Presentation gdl


Published on

Published in: Technology, News & Politics
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
  • Speaker’s notes: We take data from a lot of various disciplines including the Web filtering database second only to Google that provides analysis for more than 9 billion Web sites and images, we also see what kind of intrusion attempts the managed services team sees across its customer base currently tracking at 150 million per day, we have more than 40 million documented spam attacks, and 40,000 documented vulnerabilities from both internal research and external disclosures. This report is unique in the fact that the sources listed above provide varying perspectives on the threat landscape to together provide a cohesive look at the industry based on factual data from the various research functions within the broader X-force team and databases.
  • To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
  • To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
  • Architecture of PAM (with highly efficient software) gives Proventia the capacity (CPU utilization) to add new modules of protection without degrading core IPS security effectiveness Client Benefits Security convergence eliminates the costs of deploying and managing point products Increasing value of existing Proventia IPS deployments Example: Proventia Content Analyzer added in Q1 2008 for data security Example: Proventia Web application security add Q2 2009
  • All of these security solutions have a specific role to play. And depending on your business, you may rely on certain best-of-breed security products to protect the assets that matter most. That’s a strategic approach. But there is a downside to all of the security innovation of the past 10 years…. You’re now dealing with multiple security agents on the endpoint—so many, that its bogging down the machines themselves, and diverting your IT staff from more critical endeavors. Just consider the average amount of security agents on the endpoint at a mid-size company: There’s data loss prevention, Encryption, Removable media control Intrusion prevention system for the host Anti-virus with spyware prevention An asset and data loss prevention solution to check back with the central console periodically And Computer forensics That’s eight agents for security alone. Eight solutions under management. Eight solutions rolling out periodic product updates. Eight solutions using up memory and computing power. In this diagram, we see the total memory usage at 146,172 KB for a single endpoint.
  • To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
  • There’s always something of our VSOC platform the customer can use… it’s just a question of asking him what they currently have in place security wise and adding our options. Some might have a NOC in place… NOC <> SOC  NOC Merely handles fixed procedures, SOC looks at the possible impact and results of some events All customers’ answers can be address with some service… This is VSOC, the combination of all these concepts – it’s a whole platform. - Left side of the screen, all full blown services by managed products. Customer typically has nothing yet and needs it all. - Right side; the customer might have some products, people, procedures and need parts of the whole services. They’ll want to keep the existing services etc, but need something extra. You’re thus enabling the customer to do the work – whereas they can add something of VSOC Customer might have logs, but nothing to store/analyze them… then why bother keeping logs… We can offer them log management services where we can import logs from about anything. XFTAS is free when you buy anything else, this however might be the only thing they need. Governments love this as they already have something inhouse and can use the intelligence from ISS in addition to their internal service. - The middle part is the initial screen of the portal – don’t sell the customer a single part from the right or left, sell them what they need… The system is the same, same backend – can scale on to any other service.
  • This chart is just an example of the cost savings clients find they gain by choosing to partner with us for MSS vs. doing it in-house. Many clients calculate a savings of up to 55%.
  • To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
  • IBM ISS XFERS is intended to help customers prepare for, manage, and respond to computer security incidents, usually consisting of one or more occurrences (or suspected occurrences) of the following types of activity: Attack: Hostile action (or threats of hostile action) that has the intent to expose or publicize your confidential electronic data, or cause that data to become inaccessible. Computer Crime: Dishonest, fraudulent, malicious, or criminal use of your computer systems and networks to obtain financial benefit. Computer Malware: Introduction or spread of unauthorized malicious code (including “Trojan horses,” “worms,” and “logic bombs”), or the threat thereof, that propagates itself throughout your computer systems and networks. Extortion: Threat or connected series of threats to commit a computer crime, introduce or spread a computer virus, or adversely affect your reputation or public standing involving a demand for funds or property to be paid or delivered. Data Breach: Unlawful taking of your electronic data stored in a computer system, or the electronic data of a third party stored in a computer system for which you are legally responsible. Unauthorized Access: Access gained to your computer systems and networks by unauthorized persons, or by authorized persons in an unauthorized manner. Unauthorized Use: Use of the capacity (memory, bandwidth, etc.) of your computer systems and networks by unauthorized persons, or by authorized persons in an unauthorized manner.
  • To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
  • Presentation gdl

    1. 1. Reduzca costos y la complejidad de la seguridad en su negocio Juan Carlos Carrillo Security Sales Leader viernes 9 de julio de 2010
    2. 2. agenda 6 5 IBM ISS product solutions 4 IBM Security Framework 2 X-Force® 2008 Trend & Risk Report Highlights 1 3 IBM ISS service solutions IBM ISS security consulting solutions Q&A
    3. 3. X-Force® 2008 Trend & Risk Report
    4. 4. The mission of the IBM Internet Security Systems ™ X-Force ® research and development team is to: <ul><li>Research and evaluate threat and protection issues </li></ul><ul><li>Deliver security protection for today’s security problems </li></ul><ul><li>Develop new technology for tomorrow’s security challenges </li></ul><ul><li>Educate the media and user communities </li></ul><ul><li>The report data by the numbers… </li></ul><ul><ul><li>9.1B analyzed Web pages & images </li></ul></ul><ul><ul><li>150M intrusion attempts daily </li></ul></ul><ul><ul><li>40M spam & phishing attacks </li></ul></ul><ul><ul><li>40K documented vulnerabilities </li></ul></ul><ul><ul><li>Millions of unique malware samples </li></ul></ul><ul><li>Provides Specific Analysis of: </li></ul><ul><ul><li>Vulnerabilities & exploits </li></ul></ul><ul><ul><li>Malicious/Unwanted websites </li></ul></ul><ul><ul><li>Spam and phishing </li></ul></ul><ul><ul><li>Malware </li></ul></ul><ul><ul><li>Other emerging trends </li></ul></ul>The Annual X-Force 2008 Trend & Risk Report
    5. 5. Criminal Economics <ul><li>On a basic microeconomic level, an understanding of the opportunity for a computer criminal comes from considering the amount of revenue that can be generated from exploiting a vulnerability relative to the cost of doing so . </li></ul><ul><li>Obviously, vulnerabilities that present a high revenue opportunity at a low cost are likely to be popular with attackers . Both revenue (opportunity) and cost are made up of a complicated set of components, and some of these components can be influenced by the security industry . </li></ul>
    6. 6. Vulnerabilities <ul><li>2008 proved to be the busiest year in X-Force history chronicling vulnerabilities – a 13.5 percent increase compared to 2007 . </li></ul><ul><li>The overall severity of vulnerabilities increased, with high and critical severity vulnerabilities up 15.3 percent and medium severity vulnerabilities up 67.5 percent. </li></ul><ul><li>Similar to 2007, nearly 92 percent of 2008 vulnerabilities can be exploited remotely . </li></ul><ul><li>Of all the vulnerabilities disclosed in 2008, only 47 percent can be corrected through vendor patches . Vendors do not always go back to patch previous year’s vulnerabilities. 46 percent of vulnerabilities from 2006 and 44 percent from 2007 were still left with no available patch at the end of 2008. </li></ul><ul><li>The two largest categories of vulnerabilities in 2008 are Web application at 55 percent and vulnerabilities affecting PC software at roughly 20 percent. </li></ul>
    7. 7. Vulnerabilities
    8. 8. Web-Related Security Threats <ul><li>The number of new malicious Web sites in the fourth quarter of 2008 alone surpassed the number seen in the entirety of 2007 by 50 percent . Last year, China replaced the US as the most prolific host of malicious Web sites. </li></ul><ul><li>Spammers are turning to the Web. URL spam (a spam email with little more than a link to a Web page that delivers the spam message) took the lead as the main type of Spam this year, and Spammers more and more are using familiar domain names like news and blogging Web sites to host their content. </li></ul><ul><li>Web applications in general have become the Achilles heel of Corporate IT Security. Nearly 55% of all vulnerability disclosures in 2008 affect Web applications , and this number does not include custom-developed Web applications (only off-the-shelf packages). 74 percent of all Web application vulnerabilities disclosed in 2008 had no available patch to fix them by the end of 2008 . </li></ul><ul><li>Last year, SQL injection jumped 134 percent and replaced cross-site scripting as the predominant type of Web application vulnerability. </li></ul><ul><li>In addition to these vulnerabilities, many Web sites request the use of known vulnerable ActiveX controls, which leave Web site visitors who do not have updated browsers in a compromised position. </li></ul>
    9. 9. Vulnerabilities
    10. 10. Spam and Phishing <ul><li>Simple spam (text or URL-based) replaced complex (PDF, image, etc.) spam in 2008, with a focus on URL spam near the end of the year. Spammers increasingly use familiar URL domains, like blogging Websites and news Websites, to host spam messages. </li></ul><ul><li>More than 97 percent of Spam URLs are up for one week or less . </li></ul><ul><li>In terms of the servers sending spam, Russia surpassed the US in 2008, and was accountable for 12 percent of all spam sent last year. </li></ul><ul><li>The most popular subject lines of phishing and spam are not so popular anymore. The top ten subject lines of 2008 took up a much smaller percentage in comparison to 2007. Spammers and phishers alike are becoming more granular and targeted, working harder in essence, to reach more targets. In 2007, the most popular phishing subject lines represented about 40% of all phishing emails. In 2008, the most popular subject lines made up only 6.23% of all phishing subject lines. </li></ul><ul><li>Trend that developed in 2008 is the focus on user action. Rather than having a generic subject like “security alert,” phishers attempt to engage the user into doing something, like fixing an account that has been suspended or updating their account information. </li></ul><ul><li>The majority of phishing – nearly 90 percent – was targeted at financial institutions . Over 99% of all financial phishing targets are in North America or Europe, with the majority of targets in North America (58.4 percent). </li></ul>
    11. 11. Spam and Phishing
    12. 12. You can read the full report in the following link <ul><li> </li></ul>
    13. 13. IBM Security Framework
    14. 14. The IBM Security framework <ul><li>Is the only security vendor in the market with a end-to-end coverage of the security foundation </li></ul><ul><li>15,000 researchers, developers and SMEs on security initiatives </li></ul><ul><li>3,000 + security & risk management patents </li></ul><ul><li>200+ security customers reference and 50+ published cases </li></ul><ul><li>40+ years of proven sucess securing the Zseries enviorement </li></ul><ul><li>Already managing more than 2.5 billion security events per day for clients </li></ul><ul><li>$1.5 USD billion security spent in 2008 </li></ul>
    15. 15. IBM ISS Solutions 07/09/10 IBM has the unmatched local and global expertise to deliver complete solutions and manage the cost and complexity of security. In addition, X-force, IBM ISS’ security and development organization, is one of the best-known commercial groups in the world. It discovers 30-60% of all vulnerabilities and captures more than 2 billion events per day
    16. 16. IBM ISS product solutions
    17. 17. ISS case I <ul><li>A client needs to implement the following: </li></ul><ul><ul><li>Additional security controls on the network perimeter </li></ul></ul><ul><ul><li>IPS and AV inspection, and Encryption (to support PCI certification) for all traffic between the main office and branch office </li></ul></ul><ul><ul><li>IPS to augment the existing firewall and proxy / AV implementation on the main office Internet link </li></ul></ul><ul><li>Products that addresses the client’s need for a low cost solution </li></ul><ul><ul><li>Main Office primary link: Add Proventia Network IPS, and leave existing infrastructure in place </li></ul></ul><ul><ul><li>Main Office secondary link: Add Proventia Network MFS </li></ul></ul><ul><ul><li>Branch Office primary link: Add Proventia Network MFS </li></ul></ul>
    18. 18. ISS case II <ul><li>A client wants to implement an antispam solution. Their branch offices relay mail through the main office, and the client wants the ability to implement multiple filtering rules, and to minimize the amount of internal network traffic </li></ul><ul><li>Products that addresses the client’s need for a low cost solution </li></ul><ul><ul><li>Main Office primary link: Add Proventia MFS, and set it as the principal MX record in the DNS </li></ul></ul><ul><ul><li>Main Office secondary link: Leave as it is </li></ul></ul><ul><ul><li>Branch Office primary link: Leave as it is </li></ul></ul>
    19. 19. ISS case III <ul><li>A company wants a proposal bases on the following requirements </li></ul><ul><ul><li>Has 10 MB SDSL connection </li></ul></ul><ul><ul><li>Wants to separate IPS policies per segment, and is fundamentally interested in IPS capability </li></ul></ul><ul><li>What can we offer </li></ul><ul><ul><li>Add a switch behind the firewall to which the segments will be connected, and add a Proventia GX between the switch and the Proventia MX </li></ul></ul>
    20. 20. ISS case IV <ul><li>A company needs to implement IPS technology to protect a Windows server farm. The solution must be easy to implement and maintain </li></ul><ul><li>What can we offer </li></ul><ul><ul><li>Deploy a Proventia Network IPS model GX6116 between the two core switches </li></ul></ul>
    21. 21. ISS case V <ul><li>A company needs a host protection solution for their server systems. The man requirement is IPS functionality, and the addition of OS monitoring would be a plus. The Operating systems deployed are </li></ul><ul><ul><li>Solaris </li></ul></ul><ul><ul><li>Linux </li></ul></ul><ul><ul><li>AIX </li></ul></ul><ul><li>What can we offer </li></ul><ul><ul><li>Proventia Server and RealSecure Server Sensor </li></ul></ul><ul><li>IBM RealSecure® Server Sensor provides server protection for: </li></ul><ul><ul><li>Microsoft® Windows® </li></ul></ul><ul><ul><li>AIX™ </li></ul></ul><ul><ul><li>Solaris </li></ul></ul><ul><ul><li>HP-UX </li></ul></ul><ul><li>IBM Proventia® Server Intrusion Prevention System (IPS) for: </li></ul><ul><ul><li>Microsoft® Windows® </li></ul></ul><ul><ul><li>Linux® </li></ul></ul><ul><ul><li>VMware Guest Operating System (OS) </li></ul></ul>
    22. 22. Performance Flexibility: IPS beyond the perimeter “… It is important to mandate that all ingress (inbound) traffic run through a segment of inline network intrusion protection. Trace packet flows to ensure that each packet entering your network passes through at least one IPS sensor… ”
    23. 23. IPS Proventia GX Appliances <ul><li>Solution to stop automatically intrusion attacks either internal or external, also the Proventia GX has the best performance in bandwidth utilization and network availability of the market. </li></ul>Proventia Network Multifunction Security <ul><li>Solution all-in-one to help the enforce the security </li></ul><ul><li>IPS </li></ul><ul><li>Firewall </li></ul><ul><li>Traditional Antivirus </li></ul><ul><li>Heuristic Antivirus </li></ul><ul><li>Anti-Spam </li></ul><ul><li>Filtrado de URL </li></ul><ul><li>VPN estándar y SSL </li></ul>
    24. 24. PAM drives security convergence in a single solution & eliminates point products <ul><li>Virtual Patch ™ : Shielding a vulnerability from exploitation independent of a software patch </li></ul><ul><li>Threat Detection & Prevention: Advanced intrusion prevention for zero-day attacks </li></ul><ul><li>Proventia Content Analysis: Monitors and identifies unencrypted personally identifiable information (PII) and other confidential data </li></ul><ul><li>Proventia Web application security: Protection for web apps, Web 2.0, databases (same protection as web application firewall) </li></ul><ul><li>Network Policy Enforcement: Reclaim bandwidth & block Skype, peer-to-peer networks, tunneling </li></ul>
    25. 25. Managing the agent overload
    26. 26. Multiple threats result in multiple endpoint security agents. Typical deployment for midsize company Function Vendor Deployment Impact Memory Updates Scheduled Asset & Data Loss Prevention 1 Laptops Periodic Check N/A Manual Data Loss Prevention 2 Workstations Periodic Check 6mb None Computer Forensics 3 Workstations Agent remains dormant until off network 3mb Manual Host Based Intrusion Prevention 4 Servers & Workstations Periodic Check 75mb Automatic Laptop Encryption 5 Workstations Periodic Check 18mb None Removable Media Control 6 Workstations Periodic Check 2.5bm None Virus Protection 7 Servers & Workstations Periodic Check 42mb On Demand & Scheduled Web Surfing 8 Workstations Agent remains dormant until off network N/A Manual Total Memory Usage 146mb
    27. 27. Proventia Desktop/Phoenix Rising Comparison Feature Proventia Desktop ESC Firewall   IPS   Behavioral AV   Signature AV   Anti-spyware   Extensible framework -  NAC -  DLP -  USB port control -  Patch management -  Asset discovery -  Vulnerability assessment -  Power management -  Configuration management -  Flexible systems management -  Software deployment/removal -  Security policy compliance - 
    28. 28. Case Study in Proventia ESC Savings: Financial Customer Moved from low 80% success rate to 95% success rate with real-time reporting ~5 minutes 1 4 1 week for all infrastructure 800 90,000 After Proventia ESC Key Matrix Before Proventia ESC The Results # of Managed Endpoints 40,000 out of 90,000 50K unknown endpoints Uncovered 50K previously unknown endpoints # of Locations 100+ Expanded locations by 700 Time to Install 8+ months for all infrastructure Saved more than 7 months for new agent installation # of Required Administrators 20 Reduced required admins by 1/5th # of Dedicated Servers 25 Reduced dedicated servers by 24 Time to complete an enterprise wide full discovery, remediation and reporting cycle ~7 days Saved 6 days, 23 hours, and 55 minutes for enterprise wide discovery…
    29. 29. IBM ISS service solutions
    30. 30. Virtual Security Operations Center (VSOC)
    31. 31. X-Force Protection System How IBM ISS Managed Security Services Work
    32. 32. Source: IBM Internet Security Systems, 2008 Security Management Monthly Annual Assumes full security staff of 10 providing 24x7x35 coverage, managing 12 HA Firewalls and 6 IDS engines, attending 2 training classes/yr, 20% employee turnover, equipment costs allocated over 3 years, and maintenance costing15% of total equipment costs. In this example, leveraging a managed protection provider yields a 55% savings over in-house security In-house ISS Managed Security Cost Savings $82,592 $37,671 $44,921 $995,102 $452,051 $543,051 Cost Savings at a Glance
    33. 33. IBM ISS security consulting solutions
    34. 34. Why IBM ISS Professional Security Services? <ul><li>Exclusive security focus and expertise </li></ul><ul><ul><li>Senior-Level consultants </li></ul></ul><ul><ul><li>Deep industry experience </li></ul></ul><ul><li>Average of 8.5 years of security experience, 6 years IBM ISS tenure </li></ul><ul><ul><li>Certified security experts with leadership, consulting, investigative, law enforcement and research and development backgrounds </li></ul></ul><ul><ul><li>Big 4, FBI, X-Force R&D, Government Agencies, Former CISOs </li></ul></ul><ul><li>Qualified Incident Response Company </li></ul><ul><ul><li>As a Qualified Incident Response Company, IBM ISS can assist organizations with security incidents involving payment card data </li></ul></ul><ul><li>Leverages security intelligence of IBM X-Force </li></ul><ul><li>Complete, quality deliverables </li></ul><ul><ul><li>Analysis, prioritization and remediation recommendations </li></ul></ul><ul><ul><li>Actionable recommendations </li></ul></ul><ul><ul><li>Results presented in both technical and management terms </li></ul></ul><ul><li>Proven methodology </li></ul>
    35. 35. Penetration Testing <ul><li>Quantifies risk to customer information, financial transactions, online applications and other critical business data and processes </li></ul><ul><li>Increases real-world perspective into hacker techniques and motivations </li></ul><ul><li>Encourages executive support on direction of information security strategy and resources </li></ul><ul><li>Identifies steps needed to effectively reduce risk </li></ul><ul><li>Provides the customer with insight into how technical vulnerabilities can lead to serious risks to their business </li></ul><ul><li>Helps to meet regulatory compliance requirements </li></ul>
    36. 36. IBM Emergency Response Services <ul><li>Incident response </li></ul><ul><ul><li>Responding to and helping minimize the impact of information security incidents such as external/internal attackers, virus/worm outbreaks, web site defacements and PCI data breaches </li></ul></ul><ul><li>Preparedness planning </li></ul><ul><ul><li>Assisting with the development of an computer security incident response plan </li></ul></ul><ul><ul><li>Prepares organizations for security incidents in advance </li></ul></ul><ul><ul><li>Helps to meet regulatory guidelines and security best practices </li></ul></ul><ul><li>Incident Analysis </li></ul><ul><ul><li>Collects data from security incidents in a forensically-sound manner </li></ul></ul><ul><ul><li>Perform data analysis from all collected data </li></ul></ul><ul><li>ERS Can Assist With: </li></ul><ul><li>PCI Data Breaches </li></ul><ul><li>Web Page Defacement </li></ul><ul><li>Network Intrusion </li></ul><ul><li>Employee Misconduct </li></ul><ul><li>Regulatory Issues </li></ul><ul><li>Digital Forensics </li></ul>
    37. 37. Information Security Assessment <ul><li>Review of Network Security Architecture </li></ul><ul><ul><li>Assessment of current network security measures to get a clear picture of the current security state </li></ul></ul><ul><li>Review of Security Policies, Procedures and Practices </li></ul><ul><ul><li>Evaluation of current security processes in relation to ISO 17799 standards, industry best practices and business objectives </li></ul></ul><ul><li>Review of Technical Security Controls and Mechanisms </li></ul><ul><ul><li>Review of the effectiveness of existing security practices and mechanisms to recognize needed improvements </li></ul></ul><ul><li>External Vulnerability Testing </li></ul><ul><ul><li>External network scan to understand network security posture and determine vulnerabilities </li></ul></ul><ul><li>Internal Vulnerability Scan and Testing </li></ul><ul><ul><li>Internal network assessment to provide details on the vulnerability of critical assets </li></ul></ul><ul><li>Social Engineering Assessment </li></ul><ul><ul><li>Attempt to discover sensitive information by acting as a trusted employee or untrusted user </li></ul></ul>
    38. 38. Information Security Assessment II <ul><li>Physical Security Assessment </li></ul><ul><ul><li>Determination of how physical security can impact overall data and system security </li></ul></ul><ul><li>Modem Testing (“War Dialing”) </li></ul><ul><ul><li>Attempt to connect with modems by dialing a range of numbers </li></ul></ul><ul><li>Wireless Penetration Test </li></ul><ul><ul><li>Attempt to penetrate wireless devices to uncover vulnerabilities </li></ul></ul><ul><li>Wireless Assessment </li></ul><ul><ul><li>Test of wireless network environment to assess security </li></ul></ul><ul><li>Application Assessment </li></ul><ul><ul><li>Review of custom client/server applications to provide details on vulnerabilities </li></ul></ul><ul><li>Mainframe Assessment </li></ul><ul><ul><li>Identification of vulnerabilities within the mainframe environment </li></ul></ul>
    39. 39. Q&A