Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Chris neely the future of cyber security events 3

27 views

Published on

Intervento Chris Neely a International Business Forum: le nuove frontiere dell'IT in Puglia" 7 - 8 novembre 2019 - Grand Hotel Masseria Santa Lucia di Ostuni. Chris Neely, Director, Systems Engineering, IBM

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Chris neely the future of cyber security events 3

  1. 1. The Future of Cyber Security Chris Neely Technical Sales Director ‐ Resilient IBM Security Europe
  2. 2. Default encryptionOptional encryption Least privilege accessFull privilege access Multi‐factor authenticationWeak passwords Technical focus Boardroom focus Compliance driven Intelligence driven 
  3. 3. Shared revenue models Market‐driven agile development Lower barriers to entry  Code and exploit reuse Criminal  Innovation is  Thriving
  4. 4. AI Attack tools  get smarter Cloud Attack surface  gets bigger IoT Attack targets  get physical Automation Attack campaigns  get faster Innovative Opportunistic Autonomous Threat Actors
  5. 5. Threat  Responders   Innovative  Opportunistic Autonomous AI Attack tools  get smarter Cloud Attack surface  gets bigger IoT Attack targets  get physical Automation Attack campaigns  get faster
  6. 6. So what do we NEED TO DO?
  7. 7. FORCE MULTIPLIERS Get Smarter Respond Faster Work Together
  8. 8. AUGMENTED  INTELLIGENCE
  9. 9. GET SMARTER WITH AI Scan source code Discover personal  data Identify fraud  Find risky users Predict  threats
  10. 10. SECURITY  ORCHESTRATION
  11. 11. Coordination is critical LDAP lookup f(x) CMDB Lookup f(x) CB IOC Hunt f(x) Match any  artifacts with  known bad… Verify alert  from source Evaluate risk  of threat to enterprise Evaluate risk  of disruptive  response Verify if threat  intelligence  is known Carbon  Black LDAP reset Search estate  for relevant  indicators Create and  circulate  status report Reset user  credentials Verify alert  from alerting  source Lookup system  details from  asset… Lookup system  details in  active directory Executives  involved Incident  escalation f(x) PEOPLE            PROCESS            TECHNOLOGYf(x)
  12. 12. Security Orchestration and Automation LDAP lookup f(x) CMDB Lookup f(x) CB IOC Hunt f(x) Match any  artifacts with  known bad… Verify alert  from source Escalation path Evaluate risk  of threat to enterprise Evaluate risk  of disruptive  response Verify if threat  intelligence  is known Carbon  Black LDAP reset Search estate  for relevant  indicators Create and  circulate  status report Reset user  credentials Verify alert  from alerting  source Lookup system  details from  asset… Lookup system  details in  active directory Executives  involved Incident  escalation f(x) PEOPLE            PROCESS            TECHNOLOGYf(x)
  13. 13. PRACTICE YOUR PLAYBOOKS
  14. 14. LESSONS  LEARNED Culture counts Playbooks crack  under pressure Leadership matters
  15. 15. OPEN COLLABORATION
  16. 16. Vendors Researchers AcademicsCustomers Governments STRONGER TOGETHER
  17. 17. WE ARE OPEN, JOIN US Pappastergion
  18. 18. FORCE MULTIPLIERS AI Security  Orchestration Open Collaboration
  19. 19. © 2016 IBM Corporation© 2018 IBM Corporation19 This suburban Melbourne, Australia ,city is home to more than 180,000 people. Its City Council provides and manages a wide range of municipal services, including waste collection, education, land and environment programs, leisure facilities, libraries and building management. The council employs more than 1,500 people. Solution components • IBM® Security Services Cyber  Security Assessment and  Response  Business benefits Identified vulnerabilities Penetration testing identified IT weaknesses in its environment Reduced risk Developed appropriate mitigation strategies, strengthening protection of its IT assets Met budget objectives The IBM team provided the right services at a competitive price City government Verifying network, Wi-Fi and application security controls Government Business challenge The City Council needed to verify the effectiveness of its perimeter network security controls, web application security controls and controls around Wi- Fi networks. It sought a reliable provider to provide penetration testing services. Transformation The City Council engaged IBM® Security Services to provide IBM Cybersecurity Assessment and Response services. The IBM team performed external network penetration testing, web application testing, wireless penetration testing and wireless security architecture assessment.
  20. 20. © 2016 IBM Corporation© 2018 IBM Corporation20 This democratic constitutional monarchy manages and maintains the economical, agricultural and social well-being of its country and citizens. It includes approximately 130 departments and agencies. Solution components • IBM® Security Services ‐ IBM  Identity and Access Management  Services Business benefits Established a centralized platform for authenticating users of enterprise applications Avoided the burden of dealing with multiple authentication mechanisms Improved and standardized security, privacy and data sharing across enterprise applications National government Centralizing identity and access management Government Business challenge When this national government initiated a agency-wide identity, credential and access-management initiative, it needed to define the initiative’s initial roadmap and the project’s initial phase, which included credential and requirements definition and high-level design. It also needed help with writing a request for proposal (RFP). Transformation An IBM® Security Services team helped with strategy and design during the first phase of the project. With IBM’s assistance, the government determined the scope, requirements and high-level design of the first phase and wrote an RFP. The IBM team also supports the second phase of the project, which entails identity management, providing assistance with credential transformation and identity management initiatives.
  21. 21. © 2016 IBM Corporation© 2018 IBM Corporation21 A small security team for this Canadian government agency works to protect agency operations and citizen-facing services from cybercriminals. Solution components • IBM® QRadar® SIEM • IBM QRadar Vulnerability  Manager • IBM Managed Security Services Business benefits Eliminated false alerts 100,000 issues and alerts were reduced to 10 – 20 offenses daily that are prioritized dynamically Fast implementation Seven days to deploy, realizing time-to-value with the solution and achieving ROI Enhanced security overall 10,000 vulnerabilities were scanned to help find security gaps and prioritize proactive responses Government agency Adopting a cognitive approach to threat detection “QRadar offered a great value proposition in comparison to the feature set it provided.” Director, Architecture and Security Government Business challenge With limited resources, a Canadian government agency needed an advanced security information and event management (SIEM) solution to help it quickly detect and respond to potential security threats. Transformation By moving from manual event correlation processes to an automated security intelligence and analytics solution from IBM, agency security staff can quickly identify the security events that require investigation and add context to help detect threats faster and uncover vulnerabilities that need to be addressed.
  22. 22. © 2016 IBM Corporation© 2018 IBM Corporation22 Business challenge This public sector organization was the unknowing victim of an attacker that was attempting to test stealthy exfiltration of confidential information from a highly sensitive asset not considered at risk. Transformation Using the IBM® QRadar® Sense Analytics engine for advanced threat detection, along with other QRadar security software products, IBM Business Partner CarbonHelix was able to quickly determine how the attacker had gained access to the internal network and the sensitive asset as well as the tools used to capture and move data. Operating in the public sector, this organization found out the hard way that the log-based security information and event management (SIEM) solution from its managed security services provider was incapable of detecting stealth attacks. Solution components • IBM® QRadar® QFlow Collector • IBM QRadar Sense Analytics • IBM QRadar Vulnerability  Manager • Delivered by IBM Business  Partner CarbonHelix Public sector organization Detecting and stopping a stealth attack “Without fast action by CarbonHelix and their use of QRadar, we would have joined the list of data breach victims.” IT Security manager Business benefits Detected the stealth attack that was not caught by log-based SIEM analysis alone Prevented loss of confidential data and further undiscovered activity by the attacker Reduced risk with new security controls and a process to identify and patch vulnerabilities Public Sector
  23. 23. © 2016 IBM Corporation© 2018 IBM Corporation23 This tax authority in Europe is responsible for tax collection for companies and private individuals. To ensure that public services have the funds they need to operate effectively, the authority carries out collection, compliance and enforcement activities to minimize the risk of tax avoidance and evasion. Solution components • IBM® i2® Analyst’s Notebook • IBM i2 Base Business benefits Saves several person-days per month , enabling more investigations over the course of a year Reveals unexpected patterns and networks that point to criminals and their accomplices Provides evidence of tax fraud required for prosecution A tax authority in Europe Putting fraudsters behind bars by uncovering hidden criminal networks Government Business challenge Effective tax collection is a key enabler of well-funded public services. This tax authority’s efforts to find evidence needed to prosecute tax fraudsters were dependent on using spreadsheets to collect and analyze complex transaction data—a time consuming and limited process. Transformation With IBM® i2® Analyst’s Notebook intelligence analysis software at the heart of its economic fraud detection strategy, the authority is succeeding in bringing more criminals to justice, faster. With lightning-speed big data analytics, the authority can crunch large data sets in minutes, slashing the time it needs to conduct in-depth investigations. The software provides multiple perspectives of data, helping to reveal networks and connections that can in turn provide evidence that can help build cases for prosecution.
  24. 24. © 2016 IBM Corporation© 2018 IBM Corporation24 Business challenge Information about human trafficking comes from diverse sources, from local news and the web to official reports. STOP THE TRAFFIK needed to turn this information into actionable intelligence. Transformation Human trafficking and modern slavery are global problems that take many forms, exploiting men, women and children in both industrialized and emerging countries. With the help of IBM® i2® intelligence analysis software, nonprofit STOP THE TRAFFIK is taking an intelligence-led approach to disrupting human trafficking networks at their source. STOP THE TRAFFIK is a pioneer in human trafficking prevention. Since 2006, this globally oriented non-profit organization has been helping to prevent trafficking through building resilient communities that can identify and respond to trafficking; sharing knowledge; and helping businesses make their supply chains slavery free. Its Centre for Intelligence-Led Prevention was developed to collect global stories, connect them and build a picture of human trafficking hotspots and trends. Solution components • IBM® i2® Analyst’s Notebook • IBM i2 iBase STOP THE TRAFFIK Using intelligence analysis technology to disrupt and prevent human trafficking “We can search for hotspots and trends using a variety of the functions built into the i2 Analyst’s Notebook software.” Lead Analyst Public Sector Business benefits Uncovers trafficking hotspots and routes using a wealth of multidimensional analyses Disrupts trafficking at the source via awareness campaigns that target local activity Boosts efficiency and simplifies sharing by replacing spreadsheets with visual analysis
  25. 25. © 2016 IBM Corporation© 2018 IBM Corporation25 With a population of more than 62,000 residents, this Czech Republic city has a rich history as a commercial, economic and cultural center due to its location along key trade routes. Today the city has become a commercial and tourist center. Solution components • IBM® Security Identity Manager • IBM Security Services  ‐Identity  and Access Management • Solution delivered by IBM  Business Partner GC System a.s. Business benefits Rapid onboarding Provided 100 percent improvement in the speed of new employee activation, from days to a few hours Reduced cost One full-time employee can now manage all user accounts Improved system security Removed orphan accounts and deactivates employee accounts upon termination of employment City government Freeing up IT resources to build and expand a network for a growing city “Centralization, automation, and a roles-based identity management system have simplified our IT access management significantly.” IT Security Manager Government Business challenge The city needed an identity management solution that would free up its limited IT staff to manage and expand its IT environment by automating many of its time-consuming day-to-day personnel administration processes while ensuring the security of its IT systems. Transformation The city implemented a rules-based identity management system that automates employee account access based on employee position, role and department. The system then uses an automated account reconciliation process to detect and correct (or remove) any accounts that are not in agreement with the pre-defined rules. Account access is automatically removed when an individual leaves the city’s employ.
  26. 26. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied.  Any statement of direction  represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives.  IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States,  other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information  being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product  should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and  may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU ibm.com/security/community

×