IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi

  1. 1. © 2013 IBM CorporationIBM Security StrategyTom Turner, Vice President of Marketing7. Mai 2013
  2. 2. © 2013 IBM CorporationBring yourown ITSocialbusinessCloud andvirtualization1 billion mobileworkers1 trillionconnectedobjectsInnovative technology changes everything
  3. 3. © 2013 IBM CorporationMotivations and sophistication are rapidly evolvingNationalSecurityNation-stateactorsStuxnetEspionage,ActivismCompetitors andHacktivistsAuroraMonetaryGainOrganizedcrimeZeusRevenge,CuriosityInsiders andScript-kiddiesCode Red
  4. 4. © 2013 IBM Corporation
  5. 5. © 2013 IBM CorporationSecurity challenges are a complex, four-dimensional puzzlethat requires a new approachApplicationsWebApplicationsSystemsApplicationsWeb 2.0 MobileApplicationsInfrastructureDatacenters PCs Laptops Mobile Cloud Non-traditionalData At rest In motionUnstructuredStructuredPeopleHackers SuppliersConsultants TerroristsEmployees OutsourcersCustomersEmployeesUnstructuredWeb 2.0SystemsApplicationsOutsourcersStructured In motionCustomersMobileApplications
  6. 6. © 2013 IBM CorporationThinking differently about securityThen NowCollect and Analyze EverythingPeopleDataApplicationsInfrastructureAdministrationBasic-controlBolt-onThickerwallsInsightLaser-focusedBuilt-inSmarterdefenses
  7. 7. © 2013 IBM Corporationc69d172078b439545dfff28f3d3aacc151e65e6c798b03452ef7ae3d03343d8f6bb6b9ce713a00d3773cfcecef515e02c5907f5e2b715bb66b7d4b87ba6e91e7bf30759c3b0e482813f0d1c324698ae86391908ec103847c69646dcbc667df4223c4dc14d14c5d54e1 IP Address File ChecksumIBM Security SystemsNow: Situational Awareness• Consume real-time intelligence about thelatest threats• Correlate alerts against external behaviorand reputation• Proactively block bad domains, IP addressand malwareThen: Reaction• Read about the latest threats fromblogs and news• Match against known signaturesand bad actorsMonitor EverythingAdvanced Research
  8. 8. © 2013 IBM CorporationADPStrengthens security with identity management initiativeBusiness need:Manual identity management processes made it time-consuming and costly totrack when and if access rights are revoked.Solution:With a view to becoming “identity aware”, ADP worked with IBM Business PartnerPontis Research and IBM to automate processes for user account provisioning,de-provisioning and access management in its Active Directory, remote accessand facility management systems.
  9. 9. © 2013 IBM CorporationADPStrengthens security with identity management initiativeBenefits:Vastly increases security by reducing time to revokeaccess from weeks to secondsReduces administration and help-desk costs whileenhancing visibility of user accessProvides zero-day and zero-based provisioning andfederated access to resourcesEnables identity awareness“IBM separated itselffrom the crowd. IBMSecurity IdentityManager was up andrunning within twodays even though wegave each vendor aweek to complete theProof of Concept.“Kyle F. Kennedy,Director of GlobalDirectory and IdentityServices, ADP
  10. 10. © 2013 IBM Corporation10CiscoScaling application vulnerability management across a large enterpriseBusiness need:With a small security team and an application portfolio of nearly 2,500 applications,security staff worried they were becoming a “bottleneck” in application securitytesting.Solution:Using IBM® Security AppScan® Enterprise, Cisco empowered its developers andQA personnel to test applications and address security issues before deployment.
  11. 11. © 2013 IBM Corporation11CiscoScaling application vulnerability management across a large enterpriseBenefits:Drove a 33 percent decrease in number of securityissues found; reduced post-deployment remediationcosts significantly; freed security experts to focus ondeep application vulnerability assessmentsScaling application vulnerability scanning across a largeenterprise"AppScan helped uscreate a self-servicemodel. We could takethe product and put itin the hands of thedevelopers and QAtesters so that theycould identify and fixsecurityvulnerabilities beforeproduction."Sujata Ramamoorthy,Director, InformationSecurity, Cisco
  12. 12. © 2013 IBM CorporationLogsEvents AlertsConfigurationinformationSystemaudit trailsExternalthreat feedsE-mail andsocial activityNetwork flowsand anomaliesIdentitycontextBusinessprocess dataMalwareinformationNow: Intelligence•Real-time monitoring•Context-aware anomaly detection•Automated correlation and analyticsThen: Collection•Log collection•Signature-based detectionSecurity Intelligence
  13. 13. © 2013 IBM CorporationBusiness challenge:Detect wide range of security threats affecting public-facing Web applicationsHelp identify subtle changes in user behavior thatcould indicate fraud or misuseSolution: (QRadar SIEM, QFlow, X-Force, Network IPS)Real-time correlation of hundreds of data sources, anomalydetection to help identify “low and slow” threats, flexibility for easycustomization and expansionSaved 50-80% onstaffing vs. alternativesolutionsReduces one billionincidents per day to20-30 investigationsOptimize risk managementEquifaxHardening defenses against threats and fraud
  14. 14. © 2013 IBM Corporation
  15. 15. © 2013 IBM CorporationIntelligenceIntegrationExpertiseIBM delivers solutions across a security framework
  16. 16. © 2013 IBM CorporationProducts ServicesIntelligence: A comprehensive portfolio of products and servicesNew in 2012
  17. 17. © 2013 IBM CorporationCustomize protection capabili-ties to block specific vulner-abilities using scan resultsConverge access managementwith web service gatewaysLink identity information withdatabase securityStay ahead of the changingthreat landscapeDesigned to help detect thelatest vulnerabilities, exploitsand malwareAdd security intelligence tonon-intelligent systemsConsolidate and correlate siloedinformation from hundreds ofsourcesDesigned to help detect, notifyand respond to threats missedby other security solutionsAutomate compliance tasks andassess risksIntegration: Increase security, collapse silos, and reduce complexityJK2012-04-26
  18. 18. © 2013 IBM CorporationExpertise: At IBM, the world is our Security lab6,000 researchers, developers and subject matter expertsworking security initiatives worldwide
  19. 19. © 2013 IBM CorporationIBM Security ResearchDr. Andreas WespiCTO Office, IBM SWG Europe7. Mai 2013
  20. 20. © 2013 IBM Corporation20IBM Security ResearchWatsonCryptography Virtualization, CloudBiometrics Information SecuritySecurity Analytics Ethical HackingSecurity Engineering Secure HardwareZurichCryptography Authentication SolutionsVirtualization, Cloud Key ManagementSecurity Analytics Storage SecurityPrivacy Business ProcessesHaifaInformation SecurityTokyoSecurity ServicesChinaInternet of Things
  21. 21. © 2013 IBM Corporation21Sophisticated attackers are bypassing traditionalsecurity defenses• Attack related to article aboutWen Jiabao, China’s prime minister• Attack was not detected for 4 months• 45 pieces of malware used, only onedetected by anti-virus system• All employee passwords stolen• Computers of 53 employees accessed• University computers used as proxies
  22. 22. © 2013 IBM CorporationBreak-inSpoofed email with malicious fileattachment sent to usersLatch-onAnomalous system behaviorand network communicationsExpandDevice contacting internal hosts instrange patternsGatherAbnormal user behavior and dataaccess patternsExfiltrateMovement of data in chunks orstreams to unknown hostsThe anatomy of an Advanced Persistent ThreatCommand& Control (CnC)Command& Control (CnC)12345
  23. 23. © 2013 IBM CorporationInitiatives Differentiating Capabilities1. Identify mission-critical enterprise assets and verysensitive dataAutomate the discovery of high value assets: EnterpriseInformation Security Management (EISM)2. Build fine-grained perimeters Security Technologies for Converged Infrastructure(Pure Systems) and Software Defined Environments3. Monitor access paths to high value assets to developsituational awareness and close the loopCybersecurity Analytics for Networks, Devices, Usageand Entitlements, Social Networks, Applications andBusiness Processes4. End-to-end Security Mobile Security and Data-centric Security for theContextual Enterprise5. Secure by Design Fully Homomorphic Encryption, Privacy, and SecurityEngineering23Evolution and Demonstration of Differentiating CapabilitiesEnterprise Data Center Network Cloud Operating Environment Smarter PlanetIBM Research’s Cybersecurity Agenda
  24. 24. © 2013 IBM Corporation241. Enterprise Information Security Management (EISM)Identifying very sensitive data in the enterpriseSPISPI PatentConfidentialCreate Taxonomybased on data business valueInterview subject matter expertsto prioritize data classes(Semi-) automatically classifydata across all storageinstancesObjectiveApply the same protection level irrespective of the data location
  25. 25. © 2013 IBM Corporation253. Cybersecurity Analytics PlatformDash-boarding,Visualizing and ReportingStored Data &Threat ProfilesStreaming ThreatsReal-timeSecurity Software+10-40-100Gb/S 100% packet InspectionReal-timeAnalyticsMassive (pbyte)Scale Analytics Engine
  26. 26. © 2013 IBM Corporation26Security Analytics is becoming a Big Data problem
  27. 27. © 2013 IBM Corporation27Monitor system behavior across multiple layersReal-Time OperationBehavior ClassificationReputation PropagationRisk ScoringData AggregationHistorical Analysis / Model BuildingPredictive ModelsBenign & MaliciousBehavior ModelsForensic AnalysisSocialUserNetDevAssetsFraudData in motionDataData at rest
  28. 28. © 2013 IBM Corporation285. Secure by DesignFully homomorphic encryption• Fully homomorphic encryption is a privacyenabling technology• Allows encrypted user data to be processedwithout the server knowing or reading the content• Results returned to authorized user for decryption• Privacy-enhanced cloud services, privacypreserving aggregation for smarter planetCraig Gentrya 35-year-old IBM researcher,solved this 30-year cryptographic problem2010 ACM Distinguished Dissertation Award2010 Best Paper Award – IACR Crypto2010 Privacy Enhancing Technology Award2009 Privacy Innovation Award from theIntl. Association of Privacy Professionals
  29. 29. © 2013 IBM CorporationCustomer projectsCreating an impact for ourclientsAdvanced Security SolutionsFirst-Of-A-Kind ProjectsCollaborative ResearchCollaborating to change theway the world worksEU FP7 ProjectsStandardizationAcademic ResearchDiscovering the answers toour greatest challengesSecurity Foundations(Cryptography, DistributedSystems, )IBM Security ResearchFrom theory to practice or vice versa29IBM ResearchImpact for IBM’s products and services