Implementare i controlli di sicurezza non può prescindere dallo sviluppo di una cultura sulla sicurezza ma necessita anche della adozione di opportune tecnologie a supporto dei controlli stessi. Viaggio nel sistema immunitario che rappresenta i vari controlli che se opportunamente correlati, possono sensibilmente mitigare e spesso annullare la possibilità di essere vittima di un attacco

1. Technologies supporting the
fundamental security controls
Domenico Raguseo
Mary 2017
@domenicoraguseo

2. 2 IBM Security
Disclaimer
Clients are responsible for ensuring their own compliance with various laws and regulations,
including the “IMPLEMENTAZIONE DELLE MISURE MINIME DI SICUREZZA PER LE PUBBLICHE
AMMINISTRAZIONI» . Clients are solely responsibility for obtaining advice of competent legal
counsel as to the identification and interpretation of any relevant laws and regulations that
may affect the clients’ business and any actions the clients may need to take to comply with
such laws and regulations. The products, services, and other capabilities described herein
are not suitable for all client situations and may have restricted availability. IBM does not
provide legal, accounting or auditing advice or represent or warrant that its services or
products will ensure that clients are in compliance with any law or regulation.

3. 3 IBM Security

4. 4 IBM Security
WannaCry patterns
1. Email containing a
malicious attachment is
received
2. Attachment is opened
and a malware is
launched
1. Malware communicates
with outside
2. Malware compromise the
system using a known
vulnerability
3. Ransom is requested in
Bitcoin

5. 5 IBM Security
Security Controls violated during WannaCry
( some or ... at least )
1. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software on Mobile
Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation
5. Malware Defenses
6. Data Recovery Capability
7. Data Protection

6. 6 IBM Security
Preventing risks and Ensuring security of network and
information systems by expanding the value of security solutions
through integration 1. Inventory of Authorized and
Unauthorized Device
2 Inventory of Authorized and
Unauthorized Software
3. Secure Configurations for
Hardware and Software on Mobile
Devices, Laptops, Workstations,
and Servers
4. Continuous Vulnerability
Assessment and Remediation
1. Secure Configurations for
Hardware and Software on
Mobile Devices, Laptops,
Workstations, and Servers
1. Continuous
Vulnerability
Assessment
and Remediation
2. Malware Defence
3. Maintenance,
Monitoring,
and Analysis of Audit
Logs
1. Malware Defence
2. Email and Web Browser
Protections
3. Limitation and Control
of Network Ports,
Protocols, and Services
4. Boundary Defense
1. Data Protection
2. Application Security
1. Controlled Use of
Administrative Privileges
2. Controlled Access
Based on the
Need to Know
Account Monitoring
and Control
Security Skills
Assessment
and Appropriate
Training
to Fill Gaps

7. 7 IBM Security
Applied cognitive technologies
Cognitive
Cognitive
Cognitive
Cognitive
Cognitive
Cognitive
Cognitive
Cognitive

8. 8 IBM Security
Helping customers to protect from advance fraud,
malware, mobile and application attacks
Security Intelligence and Analytics
Portfolio Overview
QRadar SIEM
• Integrated log, threat, compliance management
• Asset profiling and flow analytics
• Offense management and workflow
QRadar Risk Manager
• Predictive threat modeling and simulation
• Scalable configuration monitoring and audit
• Advanced threat and impact analysis
QRadar Log Manager
• Turnkey log management
• Upgradeable to enterprise SIEM
JK2012-04-26
QRadar Vulnerability Manager
Qradar Forensic
QRadar Network Intelligence
• Real-time full packet analysis

9. 9 IBM Security
Security Intelligence – Clear Visibility & Increased Accuracy
Dynamic Threat Environment Requires Clear Visibility &
Increased Accuracy
Taking in data from wide spectrum of feeds + continually adding context
Correlation
Logs/events
Network Flows
Geographic Location
Activity baselining and
anomaly detection
User activity
Database activity
Application activity
Network activity
Security devices
Servers and mainframes
Network and virtual
activity
Data activity
Application activity
Configuration information
Vulnerabilities and threats
Users and identities
Offense identification
Credibility
Severity
Relevance
Suspected
incidents
True
offense
Extensive data sources Deep intelligence
Exceptionally accurate
and actionable insight+ =
Security Intelligence Feeds
Internet Threats, Geo Location, …

10. 10 IBM Security

11. 11 IBM Security
Helping financial institutions to protect customer
transactions from advanced frauds
Advanced Fraud Protection
Portfolio Overview
Trusteer Pinpoint Malware
• 100% accurate clientless detection of active MitB
malware on users’ devices
• Minimum impact on existing infrastructure
Trusteer Pinpoint ATO
• Detect and protect from Account Take Over frauds
• Conclusive criminal access detection by correlating
device fingerprint and account compromise history
• Minimum impact on existing infrastructure
Trusteer Rapport
• Compact software agent that prevents malware
and Phishing attacks
Trusteer Mobile
•Endpoint solutions for detecting malware, jailbreak,
and other mobile risk factors
•Out-of-Band Authentication
JK2012-04-26

12. 12 IBM Security
People
Manage and extend enterprise identity context across
security domains with comprehensive Identity
Intelligence
Portfolio Overview
IBM Security Identity Manager
• Automate the creation, modification, and
termination of users throughout the lifecycle
• Identity control including role management and
auditing
IBM Security Access Manager Family
• Automates sign-on and authentication to enterprise
web applications and services
IBM Security zSecure suite
• User friendly layer over RACF to improve
administration and reporting
• Monitor, audit and report on security events and
exposures on mainframes
Identity Governance
People
JK2012-04-26

13. 13 IBM Security
Data
Enterprise-wide solutions for helping secure the privacy
and integrity of trusted information in your data center
Portfolio Overview
IBM Guardium Data Protection
• Database Activity Monitoring – continuously
monitor and block unauthorized access to
databases
• Privileged User Monitoring – detect or block
malicious or unapproved activity by DBAs,
developers and outsourced personnel
• Database Leak Prevention – help detect and block
leakage in the data center
• Database Vulnerability Assessment – scan
databases to detect vulnerabilities and take action
• Audit and Validate Compliance – simplify SOX,
PCI-DSS, and Data Privacy processes with pre-
configured reports and automated workflows
IBM Guardium Data Encryption
• File, Volume, Database encryption
• Policy Based Access Control
• Key Management
JK2012-04-26

14. 14 IBM Security
Applications
Reducing the cost of developing more secure applications
Portfolio Overview
AppScan Enterprise Edition
• Enterprise-class solution for application security
testing and risk management with governance and
collaboration
• Multi-user solution providing simultaneous security
scanning and centralized reporting
AppScan Standard Edition
• Desktop solution to automate web application
security testing for IT Security, auditors, and
penetration testers
AppScan Source Edition
• Adds source code analysis to AppScan Enterprise
with static application security testing
JK2012-04-26

15. 15 IBM Security
Help guard against sophisticated attacks with insight into
users, content and applications
Infrastructure (Network)
Portfolio Overview
IBM Security
Network Intrusion Prevention (IPS)
• Delivers Advanced Threat Detection and
Prevention to help stop targeted attacks against
high value assets
• Proactively improves protection with IBM Virtual
Patch® technology
• Helps protect web applications from threats such
as SQL Injection and Cross-site Scripting attacks
• Integrated Data Loss Prevention (DLP) monitors
data security risks throughout your network
• Provides Ahead of the Threat® protection backed
by world renowned IBM X-Force Research
IBM Security SiteProtector
• Provides central management of security devices
to control policies, events, analysis and reporting
for your business
JK2012-04-26

16. 16 IBM Security
IBM QRadar
Network
Security
QRadar XGS defends against a full spectrum of attack techniques…
Web App
System and
Service
Traffic-based
User
Risky
Applications
Protocol
Tunneling
RFC Non-
Compliance
Unpatched /
Unpatchable
Vulnerabilities
Code
Injection
Buffer
Overflows
Cross-site
Scripting
SQL
Injection
Cross-site
Request Forgery
Cross-path
Injection
Spear
Phishing
Drive-by
Downloads
Malicious
Attachments
Malware
Links
Obfuscation
Techniques
Protocol
Anomalies
Traffic on Non-
Standard Ports
DoS / DDoS
Information
Leakage
Social
Media
File
Sharing
Remote
Access
Audio / Video
Transmission

17. 17 IBM Security
Manage fleets of servers and endpoints, enforce security
compliance, detect and respond to threats
Servers and endpoints
Portfolio Overview
IBM Bigfix
• Unified client management platform
• Hardware, Software, Configuration inventory
• Software distribution,
• Physical & Virtual Server Deployment
• Remote Control
• Patch Management
• Security Configuration Management
• Vulnerability Assessment
• Security Compliance
• Threat Detection and Response
JK2012-04-26

18. 18 IBM Security
Security and management platform for all mobile assets
Mobile devices
Portfolio Overview
IBM MaaS360
• Deploy, manage and secure devices while
mitigating the risks of lost and compromised
devices
• Separate enterprise and personal data enforcing
compliance with security policies
• Build, test and secure mobile apps before
distributing to end users
• Manage access and fraud
• Gaining insights across the entire security event
timeline
• Effortless scalability to meet your varying needs
JK2012-04-26

19. 19 IBM Security
Empowering protection: Understanding the user even better
Cognitive Fraud Detection
USER
SESSION
DEVICE
• Understands the user and builds
behavioral biometric models
• Evaluates the session to identify
session and transaction anomalies
• Analyzes device activity to
determine when compromised
• Gathers threat intelligence and
adapts protection automatically
Behavioral biometrics

20. 20 IBM Security
Endpoint Detection and Resonse
Solution Description
Endpoint detection and response (EDR) solution to identity and
stop new threats
Detects malicious behavior via deep endpoint visibility and threat
intelligence
Uses BigFix to remediate infections and apply critical fixes /
updates immediately
Reduces the endpoint attack surface by continuous enforcement
and compliance of security, regulatory, ops policies

21. 21 IBM Security
IFA
True Set
Applications
Scan
Findings Vulnerabilities
Fix
Recommendations
Accuracy
Java (20 Apps) 8,831 3,270 206 94%
.NET (15 Apps) 1,930 365 84 93%*
PHP (48 Apps) 7,297 3,592 545 93%
Real World
Applications
Real IBM App (Java) 55,132 14,050 60
Client App (Java) 12,480 1,057 35
IBM Leads in Cognitive with - AppScan in Cloud
Intelligent Finding Analytics (IFA)
• Provides Fix Recommendations that resolve multiple Vulnerabilities
• Fully Automated Review of Scan Findings
• Trained by IBM Security Experts
• Reduces False Positives
• Minimizes “unlikely attack scenarios”
• Patents pending
Reduce 12,480
findings to 35
fixes
Fix Here

22. 22 IBM Security
IBM MaaS360 with Watson offers a new approach.
• Digging through news & blogs randomly
• Manually searching in platform
DISCOVER
• Being alerted with insights & news
• Asking questions, getting answers
• Spending hours learning DEFINE • Getting knowledge served to you
• Fumbling for relevancy & best practices ASSESS
• Gaining instant understanding &
recommendations
• Developing an action plan ACT • Taking immediate action within context
GO FROM TO

23. 23 IBM Security
Incident Analysis
#2 most challenging
area today is optimizing
accuracy alerts (too
many false positives)
#3 most challenging
area due to insufficient
resources is threat
identification, monitoring
and escalating potential
incidents (61% selecting)
Speed gap
The top cybersecurity
challenge today and
tomorrow is reducing
average incident
response and
resolution time
This is despite the fact
that 80% said their
incident response speed
is much faster than two
years ago
Accuracy gapIntelligence gap
#1 most challenging
area due to insufficient
resources is threat
research (65% selecting)
#3 highest cybersecurity
challenge today is
keeping current on new
threats and
vulnerabilities (40%
selecting)
Addressing gaps while managing cost and ROI pressures

24. 24 IBM Security
Security Analyst
I investigate potential threats How and why is this
different from normal
system behavior?
EXTERNAL THREAT RESEARCH
Know Business Industry-Relevant Trends
INTERNAL THREAT RESEARCH
Investigate Potential Network Problems
MONITOR
Alarm Queues and Potential Threats
REPORT
Vulnerabilities and Issues
TUNE
Improve Rules
Informed Consulted Accountabl
e
Responsible
How much will it hurt
our organization?
Do I need to deal
with this now?
Who is this
information from?
Are they trustworthy?

25. 25 IBM Security
Security Analyst
Review your security incidents in
SIEM
Decide which incident
to focus on next
Review the data
(events / flows that
made up that incident)
Expand your search to capture
more data around that incident
Pivot the data multiple ways to
find outliers (such as unusual
domains, IPs, file access)
Review the payload outlying events for
anything interesting (domains, MD5s,
etc)
Search Threat Intel Exchanges + Google + Virus Total +
your favourite tools for these outliers / indicators. Find
new Malware is at play
Get the name of the
Malware
Search more websites for information about IOC (indicators of
compromise) for that Malware
Take these newly found IOCs from the internet
Take these newly found
IOCs from the internet
and search from them
back in SIEM.
Find other internal IPs are
potentially infected with the same
Malware.
Start another investigation
around each of these IPs.

26. 26 IBM Security
GAIN POWERFUL INSIGHTS
REDUCE THE SECURITY SKILLS GAP
SECURITY ANALYST and WATSONSECURITY ANALYST
Revolutionizing how security analysts work
Human
Generated
Security
Knowledge
• Tap into the vast array
of data to uncover new patterns
• Get smarter over time
and build instincts
!!!
Enterprise
Security Analytics
Cognitive techniques to
mimic human intuition
around advanced threats
• Triage threats and make
recommendations with
confidence, at scale and speed

27. 27 IBM Security
Cognitive will significantly reduce threat research and response time
RemediationInvestigation and Impact AssessmentIncident Triage
Manual threat analysis
Remediation
Investigation and
Impact Assessment
Incident
Triage
IBM Watson for Cyber Security assisted threat analysis
Quick and accurate analysis of
security threats, saving precious
time and resources
Days
to
Week
s
Minutes
to
Hours

28. 28 IBM Security
Helps analysts hunt for
threats like never before
Helps analysts hunt for
threats like never before
Correlates local threat information
against billions of nodes
Correlates local threat information
against billions of nodes
Speeds up investigations with
automates analysis
Speeds up investigations with
automates analysis
Fed with millions of security
documents, blogs and more
Fed with millions of security
documents, blogs and more

29. ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2017. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express
or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of,
creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these
materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may
change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and
other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks
or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise.
Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or
product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are
designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective.
IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT
OF ANY PARTY.
FOLLOW US ON:
THANK YOU