IBM's X-Force research team analyzes security threats and develops new technologies to address emerging challenges, such as the rise of targeted attacks and mobile malware. The document highlights findings from IBM's 2011 X-Force Trend and Risk Report, including increases in shell command injection and SSH brute forcing attacks as well as growth in phishing-based malware. It also introduces IBM's Advanced Threat Protection Platform for integrated security intelligence through solutions like the QRadar SIEM and IBM Security Network IPS powered by X-Force research.
Virtualization Security: Physical. Virtual. Cloud.
This document discusses securing virtualized environments including physical, virtual, and cloud platforms. It identifies key security challenges in virtual/cloud environments like resource contention from antivirus scans, instant-on gaps when cloning VMs, and inter-VM attacks. The document promotes Trend Micro's Deep Security 8 product as a server security platform that can address these challenges across physical, virtual, and cloud platforms.
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Sverige
IBM Security Systems presents the latest risks and trends from X-Force 2011 Full Year report, and how you can protect your infrastructure from these new evolving threats using Security Intelligence from Q1 Labs and IBM's recently announced Advanced Threat Protection Platform.
Talare: Mikael Andersson, Client Technical Professional, IBM
Besök http://smarterbusiness.se för mer information.
Introduction - Trend Micro Deep SecurityAndrew Wong
The document discusses Trend Micro's Deep Security 8 platform. It provides security for physical, virtual, and cloud servers in an integrated manner. Key features include agentless integrity monitoring that extends security without additional cost or complexity. Agent-based antivirus is also expanded to more environments. Deep Security 8 integrates with SecureCloud 2 to add context-aware data protection in the cloud. Trend Micro is also highlighted as the #1 security partner for VMware based on technologies that improve both security and virtualization.
The document summarizes IBM's Application Security Assessment service which identifies security vulnerabilities in applications and network infrastructure. The service performs comprehensive testing of applications, identifies specific risks, and provides detailed recommendations to mitigate issues. It uses proven methodologies including technical testing, code review, and delivers a report on an application's security posture with remediation steps. IBM experts leverage specialized skills and tools to provide a cost-effective security evaluation.
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
The document discusses how to achieve security compliance while lowering costs through datacenter virtualization. It notes that compliance and virtualization goals can be at odds, but integrating security solutions into the virtual infrastructure can help meet both. Trend Micro is presented as a leader in virtualization security that helps customers comply with standards like PCI-DSS through virtual patching and other controls in their Deep Security product.
Net motion wireless-and_frost-sullivan_a-new-mobilty_psAccenture
The document discusses the rise of mobile field workers and remote work. It explores the evolving security landscape and threats facing remote workers. It then summarizes security solutions like mobile VPNs that can help secure access for remote workers. The document defines mobile VPNs and provides an analysis of the global mobile VPN market, noting that growth will be fueled by increasing wireless device usage and that the top vendors in the space are expected to be Cisco, Juniper, and NetMotion Wireless.
The document discusses web application security and securing the software development lifecycle. It notes that web applications are the top target of hackers, with many sites being vulnerable. It emphasizes that network defenses like firewalls are not enough, and that application security needs to be addressed throughout development. The document promotes IBM Rational products for automating security testing of web applications across the entire development lifecycle.
The document discusses virtual desktop infrastructure (VDI) security solutions from Trend Micro, focusing on Trend Micro OfficeScan and Deep Security. It provides performance comparisons of OfficeScan against other antivirus solutions, showing that OfficeScan uses significantly less CPU, IOPS, memory and scan time. It also introduces Deep Security as Trend Micro's agentless security solution that eliminates "AV storms" through hypervisor-based inspection.
Virtualization Security: Physical. Virtual. Cloud.
This document discusses securing virtualized environments including physical, virtual, and cloud platforms. It identifies key security challenges in virtual/cloud environments like resource contention from antivirus scans, instant-on gaps when cloning VMs, and inter-VM attacks. The document promotes Trend Micro's Deep Security 8 product as a server security platform that can address these challenges across physical, virtual, and cloud platforms.
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Sverige
IBM Security Systems presents the latest risks and trends from X-Force 2011 Full Year report, and how you can protect your infrastructure from these new evolving threats using Security Intelligence from Q1 Labs and IBM's recently announced Advanced Threat Protection Platform.
Talare: Mikael Andersson, Client Technical Professional, IBM
Besök http://smarterbusiness.se för mer information.
Introduction - Trend Micro Deep SecurityAndrew Wong
The document discusses Trend Micro's Deep Security 8 platform. It provides security for physical, virtual, and cloud servers in an integrated manner. Key features include agentless integrity monitoring that extends security without additional cost or complexity. Agent-based antivirus is also expanded to more environments. Deep Security 8 integrates with SecureCloud 2 to add context-aware data protection in the cloud. Trend Micro is also highlighted as the #1 security partner for VMware based on technologies that improve both security and virtualization.
The document summarizes IBM's Application Security Assessment service which identifies security vulnerabilities in applications and network infrastructure. The service performs comprehensive testing of applications, identifies specific risks, and provides detailed recommendations to mitigate issues. It uses proven methodologies including technical testing, code review, and delivers a report on an application's security posture with remediation steps. IBM experts leverage specialized skills and tools to provide a cost-effective security evaluation.
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
The document discusses how to achieve security compliance while lowering costs through datacenter virtualization. It notes that compliance and virtualization goals can be at odds, but integrating security solutions into the virtual infrastructure can help meet both. Trend Micro is presented as a leader in virtualization security that helps customers comply with standards like PCI-DSS through virtual patching and other controls in their Deep Security product.
Net motion wireless-and_frost-sullivan_a-new-mobilty_psAccenture
The document discusses the rise of mobile field workers and remote work. It explores the evolving security landscape and threats facing remote workers. It then summarizes security solutions like mobile VPNs that can help secure access for remote workers. The document defines mobile VPNs and provides an analysis of the global mobile VPN market, noting that growth will be fueled by increasing wireless device usage and that the top vendors in the space are expected to be Cisco, Juniper, and NetMotion Wireless.
The document discusses web application security and securing the software development lifecycle. It notes that web applications are the top target of hackers, with many sites being vulnerable. It emphasizes that network defenses like firewalls are not enough, and that application security needs to be addressed throughout development. The document promotes IBM Rational products for automating security testing of web applications across the entire development lifecycle.
The document discusses virtual desktop infrastructure (VDI) security solutions from Trend Micro, focusing on Trend Micro OfficeScan and Deep Security. It provides performance comparisons of OfficeScan against other antivirus solutions, showing that OfficeScan uses significantly less CPU, IOPS, memory and scan time. It also introduces Deep Security as Trend Micro's agentless security solution that eliminates "AV storms" through hypervisor-based inspection.
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
This document discusses securing IT infrastructure as it moves to cloud computing. It summarizes Trend Micro's cloud security solutions which provide a single security platform across physical, virtual, and cloud environments. This includes Deep Security which provides firewall, intrusion detection, integrity monitoring, and other protections for physical, virtual, and cloud servers. It also discusses Trend Micro's leadership in securing the journey to cloud computing.
Symantec announced new offerings to create a trusted ecosystem of applications and partners to help businesses accelerate the execution of their mobility initiatives. The offerings include two new programs – the App Center Ready Program for application developers and the Mobility Solution Specialization Program for channel partners – as well as a single mobile suite spanning device management, application management and mobile security.
FishNet Security offers several mobile security solutions and services to help businesses securely enable mobile devices and applications. These include developing mobile security policies, performing security assessments of mobile applications and architecture, penetration testing of mobile clients and servers, and mobile device management integration and strategy consulting. The company aims to help businesses maximize productivity from mobile tools while minimizing security risks and ensuring regulatory compliance.
As you move your IT Infrastructure into the cloud, how secure can you expect your applications to be? Join Alert Logic and Internap on this webcast for an enlightening discussion on the state of cloud security and how it impacts security management decisions, especially in the context of deploying infrastructure to hosted and cloud environments.
At VMworld 2012, Symantec announced new solutions and technical integrations with VMware across its entire product portfolio to ensure higher levels of protection for virtualized environments. Together, Symantec and VMware enable SMBs and enterprises to use the benefits of virtualization without compromising protection.
Trend Micro is a leader in virtualization and cloud security. It was the first to offer security solutions for virtualization, cloud computing, and netbooks. Trend Micro blocks billions of threats daily and detects over 3.5 million new threats every second. It ranked #1 in real-world online testing and is also a leader in messaging, web, and endpoint security. Deep Security is Trend Micro's platform that provides unified security across physical, virtual, and cloud environments.
The document discusses how IT security threats have evolved over time:
1) Traditional perimeter defenses like firewalls are no longer adequate against modern threats like advanced persistent threats and sophisticated malware.
2) Security tools have evolved from intrusion detection systems to security information and event management systems (SIEMs) to help analyze growing security data, but attackers now target human trust to gain access instead of technical vulnerabilities.
3) Current security systems have blind spots and silos that prevent analyzing all security data and rapidly responding to incidents, allowing attackers to persist on networks for long periods unknown.
Deep Security provides software-based security and compliance for systems operating in standalone, virtual, and cloud environments to help organizations meet PCI DSS requirements. It addresses 7 PCI regulations and over 20 sub-controls with features like network segmentation, host firewall, antivirus, virtual patching, and web application protection to provide core PCI controls from a single, centrally managed solution. Deep Security can economically help organizations meet PCI compliance challenges for distributed locations, vulnerability management, and website and virtualization security.
This document discusses Lumension and changes in endpoint protection. It notes the growing problems of cyber attacks and risks from mobile devices and applications. Lumension's approach provides application control and a dynamic trust engine to validate trust while accommodating change. The challenges of endpoint management around security, visibility and integration are discussed. Lumension Endpoint Management and Security Suite (LEMSS) aims to provide effective endpoint security through features like anti-virus, patch management, application control and device control from a single console.
Introduction - The Smart Protection NetworkAndrew Wong
Trend Micro is introducing its Smart Protection Network, a next-generation security architecture. It collects threat data from various sources and analyzes it using TrendLabs to provide up-to-date threat information to lightweight endpoint clients in near real-time. This network removes the need for pattern monitoring and management on individual endpoints, reducing network traffic and memory usage. It also protects customers faster and with less staff time compared to traditional security solutions.
The document discusses IBM Security Systems and their capabilities. It provides an agenda that covers the security landscape, IBM security capabilities, and their strategic direction focused on security intelligence, advanced threats, mobile security, and cloud computing. It summarizes IBM's approach of delivering intelligence, integration, and expertise across a comprehensive security framework.
This document discusses how Trend Micro's Deep Security product provides virtualization and cloud security through an integrated platform. It offers agentless and agent-based security across physical, virtual, and cloud environments from a single management console. This consolidated security model maximizes performance and ROI while simplifying management and strengthening protection across platforms.
This document summarizes the major security vulnerabilities that impacted the internet in 2014, including Heartbleed and Shellshock. It provides statistics on the number of records lost and breaches per industry. It also analyzes the technical details and impact of Heartbleed and Shellshock, such as the number of detected attacks and industries affected. Finally, it discusses planning for future vulnerabilities and maintaining security best practices.
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Trend Micro announced new data protection features for several of its security products in September 2011. New versions of ScanMail for Exchange, PortalProtect for SharePoint, and InterScan Messaging Security added data loss prevention capabilities to help organizations comply with regulations and prevent data breaches across email servers, collaboration platforms, and messaging gateways. Trend Micro positioned itself as uniquely able to provide integrated data protection across the enterprise from endpoints to the cloud.
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
The document discusses identity and security challenges in difficult economic times. New threats and sophisticated cybercrime are on the rise while IT budgets are shrinking. This increases risks from internal attacks, costly data breaches, and non-compliance with regulations. Microsoft's strategy focuses on simplified management, deployment, reporting and compliance through an integrated suite of identity and security products. The strategy and products are aimed at mitigating risks, growing sales, reducing costs, retaining customers, and adapting to change.
7 Ways to Stay 7 Years Ahead of the ThreatIBM Security
With breach reports becoming a weekly, if not daily, occurrence, organizations need proactive security to protect themselves and their customers against the loss of sensitive data. Hear from IBM X-Force research and product experts on 7 types of behavioral based protection layered into network and endpoint security that can help your organization stay ahead of the threat. Our protection is so successful, in fact, that our IPS customer were protected from exploits of the recently disclosed Shellshock vulnerability seven years ahead of the threat.
The disappearing network perimeter mean organizations can no longer rely on traditional methods to secure their networks, and must plan for porous access to corporate assets and intellectual property. Deploying a simple intrusion prevention solution that relies in pattern matching is insufficient to identify malicious actors who can evade traditional protection strategies. By focusing on blocking the behavior of malware, rather than pattern matching against specific exploits, organizations are better protected with techniques like protocol analysis detection, shellcode heuristics, application layer heuristics, malicious communication prevention, and exploit chain disruption.
View the full on-demand webcast: http://securityintelligence.com/events/8-ways-stay-5-years-ahead-threat/#.VYxgB_lVhBf
This document discusses IBM's acquisition of Resilient Systems and how it will advance IBM's security strategy. It notes that the acquisition will unite security operations and incident response, deliver a single hub for response management, and allow seamless integration with IBM and third-party solutions. This will help organizations of all sizes successfully prevent, detect, and respond to cyberattacks.
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
Qradar ibm partner_enablement_220212_finalArrow ECS UK
QRadar is a SIEM, log management, and network monitoring platform from IBM Security. It provides security intelligence through log collection, correlation, threat detection, and compliance reporting. Key capabilities include log management, SIEM, risk management, network activity monitoring, and application visibility. Customers choose QRadar for its intelligence, integration, automation, scalability, leadership, and support.
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
This document discusses securing IT infrastructure as it moves to cloud computing. It summarizes Trend Micro's cloud security solutions which provide a single security platform across physical, virtual, and cloud environments. This includes Deep Security which provides firewall, intrusion detection, integrity monitoring, and other protections for physical, virtual, and cloud servers. It also discusses Trend Micro's leadership in securing the journey to cloud computing.
Symantec announced new offerings to create a trusted ecosystem of applications and partners to help businesses accelerate the execution of their mobility initiatives. The offerings include two new programs – the App Center Ready Program for application developers and the Mobility Solution Specialization Program for channel partners – as well as a single mobile suite spanning device management, application management and mobile security.
FishNet Security offers several mobile security solutions and services to help businesses securely enable mobile devices and applications. These include developing mobile security policies, performing security assessments of mobile applications and architecture, penetration testing of mobile clients and servers, and mobile device management integration and strategy consulting. The company aims to help businesses maximize productivity from mobile tools while minimizing security risks and ensuring regulatory compliance.
As you move your IT Infrastructure into the cloud, how secure can you expect your applications to be? Join Alert Logic and Internap on this webcast for an enlightening discussion on the state of cloud security and how it impacts security management decisions, especially in the context of deploying infrastructure to hosted and cloud environments.
At VMworld 2012, Symantec announced new solutions and technical integrations with VMware across its entire product portfolio to ensure higher levels of protection for virtualized environments. Together, Symantec and VMware enable SMBs and enterprises to use the benefits of virtualization without compromising protection.
Trend Micro is a leader in virtualization and cloud security. It was the first to offer security solutions for virtualization, cloud computing, and netbooks. Trend Micro blocks billions of threats daily and detects over 3.5 million new threats every second. It ranked #1 in real-world online testing and is also a leader in messaging, web, and endpoint security. Deep Security is Trend Micro's platform that provides unified security across physical, virtual, and cloud environments.
The document discusses how IT security threats have evolved over time:
1) Traditional perimeter defenses like firewalls are no longer adequate against modern threats like advanced persistent threats and sophisticated malware.
2) Security tools have evolved from intrusion detection systems to security information and event management systems (SIEMs) to help analyze growing security data, but attackers now target human trust to gain access instead of technical vulnerabilities.
3) Current security systems have blind spots and silos that prevent analyzing all security data and rapidly responding to incidents, allowing attackers to persist on networks for long periods unknown.
Deep Security provides software-based security and compliance for systems operating in standalone, virtual, and cloud environments to help organizations meet PCI DSS requirements. It addresses 7 PCI regulations and over 20 sub-controls with features like network segmentation, host firewall, antivirus, virtual patching, and web application protection to provide core PCI controls from a single, centrally managed solution. Deep Security can economically help organizations meet PCI compliance challenges for distributed locations, vulnerability management, and website and virtualization security.
This document discusses Lumension and changes in endpoint protection. It notes the growing problems of cyber attacks and risks from mobile devices and applications. Lumension's approach provides application control and a dynamic trust engine to validate trust while accommodating change. The challenges of endpoint management around security, visibility and integration are discussed. Lumension Endpoint Management and Security Suite (LEMSS) aims to provide effective endpoint security through features like anti-virus, patch management, application control and device control from a single console.
Introduction - The Smart Protection NetworkAndrew Wong
Trend Micro is introducing its Smart Protection Network, a next-generation security architecture. It collects threat data from various sources and analyzes it using TrendLabs to provide up-to-date threat information to lightweight endpoint clients in near real-time. This network removes the need for pattern monitoring and management on individual endpoints, reducing network traffic and memory usage. It also protects customers faster and with less staff time compared to traditional security solutions.
The document discusses IBM Security Systems and their capabilities. It provides an agenda that covers the security landscape, IBM security capabilities, and their strategic direction focused on security intelligence, advanced threats, mobile security, and cloud computing. It summarizes IBM's approach of delivering intelligence, integration, and expertise across a comprehensive security framework.
This document discusses how Trend Micro's Deep Security product provides virtualization and cloud security through an integrated platform. It offers agentless and agent-based security across physical, virtual, and cloud environments from a single management console. This consolidated security model maximizes performance and ROI while simplifying management and strengthening protection across platforms.
This document summarizes the major security vulnerabilities that impacted the internet in 2014, including Heartbleed and Shellshock. It provides statistics on the number of records lost and breaches per industry. It also analyzes the technical details and impact of Heartbleed and Shellshock, such as the number of detected attacks and industries affected. Finally, it discusses planning for future vulnerabilities and maintaining security best practices.
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
Trend Micro announced new data protection features for several of its security products in September 2011. New versions of ScanMail for Exchange, PortalProtect for SharePoint, and InterScan Messaging Security added data loss prevention capabilities to help organizations comply with regulations and prevent data breaches across email servers, collaboration platforms, and messaging gateways. Trend Micro positioned itself as uniquely able to provide integrated data protection across the enterprise from endpoints to the cloud.
Microsoft India - Forefront Value Of Identity And Security Offerings Presenta...Microsoft Private Cloud
The document discusses identity and security challenges in difficult economic times. New threats and sophisticated cybercrime are on the rise while IT budgets are shrinking. This increases risks from internal attacks, costly data breaches, and non-compliance with regulations. Microsoft's strategy focuses on simplified management, deployment, reporting and compliance through an integrated suite of identity and security products. The strategy and products are aimed at mitigating risks, growing sales, reducing costs, retaining customers, and adapting to change.
7 Ways to Stay 7 Years Ahead of the ThreatIBM Security
With breach reports becoming a weekly, if not daily, occurrence, organizations need proactive security to protect themselves and their customers against the loss of sensitive data. Hear from IBM X-Force research and product experts on 7 types of behavioral based protection layered into network and endpoint security that can help your organization stay ahead of the threat. Our protection is so successful, in fact, that our IPS customer were protected from exploits of the recently disclosed Shellshock vulnerability seven years ahead of the threat.
The disappearing network perimeter mean organizations can no longer rely on traditional methods to secure their networks, and must plan for porous access to corporate assets and intellectual property. Deploying a simple intrusion prevention solution that relies in pattern matching is insufficient to identify malicious actors who can evade traditional protection strategies. By focusing on blocking the behavior of malware, rather than pattern matching against specific exploits, organizations are better protected with techniques like protocol analysis detection, shellcode heuristics, application layer heuristics, malicious communication prevention, and exploit chain disruption.
View the full on-demand webcast: http://securityintelligence.com/events/8-ways-stay-5-years-ahead-threat/#.VYxgB_lVhBf
This document discusses IBM's acquisition of Resilient Systems and how it will advance IBM's security strategy. It notes that the acquisition will unite security operations and incident response, deliver a single hub for response management, and allow seamless integration with IBM and third-party solutions. This will help organizations of all sizes successfully prevent, detect, and respond to cyberattacks.
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
Qradar ibm partner_enablement_220212_finalArrow ECS UK
QRadar is a SIEM, log management, and network monitoring platform from IBM Security. It provides security intelligence through log collection, correlation, threat detection, and compliance reporting. Key capabilities include log management, SIEM, risk management, network activity monitoring, and application visibility. Customers choose QRadar for its intelligence, integration, automation, scalability, leadership, and support.
This report analyzes the worldwide markets for Cyber Security in US$ million by the following product segments ' Application Security, Content Security, Data Security, Endpoint Security, Network Security, Identity & Access Management, Risk & Compliance Management, Security Operations, and Consulting Services. The report provides separate comprehensive analytics for the US, Canada, Japan, Europe, Asia-Pacific, Latin America, and Rest of World. Annual estimates and forecasts are provided for the period 2009 through 2017. Also, a six-year historic analysis is provided for these markets. The report profiles 127 companies including many key and niche players such as Aladdin Knowledge Systems Ltd., AVG Technologies, BitDefender
Trend micro real time threat management press presentationAndrew Wong
Trend Micro is launching new real-time threat management solutions to address the insufficiency of traditional security against today's advanced threats. The solutions include the Trend Micro Threat Management System for network-wide visibility and control, the Threat Intelligence Manager for actionable threat intelligence, and vulnerability management services for timely patching. These solutions aim to detect, analyze, and remediate advanced threats in real-time through network monitoring, threat intelligence, and continuous vulnerability assessments.
This document discusses HP TippingPoint's IPS and virtualization security solutions for data centers. It provides an overview of the modern threat landscape facing applications, and introduces HP TippingPoint's IPS platform and product lines. Key details include the platform's performance capabilities, available models in the S-Series and N-Series, and the TippingPoint 1200N embedded IPS module for HP switches. Virtualization security solutions are also briefly mentioned.
HP Enterprise Security provides security solutions to address challenges posed by evolving IT architectures, increasing cybercrime, and the limitations of traditional security approaches. The solutions are based on HP's Security Intelligence Platform, which provides unified visibility across applications, systems, and networks to analyze vulnerabilities and risks in order to build adaptive defenses. HP has security expertise from ArcSight, Fortify and TippingPoint and offers solutions such as the ArcSight Solution Architecture for security monitoring and the TippingPoint Network Defense System for network security.
1) HP Enterprise Security provides a security intelligence platform to help organizations proactively manage threats and risks across their IT infrastructure.
2) The platform offers universal log management, regulatory compliance, network security, and other solutions to establish complete visibility and analyze security events.
3) Key HP security products like ArcSight, Fortify, and TippingPoint provide advanced threat detection, application testing, and network defenses respectively.
Ray Menard plagiarized text from Hugh Farringdon in his document about network security monitoring. The document discusses IBM's QRadar SIEM product and how it can help network and security professionals deal with the large volumes of information they receive. It provides an overview of QRadar SIEM's capabilities, such as event correlation, network flow capture and analysis, and compliance monitoring. The document also presents several use cases where QRadar SIEM can provide valuable visibility, such as complex threat detection, malicious activity identification, and network and asset discovery.
The document discusses security risks and regulations for Mexican brokerage firms. It highlights key findings from an IBM security report, including that attacks continue across security domains like vulnerabilities, malware, and phishing. The document also discusses IBM security solutions like intrusion prevention, data security products, and security consulting services that can help firms address risks and regulatory requirements.
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
Virtualize More in 2012 with HyTrust discusses virtualization security best practices and guidance. It recommends planning security into virtual environments by considering compliance requirements, new cloud roles, and security strategy. When virtualizing, organizations should strive for equal or better security than traditional infrastructures using virtualization-aware security solutions, privileged identity management, and vulnerability management. The presentation provides business drivers for increasing virtualization securely in 2012 to proactively protect systems and data.
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
This document summarizes IBM's security intelligence, integration, and expertise capabilities. It discusses how the world is becoming more digitized and interconnected, opening the door to emerging threats. It also notes that with the rise of big data, consumerization of IT, and mobility, everything is everywhere, while attack sophistication has increased. IBM helps organizations evolve their security solutions to address these changing business, technology, and threat environments. The document outlines IBM's comprehensive security portfolio spanning enterprise governance, risk, compliance and intelligence.
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
IBM Security Systems provides innovative security solutions from leading technology vendors in over 10 countries. They specialize in security consulting, testing, auditing, integration, training and support. They were the first certified partner of Q1 Labs in the Baltics, and now work with IBM's security portfolio. The document discusses the need for security intelligence solutions that integrate log management, security information and event management, risk management, network activity monitoring, and other capabilities to provide comprehensive security insights.
Shift to Intelligent Endpoint Security Management
The document discusses the shift from traditional endpoint security methods to more intelligent approaches. Traditional defenses like antivirus software and patching are no longer effective against modern threats. New strategies are needed to control applications and local user privileges, prevent zero-day and targeted attacks, and provide better security reporting. Without improved technology solutions, organizations will continue to have sensitive data and systems compromised by cybercriminals. The future of endpoint security requires more intelligent methods like application whitelisting to lock down systems while optimizing security and resources.
The document discusses various topics related to information security including security audits, application security testing, secure software development lifecycles, identity management, network security assessments, security design, vulnerability analysis, remediation recommendations, penetration testing, compliance testing, and security trainings. It also discusses motives for security incidents, system incident management, security monitoring tools, data leakage prevention, exfiltration threats, deep session inspection, social network risk mitigation, public key infrastructure systems, and port-based authentication. The presentation is in Polish and concludes by thanking the audience.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
C0c0n 2011 mobile security presentation v1.2Santosh Satam
Mobile phone security has been a hot topic for debate in recent times. The top mobile manufacturers seem to claim that their mobiles and applications are secure, but recent news on mobile hacking and malware suggest otherwise.
One of the key challenges in mobile security is the diverse platforms and multitude of operating systems (both open and proprietary) in the market. This makes it almost impossible to devise a generic catch-all strategy for mobile application security. Every platform whether it is iOS, Android, Blackberry, Windows Mobile, Symbian etc. is unique and requires a specialized treatment.
In this talk, we will demystify mobile and related application security. We will understand the architectures of various mobile operating systems and the native security support provided by the manufacturers and operating system vendors. Then we will look at how hackers have come up with different techniques and tools to break mobile security, and what mobile companies are doing to mitigate these attacks.
Finally, we will look at secure practices for mobile deployment in the Enterprise using policy files and other technology solutions, We will also outline best practices for business users and road warriors, on how to ensure your company data is protected while still continuing to enjoy the flexibility provided by mobile phones.
Pulse 2013 Mobile Build and Connect presentationLeigh Williamson
Presentation made at Pulse2013 about the new IBM MobileFirst brand and portfolio, especially focusing on our solutions to help clients build & connect their mobile apps.
VSD Infotech is an IT services company specializing in information security, network management, and data center solutions. They offer a range of services including: (1) implementing Information Security Management Systems to help organizations securely manage sensitive data according to ISO/IEC 27001 standards, (2) network security assessments and testing, and (3) consulting services to help businesses design and implement secure systems and best practices. They also provide networking solutions and products from technology partners to optimize customer networks.
Similar to PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson (20)
Smarter Commerce, Salg og Marketing, Thomas Steglich-AndersenIBM Danmark
The document discusses smarter commerce and running a business more efficiently. It outlines key areas like marketing, procurement, order management, supply chain, fulfillment, and service. It also shows how customers can research, order, change, track and return products across different channels like stores, websites, calls, and mobile. The goal is running the business smarter through better brand relationships, procurement, order management, supply chain visibility, production planning, inventory analytics, and operational efficiency.
IBM is placing a strong emphasis on mobile technologies and applications. The document discusses IBM's MobileFirst initiative which provides tools to help organizations create more personalized, efficient and secure mobile interactions. It highlights growth in mobile transactions, devices, apps and users. IBM acquired 10 companies since 2006 and doubled its 2013 investment in mobile to strengthen its capabilities. The Worklight platform allows developing cross-platform hybrid and native mobile apps using a common codebase. It provides tools for testing, analytics, push notifications, and app distribution to enterprises.
The document discusses several topics related to smart cities and the Internet of Things (IoT), including developing solutions to track sea containers, optimize construction projects using RFID tags, and challenge banks to implement digital marketing. It also discusses trends in IoT such as the growing number of connected devices. The document advocates addressing problems through new technologies and taking on challenges in an innovation perspective.
Echo.it is an internal social media and engagement platform that helps companies align employee actions with strategic goals. It allows employees to share stories of their daily actions and how they further company strategies. Managers can use Echo.it to emphasize desired behaviors, provide recognition, and gain insights into organizational engagement. Employees are invited to a customized platform on Echo.it to share actions in categories related to company values and priorities. Their contributions are then aggregated into engagement statistics and recognition rewards to inspire further aligned actions across the organization. Echo.it offers a SaaS solution that is quick to set up and fully automated to launch and retain users.
The document discusses IBM's Big Data Platform for turning large and complex data into business insights. It provides an overview of key big data challenges faced by organizations and how the IBM platform addresses these challenges through solutions that handle the volume, velocity, variety and veracity of big data. These solutions include analytics, data warehousing, streaming analytics and Hadoop technologies. Use cases are presented for big data exploration, enhancing customer views, security intelligence, operations analysis and augmenting data warehouses.
Smarter Workforce Solutions focuses on helping employees transition to new tools and ways of working by changing mindsets and organizational culture, not just tools. Ginni Rometty notes that in a social enterprise, your value comes from the knowledge you share with others, not just what you accumulate yourself.
The document describes NumaConnect, a technology that tightly couples commodity servers into a single large system with shared memory, I/O, and a single operating system image. Key features include cache coherent global shared memory accessible by all CPUs, a shared I/O subsystem, and support for various APIs. NumaConnect uses custom NumaChip ASICs and a high-speed interconnect fabric to create a unified memory address space across servers at cluster prices. It can scale to thousands of nodes with hundreds of thousands of cores and petabytes of shared memory. Benchmark results show NumaConnect delivers low latency, high bandwidth, and excellent scaling for applications.
Mellanox is a leading provider of high-performance interconnect solutions including InfiniBand and Ethernet technologies. It has over 1,200 employees worldwide and reported record revenue in 2012 of $500.8 million, up 93% year-over-year. Mellanox's interconnect solutions reduce application wait times for data and increase ROI on data center infrastructure.
The document discusses Intel's HPC portfolio and roadmap update. It provides an overview of the new Intel Xeon E5-2600 v2 processor family, highlighting its efficiency, performance, and security features. The Xeon E5-2600 v2 is expected to deliver up to 30% more performance using the same or less power compared to the previous generation. It offers up to 12 cores, 30MB of cache, and support for the latest I/O and memory technologies to provide powerful and efficient processing for modern data centers.
IBM general parallel file system - introductionIBM Danmark
The document provides information about IBM's General Parallel File System (GPFS) 3.5 and introduces the GPFS Storage Server (GSS). It summarizes that GPFS is a scalable high-performance file management system that can scale from 1 to 8192 nodes. The GSS is a new storage solution using IBM servers and JBOD storage to provide high capacity and performance storage in a scalable building block approach. The GSS has no storage controllers and provides a single integrated storage solution built on GPFS software.
The document discusses IBM's NeXtScale computing platform. Key points include:
- NeXtScale uses a modular, scale-out architecture based on a dense 6U chassis that can hold 12 half-width server or expansion nodes.
- The initial compute node, the nx360 M4, is a 1U half-width server optimized for HPC workloads with support for Intel's latest Xeon processors.
- Native expansion options include a storage node that holds up to 32TB and a PCI node to support GPUs and Intel Xeon Phi coprocessors.
- NeXtScale is positioned as the successor to IBM's iDataPlex platform, offering greater flexibility, density, and
Future of Power: PowerLinux - Jan Kristian NielsenIBM Danmark
This presentation discusses IBM's PowerLinux offering, which combines the Power architecture with the Linux operating system. It highlights:
- New PowerLinux 7R4, 7R2, and 7R1 systems optimized for data-intensive and Java workloads
- Over 1,600 IBM software applications and 2,500+ third party applications certified or optimized for PowerLinux
- An IBM Big Data solution using PowerLinux servers and InfoSphere BigInsights for Hadoop-based analytics
Future of Power: Power Strategy and Offerings for Denmark - Steve SibleyIBM Danmark
IBM is promoting its Power Systems as optimized for big data, analytics, mobile, social, and cloud workloads. Key highlights include Power Systems providing a flexible, secure infrastructure to support next generation applications and analytics on big data. IBM also emphasizes partnerships with software vendors and the open innovation through the OpenPOWER consortium to deliver client choice and drive down costs.
This document discusses big data and provides an overview of key concepts:
- Big data is defined as datasets that are too large or complex for traditional data management tools to handle. It is characterized by volume, velocity, and variety.
- Big data comes from a variety of sources like social media, sensors, web logs, and transaction systems. It is growing rapidly due to the digitization of information.
- Big data can be used for applications like enhancing customer insights, optimizing operations, and extending security and intelligence capabilities. Example use cases are described.
- Architecting solutions for big data requires handling its scale and integrating diverse data types and sources. Both traditional and new analytics approaches are needed.
Future of Power: IBM PureFlex - Kim MortensenIBM Danmark
IBM offers a portfolio of integrated systems designed to improve IT efficiency, accelerate applications and analytics, and simplify cloud infrastructure. This includes PureFlex and Flex System which tightly integrate compute, storage, networking and management. PureSystems provide expertise through pre-integrated solutions and patterns that simplify tasks. Clients benefit from higher performance, utilization and lower costs through integration and automation.
Future of Power: IBM Trends & Directions - Erik RexIBM Danmark
This document provides an overview of IBM i trends and directions presented at a conference on September 4, 2013. It discusses new Power7+ servers with higher frequencies and more L3 cache providing better price/performance. It also outlines IBM i roadmap commitments, new technology refreshes, and strategies around virtualization, availability, security and simplification to focus on business needs. Customer input and priorities are reviewed to guide IBM i investment themes around solutions for today and the future.
Future of Power: Håndtering af nye teknologier - Kim EscherichIBM Danmark
This document discusses the opportunity for growth and innovation in the Internet of Things (IoT) domain. It defines the key aspects of an instrumented, interconnected and intelligent IoT. Examples are given of IoT innovations and use cases, such as using sensor data to improve bus transportation performance and help retailers track inventory in real time. The challenges of IoT are also addressed, such as how to generate insights from the vast amounts of data.
Future of Power - Lars Mikkelgaard-JensenIBM Danmark
This document is the Global Benchmark Report 2013 authored by Lars Mikkelgaard-Jensen. It discusses topics like Europe's economic stagnation and unemployment rates. It also discusses trends in big data, mobile technology, and social media transforming businesses. The report notes that Linux is planned for the majority of big data workloads and many mission critical applications by 2017. It presents IBM Power systems as an open platform that can support new applications in areas like big data analytics, cognitive computing, and industry solutions while providing choice, flexibility and availability on-premise or through the cloud. The report encourages inspiration and exploring what is possible with Power systems and its OpenPOWER consortium.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Trusted Execution Environment for Decentralized Process MiningLucaBarbaro3
Presentation of the paper "Trusted Execution Environment for Decentralized Process Mining" given during the CAiSE 2024 Conference in Cyprus on June 7, 2024.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
2. Please note:
• IBM’s statements regarding its plans, directions, and intent are
subject to change or withdrawal without notice at IBM’s sole discretion.
• Information regarding potential future products is intended to outline
our general product direction and it should not be relied on in making a purchasing
decision.
• The information mentioned regarding potential future products is not a
commitment, promise, or legal obligation to deliver any material, code or
functionality. Information about potential future products may not be incorporated
into any contract. The development, release, and timing of any future features or
functionality described for our products remains at our sole discretion.
• Performance is based on measurements and projections using standard IBM
benchmarks in a controlled environment. The actual throughput or performance
that any user will experience will vary depending upon many factors, including
considerations such as the amount of multiprogramming in the user's job stream,
the I/O configuration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve results
similar to those stated here. 2
3. Agenda
• X-Force overview
• Highlights from the 2011 IBM X-Force Trend and Risk Report
– New attack activity
– Progress in internet security
– New challenges from mobile and cloud
3
4. X-Force research
X-Force Research
IBMThe missionteam isand
development of the to:
X-Force® research
14B analyzed Web pages & images
40M spam & phishing attacks
54K documented vulnerabilities
13B security events daily
Research and evaluate threat and protection issues
Deliver security protection for today’s security problems Provides Specific Analysis of:
Develop new technology for tomorrow’s security challenges
Educate the media and user communities
• Vulnerabilities & exploits
• Malicious/Unwanted websites
4
6. Key Messages from the 2011 Trend Report
• New Attack Activity
– Rise in Shell Command Injection attacks
– Spikes in SSH Brute Forcing
– Rise in phishing based malware distribution and click fraud
• Progress in Internet Security
– Fewer exploit releases
– Fewer web application vulnerabilities
6
11. MAC malware
• 2011 has seen the most activity in the Mac
malware world.
– Not only in volume compared to previous
years, but also in functionality.
• In 2011, we started seeing Mac malware with
functionalities that we’ve only seen before in
Windows® malware.
11
12. Key Messages from the 2011 Trend Report
• New Attack Activity
–Rise in Shell Command Injection attacks
– Spikes in SSH Brute Forcing
– Rise in phishing based malware distribution and click fraud
• Progress in Internet Security
– Fewer exploit releases
– Fewer web application vulnerabilities
12
13. Public exploit disclosures
• Total number of exploit
releases down to a number
not seen since 2006
– Also down as a
percentage of
vulnerabilities
13
15. Decline in web application vulnerabilities
• In 2011, 41% of security vulnerabilities affected
web applications
– Down from 49% in 2010
– Lowest percentage seen since 2005
15
16. Key Messages from the 2011 Trend Report
• New Attack Activity
–Rise in Shell Command Injection attacks
– Spikes in SSH Brute Forcing
– Rise in phishing based malware distribution and click fraud
• Progress in Internet Security
– Fewer exploit releases
– Fewer web application vulnerabilities
16
17. Mobile OS vulnerabilities & exploits
• Continued interest in Mobile
vulnerabilities as enterprise users
request a “bring your own device”
(BYOD) strategy for the workplace
• Attackers finding these devices
represent lucrative new attack
opportunities
17
18. Social Networking – no longer a fringe pastime
• Attackers finding social networks ripe with valuable informaiton they can mine to build
intelligence about organizations and its staff:
– Scan corporate websites, Google, Google News
– Who works there? What are their titles?
18
18
20. IBM Security Framework
Enterprise Governance, Risk and Compliance Management
IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)
IBM Security Portfolio
IT GRC Analytics & Reporting
QRadar QRadar Log QRadar IBM Privacy, Audit and
SIEM Manager Risk Manager Compliance Assessment Services
Security
Consulting
IT Infrastructure – Operational Security Domains
People Data Applications Infrastructure
Network Endpoint
Identity & Access Guardium AppScan Network Endpoint
Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix)
Managed
Services
Federated Optim DataPower Server and
zSecure suite
Identity Manager Data Masking Security Gateway Virtualization Security
Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security
Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems)
X-Force
Data Security Application and IBM
Managed Firewall,
Identity Assessment, Assessment Service Assessment Service Research
Unified Threat and Penetration
Deployment and
Intrusion Prevention Testing Services
Hosting Services Encryption and AppScan OnDemand Services
DLP Deployment Software as a Service
20
21. Advanced Threats: The sophistication of Cyber threats,
attackers and motives is rapidly escalating
1995 – 2005 2005 – 2015
1 Decade of the Commercial Internet
st
2 Decade of the Commercial Internet
nd
Motive
Nation-state Actors;
National Security Targeted Attacks / Advanced
Persistent Threat
Espionage,
Competitors, Hacktivists
Political Activism
Monetary Gain Organized Crime, using sophisticated tools
Revenge Insiders, using inside information
Curiosity Script-kiddies or hackers using tools, web-based “how-to’s”
Adversary
21
22. IT Security is a board room discussion
Business Brand image Supply chain Legal Impact of Audit risk
results exposure hacktivism
Sony estimates HSBC data Epsilon breach TJX estimates Lulzsec 50-day Zurich
potential $1B breach impacts 100 $150M class hack-at-will Insurance PLc
long term discloses 24K national brands action spree impacts fined £2.275M
impact – private banking settlement in Nintendo, CIA, ($3.8M) for the
$171M / 100 customers release of PBS, UK NHS, loss and
customers* credit / debit UK SOCA, exposure of
card info Sony … 46K customer
records
22
23. QRadar Security Intelligence
Enterprise Governance, Risk and Compliance Management
IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)
IBM Security Portfolio
IT GRC Analytics & Reporting
QRadar QRadar Log QRadar IBM Privacy, Audit and
SIEM Manager Risk Manager Compliance Assessment Services
Security
Consulting
IT Infrastructure – Operational Security Domains
People Data Applications Infrastructure
Network Endpoint
Identity & Access Guardium AppScan Network Endpoint
Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix)
Managed
Services
Federated Optim DataPower Server and
zSecure suite
Identity Manager Data Masking Security Gateway Virtualization Security
Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security
Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems)
X-Force
Data Security Application and IBM
Managed Firewall,
Identity Assessment, Assessment Service Assessment Service Research
Unified Threat and Penetration
Deployment and
Intrusion Prevention Testing Services
Hosting Services Encryption and AppScan OnDemand Services
DLP Deployment Software as a Service
23
24. Solutions for the Full Compliance and Security
Intelligence Timeline
24
27. Fully Integrated Security Intelligence
• Turnkey log management
Log
Management
One Console Security
• SME to Enterprise
• Integrated log, threat, risk & compliance mgmt.
SIEM
• Upgradeable to enterprise SIEM
• Sophisticated event analytics
• Predictive threat modeling & simulation
Risk
Management • Asset profiling and flow analytics
• Scalable configuration monitoring and audit
Network • • Offense management and workflow
Network analytics
Activity &
Anomaly • Advanced threat visualization and impact analysis
Detection
• Behavior and anomaly detection
Network and • Layer 7 application monitoring
Application
Visibility
Built on a Single Data Architecture
• Fully integrated with SIEM
• Content capture
27
28. IBM Security Threat Platform
Enterprise Governance, Risk and Compliance Management
IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)
IBM Security Portfolio
IT GRC Analytics & Reporting
QRadar QRadar Log QRadar IBM Privacy, Audit and
SIEM Manager Risk Manager Compliance Assessment Services
Security
Consulting
IT Infrastructure – Operational Security Domains
People Data Applications Infrastructure
Network Endpoint
Identity & Access Guardium AppScan Network Endpoint
Management Suite Database Security Source/Std. Edition Intrusion Prevention Manager (BigFix)
Managed
Services
Federated Optim DataPower Server and
zSecure suite
Identity Manager Data Masking Security Gateway Virtualization Security
Enterprise Key Lifecycle Security QRadar Anomaly Native Server Security
Single Sign-On Manager Policy Manager Detection / QFlow (RACF, IBM systems)
X-Force
Data Security Application and IBM
Managed Firewall,
Identity Assessment, Assessment Service Assessment Service Research
Unified Threat and Penetration
Deployment and
Intrusion Prevention Testing Services
Hosting Services Encryption and AppScan OnDemand Services
DLP Deployment Software as a Service
28
30. Why Vulnerability-based Research = Preemptive
Security Approach
• Protecting against exploits is reactive
– Too late for many
– Variants undo previous updates
30
31. 31
IBM IPS Zero Day (Vuln/Exploit) Web App Protection
■ IBM IPS Injection Logic Engine has stopped every large scale SQL
injection or XSS attack day-zero.
• Asprox – reported 12/11/2008 – stopped 6/7/2007
New Vulnerability or Exploit Reported Date Ahead of the Threat Since
Nagios expand cross-site scripting 5/1/2011 6/7/2007
Easy Media Script go parameter XSS 5/26/2011 6/7/2007
N-13 News XSS 5/25/2011 6/7/2007
I GiveTest 2.1.0 SQL Injection 6/21/2011 6/7/2007
RG Board SDQL Injection Published: 6/28/2011 6/7/2007
• Lizamoon – reported 3/29/2011 – stopped 6/7/2007
BlogiT PHP Injection 6/28/2011 6/7/2007
IdevSpot SQL Injection (iSupport) 2011-05-23 6/7/2007
2Point Solutions SQL Injection 6/24/2011 6/7/2007
PHPFusion SQL Injection 1/17/2011 6/7/2007
ToursManager PhP Script Blind SQli 2011-07-xx 6/7/2007
Oracle Database SQL Injection 2011-07-xx 6/7/2007
• SONY (published)
LuxCal Web Calendar – reported May/June/2011
7/7/2011 – stopped 6/7/2007
6/7/2007
Apple Web Developer Website SQL 2011-07-xx 6/7/2007
MySQLDriverCS Cross-Param SQLi 6/27/2011 6/7/2007
31
32. Ahead of the Threat
IBM’s Preemptive Approach vs.
Reactive Approach to address Threats
IBM Clients have typically been provided
protection guidance prior to or within 24
hours of a vendor vulnerability disclosure
being announced (89% of the time in 2010)
# of days IBM clients were
provided protection guidance
“Ahead of the Threat”
Source: IBM X-Force
32
32
33. Network Security Product Line up
Product Description
The core of any Intrusion Prevention strategy, IBM
IBM Security Network
Security Network IPS appliances help to protect the
Intrusion Prevention
network infrastructure from a wide range of attacks, up to
System
23 Gbps inspected throughput
Focused on protecting individual assets on the network
IBM Security Endpoint
including servers and desktops from both internal and
Defence
external threats
Virtual Server Protection is integrated with the hypervisor
IBM Security Virtual
and provides visibility into intra-VM network traffic.
Server Protection
Supports ESX 4.1 and 5.0 and 10Gb Ethernet
Centralized management for IBM Security intrusion
IBM Security prevention solutions that provides a single management
SiteProtector System point to control security policy, analysis, alerting and
reporting
33
35. 1 1Q12: Launched IBM Security Network IPS
Powered by X-Force
• Meet signature sharing mandates (i.e. Core Capabilities
Government & Financial Institutions) Unmatched Performance delivering 20Gbps+ of
inspected throughput and 10GbE connectivity
without compromising breadth and depth of
• IBM Hybrid protection security
Evolving protection powered by world renowned
– Using X-Force Protocol Analysis with the X-Force research to stay “ahead of the threat”
ability to write or import custom Snort rules Reduced cost and complexity through
consolidation of point solutions and integrations
with other security tools
Make the move to
IBM Security Network IPS
• IBM Network IPS and Protocol Analysis Modules
(PAM) Core tenant for the Advanced Threat
Protection Platform
Custom Rules
Locked in to Signature-only IPS?
Custom Rules
35
36. 1 Extensible Protection with Protocol Analysis Module
Ahead of the Threat
extensible protection
backed by the power
of X-Force
Client-Side Application Web Application Threat Detection &
Virtual Patch Protection Data Security Application Control
Protection Prevention
What It Does: What It Does: What It Does: What It Does: What It Does: What It Does:
Mitigates vulnerability Protects end users Protects web applications Detects and prevents Monitors, identifies, and Manages control of
exploitation independent against attacks targeting against sophisticated entire classes of threats provides control over unauthorized applications
of a software patch, and applications used every application-level attacks as opposed to a specific unencrypted personally and risks within defined
enables a responsible day such as Microsoft such as SQL Injection, exploit or vulnerability. identifiable information segments of the network,
patch management Office, Adobe PDF, XSS (Cross-site (PII) and other such as ActiveX
process that can be Multimedia files and scripting), PHP file- Why Important: confidential information fingerprinting, Peer To
adhered to without fear of Web browsers. includes, CSRF (Cross- Eliminates need of for data awareness. Also Peer, Instant Messaging,
a breach. site request forgery), and constant signature provides capability to and tunnelling.
Why Important: Directory Traversals. updates. Protection explore data flow through
Why Important: In 2011, vulnerabilities includes the proprietary the network to help Why Important:
At the end of which affect client-side Why Important: technology such as Java determine if any potential Enforces network
2011, 36% of all applications represent Expands security bytecode exploit risks exist. application and service
vulnerabilities disclosed one of the largest capabilities to meet both detection, Flash exploit access based on
during the year had no category of all compliance requirements detection, and Shell Code Why Important: corporate policy and
vendor-supplied patches vulnerability disclosures. and threat evolution. Heuristics (SCH) Flexible and scalable governance.
available to remedy the technology, which has an customized data search
vulnerability. unbeatable track record of criteria; serves as a
protecting against zero complement to data
day vulnerabilities. security strategy.
36
37. 2 2Q12: Launch the X-Force IP Reputation Feed for QRadar
• 2Q12: IBM X-Force powers QRadar with the X-Force IP Reputation Feed
– Providing insight into suspect entities on the internet
• 15+ Billion URLs Monitored and Classified on a continuous basis
• Information about Malicious IPs, Malware hosts, SPAM sources, Dynamic IPs & Anonymous
Proxies
• Enhances QRadar correlation intelligence
37
38. 3 2Q12: Launch QRadar Network Anomaly Detection
Optimized for the Advanced Threat Protection Platform
• QRadar Network Anomaly Detection
SiteProtector as core for command & control
QRadar Network Anomaly Detection for
– An optimized version of QRadar which complements enhanced analytics
SiteProtector QRadar QFlow and VFlow collectors provide
Network Awareness via deep packet
inspection
Integrated policy management & workflows
within SiteProtector facilitate a rapid
• Greater visiblity for SiteProtector/IPS customers response to threat and more proactive
visibility.
• Network flow capture with behavioral analysis AppScan
and anomaly detection provides greater security intelligence: SiteProtector
QRadar NI
QRadar NIPS
Scanner Server
Desktop
– Traffic profiling for added protection from Low and Slow
Visibility Protection
and zero-day threats Suspicious Behavior Proactive Prevention
38
39. Summary
• Fever public vulnerabilities disclosures and exploits in 2011 compared to 2010,
but…
• We see more attack activity, with high profile breaches
39
We leverage numerous intelligence source -- including a database of more than 50,000 computer security vulnerabilities, a global Web crawler and international spam collectors, as well as the real-time monitoring of 13-billion events every day for nearly 4,000 clients in more than 130 countries to stay ahead of these emerging threats for our customers. All of this comes from work done in IBM's nine, global Security Operations Centers.
This chart demonstrates some of the publically recorded breaches that have happened over the course of 2011. In the Mid Year report, which is represented about half way through this chart, IBM XForce decided to declare 2011 the “Year of the security breach”. When you look at this chart, it becomes quite evident why we came to that conclusion. The color of each circle represents the technical means that was used to breach these organizations based on what has been pubically made available. We made a rough estimate of the financial impact of each breach which is represented by the size of the circle. You’ll notice in the latter half of the year, many of the circles are grey which means we don’t know how that particular entity was breached. This leads to an important point. There are a lot of things that motivate organizations to publically disclose that their security has been breached. But usually those things have to do with the privacy of personal information, and often the organizations don’t take the time to disclose the technical problem that was exploited by the attacker. Having access to that information is valuable because it enables other organizations to prioritize the security work they are doing to make sure they address threats that have actually been used against other organizations. Many of these breaches were disclosed with out that information so unfortunately the information is less actionable for security professionals. We’d like to see more of that technical information brought to the forefront when possible. All of these breaches – this activity – has been driving a lot of conversation about computer security in 2011.
Three main themes began to emerge as we were pulling together this 2011 annual report. First, we saw some new attack activity begin to emerge, especially in the latter months of 2011. But also, we saw some improvements in computer security – especially in the area of application security and we’ll dive into that in more detail a bit later in this presentation. Finally, we’ll cover new security challenges that are emerging as organizations look to adopt technologies like cloud and with the proliferation of social media individuals looking to use their personal mobile devices in the enterprise.
Lets start with some of the new attack activity we are seeing. For a long time we have seen a lot of SQL attack activity. This is an attack that targets the database behind a web server. Attackers often engage in this activity in an automated fashion by using bots that scan the internet for looking for websites with SQL injection vulnerabilities. What the attacker attempts to do is hijack the legitimate users who are visiting these sites. The attacker then redirects them unknowingling to malware and exploit tookits that will infect their machines. This is a pretty big problem. 2011 was a banner year for exploiting SQL weaknesses and several high profile and newsworthy episodes of successful SQL injection attacks were made public. The hacktivist groups Anonymous and Lulzsec were major players in SQL injection tactics and continue to hone their skills with new injection attack vectors.
This year, we have seen an uptake in a different kind of web application attack activity and this called Shell Command Injections. Instead of injecting database commands through the web application, attackers inject command line commands that run on the operating system that the web application is running on. You can see in this chart a pretty significant increase in this activity at the end of 2011 – so we are starting to see some automated Shell Command Inject attacks that work largely the same way as the SQL injection attack activity worked but this is a vulnerability that has probably received less focus over that last few years although as a consequence of the increased activity we’ve seen, we think organizations should start paying more attention to it.
We also saw this spike in volume at the end of the year in SSH brute forcing. This is one of the most common types of attacks we see on the internet where people are scanning for computers running SSH and they will try to brute-force user names and passwords on those computers. We’re not sure if this huge spike is an anomaly or if this will continue to be a problem in 2012 but it certainly is alarming and again, if you have SSH running on a computer it is important to be sure you have good passwords because if you don’t those passwords will quickly be automatically compromised.
We also saw another big increase in activity around phishing. In 2008 and 2009 we saw a large amount of phishing activity and we started to get excited in our mid year 2011 report because as you can see here through 2010 there was a relatively small amount of phishing activity and in early 2011 this activity was pretty low as well. It seemed as though the phishing problem has been solved. We still thought there were as many phishing attacks happening in 2010 as there were in 2009 and 2008 but the people sending these emails could not generate as many of them as they used to because if they did, people monitoring for phishing emails would notice them and react by shutting down the server that they were using to collect credentials. So really, the community of people who were working to fight phishing had really made a big dent in 2010. So what happened in the later part of 2011? We’ve seen a new type of phishing-like emails that link to websites which do not necessarily perform a phishing attack. These emails use the good name of a well-known brand – perhaps it looks like it is coming from your bank, or a parcel service you are probably quite familiar with --to click on a malware link or in some cases a link to an otherwise innocuous site such as a retail site. One possible explanation for the latter type of emails might be click-fraud, wherein spammers drive traffic to these sites in exchange for advertising fees. Regardless of the explanation, this nuisance contributed to a large increase in phishing-like emails seen in the later months of the year.
More than in any previous year, 2011 has seen the most activity in the Mac malware world.6 This applies not only to volume, but also in functionality. In 2011, we started seeing Mac malware with functionalities that we’ve only seen before in Windows malware. This may indicate that cyber criminals are now becoming aware of how profitable targeting OS X might be. A couple of note included: MacDefender : What makes MacDefender interesting is that it is the type of malware with a spreading mechanism that has been rampant in the Windows world in the last couple of years. MacDefender belongs to the category of malware called “Rogue Antivirus,” which disguise themselves as legitimate antivirus programs. Once installed, it pretends to scan your system, flagging random files as malicious to make it look like your system is heavily infected. The user interface is professional looking and well made to make it more believable to the user that it is a legitimate app. Register button that will take the user to a website where they can supposedly purchase a license for MacDefender using a credit card. MacDefender displays a message that says to remove the detected malware, you should pay for the licensed version, so a user may feel forced to register. The user’s credit card will then be charged for the amount and on top of that, his credit card number may be used for other purposes as well. Flashback : Flashback disguises itself as a Flash Player installer that can be downloaded when visiting malicious websites, showing a download or install Flash player icon. When installed, Flashback injects code into the application launched by the user. The injected code is responsible for contacting a remote server to download updates or to send data from the infected machine. Flashback also tries to prevent future updates to XProtect by overwriting some relevant files. XProtect is Apple’s built-in basic malware protection system that uses string matching to detect malware. Apple updates XProtect whenever a high-profile Mac malware is discovered. Flashback also tries to thwart analysis by researchers by detecting if it is running on a VMWare virtual machine. Using this detection evasion mechanism is common in Windows malware but this is the first Mac malware we’ve seen that employs this technique. This demonstrates that Mac malware technology is catching up to Windows malware technology. Devilrobber : DevilRobber was discovered inside Mac applications that were illegally shared in BitTorrent, such as GraphicConverter, Flux, CorelPainter, and Pixelmator. DevilRobber is the most sophisticated Mac malware we’ve seen so far and contains several components. It is primarily a backdoor that opens a port in the infected machine to receive commands from a remote attacker but one interesting functionality it has is BitCoin mining, where it installs the BitCoin mining application DiabloMiner to use the computing power of the CPU and GPU (for users with high performance graphics cards) of the infected machine to mine for Bitcoins. It also attempts to steal the Bitcoin wallet if found. DevilRobber also steals the Keychain of the user along with other information from the infected machine and uploads them to a remote FTP server. DevilRobber also has the ability to detect if the infected machine is behind a gateway device, and then enable port-forwarding via UPnP. This enables the attacker to remotely access the infected machine using the port opened by DevilRobber, even if the infected machine is behind a gateway device.
Now we will spend a little time talking about progress we have seen. We are doing a lot of work to make the internet safer, to improve software design – and really, that work is having an impact, and we are seeing it in our statistics.
Another thing that we took note of this year is that there have been few exploits released on the internet that can be used to target publically disclosed vulnerabilities. Typically in the past few years you can see that about 15% of the vulnerabilities that were publically disclosed ended up having exploits released that could be used for malicious intent. This year that number is down to around 11%. This is a big change and we think it is a consequence of the fact that software is getting more resilient to attack. Certain programs have adopted things like sandboxes – so when you exploit a vulnerability its harder to gain control over the surrounding machine – as well as other technologies that are making exploitation more difficult. Over time, we are still see a lot of vulnerabilities get but, but people aren't able to actually leverage them. This is great news and means that computes are getting more secure.
These charts show you particular categories of exploit. You can see that browser exploits are down significantly from where they were a few year ago and that is really importance since a lot of attack activity targets the browser, and the browser environment. We’ve also seen significantly fewer exploits targeting document readers and editors this year – which is also a significant bit of progress. One place were we have yet to see progress is with multimedia players. We saw just as many exploits here this year as we did last year, but we do expect to see some improvements in this area coming in 2012. The fact is, we still see a lot of attack activity out there on the internet, but the software that we use is getting stronger – more secure – and we can see a future were some of this attack activity will be significantly mitigated.
We also saw few web application vulnerabilities in 2011. As I mentioned earlier, the most common type of attack activity we see on the internet targets SQL injection activity. Well, it used to be for the past few years that web application vulnerabilities were about 50% of the vulnerabilities that were being publically disclosed. But this year, that number is down to about 40%. That’s a big change – and again, means that web application developers are getting a bit smarter about how they develop their applications. Maybe they are using tools scan and test for vulnerabilities earlier in the development process, and that will contribute to a safer internet. We still have a lot fo work to do here though! 40% of vulnerabilities disclosed is still a lot of vulnerabilities – and we are seeing the attack types pivoting. We are seeing more Shell Command Attack activity than SQL injection activity because SQL injection is harder to find than it used to be. But the fact is, this is progress – it is moving in the right direction and moving us toward a safer internet.
As I mentioned below, we do continue to create new technologies that we put in our IT environments that create potential new surface areas for attack.
Mobile devices are certainly one of those areas. People want to ‘bring their own device’ into the enterprise and they want to access work through their personal tablet or smart phone – and they want to decide what phone they can use! This is a real IT management challenge. These charts represent vulnerabilities and exploits that have been released that target mobile devices. We saw slightly fewer mobile vulnerabilities this year than we saw last year but it was still a pretty large number. And we saw an increase in the number of exploits that were released on the internet that could be used to target mobile devices. We aren’t seeing that much attack activity – we are still seeing less attack activity that targets the mobile device than traditional desktops however a year ago we were seeing almost no activity of that sort and now it is definitely happening. There have been some significant incidents - in fact a few weeks ago someone reported a 100,000 node botnet that infect mobile devices. That is a significant number of infections – and something to definitely pay attention to – but it is not yet rivaling the scope of the problem targeting traditional desktops.
These guys spend a lot of time researching on Twitter and Facebook and the like in order to try to come up with an organization structure for the organization that they’re targeting. And so that they know who to send these emails to and how to make them compelling. And often they’ll send the email from an account that appears to be an acquaintance or co-worker of the victim.
There is a period of time before every technology is applied for purposes of national security, e.g. the first manned flight by the Wright brothers in 1903 lasted 12 seconds. Within 10 years, the sky became another battlefield no less important than the battlefields on land and sea. What we are witnessing, in many ways, is the weaponization of cyber space for a range of purposes. And we are just seeing the tip of the ice berg. Clearly, there has been an evolution of players (and motives) involve well-funded and resourced actors -- insiders, organized crime, espionage, political activists and nation states which is only matched with an escalation in the high value of the assets being targeted and the sophistication of attack vectors. In many ways, this escalation in the threat is challenging and exposing the weaknesses of the current generation of security controls. Bigger firewalls and better locks are no longer sufficient to protect against sophisticated attacks conducted by nation state level actors. Some statistics: 52% -- Private-sector statistics show that the insider threat is up more than 52% in the past year. $226 Billion -- Economic impact of cyber-attacks on businesses has grown to over $226 billion annually. Source: Congressional Research Service study 158% increase -- Security breaches are on the increase: cyber-attacks have i n creased 158% since 2006, and worldwide cyber-attacks increased 30% over the second half of 2008. Sources: 1US Department of Homeland Security, 2IBM Internet Security Systems X-Force
The X-force approach to protecting against vulnerabilities means IBM solutions can help to stop threats at their source This is a far different approach then reactive measures that “chase” exploits and are negated as soon as an exploit evolves
One of the toughest challenges in security today is keeping pace with the increasing diversity and sheer number of attacks IBM’s preemptive protection approach helps our clients well ahead of major vendor vulnerability disclosures This is far superior to the reactive approach used by many vendors. Our clients are not left unprotected while a reactive measure if developed. In many cases, IBM clients are provided protection guidance before (in many cases 100+ days ahead of time) or within 24 hours of a vendor vulnerability disclosure
Highly accurate stateful inspection algorithms through IBM’s PAM module for resilient protection against network vulnerabilities. Advanced heuristic and deep content analysis engines to protect against advanced threat classes such as browser attacks, data leakage, and web app attacks. The ability to leverage publically available signature sources for known threats. The ability to share custom rules with other security teams to enhance and tune protection for the customer’s network. Helps monitor and control applications in the corporate enterprise to reduce risk of data theft and save money on network bandwidth costs Enables centrally managed protection against known and unknown attacks, included those targeted at web applications Helps protect against targeted and broad based attacks that are designed to evade most security technologies Helps companies meet today’s regulatory compliance requirements, including GLBA, Sarbanes Oxley and PCI-DSS With Firmware 4.4, adds the ability to write or import custom open source signatures and monitor network capacity Many Network IPS Devices only support SNORT – an open source, signature based intrusion detection method with drawbacks SNORT signatures are easy to share, but lack the behavioral intelligence needed for more sophisticated attacks Only IBM Security Network IPS has the leading behavioral-based X-Force Protocol Analysis engine Today IBM announces technology that allows: Customers to dump their SNORT based devices Migrate to IBM’s PAM-based Network IPS Take the customized SNORT rules with them to ease transition Run SNORT in parallel to PAM Hybrid protection using market leading X-Force Protocol Analysis with the ability to write or import custom Snort rules Advanced heuristic and deep content analysis engines provide protection of advanced threats such as browser attacks, data leakage, and malicious web applications designed to evade most security technologies Facilitate adherence to today’s regulatory and compliance mandates, including GLBA, Sarbanes Oxley and PCI-DSS Enables customers to address the changing threat landscape with limited expertise and resources IBM reduces the TCO of IPS by enabling customers easy migration from snort-only alternatives to IBM NIPS Hybrid protection using market leading X-Force Protocol Analysis Users can write or import custom Snort rules Advanced Behavioral Analysis and Deep Content Analysis Engines provide protection from advanced threats such as browser attacks, data leakage, and malicious web applications designed to evade most security technologies Facilitate adherence to today’s regulatory and compliance mandates, including GLBA, Sarbanes Oxley and PCI-DSS IBM Network Protection enables customers to: Dump their SNORT based devices Migrate to IBM’s PAM-based Network IPS Take custom SNORT rules with them
Performs deep packet inspection Performs deep protocol and content analysis Detects protocol and content anomalies Simulates the protocol/content stacks in vulnerable systems Normalizes at each protocol and content layer Provides the ability to add new security functionality within the existing solution