Threats in the digital age cyber security - 2012


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Threats in the digital age cyber security - 2012

  1. 1. Threats in the digital age –Cyber SecurityMartin Borrett, Director of the IBM Institute for Advanced Security, Europe © 2012 IBM Corporation
  2. 2. IBM’s Definition of Cyber Security Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.2 © 2012 IBM Corporation
  3. 3. The planet is getting more instrumented, interconnected, and intelligent creating new Cyber Security challenges Smart Smart Smart Smart Water Smart Smart Supply Chains Countries Retail Management Weather Energy Grids INSTRUMENTED INTERCONNECTED INTELLIGENT Smart Oil Field Smart Smart Smart Traffic Smart Smart Technologies Regions Healthcare Systems Cities Food Systems3 © 2012 IBM Corporation
  4. 4. Threats becoming increasingly sophisticated Recent Cyber Security Attacks Implications Given the sophistication of the attacks, all 5 phases of APT are relevant from a defence Stuxnet perspective and offer opportunities Aurora to detect an attack; the earlier an APT is detected, the better Persistence of APT requires continuous monitoring of critical assets in order to detect deviations Advanced Persistent Threat (APT) Lifecycle from normal behaviour 1. Reconnaissance Fine-grained, multi-tier containment (“defence in depth”) is key; network 2. Initial Infection boundaries as well as critical 3. Lateral Expansion assets within the network have to 4. Subversion of Mission Critical Assets, be protected Exfiltration of Very Sensitive Data 5. Clean up4 © 2012 IBM Corporation
  5. 5. By managing security for customers across the world, IBM has aclear and current picture of threats and attacks 9 Security 9 Security 11 Security Solution 3 Branches of 133 Operations Centres + Research Centres + Development Centres + the Institute for Advanced Security (“IAS”) + Monitored Countries IAS IAS Americas Europe 20,000 devices under contract 4,000 MSS clients worldwide 13 billion events managed per day IAS Asia Pacific IBM has the unmatched global and local expertise to deliver complete solutions – and manage the cost and complexity of security5 © 2012 IBM Corporation
  6. 6. IBM X-Force Gathers evidence of threats that affect Internet security to help customers and the public understand the changing nature of the threat landscape and what might be done to mitigate it New Attack Activity – Rise in Shell Command Injection attacks – Rise in phishing based malware distribution and click fraud Progress in Internet Security – Fewer exploit releases and web application vulnerabilities – Better patching The Challenge of Mobile and the Cloud – Mobile exploit disclosures up – Cloud requires new thinking – Social Networking no longer fringe pastime6 Source: IBM Full Year X-Force 2011 Trend and Risk Report © 2012 IBM Corporation
  7. 7. Use the IBM Cyber Security Lifecycle to detect and respond at afaster pace than attackers Layers Risk Understand and baseline • Balance threat and the IT and security response landscape Service management • Process Technology • Security, network, systems Threat Tempo Response Tempo Maturity7 © 2012 IBM Corporation
  8. 8. IBM Success Stories88 © 2012 IBM Corporation
  9. 9. IBM Security: Delivering intelligence, integration and expertise across acomprehensive framework Only vendor in the market with end-to- end coverage of the security foundation 6K+ security engineers and consultants Award-winning X-Force® research Largest vulnerability database in the industry Intelligence ● Integration ● Expertise9 © 2012 IBM Corporation
  10. 10. IBM Institute for Advanced Security © 2012 IBM Corporation