The document discusses enablers of successful cyber attacks, highlighting that existing security approaches often fall short due to siloed processes and lack of visibility. It emphasizes the importance of a unified ecosystem for security intelligence and continuous compliance in mitigating risks. The solution proposed includes IBM BigFix for endpoint protection and incident response to bolster security posture against evolving threats.

1. © 2015 IBM Corporation
3 Enablers of Successful Cyber Attacks and
How to Thwart Them
Christopher Beier
BigFix Product Manager for Security
IBM Security
BigFix Security

2. 2© 2015 IBM Corporation
Agenda
! Why bad things happen to good companies
– 3 enablers to successful attacks
! Why existing security approaches can fall short
! Strategies that can help thwart the “enablers” of APT success

3. 3© 2015 IBM Corporation
You can’t fix what you can’t see
Incident response is the No. 1 factor to reduce the cost of a data breach
Despite existing tools, breaches continue to rise
Lack of visibility and control contributes to security breaches and financial loss
*Source: 2015 Cost of a Data Breach Study: Global Analysis, Ponemon Institute, May 2015
“Major global bank compromised and
millions of depositor records stolen
due to missed server upgrade cycle”
?
global average cost
of a data breach*
$3.8M
üüü

4. 4© 2015 IBM Corporation
The enablers of a malicious attack
Successful
Attack!!
Data-theft
Service Interrupt
evasive
Malware
vulnerable
System
careless
User
or =
1 2 3
or
• Attacks constantly mutating to evade
signatures
• Increasing number
of zero-day exploits
• 1-500 machines already
infected
Spear Phishing
Persistence
Backdoors
Designer Malware
Today’s World of Constantly Mutating
Threats
Exploit
Triage
Malware
Tracking
Zero-day
Research
IBM X-Force
Research
Catalog of 96k vulnerabilities
12+ new daily
76% of attacks attributed to lost
or stolen credentials
2013 Verizon DBIR

5. 5© 2015 IBM Corporation
Why existing approaches can fall short
! Siloed process create gaps
! Signature based solutions are designed for known threats
– Indicators of Compromise tell you that you have been compromised
! Mobile strategies increase the attack surface
– More endpoints manage
– New security challenges
– Policies for corporate owned and employee owned devices

6. 6© 2015 IBM Corporation
Siloed IT Operations and Security Teams
SECURITY
• Scan for compliance status
• Create security policies
• Identify vulnerabilities
IT OPERATIONS
• Apply patches and fixes
• Implement security and operational policy
• Manual process takes weeks / months
Disparate tools, manual processes, lack of integration and narrow visibility

7. 7© 2015 IBM Corporation
Continuous security configuration compliance
Accurate, real-time visibility and continuous security configuration enforcement
Continuous compliance “set and forget”
• No high-risk periods
• Lower total cost
• Continued improvement
• Identify and report on any configuration drift
• Library of 9,000+ compliance checks
(e.g., CIS, PCI, USGCB, DISA STIG)
Traditional compliance “out of synch”
• High-risk and cost periods
• Manual approach causes endpoints
to fall out of compliance again
Traditional versus Continuous
Time
Compliance
ContinuousTraditional
RISK
SCAP

8. 8© 2015 IBM Corporation
Signature based solutions are designed for known threats
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015

9. 9© 2015 IBM Corporation
Mobile strategies increase the attack surface
2014 Information Security Media Group

10. 10© 2015 IBM Corporation
Strategies that can help catch the “enablers” of APT success
! A unified ecosystem in which security intelligence can be seamlessly
shared and threat response automated
– Continuous monitoring for security best practices
• Discover
• Patch
– Shared intelligence
– Connected systems
! Multi-layered protections that help prevent, detect, and block attacks at
the endpoint
– Detect and prevent infection from both known as well as zero-day and unknown malware
– Protect users from submitting their business credentials to harmful phishing sites and reusing of credentials on legitimate
third party sites
– Disrupt the exploit chain to block exploitation of unpatched or unknown system vulnerabilities
– Stop malicious communications so that even if malware infects a device, it can’t communicate externally or exfiltrate
data from your enterprise.

11. 11© 2015 IBM Corporation
IBM BigFix: Bridge the Gap between Security and IT Ops
ENDPOINT
SECURITY
Discovery
and Patching
Lifecycle
Management
Software Compliance
and Usage
Continuous
Monitoring
Threat
Protection
Incident
Response
ENDPOINT
MANAGEMENT
IBM BigFix®
FIND IT. FIX IT. SECURE IT.
…FAST
Shared visibility and control
between IT Operations
and Security
IT OPERATIONS SECURITY
Reduce operational costs while improving your security posture

12. 12© 2015 IBM Corporation
IBM BigFix Compliance (previously IBM Endpoint Manager for Security and Compliance)
Using BigFix Compliance, clients get value from:
" Con$nuous
real-­‐$me
enforcement
of
security
policies,
regardless
of
network
connec$on
status
significantly
reduces
overall
security
risk
" Supports
industry
and
regulatory
compliance
benchmarks
for
best
prac$ce
protec$on
" Discovery
of
unmanaged
endpoints
and
Automa$c
patch
and
remedia$on
of
non-­‐
compliant
systems
reduces
risk
and
labor
costs
" Deploy,
update,
and
health
check
3rd-­‐party
Endpoint
Protec$on
solu$ons
" Policy
based
quaran$ne
of
non-­‐compliant
systems
Lifecycle Inventory Patch Compliance Protection
BigFix Platform
More than 9,000 heterogeneous platform compliance checks
based on best practice regulatory benchmarks from CIS, PCI DSS, DISA STIG, USGCB

13. 13© 2015 IBM Corporation
Advanced Evasive Malware - Advanced endpoint protection
Stop exploits before application vendors provide updates
Third-party AV Protection Protection IBMTrusteer Apex
• Anti-virus protection and Data
Loss Prevention
• Deploy and enforce security
configuration policies
X üü
üü
IBM BigFix®
• Third-party anti-virus
management
• Manage compliance,
quarantine and remediate
Continuous protection from advanced persistent threats
• Multi-layered protection
designed to break the
threat lifecycle in real-time

14. 14© 2015 IBM Corporation
IBM BigFix Protection
BigFix Protection delivers value in multiple ways:
" Real-­‐$me
endpoint
protec$on
against
viruses,
Trojan
horses,
spyware,
rootkits
and
other
malware
on
Windows
and
Mac
systems
" Protec$on
through
cloud-­‐based
file
and
web
reputa$on,
behavior
monitoring
and
personal
firewall
" Virtualiza$on
awareness
to
reduce
resource
conten$on
issues
on
virtual
infrastructures
" Leveraging
industry-­‐leading
IBM®
and
Trend
Micro™
technologies
with
a
single-­‐console
and
common
management
infrastructure
" Integrated
Data
Loss
Preven$on
and
Device
Control
available
as
a
add-­‐on
Lifecycle Inventory Patch Compliance Protection
BigFix Platform

15. 15© 2015 IBM Corporation
Advanced Endpoint Protection with IBM Trusteer Apex
Preemptive, multi-layered protection against advanced malware and credentials theft
IBM Trusteer Apex®
Prevent Credential
Misuse & Theft
Prevents credentials theft
via spear-phishing & the
reuse of enterprise
credentials on consumer
sites
Defend against the
Unknown
Positive behavior-based
modeling to protect web
browsers, Java, Adobe &
MS Office etc.
against zero-day exploits
Light weight, multi-
layered architecture
SaaS deployment, using a
single agent that supports
both managed and
unmanaged endpoints
ADVANCED ENDPOINT PROTECTION
Effective, Real-Time Advanced Threat Protection

16. 16© 2015 IBM Corporation
IBM BigFix and IBM Trusteer Apex
! Before
– Hardening the systems, and ensuring
continuous compliance of your
security best practices
– Preventing user credential exposure
! During
– Mitigating malware infections and
zero-day exploit attempts
– Quarantine any infected systems to
contain the treat
! After
– Continuously protect the zero-day
window until fix is available
– Quickly deploy new patches to
exposed endpoints
Create the most robust enterprise endpoint security solution available!
IBM
Trusteer Apex
and
IBM BigFix
Apex– continuously
protects in the window
between threat and fix
Maintenance Patch :
BigFix ensures it is
quickly deployed on all
endpoints
Apex identifies and
mitigates malware
infections in real-time
stops zero-day exploits
BigFix Incident
Response quarantines
infected machines
BigFix enforces secure
configurations
Everyone goes back to
work on higher value
projects
Unscheduled Patch:
BigFix ensures it is
quickly deployed on all
endpoints

17. 17© 2015 IBM Corporation
Questions??

18. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or
both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on
others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM
systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOU
www.ibm.com/security