Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

3 Enablers of Successful Cyber Attacks and How to Thwart Them

1,053 views

Published on

View On Demand Webinar: http://event.on24.com/wcc/r/1034047/290050B65FF5D6C0727ABDA9E60203CB

The traditional approaches used to fight cybercrime simply aren’t effective anymore. During Advanced Persistent Threats (APTs) and targeted attacks, the attacker uses a myriad of tools and techniques to breach an organization’s network, steal sensitive information and compromise its operations.

Vulnerable endpoints, careless users and advanced evasive malware represent three enablers to successful attacks. Users and endpoints have become the front-line in the ongoing war against cyber-crime. A new approach is needed to win the war.

In this on demand webinar, we will examine the different ways cybercriminals target end users and why enterprises have failed to protect against advanced threats. We will introduce a new preemptive approach that redefines endpoint protection with multi-layered security controls and integrated management that represent a unified ecosystem for endpoint control.

Join us to learn:
- How to thwart the three enablers that allow hackers to compromise endpoints
- Why a unified endpoint protection and management strategy is needed
- How IBM BigFix and IBM Trusteer Apex provide integrated endpoint security

Published in: Technology
  • Be the first to comment

  • Be the first to like this

3 Enablers of Successful Cyber Attacks and How to Thwart Them

  1. 1. © 2015 IBM Corporation 3 Enablers of Successful Cyber Attacks and How to Thwart Them Christopher Beier BigFix Product Manager for Security IBM Security BigFix Security
  2. 2. 2© 2015 IBM Corporation Agenda !  Why bad things happen to good companies –  3 enablers to successful attacks !  Why existing security approaches can fall short !  Strategies that can help thwart the “enablers” of APT success
  3. 3. 3© 2015 IBM Corporation You can’t fix what you can’t see Incident response is the No. 1 factor to reduce the cost of a data breach Despite existing tools, breaches continue to rise Lack of visibility and control contributes to security breaches and financial loss *Source: 2015 Cost of a Data Breach Study: Global Analysis, Ponemon Institute, May 2015 “Major global bank compromised and millions of depositor records stolen due to missed server upgrade cycle” ? global average cost of a data breach* $3.8M üüü
  4. 4. 4© 2015 IBM Corporation The enablers of a malicious attack Successful Attack!! Data-theft Service Interrupt evasive Malware vulnerable System careless User or = 1 2 3 or •  Attacks constantly mutating to evade signatures •  Increasing number of zero-day exploits •  1-500 machines already infected Spear Phishing Persistence Backdoors Designer Malware Today’s World of Constantly Mutating Threats Exploit Triage Malware Tracking Zero-day Research IBM X-Force Research Catalog of 96k vulnerabilities 12+ new daily 76% of attacks attributed to lost or stolen credentials 2013 Verizon DBIR
  5. 5. 5© 2015 IBM Corporation Why existing approaches can fall short !  Siloed process create gaps !  Signature based solutions are designed for known threats –  Indicators of Compromise tell you that you have been compromised !  Mobile strategies increase the attack surface –  More endpoints manage –  New security challenges –  Policies for corporate owned and employee owned devices
  6. 6. 6© 2015 IBM Corporation Siloed IT Operations and Security Teams SECURITY •  Scan for compliance status •  Create security policies •  Identify vulnerabilities IT OPERATIONS •  Apply patches and fixes •  Implement security and operational policy •  Manual process takes weeks / months Disparate tools, manual processes, lack of integration and narrow visibility
  7. 7. 7© 2015 IBM Corporation Continuous security configuration compliance Accurate, real-time visibility and continuous security configuration enforcement Continuous compliance “set and forget” •  No high-risk periods •  Lower total cost •  Continued improvement •  Identify and report on any configuration drift •  Library of 9,000+ compliance checks (e.g., CIS, PCI, USGCB, DISA STIG) Traditional compliance “out of synch” •  High-risk and cost periods •  Manual approach causes endpoints to fall out of compliance again Traditional versus Continuous Time Compliance ContinuousTraditional RISK SCAP
  8. 8. 8© 2015 IBM Corporation Signature based solutions are designed for known threats Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015
  9. 9. 9© 2015 IBM Corporation Mobile strategies increase the attack surface 2014 Information Security Media Group
  10. 10. 10© 2015 IBM Corporation Strategies that can help catch the “enablers” of APT success !  A unified ecosystem in which security intelligence can be seamlessly shared and threat response automated –  Continuous monitoring for security best practices •  Discover •  Patch –  Shared intelligence –  Connected systems !  Multi-layered protections that help prevent, detect, and block attacks at the endpoint –  Detect and prevent infection from both known as well as zero-day and unknown malware –  Protect users from submitting their business credentials to harmful phishing sites and reusing of credentials on legitimate third party sites –  Disrupt the exploit chain to block exploitation of unpatched or unknown system vulnerabilities –  Stop malicious communications so that even if malware infects a device, it can’t communicate externally or exfiltrate data from your enterprise.
  11. 11. 11© 2015 IBM Corporation IBM BigFix: Bridge the Gap between Security and IT Ops ENDPOINT SECURITY Discovery and Patching Lifecycle Management Software Compliance and Usage Continuous Monitoring Threat Protection Incident Response ENDPOINT MANAGEMENT IBM BigFix® FIND IT. FIX IT. SECURE IT. …FAST Shared visibility and control between IT Operations and Security IT OPERATIONS SECURITY Reduce operational costs while improving your security posture
  12. 12. 12© 2015 IBM Corporation IBM BigFix Compliance (previously IBM Endpoint Manager for Security and Compliance) Using BigFix Compliance, clients get value from: "  Con$nuous  real-­‐$me  enforcement  of  security  policies,  regardless  of  network  connec$on   status  significantly  reduces  overall  security  risk   "  Supports  industry  and  regulatory  compliance  benchmarks  for  best  prac$ce  protec$on   "  Discovery  of  unmanaged  endpoints  and  Automa$c  patch  and  remedia$on  of  non-­‐ compliant  systems  reduces  risk  and  labor  costs   "  Deploy,  update,  and  health  check  3rd-­‐party  Endpoint  Protec$on  solu$ons   "  Policy  based  quaran$ne  of  non-­‐compliant  systems   Lifecycle Inventory Patch Compliance Protection BigFix Platform More than 9,000 heterogeneous platform compliance checks based on best practice regulatory benchmarks from CIS, PCI DSS, DISA STIG, USGCB
  13. 13. 13© 2015 IBM Corporation Advanced Evasive Malware - Advanced endpoint protection Stop exploits before application vendors provide updates Third-party AV Protection Protection IBMTrusteer Apex •  Anti-virus protection and Data Loss Prevention •  Deploy and enforce security configuration policies X üü üü IBM BigFix® •  Third-party anti-virus management •  Manage compliance, quarantine and remediate Continuous protection from advanced persistent threats •  Multi-layered protection designed to break the threat lifecycle in real-time
  14. 14. 14© 2015 IBM Corporation IBM BigFix Protection BigFix Protection delivers value in multiple ways: "  Real-­‐$me  endpoint  protec$on  against  viruses,  Trojan  horses,  spyware,  rootkits  and   other  malware  on  Windows  and  Mac  systems   "  Protec$on  through  cloud-­‐based  file  and  web  reputa$on,  behavior  monitoring  and   personal  firewall   "  Virtualiza$on  awareness  to  reduce  resource  conten$on  issues  on  virtual  infrastructures   "  Leveraging  industry-­‐leading  IBM®  and  Trend  Micro™  technologies  with  a  single-­‐console   and  common  management  infrastructure   "  Integrated  Data  Loss  Preven$on  and  Device  Control  available  as  a  add-­‐on     Lifecycle Inventory Patch Compliance Protection BigFix Platform
  15. 15. 15© 2015 IBM Corporation Advanced Endpoint Protection with IBM Trusteer Apex Preemptive, multi-layered protection against advanced malware and credentials theft IBM Trusteer Apex® Prevent Credential Misuse & Theft Prevents credentials theft via spear-phishing & the reuse of enterprise credentials on consumer sites Defend against the Unknown Positive behavior-based modeling to protect web browsers, Java, Adobe & MS Office etc. against zero-day exploits Light weight, multi- layered architecture SaaS deployment, using a single agent that supports both managed and unmanaged endpoints ADVANCED ENDPOINT PROTECTION Effective, Real-Time Advanced Threat Protection
  16. 16. 16© 2015 IBM Corporation IBM BigFix and IBM Trusteer Apex !  Before –  Hardening the systems, and ensuring continuous compliance of your security best practices –  Preventing user credential exposure !  During –  Mitigating malware infections and zero-day exploit attempts –  Quarantine any infected systems to contain the treat !  After –  Continuously protect the zero-day window until fix is available –  Quickly deploy new patches to exposed endpoints Create the most robust enterprise endpoint security solution available! IBM Trusteer Apex and IBM BigFix Apex– continuously protects in the window between threat and fix Maintenance Patch : BigFix ensures it is quickly deployed on all endpoints Apex identifies and mitigates malware infections in real-time stops zero-day exploits BigFix Incident Response quarantines infected machines BigFix enforces secure configurations Everyone goes back to work on higher value projects Unscheduled Patch: BigFix ensures it is quickly deployed on all endpoints
  17. 17. 17© 2015 IBM Corporation Questions??
  18. 18. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security

×