Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Reducing IT Costs and Improving Security with Purpose Built Network Appliances


Published on

Track 2 c reducing it costs and improving security with purpose built network appliances - shannon de souza

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Reducing IT Costs and Improving Security with Purpose Built Network Appliances

  1. 1. IBM Security ServicesEssential Practice:Managing Incidentswith Intelligence Stewart Cawthray Chief Security Architect – GTS Security Services IBM Canada Ltd.October 2012 IBM Defense Summit – Ottawa © 2011 IBM Corporation
  2. 2. IBM Security ServicesIBM is well qualified to secure the enterprise One of the largest and most complex internal IT infrastructures in the world 2,000+ major 400,000+ employees 1M+ traditional sites Approx. 200,000+ endpoints 170+ contractors ~50% of employees countries are mobile Major Employee Sites Customer Fulfillment Manufacturing Employee Service Centers IBM Research Centers IBM Internal Data Centers2 © 2012 IBM Corporation
  3. 3. IBM Security Services IBM developed 10 essential practices required to achieve security intelligence Essential Practices 1. Build a risk aware 6. Control network culture and access and management assure resilience system Maturity based 7. Address new 2. Manage security approach S complexity of incidents with e in cur cloud and te ity intelligence llig en virtualization ce Automated O pt im 3. Defend the mobile 8. Manage third ize and social d party security Pr of workplace compliance ic ie n t Manual Ba 9. Secure data si 4. Secure services, c and protect by design Reactiv Proactiv privacy e e 5. Automate security 10. Manage the “hygiene” identity lifecycle3 © 2012 IBM Corporation
  4. 4. IBM Security Services What problems are incidents causing and how do they happen?4 4 © 2012 IBM Corporation
  5. 5. IBM Security ServicesAttacks are inevitable. Are you prepared? How well are they handled? Source: IBM X-Force ® Research and Development5 © 2012 IBM Corporation
  6. 6. IBM Security Services A major security incident can significantly affect an organization’s data, business continuity and reputation LinkedIn sued for $5 Sony Pegs PSN Attack million over data breach Costs at $170 Million An Illinois woman has filed a $5 The Sony attacks in 2011 will million lawsuit against cost it 14 billion yen ($170 LinkedIn Corp, saying the million dollars) in increased social network violated customer support costs, promises to consumers by not welcome-back packages, having better security in place legal fees, lower sales and when more than 6 million measures to strengthen customer passwords were security, part of a $3.1B total stolen loss in 2011. In the event of a security breach, organizations need expert guidance Source: Reuters, June 2012 Source: Forbes, May 2011 to protect the availability of critical business systems, and to find and solve the root causes of the problem quickly. Vectors for attack are most often well-known vulnerabilities that should be addressed given a unified incident identification and management process These issues and their resulting impact were preventable should organizations have brought on a knowledgeable security partner early on Business + Technology = Incident6 © 2012 IBM Corporation
  7. 7. IBM Security Services You can’t stop the attackers, but majority of incidents can be easily avoided through proactive measurements and intelligence TARGETED ATTACK DENIAL OF SERVICE INCIDENT INCIDENT INTELLIGENCE INCIDENT INCIDENT BREACH SYSTEM COMPROMISE APPLICATION CRASH DATA LEAGAGE SYSTEM OVERLOAD7 © 2012 IBM Corporation
  8. 8. IBM Security ServicesKnow thy self, know thy enemy. A thousand battles, a thousandvictories. Security Intelligence is the gathering of information to identify and understand Threats, Risks and Opportunities. The data needed for actionable, quality intelligence is all round you. It is a good bet what you don’t know is what your attackers will use against you.8 © 2012 IBM Corporation 8
  9. 9. IBM Security ServicesSecurity Intelligence Which of my systems is most vulnerable? What gets attacked the most? Are these targeted attacks, or automated attacks? Who is attacking me? Which department has the most security violations? Is my security awareness program effective?9 © 2012 IBM Corporation 9
  10. 10. IBM Security Services Intelligence examples 14:53:16 drop >eth0 product VPN-1 & Firewall-1 src s_port 2523 dst service ms-sql-m proto udp rule 49 Normal Slammer Virus 14:55:20 accept >eth1 product VPN-1 & Firewall-1 src s_port 4523 dst service http proto tcp xlatesrc rule 15 Code Red or Abnormal Nimba Virus10 © 2012 IBM Corporation 10
  11. 11. IBM Security ServicesOrganizations face four major challenges in operations aroundincident management Assumption Assumption Assumption #1: #2: #3: I am under Attackers No endpoint attack are device is right now. already in. secure. Organizations typically lack: Unified, cross-company policy and process for incident response Actionable insight and information upon which to act Incident management and forensic analysis tooling for remote system capture and analysis Resources or skills to actively respond to and investigate security incidents “Information is the new worldwide currency. Every piece of data is valuable to someone, somewhere, somehow” (IDC, Worldwide and U.S. Security Services Threat Intelligence 2011- 2014 Forecast)11 © 2012 IBM Corporation
  12. 12. IBM Security ServicesSources of Security Intelligence Log Files – Network (firewalls, routers, etc.) – System (event logs, access logs, syslogs) Network – Netflows (IP statistics from device interfaces) – Activity (bandwidth, utilization) – Togography People – Help Desk calls/tickets Services – Commercial feeds (X- Force, Secunia, etc.)12 © 2012 IBM Corporation 12
  13. 13. IBM Security Services IBM help organizations define a roadmap and implement solutions to address these challenges and reach an optimized state S In ec te ur lli ity ge automated nc e O pt im iz ed Pr of ic ie nt manual Ba s ic reactive proactive13 © 2012 IBM Corporation
  14. 14. IBM Security Services What should be done to address these challenges?14 1 © 2012 IBM Corporation 4
  15. 15. IBM Security ServicesBut I have logs Turning data into intelligence.15 © 2012 IBM Corporation 15
  16. 16. IBM Security ServicesWhich one of these steps should we take first? • Incident Response 4 Strategic Approach 1 Program Development Tactical Approach • Security Information & 3 2 Event Management • Forensic 2 Solution 3 Implementation • Emergency response 1 4 services with XFTAS16 © 2012 IBM Corporation
  17. 17. IBM Security ServicesIBM is a provider of end-to-end services both proactively andreactively, helping clients achieve proficiency and optimization Challenge Recommendation Lack of unified incident Incident Response Program response policy and BASIC Development process Lack of resources or Emergency response services skills to respond to X-Force Threat Analysis PROFICIENT incidents Service Investment in forensic Forensic Solution tools for automation Implementation and analysis OPTIMIZED Need for actionable Security Information & Event insight and intelligence Management (SIEM)17 © 2012 IBM Corporation
  18. 18. IBM Security Services Incident Response Program Development When an incident occurs, businesses need the right process, tools, and resources to respond and minimize impact Being prepared to minimize the impact of a security incident and to recover faster Protecting critical systems and data from downtime and/or information theft Analyzing the root cause of an incident and preventing its spread Restoring affected systems to normal operations Preventing similar incidents from causing future damage Meeting regulatory compliance requirements for incident response18 © 2012 IBM Corporation
  19. 19. IBM Security Services Incident Response Program Development – continued The Incident Response Plan is the foundation on which all incident response and recovery activities are based • It specifically defines the organization, roles and responsibilities of the Computer Security Incident Response Team (CSIRT) • It should have criteria to assist an organization determine what is considered an incident versus an event • It defines escalation procedures to management, executive, legal, law enforcement, and media depending on incident conditions and severity • The plan and process should be fully tested via dry runs and incident mock tests A well-developed plan provides a framework for effectively responding to any number of potential security incidents19 © 2012 IBM Corporation
  20. 20. IBM Security Services Emergency response services Without the need of in-house expertise, IBM emergency response subscription service can provide real-time, on-site support – Clients retain expert security consultants prior to an incident in order to better prepare, manage and respond; subscription includes: • Incident response • Incident management • Basic data acquisition • In-depth data analysis – Subscription includes activities designed to manage incident response from an end to end perspective • Prevention • Intelligence gathering • Containment • Eradication • Recovery • Compliance20 © 2012 IBM Corporation
  21. 21. IBM Security Services X-Force Threat Analysis Service (XFTAS) X-Force Threat Analysis Service provides customized security intelligence about a wide array of threats with global insight – Offers detailed analyses of global online threat conditions and includes: • Up-to-the minute, customized security information about threats and vulnerabilities • Expert analysis and correlation of global security threats • Actionable data and recommendations that help clients maintain their network security21 © 2012 IBM Corporation
  22. 22. IBM Security Services Forensic Solution Implementation Examples of tools that can be deployed to improve defense and automate the incident response and forensic analysis process DDoS Prevention Malware / APT Forensics Defense Analysis22 © 2012 IBM Corporation
  23. 23. IBM Security Services Security Information & Event Management (SIEM) Are we What are the What is configured What was the external and happening right to protect against impact? internal threats? now? these threats? Prediction & Reaction & Prevention Risk Management. Vulnerability Management. Remediation SIEM. Log Management. Incident Configuration Monitoring. Patch Response. Management. Network and Host Intrusion Prevention. X-Force Research and Threat Intelligence. Network Anomaly Detection. Packet Compliance Management. Reporting and Forensics. Scorecards. Database Activity Monitoring. Data Loss Prevention.23 © 2012 IBM Corporation
  24. 24. IBM Security ServicesWith great power comes great responsibility “ A fool with a tool is still a fool” Security Intelligence still requires experienced, knowledgeable professionals – Understand the log data formats – Understand the risks presented by the gathered intelligence – Present the intelligence to decision makers Managed Security Intelligence – In house managed solutions – Outsourced managed solutions24 © 2012 IBM Corporation 24
  25. 25. IBM Security Services © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change25 at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended © 2012 IBM Corporation to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
  26. 26. IBM Security ServicesTrademarks and notesIBM Corporation 2012 IBM, the IBM logo, the IBM Business Partner emblem,, Rational, AppScan, smarter planet and X-Force are registered trademarks, and other company, product or service names may be trademarks or service marks of International Business Machines Corporation in the United States, other countries, or both. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at Adobe, the Adobe logo, PostScript, the PostScript logo, Cell Broadband Engine, Intel, the Intel logo, Intel Inside, the Intel Inside logo, Intel Centrino, the Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, IT Infrastructure Library, ITIL, Java and all Java-based trademarks, Linux, Microsoft, Windows, Windows NT, the Windows logo, and UNIX are trademarks or service marks of others as described under “Special attributions” at: Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates.26 © 2012 IBM Corporation
  27. 27. IBM Security Services Why IBM? Research and Operations Security Operations Centers Security Research Centers Security Solution Development Centers Institute for Advanced Security Branches World Wide Managed IBM 10B analyzed Web Security Services Coverage Research pages & images 150M intrusion attempts 20,000+ devices under contract daily 3,300 GTS service delivery 40M spam & phishing experts attacks 3,700+ MSS clients 46K documented worldwide vulnerabilities 15B+ events managed per day27 Millions of unique malware © 2012 IBM Corporation 1,000+ security patents samples