now. Let’s talk about your specific issues that we can work on together.

Transcript

  • 1. © 2013 IBM CorporationIBM Security SystemsPage: 1 © 2012 IBM CorporationIBM Security SystemsSecurity IntelligenceSpeaker Name: AHMED EL NAHASRole: Technical Lead Security Intelligence - MEAEmail: AHMEDN@AE.IBM.COMDate: 19-4-2013
  • 2. © 2013 IBM CorporationIBM Security SystemsPage: 2Total Visibility: Product Portfolio, Services and Research
  • 3. © 2013 IBM CorporationIBM Security SystemsPage: 3AgendaSpeaker TopicAHMED ELNAHASInformation a Double Edged SwordWHY MEDIA? WHY NOW?Customer ChallengesIBM Security IntelligenceUse CasesQuestions
  • 4. © 2013 IBM CorporationIBM Security SystemsPage: 4INFORMATION IS POWERMedia Perspective Security Perspective
  • 5. © 2013 IBM CorporationIBM Security SystemsPage: 5WHY MEDIA? WHY NOW?News Room has been communicating information back to otherweb servers that were traced to other Countries since 2008Media News has been hit by Distributed Denial of Services Attacksto put their system into haltMedia News has been hit by attacks to deface their Web SitesInternal employee to work with Hack Groups to deface website ofa major NewsMedia News Blogs were hacked and false information were posted
  • 6. © 2013 IBM CorporationIBM Security SystemsPage: 6What is going on here?
  • 7. © 2013 IBM CorporationIBM Security SystemsPage: 7Initial Attack to InitialCompromise10% 12% 2% 0% 1% 0%Initial Compromise toData Exfiltration8%38%14%25%8% 8%0%Initial Compromise toDiscovery0% 0% 2%13%29%54%+2%Discovery toContainment /Restoration0% 1%9%32%38%17%4%Seconds Minutes Hours Days Weeks Months Years75%http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038
  • 8. © 2013 IBM CorporationIBM Security SystemsPage: 8ExampleSmall Network Generates 1000 EPS - Let put this is context• 1000 x 60 x 60 x 24 = 86,400000 EPD• Let assume an incident will occur 1/100000• We are talking about 864 Incidents per day
  • 9. © 2013 IBM CorporationIBM Security SystemsPage: 9CUSTOMERCHALLENGESCustomer ChallengesMAKING SENSEOF DATAOperationalEfficiencyINTEGRATIONComplexityEase of UseSCALABILITYAutomation
  • 10. © 2013 IBM CorporationIBM Security SystemsPage: 10Integrated Console• Single browser-based UI• Role-based access toinformation & functions• Customizable dashboards(work spaces) per user• Real-time & historicalvisibility and reporting• Advanced data mining and drill down• Easy to use rules engine with out-of-the-box securityintelligence
  • 11. © 2013 IBM CorporationIBM Security SystemsPage: 11Fully Integrated Security Intelligence• Integrated log, threat, risk & compliancemgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflowSIEMCollection of log events from network andsecurity infrastructure
  • 12. © 2013 IBM CorporationIBM Security SystemsPage: 12Total Security IntelligenceSuspectedIncidents
  • 13. © 2013 IBM CorporationIBM Security SystemsPage: 13Total Security Intelligence
  • 14. © 2013 IBM CorporationIBM Security SystemsPage: 14AnalyzeActMonitorAuto-discovery of logsources, applicationsand assetsAsset auto-groupingCentralized log mgmtAuto-tuningAuto-detect threatsThousands of pre-defined rulesand role based reportsEasy-to-use event filteringAdvanced security analyticsAsset-based prioritizationAuto-update of threatsAuto-response
  • 15. © 2013 IBM CorporationIBM Security SystemsPage: 15
  • 16. © 2013 IBM CorporationIBM Security SystemsPage: 16What wasthe attack?Who wasresponsible?How manytargetsinvolved?Was itsuccessful?Where do Ifind them?Are any of themvulnerable?How valuableare the targets tothe business?Where is allthe evidence?Clear, concise and comprehensive delivery of relevantinformation:
  • 17. © 2013 IBM CorporationIBM Security SystemsPage: 17Complex Threat DetectionSounds Nasty…But how do we know this?The evidence is a single clickaway.Buffer OverflowExploit attempt seen bySnortNetwork ScanDetected by QFlowTargeted Host VulnerableDetected by NessusTotal Security IntelligenceConvergence of Network, Event and Vulnerability data
  • 18. © 2013 IBM CorporationIBM Security SystemsPage: 18Potential Data Loss?Who? What? Where?Who?An internal userWhat?Oracle dataWhere?Gmail
  • 19. © 2013 IBM CorporationIBM Security SystemsPage: 19User Activity MonitoringAuthentication FailuresPerhaps a user who forgot his/herpassword?Brute Force PasswordAttackNumerous failed login attemptsagainst different user accountsHost CompromisedAll this followed by a successfullogin.Automatically detected, no customtuning required.
  • 20. © 2013 IBM CorporationIBM Security SystemsPage: 22Fully Integrated Security Intelligence• Integrated log, threat, risk & compliancemgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflowSIEMCollection of log events from network andsecurity infrastructure
  • 21. © 2013 IBM CorporationIBM Security SystemsPage: 23 © 2012 IBM CorporationIBM Security SystemsThank You
  • 22. © 2013 IBM CorporationIBM Security SystemsPage: 24ibm.com/security© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informationalpurposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damagesarising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have theeffect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of theapplicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or servicesdo not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced inthese materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended tobe a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services aretrademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product,or service names may be trademarks or service marks of others.Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detectionand response to improper access from within and outside your enterprise. Improper access can result in information being altered,destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or productshould be considered completely secure and no single product or security measure can be completely effective in preventing improperaccess. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involveadditional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOTWARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.