© 2012 IBM CorporationIBM Security Systems1 IBM Security Systems © 2012 IBM CorporationAmplifying Security IntelligenceWit...
© 2012 IBM CorporationIBM Security Systems2 IBM Security SystemsWelcome to a Not So Friendly Cyber World…Biggest Bank Heis...
© 2012 IBM CorporationIBM Security Systems3 IBM Security SystemsPlaying Defense…Traditional Approach to Security Predicate...
© 2012 IBM CorporationIBM Security Systems4 IBM Security SystemsBusiness Change is Coming…If Not Already HereEnterprises a...
© 2012 IBM CorporationIBM Security Systems5 IBM Security SystemsEvolving Attack Tactics…Focus on Breaching Defenses
© 2012 IBM CorporationIBM Security Systems6 IBM Security SystemsA Look at the Emerging Threat LandscapeTargeted, Persisten...
© 2012 IBM CorporationIBM Security Systems7 IBM Security SystemsIncorporating a More Proactive Mindset to Enterprise Secur...
© 2012 IBM CorporationIBM Security Systems8 IBM Security SystemsGreater Need for Security Intelligence…Visibility across o...
© 2012 IBM CorporationIBM Security Systems9 IBM Security SystemsDiversity & Sophistication of Attacks Placing Greater Dema...
© 2012 IBM CorporationIBM Security Systems10 IBM Security SystemsBig Data Brings New Considerations & Empowers Powerful An...
© 2011 IBM Corporation11 IBM ConfidentialIBM Security StrategyConfidential – for division executives onlyIBM Security Stra...
© 2012 IBM CorporationIBM Security Systems12 IBM Security SystemsSecurity Intelligence From Real-time Processing of Big Da...
© 2012 IBM CorporationIBM Security Systems13 IBM Security SystemsSecurity Intelligence with Investigative Analysis of Big ...
© 2012 IBM CorporationIBM Security Systems14 IBM Security SystemsEnrich Real-Time Analysis with Insights from Investigativ...
© 2012 IBM CorporationIBM Security Systems15 IBM Security SystemsSecurity Intelligence with Investigative Analysis of Big ...
© 2011 IBM Corporation16 IBM ConfidentialIBM Security StrategyConfidential – for division executives onlyIBM Security Stra...
© 2012 IBM CorporationIBM Security Systems17 IBM Security SystemsHighVolumeSecurityEventsandNetworkActivityIBM QRadar Big ...
© 2012 IBM CorporationIBM Security Systems18 IBM Security SystemsData ingestInsightsIBM Security QRadar• Hadoop-based• Ent...
© 2012 IBM CorporationIBM Security Systems19 IBM Security SystemsIntegrated analytics and exploration in a new architecture
© 2012 IBM CorporationIBM Security Systems20 IBM Security Systems20InfoSphere BigInsights - flexible, enterprise-class sol...
© 2012 IBM CorporationIBM Security Systems21 IBM Security SystemsFor IBM, Security and Business Intelligence offer insight...
© 2012 IBM CorporationIBM Security Systems22 IBM Security SystemsFind out more about Security Intelligence with Big DataVi...
© 2012 IBM CorporationIBM Security Systems23 IBM Security Systemsibm.com/security© Copyright IBM Corporation 2012. All rig...
Upcoming SlideShare
Loading in …5
×

Big Data - Amplifying Security Intelligence

1,304 views

Published on

w/ Vijay Dehab, VP of IBM Big Data Security Intelligence

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,304
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
109
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Big Data - Amplifying Security Intelligence

  1. 1. © 2012 IBM CorporationIBM Security Systems1 IBM Security Systems © 2012 IBM CorporationAmplifying Security IntelligenceWith Big Data and Advanced AnalyticsVijay DheapGlobal Product Manager, Master InventorBig Data Security Intelligence & Mobile Security
  2. 2. © 2012 IBM CorporationIBM Security Systems2 IBM Security SystemsWelcome to a Not So Friendly Cyber World…Biggest Bank Heist in History Nets $45MillionAll without setting foot in a Bank…Cyber Espionage via Social Networking SitesTarget: US DOD OfficialsHidden Malware Steals 3000 Confidential Documents– Japanese Ministry
  3. 3. © 2012 IBM CorporationIBM Security Systems3 IBM Security SystemsPlaying Defense…Traditional Approach to Security Predicated on a Defensive MindsTraditional Approach to Security Predicated on a Defensive MindsetetAssumes explicit organizational perimeterOptimized for combating external threatsPresumes standardization mitigates riskDependent on general awareness of attack methodologiesRequires monitoring and control of traffic flowsLayered Defenses Essential for Good Security Hygiene and Addressing TraditionalSecurity Threats…but attackers adapting tooOrigins of Security Intelligence
  4. 4. © 2012 IBM CorporationIBM Security Systems4 IBM Security SystemsBusiness Change is Coming…If Not Already HereEnterprises are Undergoing Dynamic TransformationsEnterprises are Undergoing Dynamic TransformationsThe Organization’s Cyber Perimeter is Being Blurred…It can no longer be assumed
  5. 5. © 2012 IBM CorporationIBM Security Systems5 IBM Security SystemsEvolving Attack Tactics…Focus on Breaching Defenses
  6. 6. © 2012 IBM CorporationIBM Security Systems6 IBM Security SystemsA Look at the Emerging Threat LandscapeTargeted, Persistent, ClandestineSituational, Subversive, UnsanctionedFocused, Well-Funded, ScalableTopical, Disruptive, PublicConcealed, Motivated, Opportunistic
  7. 7. © 2012 IBM CorporationIBM Security Systems7 IBM Security SystemsIncorporating a More Proactive Mindset to Enterprise SecurityDetect, Analyze & RemediateThink like an attacker,counter intelligence mindsetProtect high value assetsEmphasize the dataHarden targets and weakest linksUse anomaly-based detectionBaseline system behaviorConsume threat feedsCollect everythingAutomate correlation and analyticsGather and preserve evidenceAudit, Patch & BlockThink like a defender,defense-in-depth mindsetProtect all assetsEmphasize the perimeterPatch systemsUse signature-based detectionScan endpoints for malwareRead the latest newsCollect logsConduct manual interviewsShut down systemsBroad Targeted
  8. 8. © 2012 IBM CorporationIBM Security Systems8 IBM Security SystemsGreater Need for Security Intelligence…Visibility across organizational security systems to improve response times andincorporate adaptability/flexibility required for early detection of threats or risky behaviors
  9. 9. © 2012 IBM CorporationIBM Security Systems9 IBM Security SystemsDiversity & Sophistication of Attacks Placing Greater Demands…1. Analyze a variety ofnon-traditional andunstructured datasets2. Significantly increasethe volume of datastored for forensicsand historic analysis3. Visualize and querydata in new ways4. Integrate with mycurrent operations1. Analyze a variety ofnon-traditional andunstructured datasets2. Significantly increasethe volume of datastored for forensicsand historic analysis3. Visualize and querydata in new ways4. Integrate with mycurrent operationsAmplify Security Intelligence with New Insights from Big DataAmplify Security Intelligence with New Insights from Big DataBig DataAnalyticsLogsLogsEventsEvents AlertsAlertsTraditional SecurityOperations andTechnologyConfigurationConfigurationinformationinformationSystemSystemaudit trailsaudit trailsExternal threatExternal threatintelligence feedsintelligence feedsNetwork flowsNetwork flowsand anomaliesand anomaliesIdentityIdentitycontextcontextWeb pageWeb pagetexttextFull packet andFull packet andDNS capturesDNS capturesEE--mail andmail andsocial activitysocial activityBusinessBusinessprocess dataprocess dataCustomerCustomertransactionstransactions
  10. 10. © 2012 IBM CorporationIBM Security Systems10 IBM Security SystemsBig Data Brings New Considerations & Empowers Powerful AnalysisStorage and ProcessingCollection and integrationSize and speedEnrichment and correlationAnalytics and WorkflowVisualizationUnstructured analysisLearning and predictionCustomizationSharing and exportTransforming Data to Insights Requires Some Infrastructure ConsiTransforming Data to Insights Requires Some Infrastructure Considerationsderations
  11. 11. © 2011 IBM Corporation11 IBM ConfidentialIBM Security StrategyConfidential – for division executives onlyIBM Security StrategyUse Cases
  12. 12. © 2012 IBM CorporationIBM Security Systems12 IBM Security SystemsSecurity Intelligence From Real-time Processing of Big DataBehaviormonitoringand flowanalyticsActivity anddata accessmonitoringStealthymalwaredetectionIrrefutable BotnetCommunicationLayer 7 flow data shows botnetcommand and control instructionsIrrefutable BotnetCommunicationLayer 7 flow data shows botnetcommand and control instructionsImprovedBreach Detection360-degree visibility helpsdistinguish true breaches frombenign activity, in real-timeImprovedBreach Detection360-degree visibility helpsdistinguish true breaches frombenign activity, in real-timeNetwork TrafficDoesn‘t LieAttackers can stop logging anderase their tracks, but can’t cut offthe network (flow data)Network TrafficDoesn‘t LieAttackers can stop logging anderase their tracks, but can’t cut offthe network (flow data)
  13. 13. © 2012 IBM CorporationIBM Security Systems13 IBM Security SystemsSecurity Intelligence with Investigative Analysis of Big Data:Hunting for External Command & Control (C&C) Domains of an AttacHunting for External Command & Control (C&C) Domains of an AttackerkerAdvanced analytics identifysuspicious domainsWhy only a few hits across theentire organization to thesedomains?Correlating topublic DNS registry informationincreases suspicionsHistorical analysis of DNS activity within organizationAutomate correlation against external DNS registries
  14. 14. © 2012 IBM CorporationIBM Security Systems14 IBM Security SystemsEnrich Real-Time Analysis with Insights from Investigative AnalysisMonitor & Thwart Connections to Potential C&C Domains of an AttaMonitor & Thwart Connections to Potential C&C Domains of an AttackerckerCorrelate against networkactivity and visualizeView real-time data and look for active connections
  15. 15. © 2012 IBM CorporationIBM Security Systems15 IBM Security SystemsSecurity Intelligence with Investigative Analysis of Big Data:Pursue Active SpearPursue Active Spear--Phishing Campaigns Targeting the OrganizationPhishing Campaigns Targeting the OrganizationEmploy Big Data Analytics on email to identifypatterns to identify targets and redirectsBuild visualizations, such as heat maps, toview top targets of a spear-phishing attacksLoad Spear-Phishing targets and redirect URLs into real-time security intelligence analysis to thwart the attack
  16. 16. © 2011 IBM Corporation16 IBM ConfidentialIBM Security StrategyConfidential – for division executives onlyIBM Security StrategyIBM Security Intelligence Solution with Big Data
  17. 17. © 2012 IBM CorporationIBM Security Systems17 IBM Security SystemsHighVolumeSecurityEventsandNetworkActivityIBM QRadar Big Data Capabilities Customer ResultsNew SIEM appliances with massive scale Quickly find critical insights among 1000s of devicesand years of dataPayload indexing for rapid ad hoc query leveraging apurpose-built data storeSearch 7M+ events in <0.2 secGoogle-like Instant Search of large data sets(both logs and flows)Instant, free-text searching for easier and fasterforensicsIntelligent data policy management Granular management of log and flow dataAdvanced Threat Visualization and Impact Analysis Attack path visualization and device / interface mappingHigh PrioritySecurity OffensesQRadar uses Big Data capabilities to identify critical security events
  18. 18. © 2012 IBM CorporationIBM Security Systems18 IBM Security SystemsData ingestInsightsIBM Security QRadar• Hadoop-based• Enterprise-grade• Any data / volume• Data mining• Ad hoc analytics• Data collection andenrichment• Event correlation• Real-time analytics• Offense prioritizationBig Data PlatformCustom AnalyticsTraditional data sourcesIBM InfoSphere BigInsightsNon-traditionalSecurity Intelligence PlatformExtending the Big Data Support of QRadarAdvanced Threat Detection
  19. 19. © 2012 IBM CorporationIBM Security Systems19 IBM Security SystemsIntegrated analytics and exploration in a new architecture
  20. 20. © 2012 IBM CorporationIBM Security Systems20 IBM Security Systems20InfoSphere BigInsights - flexible, enterprise-class solution forprocessing large volumes of dataEnterpriseValueCoreHadoopBigInsights BasicEditionBigInsights Enterprise EditionFree download with web supportLimit to <= 10 TB of data(Optional: 24x7 paid supportFixed Term License)Professional Services OfferingsQuickStart, Bootcamp, Education, Custom DevelopmentEnterprise-grade featuresTiered terabyte-based pricingEasy installationand programming• Analytics tooling / visualization• Recoverability security• Administration tooling• Development tooling• Flexible storage• High availability
  21. 21. © 2012 IBM CorporationIBM Security Systems21 IBM Security SystemsFor IBM, Security and Business Intelligence offer insightful parallels
  22. 22. © 2012 IBM CorporationIBM Security Systems22 IBM Security SystemsFind out more about Security Intelligence with Big DataVisit the websiteWatch the videoRead the white paperDevelop a richer understanding of big data– Understanding Big Data eBook– Harness the Power of Big Data eBookDownload some collateral– Security Intelligence white paper– QRadar SIEM data sheet– InfoSphere BigInsights data sheet
  23. 23. © 2012 IBM CorporationIBM Security Systems23 IBM Security Systemsibm.com/security© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposesonly, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the useof, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating anywarranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreementgoverning the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available inall countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s solediscretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in anyway. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the UnitedStates, other countries or both. Other company, product, or service names may be trademarks or service marks of others.Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and responseto improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriatedor can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secureand no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed tobe part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

×