Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Three Steps to Security Intelligence
How To Build a More Secure Enterprise

Brendan Hannigan
General Manager, IBM Security...
Evolving

Threat Landscape

Evolving

CISO Landscape
2
CISO Challenge: Competing priorities

14%increase

83% of enterprises
have difficulty filling

in Web application
vulnerab...
CISO Challenge: Inadequate tools

85 tools from
45 vendors

0 out of 46

vendors detected
malware
Source: IBM client examp...
CISO Challenge: Business pressures

75%+ of organizations
are using at least one
cloud platform

70% of CISOs are
concerne...
CISO Challenge: Evolving Threats
INTERNAL

EXTERNAL

PAYOFFS

59%
43%
$78M
of C-level execs
say that negligent
insiders ar...
Advantage:

Attacker

7
1

2

3

Focus

Intelligence

Innovation

8
USERS

Focus
TRANSACTIONS

ASSETS

9
Focus on users,
not devices

Implement identity
intelligence

Pay special attention
to trusted insiders

60,000 employees
...
Harden and
secure repositories

Discover critical business data

Monitor and prevent
unauthorized access

Thousands of dat...
Identify most
critical transactions

Monitor sessions,
access, and devices

Look for anomalies
and attacks

30 Million cus...
ANALYTICS

Intelligence
INTEGRATION

VISIBILITY

13
Don’t rely on
signature detection

Use baselines
and reputation

Identify
outliers

Mutated threats
by analyzing 250+ prot...
Get full coverage,
No more blind spots

Reduce and
prioritize alerts

Reduce
VISIBILITY

Source: IBM client example

Conti...
Eliminate silos and
point solutions

Build upon a
common platform

Share information
between controls

8 Million subscribe...
CLOUD

Innovation

MOBILE
17
Cloud is an opportunity
for enhanced security

Traditional Security

Cloud-enhanced Security

Manual
and static

Automated...
Mobility is the opportunity
to get security right

Endpoint
Management

Network
and Access
Control

Fraud
Protection

Appl...
IBM Security Framework

Intelligence

Integration
Expertise
Professional, Managed,
and Cloud Services
20
Advanced Threat Protection
Staying ahead of sophisticated attacks
Attack Chain
1

Break-in

2

Expand

4

Gather

5

IBM C...
CISO: Checkmate!

22
Analytics-powered security
Leaning forward.
Felix Mohan
Bharti Airtel Limited

© 2013 IBM Corporation
Align. Make intelligent.
Concerns

Voice to data shift
Competitive pressure
Disruptive technologies

Culture
Competency
Co...
Airtel intelligence structure.
Analytics
Security
devices

QFlow and VFlow Collector
Vulnerability Manager
Risk Manager

N...
Understand. Prioritize. Act.
Advanced threat
protection
Event
data
Context
Vulnerability
scan data

Configuration
data

Ri...
Thank You
#IBMINTERCONNECT
© 2013 IBM Corporation
• Visit the Security Intelligence

All

area in the Solution Center
• Meet experts from the IBM
Security Singapore Lab

10...
Disclaimer
Please Note:
IBM’s statements regarding its plans, directions, and intent are subject to change
or withdrawal w...
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, d...
Upcoming SlideShare
Loading in …5
×

3 Steps to Security Intelligence - How to Build a More Secure Enterprise

2,993 views

Published on

We are in the midst of upheaval in the world of IT Security. Attackers are highly organized and using increasingly sophisticated methods to gain entry to your most sensitive data. At the same time, Cloud and mobile are redefining the concept of the perimeter. Check out this insightful discussion of how today's CISO is building a more secure enterprise using analytics, risk-based protection, and activity monitoring to protect the most valuable assets of the organization.

For more visit: http://securityintelligence.com

Published in: Technology
  • Be the first to comment

3 Steps to Security Intelligence - How to Build a More Secure Enterprise

  1. 1. Three Steps to Security Intelligence How To Build a More Secure Enterprise Brendan Hannigan General Manager, IBM Security Systems © 2013 IBM Corporation
  2. 2. Evolving Threat Landscape Evolving CISO Landscape 2
  3. 3. CISO Challenge: Competing priorities 14%increase 83% of enterprises have difficulty filling in Web application vulnerabilities security roles from 2011 to 2012 Common Vulnerabilities and Exposures Increase in compliance mandates 3
  4. 4. CISO Challenge: Inadequate tools 85 tools from 45 vendors 0 out of 46 vendors detected malware Source: IBM client example 4
  5. 5. CISO Challenge: Business pressures 75%+ of organizations are using at least one cloud platform 70% of CISOs are concerned about Cloud and mobile security 5
  6. 6. CISO Challenge: Evolving Threats INTERNAL EXTERNAL PAYOFFS 59% 43% $78M of C-level execs say that negligent insiders are their biggest concern increase in critical web browser vulnerabilities stolen from bank accounts in Operation High Roller 6
  7. 7. Advantage: Attacker 7
  8. 8. 1 2 3 Focus Intelligence Innovation 8
  9. 9. USERS Focus TRANSACTIONS ASSETS 9
  10. 10. Focus on users, not devices Implement identity intelligence Pay special attention to trusted insiders 60,000 employees Provisioning took up to 2 weeks No monitoring of privileged users USERS Privilege Identity Management Monitoring and same-day de-provisioning for 100+ privileged users Source: IBM client example 10
  11. 11. Harden and secure repositories Discover critical business data Monitor and prevent unauthorized access Thousands of databases containing HR, ERP, credit card, and other PII in a world where 98% of breaches hit databases ASSETS Database Access and Monitoring Secured 2,000 $21M critical databases Source: IBM client example Saved in compliance costs 11
  12. 12. Identify most critical transactions Monitor sessions, access, and devices Look for anomalies and attacks 30 Million customers in an industry where $3.4B industry losses from online fraud 85% of breaches go undetected TRANSACTIONS Advanced Fraud Protection on over 1 million customer endpoints Zero instances of fraud reported Source: IBM client example 12
  13. 13. ANALYTICS Intelligence INTEGRATION VISIBILITY 13
  14. 14. Don’t rely on signature detection Use baselines and reputation Identify outliers Mutated threats by analyzing 250+ protocols and file types Identify entire classes of ANALYTICS Pattern matching Context, clustering, baselining, machine learning, and heuristics 14
  15. 15. Get full coverage, No more blind spots Reduce and prioritize alerts Reduce VISIBILITY Source: IBM client example Continuous monitoring 2 Billion logs and events per day to 25 high priority offenses 15
  16. 16. Eliminate silos and point solutions Build upon a common platform Share information between controls 8 Million subscribers with an integrated Platform Monitor threats across INTEGRATION Siloed Point Products Source: IBM client example Integrated Platforms 16
  17. 17. CLOUD Innovation MOBILE 17
  18. 18. Cloud is an opportunity for enhanced security Traditional Security Cloud-enhanced Security Manual and static Automated, customizable, and elastic 18
  19. 19. Mobility is the opportunity to get security right Endpoint Management Network and Access Control Fraud Protection Application and Data Security 19
  20. 20. IBM Security Framework Intelligence Integration Expertise Professional, Managed, and Cloud Services 20
  21. 21. Advanced Threat Protection Staying ahead of sophisticated attacks Attack Chain 1 Break-in 2 Expand 4 Gather 5 IBM Capabilities and Services Harden QRadar Vulnerability Manager Endpoint Manager AppScan Detect Network Protection InfoSphere Guardium Trusteer Apex Latch-on 3 Defense Strategy Exfiltrate Analyze QRadar Security Intelligence X-Force Threat Intelligence Remediate Emergency Response Services 21
  22. 22. CISO: Checkmate! 22
  23. 23. Analytics-powered security Leaning forward. Felix Mohan Bharti Airtel Limited © 2013 IBM Corporation
  24. 24. Align. Make intelligent. Concerns Voice to data shift Competitive pressure Disruptive technologies Culture Competency Communication Advanced attacks Regulatory compliance Third-party risk Aggravators Business-aligned Align. Make intelligent. Intelligence Automation Optimization Analytics-driven 24
  25. 25. Airtel intelligence structure. Analytics Security devices QFlow and VFlow Collector Vulnerability Manager Risk Manager Network devices X-Force external threat feed SIEM Technology Interaction Broader and deeper vulnerability insight Better protection from advanced attacks Quicker response QRadar Context Events Flows Information Integration Contextual assessments Better risk management Prioritized and actionable intelligence Trusteer*(2014) Openpages*, BigInsights*(2015-16) 25
  26. 26. Understand. Prioritize. Act. Advanced threat protection Event data Context Vulnerability scan data Configuration data Risk management Activity data Network topology Compliance Fraud protection Resource optimization Simulate “what ifs” for risk impact Remediate zero-days and new security threats Monitor asset profiles & behaviour continuously Visualize traffic patterns and connections Comply with regulatory mandates and policies Prioritize vulnerability remediation Protect transactions Carry out advanced incident analysis & forensics Optimize resources and efforts We are moving from dousing fires to ensuring they don’t happen in the first place! 26
  27. 27. Thank You #IBMINTERCONNECT © 2013 IBM Corporation
  28. 28. • Visit the Security Intelligence All area in the Solution Center • Meet experts from the IBM Security Singapore Lab 10+ demos 5 appliances Don’t miss… Day 1 • Solution Center Sessions: Enhancing IBM Security solutions with Trusteer fraud detection capabilities Day 2 • Technical Session: Dedicated Security track featuring Identity and Access Management, Security Intelligence, Mobile Security, and more Also, don’t miss customer speakers including YaData and Asian Paints 28
  29. 29. Disclaimer Please Note: IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. 29
  30. 30. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. © Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. 30

×