IBM Smarter Business 2012 - IBM Security: Threat landscape


Published on

IBM Security Systems presents the latest risks and trends from X-Force 2011 Full Year report, and how you can protect your infrastructure from these new evolving threats using Security Intelligence from Q1 Labs and IBM's recently announced Advanced Threat Protection Platform.

Talare: Mikael Andersson, Client Technical Professional, IBM

Besök för mer information.

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Over 51% of all web application vulnerabilities reported so far in 2012 are now categorized as cross-site scripting.
  • – in 2012 the trend continues
  • make it clear that this our strategy for Infrastructure..we also cover apps/People/ case they don't grock the Framework.."Today, we are talking about our vision for infrastructure/network..complementing our comprehensive..."ing our comprehensive...
  • Once you are aware – then you are ready to controlUsers can create network access control policies in addition to application control policies Suitable customer: where organizations are looking for application and policy Control network access controlVLAN, IP, application, portApplications and individual application actionsRich support300+ network protocols300+ web & non-web applications700+ individual website “actions”3M+ web sites15B+ URLs
  • IBM Smarter Business 2012 - IBM Security: Threat landscape

    1. 1. IBM Security: Threat Landscape
    2. 2. IBM Security: Threat LandscapeMichael AnderssonClient Technical ProfessionalIBM Security Systems
    3. 3. Please note:• IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.• Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.• The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.• Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the users job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
    4. 4. Agenda• X-Force overview• Highlights from the 1H 2012 IBM X-Force Trend and Risk Report – Vulnerabilities – Exploits – Attacks• IBM Security Advanced Threat Protection Platform
    5. 5. X-Force Research X-Force Research The mission of the 17B analyzed Web pages & images IBM X-Force® research and 40M spam & phishing attacks development team is to: 68K documented vulnerabilities Research and evaluate threat and protection issues 13B security events daily Deliver security protection for today’s security problems Develop new technology for tomorrow’s security challenges Educate the media and user communities Provides Specific Analysis of: • Vulnerabilities & exploits • Malicious/Unwanted websites • Spam and phishing • Malware • Other emerging trends
    6. 6. Vulnerability disclosures up in 2012• Total number of vulnerabilities grew (4,400 in 1H 2012) – the projection could reach all time high in 2012
    7. 7. Web Application Vulnerabilities Rise Again• At mid-year 2012, 47% of security vulnerabilities affected web applications • Up from 41% in 2011 • XSS reaches high of 51%
    8. 8. Vulnerabilities without patches• Unpatched vulnerabilities, highest numbers in years
    9. 9. Public Exploit Disclosures• Decrease in percentage of vulnerabilities• Slightly up in actual numbers compared to 2011
    10. 10. Some categories stays the same• Number of browser and multi-media exploits are about the same
    11. 11. Things are looking better for mobile platforms• Better at discovering vulnerabilities• Harder to exploit
    12. 12. MSS – Top 10 high volume signatures• Not much change since last year• SQL Injection is still the most common attack
    13. 13. SQL Injection Attacks against Web Servers• Very often automated processes of finding victims
    14. 14. XSS reaching new highs in 1H 2011• More than 6,000 variants of this vulnerability, with uses ranging from hijacking a browser session to a total system web-server-based takeover.
    15. 15. Web browser explotation
    16. 16. SQL Slammer continues to drop
    17. 17. 2011: “The year of the targeted attack”
    18. 18. Who is attacking our networks?
    19. 19. Techniques used by attackers are bypassing traditional defensesAdvanced • Using exploits for unreported vulnerabilities, aka a “zero day” • Advanced, custom malware that is not detected by antivirus productsPersistent • Attacks lasting for months or years • Attackers are dedicated to the target – they will get in • Resistant to remediation attemptsThreat • Targeted at specific individuals and groups within an organization • Not random attacks – they are actually “out to get you” These methods have eroded the effectiveness of traditional defenses including firewalls, intrusion prevention systems and antivirus - leaving holes in the network
    20. 20. Closer look at the attack vectors of today’s threats1. User Attacks (Client-side) • Drive-by Downloads: User browses to a malicious website and/or downloads an infected file using an unpatched browser or application • Targeted Emails: Email containing an exploit or malicious attachment is sent to an individual with the right level of access at the company 1 22. Infrastructure Attacks (Server-side) Users Infrastructure • SQL Injection: Attacker sends a specially crafted message to a web application, allowing them to view, modify, or delete DB table entries • General Exploitation: Attacker identifies and exploits a vulnerability in unpatched or poorly written software to gain privileges on the system
    21. 21. IBM Advanced Threat Protection 3Our strategy is to protect our customers with advanced threatprotection at the network layer - by strengthening and integratingnetwork security, analytics and threat Intelligence capabilities 11. Advanced Threat Protection PlatformEvolve our Intrusion Prevention System to become a Threat ProtectionPlatform – providing packet, content, file and session inspection to stopthreats from entering the corporate network Users Infrastructure2. QRadar Security Intelligence PlatformBuild tight integration between the Network Security products,X-Force intelligence feeds and QRadar Platform product with purpose-builtanalytics and reporting for threat detection and remediation3. X-Force Threat IntelligenceIncrease investment in threat intelligence feeds and feedback loops for ourproducts. Leverage the existing Cobion web and email filtering data, but 2expand into botnet, IP reputation and Managed Security Services data sets
    22. 22. IBM’s Infrastructure Threat Protection
    23. 23. Advanced Threat Protection Platform
    24. 24. IBM Security Network IPS: Addressing Today’s Evolving Threats with Hybrid Protection >300 Custom Signatures (SNORT)24
    25. 25. Why Vulnerability-based Research = PreemptiveSecurity Approach• Protecting against exploits is reactive – Too late for many – Variants undo previous updates• Protecting against vulnerabilities and malicious behaviors is preemptive – Stops threat at source – Requires advanced R&D• Why X-Force? – One of the best-known commercial security research groups in the world – IBM X-Force maintains one of the most comprehensive vulnerability database in the world—dating back to the 1990s. – X-Force constantly updates IBM’s Protocol Analysis Module, the engine inside IBM’s security solutions
    26. 26. Ahead of the Threat IBM’s Preemptive Approach vs. Reactive Approach to address Threats IBM Clients have typically been provided protection guidance prior to or within 24 hours of a vendor vulnerability disclosure being announced# of days IBM clients were provided protection guidance ―Ahead of the Threat‖ Source: IBM X-Force
    27. 27. 27 IBM IPS Zero Day (Vuln/Exploit) Web App Protection • IBM IPS Injection Logic Engine has stopped every large scale SQL injection or XSS attack day-zero. • Asprox – reported 12/11/2008 – stopped 6/7/2007 • Lizamoon – reported 3/29/2011 – stopped 6/7/2007 • SONY (published) – reported May/June/2011 – stopped 6/7/2007 • Apple Dev Network – reported July/2011 – stopped 6/7/2007 New Vulnerability or Exploit Reported Date Ahead of the Threat Since Nagios expand cross-site scripting 5/1/2011 6/7/2007 Easy Media Script go parameter XSS 5/26/2011 6/7/2007 N-13 News XSS 5/25/2011 6/7/2007 I GiveTest 2.1.0 SQL Injection 6/21/2011 6/7/2007 RG Board SDQL Injection Published: 6/28/2011 6/7/2007 BlogiT PHP Injection 6/28/2011 6/7/2007 IdevSpot SQL Injection (iSupport) 2011-05-23 6/7/2007 2Point Solutions SQL Injection 6/24/2011 6/7/2007 PHPFusion SQL Injection 1/17/2011 6/7/2007 ToursManager PhP Script Blind SQli 2011-07-xx 6/7/2007 Oracle Database SQL Injection 2011-07-xx 6/7/2007 LuxCal Web Calendar 7/7/2011 6/7/2007 Apple Web Developer Website SQL 2011-07-xx 6/7/2007 MySQLDriverCS Cross-Param SQLi 6/27/2011 6/7/2007
    28. 28. Complete Control: Overcoming a Simple Block-Only Approach • Network Control by users, groups, systems, protocols, applications & application actions • Block evolving, high-risk sites such as Phishing and Malware with constantly updated categories • Comprehensive up-to-date web site coverage with industry- leading 15 Billion+ URLs • Rich application support with 1000+ applications and individual actions“We had a case in Europe where workers wenton strike for 3 days after Facebook wascompletely blocked…so granularity is key.” – IBM Business Partner
    29. 29. Network Security Product Line upProduct Description The core of any Intrusion Prevention strategy, IBM Security Network IPS appliances helpIBM Security Network Intrusion to protect the network infrastructure from a wide range of attacks, up to 23 Gbps inspectedPrevention System throughput Focused on protecting individual assets on the network including servers and desktopsIBM Security Endpoint Defence from both internal and external threatsIBM Security Virtual Server Virtual Server Protection is integrated with the hypervisor and provides visibility into intra-Protection VM network traffic. Supports ESX 4.1 and 5.0 and 10Gb EthernetIBM Security SiteProtector Centralized management for IBM Security intrusion prevention solutions that provides aSystem single management point to control security policy, analysis, alerting and reporting
    30. 30. Security Intelligence Platform
    31. 31. Solving Customer Challenges Major • Discovered 500 hosts with “Here You Have” Electric Detecting threats virus, which other solutions missed Utility Fortune 5 • 2 Billion logs and events per day reduced to Energy Consolidating data silos 25 high priority offenses Company Branded • Trusted insider stealing and destroying key Apparel Detecting insider fraud data Maker $100B • Automating the policy monitoring and Predicting risks against evaluation process for configuration change Diversified your business in the infrastructure Corporation Industrial Addressing regulatory • Real-time extensive monitoring of network Distributor mandates activity, in addition to PCI mandates
    32. 32. Context & Correlation Drive Deepest Insight
    33. 33. Solutions for the Full Compliance and SecurityIntelligence Timeline
    34. 34. Fully Integrated Security Intelligence • Turnkey log management Log Management • SME to Enterprise • Upgradeable to enterprise SIEM One Console Security & compliance • Integrated log, threat, risk SIEM mgmt. • Sophisticated event analytics • Asset profiling and flow analytics • Offense management and workflow Risk • Predictive threat modeling & simulation Management • Scalable configuration monitoring and audit • Advanced threat visualization and impact analysis Network Activity & Anomaly • Network analytics Detection • Behavior and anomaly detection • Fully integrated with SIEM Network and • Layer 7 application monitoring Application • Content capture Visibility • Physical and virtual environments
    35. 35. IBM Security Framework Enterprise Governance, Risk and Compliance Management IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition) IBM Security Portfolio IT GRC Analytics & Reporting QRadar QRadar Log QRadar IBM Privacy, Audit and SIEM Manager Risk Manager Compliance Assessment Services Security Consulting IT Infrastructure – Operational Security Domains People Data Applications Infrastructure Network Endpoint Identity & Access Guardium AppScan Network Endpoint Managed Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix) Services Federated Optim DataPower Server and zSecure suite Identity Manager Data Masking Security Gateway Virtualization Security Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems) X-Force Data Security Application Managed Firewall, and IBM Identity Assessment, Assessment Service Assessment Service Unified Threat and Penetration Research Deployment and Encryption and AppScan OnDemand Intrusion Prevention Testing Services Hosting Services DLP Deployment Software as a Service Services
    36. 36. Summary• More vulnerability disclosures and exploits in 2012 compared to 2011• We see more attack activity, with high profile security incidents• Attacks are getting more sophisticated• Need for proactive research driven security• Security Intelligence makes it possible to manage more data, with log and network flow correlation, configuration monitoring and risk and compliance management
    37. 37. Acknowledgements, disclaimersand trademarks© Copyright IBM Corporation 2012. All rights reserved.The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the informationcontained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans andstrategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication orany other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers orlicensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release datesand/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be acommitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that anyactivities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject tochange or withdrawal without notice, and represent goals and objectives only.Information concerning non-IBM products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannotconfirm the accuracy of performance, compatibility, or any other claims related to non-IBM products and services. Questions on the capabilities of non-IBM products andservices should be addressed to the supplier of those products and services.All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may haveachieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions.Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenuegrowth or other results.Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact yourIBM representative or Business Partner for the most current pricing in your geography.IBM, the IBM logo,, Tivoli, the Tivoli logo, Tivoli Enterprise Console, Tivoli Storage Manager FastBack, and other IBM products and services are trademarks orregistered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked ontheir first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time thisinformation was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at"Copyright and trademark information" at
    38. 38. Thank You- Q&