View on demand: https://securityintelligence.com/events/4-ways-to-build-your-immunity-to-cyber-threats/ Imagine you had to consult 40 different doctors to treat an infection, and ended up with 80 different prescriptions. Now, imagine replicating that situation in your organization’s network. That’s the environment many companies find themselves in when dealing with IT security threats. Like infectious diseases, cyber threats will never be eliminated entirely, but they can be better contained and understood, and their effects minimized. How can this be achieved? IBM has built an enterprise-level “immune system,” an adaptive security architecture to battle today’s cyber pathogens. Multi-disciplined IBM Security practitioners work with clients to architect, deploy and optimize the IBM Threat Protection System, continually evolving defenses, honed through the company’s heritage of solving difficult problems. The IBM Threat Protection System integrates with 450 security tools from over 100 vendors – acting as connective tissue for today’s disjointed cybersecurity infrastructure. View this on demand webinar to gain insight into advanced threat protection that breaks down silos and speeds time to action, and learn how to bolster your security posture from the experts at IBM Security.

1. © 2015 IBM Corporation
Patrick Vandenberg
Program Director, IBM Security
4 Ways to Build Your Immunity
to Cyber Threats

2. 2© 2015 IBM Corporation
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015
Attack types
2012
40% increase
2013
800,000,000+ records
2014
Unprecedented impact
XSS SQLiMisconfig. Watering
Hole
Brute
Force
Physical
Access
Heartbleed Phishing DDoS Malware Undisclosed
Our defenses are being overrun by attacks every day
$6.5M
average cost of a U.S. data breachaverage time to detect APTs
256 days
Source: 2015 Cost of Data Breach Study, Ponemon Institute

3. 3© 2015 IBM Corporation
Are you tired of treating security solutions like medication for a cold virus,
none of which will actually cure what ails you?
It’s time to stop treating individual attacks
and build a true resistance to
cyberattacks
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

4. 4© 2015 IBM Corporation
The sophistication of attacks is outpacing our defenses
of CISOs say that advanced external threats are their top
current challenge.1
Rx Patient:
29-Oct-15
CISO
Date:
Source: 2014 Chief Information Security Officer Assessment
40%
For help with:
• Breaking the attack chain
on network and endpoint
• Stopping zero-days and
evolving malware
• Multi-layered defense and
granular controls
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

5. 5© 2015 IBM Corporation
I’m worried about protecting the heart of my network:
my and my customers’ data
of all attacks are caused by insider
threats, either malicious or inadvertent
Rx Patient:
29-Oct-15
CISO
Date:
55%
For help with:
• Uncovering risks to
sensitive data
• Monitoring and auditing
data activity for all
platforms and protocols
• Enforcing security policies
in real time
Source: 2015 Cyber Security Intelligence Index
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

6. 6© 2015 IBM Corporation
I’ve got too many alerts and don’t have the right resources to
make sense of them
average daily security events
Rx Patient:
29-Oct-15
CISO
Date:
Source: xx
500,000,000
For help with:
• Prioritizing critical
alerts
• Clear remediation plans
• Effective threat management
• Making informed security
decisions faster
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

7. 7© 2015 IBM Corporation
I can’t rely on gut feel to know what to patch first
of attacks use publicly known vulnerabilities in
commercial software
Rx Patient:
29-Oct-15
CISO
Date:
Source: SecurityIntelligence.com: Endpoints: The Beginning of Your Defense
75%
For help with:
• Consolidated vulnerability
view across major products
and technologies
• Adding context to identify
key vulnerabilities and
reduce false positives
• Customizable scheduled and
event-driven scanning
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

8. 8© 2015 IBM Corporation
I can’t see what’s happening on my endpoints
of organizations can apply patches the day they are released
Rx Patient:
29-Oct-15
CISO
Date:
10%
For help with:
• Continuous monitoring of
endpoints
• Contextual data on
vulnerability assessment
and risk prioritization
• Automatic quarantine
actions to isolate non-
compliant or infected
endpoints
Source: SecurityIntelligence.com: Endpoints: The Beginning of Your Defense
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

9. 9© 2015 IBM Corporation
We spend more time researching threats than taking action
on them
average days to detect an advanced persistent threat in the
network
Rx Patient:
29-Oct-15
CISO
Date:
256
For help with:
• Retracing step-by-step
actions of cyber criminals
for deep insights and to
help prevent reoccurrences
• Reconstructing raw network
data back into its original
form for a greater
understanding of the event
Source: 2015 Cost of a Data Breach
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

10. 10© 2015 IBM Corporation
I’d breathe easier if I had help preparing for an attack
of security leaders believe concerns about managing
information risk are directly related to staffing difficulties
Rx Patient:
29-Oct-15
CISO
Date:
86%
For help with:
• Managing incident response
more efficiently
• Delivering faster response
times
• Accessing deep technical
skills in real-time
• Being proactive through
preemptive incident
preparation
Source: Surviving The Technical Security Skills Crisis
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

11. 11© 2015 IBM Corporation
There are so many sources of threat intelligence that we have
trouble integrating it into our security processes
of enterprise firms use external threat intelligence to
enhance their security decision making
Rx Patient:
29-Oct-15
CISO
Date:
65%
For help with:
• Using a robust platform
with access to a wealth of
threat intelligence data
• Making threat intelligence
actionable
• Collaborating with peers to
add human context to threat
intelligence
Source: xx
Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services

12. 12© 2015 IBM Corporation
I have security products from multiple vendors giving me
integration heartburn
average number of point solutions replaced by an
integrated security intelligence solution
Rx Patient:
29-Oct-15
CISO
Date: Prevent
Detect
Respond
Treatment Course
Defense Vital Signs
Network
Endpoint
Data
Threat Intel
Integration
Services
Source: IBM QRadar Security Intelligence Client Study
6.2
For help with:
• Visibility into security
incidents
• Actionable threat
intelligence
• Prioritizing security
decisions

13. 13© 2015 IBM Corporation
IBM Threat Protection System is a dynamic, integrated
system to help stop advanced threats
Break-in1
Latch-on2
Expand3
Gather4
Exfiltrate5
Attack Chain
DIY leveraging
unique integrations
of IBM’s best-of-
breed security
products
Customized
Implementation
with assistance from
IBM business
partners
Fully managed
service with
outcome-based
results
IBM technology as-a-Service

14. 14© 2015 IBM Corporation
Focus on critical points in the attack chain with preemptive defenses
on endpoints, the network, and critical data repositories
• Prevent malware
installation
• Disrupt malware
communications
• Limit the theft of user
credentials
• Prevent remote
network exploits
• Disrupt malware
communications
• Limit the use of risky
web applications
• Prevent power users
from abusing access
• Prevent misuse of
sensitive data
• Prevent intrusion and
theft of data
On the Endpoint On the Network At Data Access
@
Break-in
@
Latch-on Expand
@
Gather

15. 15© 2015 IBM Corporation
Security Analytics Platform
Continuously monitor activity from across the attack chain
Pre-Attack Analytics
Predict and prioritize security
weaknesses before adversaries
• Use automated vulnerability
scans and rich security context
• Emphasize high-priority,
unpatched, or defenseless
assets requiring attention
Real-time Attack Analytics
Detect activity and anomalies
outside normal behavior
• Correlate and baseline
massive sets of data
• From logs, events, flows, user
activity, assets, locations,
vulnerabilities, external threats,
and more
Centralized Vulnerability
Management
Next-Generation SIEM

16. 16© 2015 IBM Corporation
Post-Attack Incident
Forensics
Reduce the time
to discover what
happened and when
• Reconstruct attack
activity and content
from full-packet data
• Apply search engine
technology and
visualizations
Real-time Incident
Response
Rapidly investigate breaches, retrace activity, and learn from
findings
Enforce continuous
compliance
at the endpoint
• Automatic quarantine
of non-compliant
endpoints
• Custom remediation
and patching of affected
machines
Emergency Response
Services
Prepare for and
withstand security
breaches
• Gain access
to key resources
that enable faster
recovery and
reduce incident
impact
Rapid Forensics
Investigation
Endpoint Policy
Enforcement
Breach Management
Expertise

17. 17© 2015 IBM Corporation
Leverage threat intelligence with product integrations that draw
upon human and machine-generated information
Global Threat Intelligence from IBM X-Force Research
X-Force Intelligence Network
Exploit
Triage
Malware
Tracking
Zero-day
Research
Real-time sharing
of endpoint
intelligence
Phishing
Sites
URL/Web
Categories
IP/Domain
Reputation
• Combined expertise of X-Force,
Trusteer,AppScan and Managed
Security Services research
• Catalog of:
• 96K+ vulnerabilities
• 25B+ web pages and images
• 270M+ endpoints feeding data
• Intelligence databases dynamically
updated on a minute-by-minute basis
Collaborative Threat Intelligence
Analysis and
distribution of
content intelligence

18. 18© 2015 IBM Corporation
Share, analyze, and act upon information gathered
from an ecosystem of third-party products
Security Partner Ecosystem Integrations
Trend Micro Deep Security
IBM XGS Quarantine and Blocking
FireEye Web Malware Protection System
IBM XGS Quarantine and Blocking
Damballa Failsafe
IBM XGS Quarantine and Blocking
Palo Alto Firewalls
Trusteer Apex integration
Advanced Threat Protection Integrations
Additional IBM QRadar
Partners Include
IBM Security Partner Ecosystem
• 100+ vendors
• 450+ products
• Complimentary integrated solutions
• Strengthens the threat protection lifecycle
– Leverage a vibrant ecosystem
of security products
– Increase visibility, collapse
information silos, and provide
insights on advanced attacks

19. 19© 2015 IBM Corporation
Date: ___________________
Patient Name:
Date:
Prescription:
IBM Threat Protection System for relief of:
Signature:
Sophisticated attacks outpacing your
organization’s defenses
Too many alerts and not enough resources
to act on them
Excess time spent researching threats
instead of responding to them
Security products from multiple vendors
that don't work well together
Refills: Annual
CISO
IMMEDIATELY
Get the right treatment prescribed
For fast acting:

20. 20© 2015 IBM Corporation
133 countries where IBM delivers
managed security services
24 industry analyst reports rank
IBM Security as a LEADER
TOP 2 enterprise security software
vendor in total revenue
12K clients protected including…
75% of the top 29 banks in Japan,
North America, and Australia
Learn more about IBM Security
Visit our web page
ibm.com/security/threat-protection
Watch our videos
IBM Security YouTube Channel
View upcoming webinars & blogs
SecurityIntelligence.com
Follow us on Twitter
@ibmsecurity
Join IBM X-Force Exchange
xforce.ibmcloud.com

21. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security