4 undeniable truths about advanced threat protection


Published on

Are you prepared for the next attack targeting your organization? Multi-faceted, persistent threats continue to increase and evolve, evading traditional stand-alone security technologies and forcing a critical need for an integrated, multi-dimensional approach. Today’s targeted attacks require the ability to disrupt the attack lifecycle in order to prevent further compromise. Join IBM Security expert, Kevin Skapinetz, as we discuss new strategies to address these sophisticated threats, and introduce IBM Threat Protection System, which incorporates the ability to continuously prevent, detect and respond to these types of attacks.

View the full on-demand webcast: http://securityintelligence.com/events/undeniable-truths-advanced-threat-protection/#.VMvUF_Mo6Mo

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

4 undeniable truths about advanced threat protection

  1. 1. © 2014 IBM Corporation IBM Security 1© 2014 IBM Corporation 4 Undeniable Truths about Advanced Threat Protection Kevin Skapinetz Director of Strategy and Product Marketing
  2. 2. © 2014 IBM Corporation IBM Security 2 We are in an era of continuous breaches Attackers are relentless, victims are targeted, and the damage toll is rising Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014 Operational Sophistication IBM X-Force declared Year of the Security Breach Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 500,000,000+ records were leaked, while the future shows no sign of change 2011 2012 2013 Note: Size of circle estimates relative impact of incident in terms of cost to business. 2011 2012 2013
  3. 3. © 2014 IBM Corporation IBM Security 3 And the cost of a data breach is on the rise, with customers at risk 2014 Cost of Data Breach Study From Ponemon Institute, sponsored by IBM
  4. 4. © 2014 IBM Corporation IBM Security 4 Security is a board room discussion, and security leaders are more accountable than ever before Your Board and CEO demand a strategy Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, inte grity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation CEO CFO/COO CIO CHRO CMO Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
  5. 5. © 2014 IBM Corporation IBM Security 5 Threats have evolved… …yet the majority of security teams are still using siloed, discrete defenses Are security teams up for the challenge? Broad Attacks Indiscriminate malware, spam and DoS activity Targeted Attacks Advanced, persistent, organized, and politically or financially motivated o Build multiple perimeters o Protect all systems o Use signature-based methods o Periodically scan for known threats o Read the latest news o Shut down systems o Assume constant compromise o Prioritize high-risk assets o Use behavioral-based methods o Continuously monitor activity o Consume real-time threat feeds o Gather, preserve, retrace evidence Requiring a new approach to protection… Tactical Approach Compliance-driven, Reactionary Strategic Approach Intelligence-driven, Continuous New threats require new thinking, but most are defending against yesterday’s attacks
  6. 6. © 2014 IBM Corporation IBM Security 6 Four truths about advanced threat protection Despite increasing challenges, organizations can protect themselves by adopting the right strategy 1 Prevention is mandatory Traditional methods of prevention have often failed, leaving many to believe detection is the only way forward. This is a dangerous proposition. 2 Security Intelligence is the underpinning Specialized knowledge in one domain is not enough. It takes enterprise-wide visibility and maximum use of data to stop today’s threats. 3 Integration enables protection The best defense is relentless improvement. Technologies must seamlessly integrate with processes and people across the entire lifecycle of attacks. 4 Openness must be embraced Security teams need the ability to share context and invoke actions between communities of interest and numerous new and existing security investments.
  7. 7. © 2014 IBM Corporation IBM Security 7 Introducing the IBM Threat Protection System A dynamic, integrated system to disrupt the lifecycle of advanced attacks and help prevent loss Made possible by the following: Accelerated Roadmap Significant investment across 10 development labs to fast-track advanced threat protection offerings Unique Integrations Strategic focus on connecting IBM products to streamline intelligence sharing and take action New Partnerships Coordinated outreach across the industry to bring together interoperable products for our customers
  8. 8. © 2014 IBM Corporation IBM Security 8 © 2014 IBM Corporation8 Exploit Disruption Prevent malware installs • Verify the state of applications • Block exploit attempts used to deliver malware Prevent mutated exploits • Verify the state of network protocols • Block unknown exploits with behavioral heuristics Malware Quarantine Prevent control channels • Stop direct outbound malware communications • Protect against process hijacking Prevent active beaconing • Stop malware and botnet control traffic with real-time reputation and SSL inspection User Protection Prevent malicious apps • Block access to malicious websites • Protect against web application misuse Prevent credential loss • Block keyloggers • Stop credential use on phishing sites • Limit reuse of passwords On the Endpoint Trusteer Apex Malware Protection On the Network IBM Security Network Protection XGS Focus on critical points in the attack chain with preemptive defenses on both the endpoint and network
  9. 9. © 2014 IBM Corporation IBM Security 9 © 2014 IBM Corporation9 Continuously monitor security-relevant activity from across the entire organization Pre-Attack Analytics Predict and prioritize security weaknesses before adversaries do • Use automated vulnerability scans and rich security context • Emphasize high- priority, unpatched, or defenseless assets requiring attention IBM Security QRadar Vulnerability Manager Real-time Attack Analytics Detect activity and anomalies outside normal behavior • Correlate and baseline massive sets of data • From logs, events, flows, user activity, assets, locations, v ulnerabilities, external threats, and more IBM Security QRadar SIEM IBM Security QRadar Security Intelligence Platform
  10. 10. © 2014 IBM Corporation IBM Security 10 © 2014 IBM Corporation10 Rapid Response Integrations Quickly expand security coverage to prevent further harm • Share indicators across control points • Dynamically apply customized rules IBM Security Framework Integrations Quickly investigate breaches, retrace activity, and learn from findings to remediate weaknesses Help prepare for and withstand security breaches more effectively • Gain access to key resources that can enable faster recovery and help reduce incident business impact Emergency Response Services IBM Emergency Response Services Post-Attack Incident Forensics Reduce the time to fully discover what happened and when it occurred • Index and reconstruct attack activity and content from full-packet network data • Apply search engine technology and advanced visualizations IBM Security QRadar Incident Forensics
  11. 11. © 2014 IBM Corporation IBM Security 11 Leverage threat intelligence with product integrations that draw upon human and machine-generated information Global Threat Intelligence X-Force Intelligence Network • Combines the renowned expertise of X-Force with Trusteer malware research • Catalog of 70K+ vulnerabilities, 22B+ web pages, and data from 100M+ endpoints • Intelligence databases dynamically updated on a minute-by-minute basis Web App Control URL/Web Filtering IP/Domain Reputation Exploit Triage Malware Analysis Zero-day Research Real-time sharing of Trusteer intelligence NEW
  12. 12. © 2014 IBM Corporation IBM Security 12 Share, analyze, and act upon information gathered from an ecosystem of third-party products Security Partner Ecosystem and Integrations IBM works with a broad set of technology vendors who provide complementary solutions and are integrated with our security products Strengthen the threat protection lifecycle • Leverage a vibrant ecosystem of security products • Increase visibility, collapse information silos, and provide insights on advanced attacks Ready for IBM Security Intelligence Partner Ecosystem 90+ vendors and 400+ products Trend Micro Deep Security IBM XGS Quarantine and Blocking FireEye Web Malware Protection System IBM XGS Quarantine and Blocking Damballa Failsafe IBM XGS Quarantine and Blocking Palo Alto Firewalls Trusteer Apex integration Planned Advanced Threat Protection Integrations: Additional Example QRadar Partners:
  13. 13. © 2014 IBM Corporation IBM Security 13 Examples of breaking the attack chain through integrated intelligence ATTACK CHAIN Gather Internal system attempts to access and export data from critical resources XGS prevents the remote exploit from reaching the vulnerable browser and alerts QRadar to the intrusion attempt Apex prevents malware from installing, shares an event to QRadar through the cloud, and enforces an XGS quarantine rule XGS prevents the attempt to scan internal systems, while QRadar detects abnormal traffic patterns on the network QRadar detects user logins and database activity revealing abnormal access to sensitive servers QRadar detects the slow data transfer, sends a quarantine rule to XGS, while Incident Forensics investigates attack activity Break-in Attacker sends a phishing email to an unsuspecting user, a link is clicked, an exploit is sent to the browser Latch-on Remote employee executes untrusted code from an attachment, which tries to download and install malware Expand Attacker finds a way in and tries to search for usernames and passwords to access critical systems Exfiltrate Malware made its way through an unprotected system and attempts to quietly siphon out data
  14. 14. © 2014 IBM Corporation IBM Security 14 IBM is uniquely positioned to offer integrated protection Open Integrations Smarter Prevention Security Intelligence Continuous Response Global Threat Intelligence 1 2 3 5 4 Ready for IBM Security Intelligence Ecosystem New functionality from partners including FireEye, TrendMicro, Damb alla and other protection vendors NEW IBM X-Force Threat Intelligence New virtual real-time sharing of Trusteer threat intelligence from 100M+ endpoints with X-Force NEW IBM Emergency Response Services IBM Security QRadar Incident Forensics Integrated forensics module with full packet search and visual reconstruction of threat actor relationships NEW Increased global coverage and expertise related to malware analysis and forensics NEW Trusteer Apex Endpoint Malware Protection IBM Security Network Protection XGS Java Lockdown Protection - granular control of untrusted code, cloud-based file inspection, and QRadar integration NEW Advanced Threat Quarantine integration from QRadar and third-party products, inclusion of Trusteer intelligence into XGS NEW IBM Security QRadar Security Intelligence Data Node appliance, new flow and event APIs, and vulnerability management improvements NEW Threat Monitoring and Intelligence Services Managed SIEM enhancements, new cyber threat intelligence NEW
  15. 15. © 2014 IBM Corporation IBM Security 15 IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Advanced threats Cloud Mobile Compliance and Fraud Mega trends Intelligence. Integration. Expertise.
  16. 16. © 2014 IBM Corporation IBM Security 16 For more information… And visit us on SecurityIntelligence.com Facebook https://facebook.com/secintelligence Website /protection-ibm.com/security/threat YouTube IBMSecuritySolutionsyoutube.com/user/ Twitter https://twitter.com/IBMSecurity
  17. 17. © 2014 IBM Corporation IBM Security 17 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.