Post on 18-Nov-2014
description
Giovanni TodaroIBM Security Systems Leader
IBM Security SystemsSmarter Security per MSP
© 2013 IBM Corporation2
Bring your
own IT
Social business
Cloud e virtualizzazione
1 Miliardo di lavoratori mobile
1.000 miliardi di oggetti collegati
Le tecnologie Innovative stanno cambiando tutto attorno a noi…
© 2013 IBM Corporation3
Attacchi: Motivazioni e raffinatezza sono in rapida evoluzione
Sicurezza
Nazionale
Nazioni – StatiCyberwarStuxnet
Spionaggio,Attivismo
Competitors e HacktivistsAurora
Guadagno
FinaziarioCriminalità OrganizzataZeus
Vendetta,
Curiosità
Insiders and Script-kiddiesCode Red
© 2013 IBM Corporation4
Il mondo sta diventando più digitalizzato ed interconnesso,
aprendo la porta alle minacce emergenti e le perdite di dati…
L'età dei Big Data - l'esplosione di informazioni digitali - è arrivata ed èfacilitata dalla pervasività delle applicazioni accessibili da ovunque
EVERYTHING
IS EVERYWHERE
Con l'avvento di Enterprise 2.0 e di social business, la linea tra le ore di uso personale e professionale, i dispositivi e dei dati è scomparso
CONSUMERIZATION
OF IT
Le organizzazioni continuano a muoversi a nuove piattaforme compresi cloud, virtualizzazione, mobile, social business e molto altro ancora
DATA
EXPLOSION
La velocità e la destrezza degli attacchi è aumentata accoppiata con nuove motivazioni della criminalità informatica
ATTACK
SOPHISTICATION
SECURITY
INTELLIGENCE
MOBILE SECURITY
CLOUD
SECURITY
ADVANCED
THREAT
IBM Security Solutions Focus
© 2013 IBM Corporation5
IBM Vi porta nell’Era della Security Intelligence
13 Miliardidi eventi
di Securitygestiti
giornalmente
1,000 SecurityPatents
9 SecurityOperations
Centers
600 SecuritySales
Professionals
11 Laboratoridi sviluppo
per Soluzionidi Security
IBM Security Solutions
Le organizzazioni hanno bisogno di un nuovo approccio alla sicurezza che sfrutta l'intelligenza per stare al passo con l'innovazione.IBM Security Intelligence guida il cambiamento da una strategia "point-product" ad un framework integrato di sicurezza aziendale:La traduzione dei dati di Security in conoscenze
fruibili:
•Riduce i rischi ed i costi commerciali
•Innovazione con agilità e sicurezza
• Migliora la continuità operativa
© 2013 IBM Corporation6
IBM Security: Fornire l'intelligenza, l'integrazione e le competenze
in un Framework completo
Incrementa la Accuratezza e la consapevolezza nella Security
� Individuare e prevenire minacce avanzate
� Una maggiore visibilità e consapevolezza della
situazione
� Condurre indagini complete sugli incidenti
Semplicità di Gestione
� Semplificare la gestione del rischio e il processo
decisionale
� Migliorare le capacità di controllo e di accesso
Riduzione dei costi e complessità
� Fornire una rapida installazione, un minore TCO
lavorando con un unico partner strategico, con
un ampio portafoglio integrato
Incrementa la Accuratezza e la consapevolezza nella Security
� Individuare e prevenire minacce avanzate
� Una maggiore visibilità e consapevolezza della
situazione
� Condurre indagini complete sugli incidenti
Semplicità di Gestione
� Semplificare la gestione del rischio e il processo
decisionale
� Migliorare le capacità di controllo e di accesso
Riduzione dei costi e complessità
� Fornire una rapida installazione, un minore TCO
lavorando con un unico partner strategico, con
un ampio portafoglio integrato
Intelligence ● Integration ● ExpertiseIntelligence ● Integration ● Expertise
© 2013 IBM Corporation7
La sicurezza è una delle preoccupazioni principali del
cloud, in quanto i clienti drasticamente ripensano il
modo in cui sono state progettate, distribuite e
consumate le risorse IT.
2. Cloud Computing
Fattori chiave che influenzano il business del sw di sicurezza
Sofisticati, attacchi mirati, volti a ottenere l'accesso
continuo alle informazioni critiche, sono in aumento
nella severità e nella ricorrenza.
4. Regulations and Compliance
1. Advanced Threats
Non è più sufficiente proteggere il perimetro - attacchi sofisticati stanno aggirando le difese tradizionali, le risorse IT sono in movimento al di fuori del firewall, e le applicazioni aziendali ed i dati sono sempre più distribuite su diversi dispositivi
Come gestire dispositivi di proprietà dei dipendenti e
garantire connettività alle applicazioni aziendali sono
esigenze da indirizzare per i CIO ampliando il
supporto per dispositivi mobili.
3. Mobile Computing
Advanced Persistent Threats
Stealth Bots Designer Malware
Targeted Attacks Zero-days
EnterpriseCustomers
Le pressioni normative e le conformità continuano ad
aumentare insieme alla necessità di memorizzare i
dati sensibili e le aziende diventano suscettibili ai
fallimenti di audit.
© 2013 IBM Corporation8
La sicurezza è una delle preoccupazioni principali del
cloud, in quanto i clienti drasticamente ripensano il
modo in cui sono state progettate, distribuite e
consumate le risorse IT.
2. Cloud Computing
Sofisticati, attacchi mirati, volti a ottenere l'accesso
continuo alle informazioni critiche, sono in aumento
nella severità e nella ricorrenza.
4. Regulations and Compliance
1. Advanced Threats
Non è più sufficiente proteggere il perimetro - attacchi sofisticati stanno aggirando le difese tradizionali, le risorse IT sono in movimento al di fuori del firewall, e le applicazioni aziendali ed i dati sono sempre più distribuite su diversi dispositivi
Come gestire dispositivi di proprietà dei dipendenti e
garantire connettività alle applicazioni aziendali sono
esigenze da indirizzare per i CIO ampliando il
supporto per dispositivi mobili.
3. Mobile Computing
Advanced Persistent Threats
Stealth Bots Designer Malware
Targeted Attacks Zero-days
EnterpriseCustomers
Le pressioni normative e le conformità continuano ad
aumentare insieme alla necessità di memorizzare i
dati sensibili e le aziende diventano suscettibili ai
fallimenti di audit.
BIG DATA
Fattori chiave che influenzano il business del sw di sicurezza
© 2013 IBM Corporation9
Una migliore protezione contro gli attacchi più sofisticati
On the Network
Across the Enterprise
Across the World
0day Exploit
Malicious PDF
SQL Injection
Brute Force
Botnet Communication
Malicious Insider
Vulnerable ServerMisconfigured
Firewall
Phishing Campaign
Infected Website
Spammer
IBM Advanced Threat Protection
IBM QRadar Security Intelligence
IBM X-Force® Threat Intelligence
© 2013 IBM Corporation10
IBM offre Soluzioni di Security in tutte le aree della Cloud Security
IBM protegge contro i rischi di cloud comuni con un ampio portafoglio di soluzioni
flessibili e di livelli di sicurezza
Protezione contro le minacce, riconquistare visibilità e dimostrare la compliance con il monitoraggio delle attività, il rilevamento delle
anomalie e la Security Intelligence
IBM Security Federated Identity
Manager
IBM Security Key Lifecycle
Manager
© 2013 IBM Corporation11
Mettere in sicurezza il Mobile Enterprise con le soluzioni IBM
© 2013 IBM Corporation12
La strategia IBM per la Data Security
Governance, Security Intelligence, AnalyticsGovernance, Security Intelligence, Analytics
Data Discovery and ClassificationData Discovery and Classification
Policy-based Access and EntitlementsPolicy-based Access and Entitlements
Audit, Reporting, and MonitoringAudit, Reporting, and Monitoring
at Endpoint(workstations, laptops,
mobile,…)
over Network(SQL, HTTP, SSH, FTP,
email,. …)
Stored(Databases, File Servers,
Big Data, Data Warehouses, Application Servers, Cloud/Virtual ..)
Secu
rity
So
luti
on
sS
ecu
rity
So
luti
on
s
IT &
Bu
sin
ess P
rocess
IT &
Bu
sin
ess P
rocess
inte
gra
te
inte
gra
te
• Proteggere i dati in qualsiasi forma, in qualsiasi luogo,
da minacce interne o esterne• Semplificare i processi di Compliance• Ridurre i costi operativi circa la protezione dei dati
DataSecurity
© 2013 IBM Corporation13
PartnerPrograms(3rd party)
PartnerPrograms(3rd party)
Security Ecosystem
Standards
Un Portfolio completo in tutti i domini di sicurezza
© 2013 IBM Corporation14
Temi Chiave…
Standardized IAM and Compliance Management
Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app,
and infrastructure
Secure Cloud, Mobile, Social Interaction
Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and
authentication solutions
Insider Threat and IAM Governance
Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management
IBM Identity and Access Management - Visione e Strategia
© 2013 IBM Corporation15
Temi Chiave…
Reduced Total Cost of Ownership
Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new
preventive capabilities
Enhanced Compliance Management
Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update
frequency, labels for specific
regulations, and product integrations
Dynamic Data Protection
Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and
confidential data
Data Security Vision
Across Multiple
Deployment
Models
QRadar
Integration
© 2013 IBM Corporation16
Temi Chiave…
Coverage for Mobile applications and new threats
Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and
glass box testing
Simplified interface and accelerated ROI
New capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features
Security Intelligence
Integration
Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with
SiteProtector and the QRadar
Security Intelligence Platform
Application Security Vision
© 2013 IBM Corporation17
Temi Chiave…
Security for Mobile Devices
Provide security for and manage traditional endpoints alongside mobile devices such as Apple iOS, Google Android, Symbian, and Microsoft Windows Phone - using a
single platform
Expansion of Security Content
Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices
Security Intelligence Integration
Improved usage of analytics -providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence
Platform
Infrastructure Protection – Endpoint Vision
© 2013 IBM Corporation18
Temi Chiave…
Advanced Threat Protection Platform
Helps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence
Expanded X-Force Threat Intelligence
Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions
Security Intelligence Integration
Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats
Log Manager
SIEMNetwork Activity Monitor
Risk Manager
Vulnerability
Data
Malicious
Websites
Malware
Information
Intrusion Prevention
Content and DataSecurity
Web ApplicationProtection IBM Network
Security
SecurityIntelligencePlatform
Threat Intelligenceand Research
Advanced Threat Protection
Future
FutureNetwork Anomaly Detection
IP Reputation
Application Control
Future
Threat Protection Vision
© 2013 IBM Corporation19
X-Force database – il più esteso catalogo di vulnerabilità
Web filter database – il DB relativo a Siti infetti o malevoli
IP Reputation – botnets, anonymous proxies, bad actors
Application Identification – web application information
Vulnerability Research – le + aggiornate vulnerabilità e protezioni
Security Services – gestiscono IPS più di 3000 Clienti
X-Force Threat Intelligence: The IBM Differentiator
X-Force ThreatIntelligence Cloud
© 2013 IBM Corporation20
Security Intelligence: L'integrazione tra silos IT
Extensive Data SourcesDeep
IntelligenceExceptionally Accurate and
Actionable Insight+ =
JK
2012-0
4-2
6
High Priority Offenses
Event Correlation
Activity Baselining & Anomaly Detection
Offense Identification
Database Activity
Servers & Hosts
User Activity
Vulnerability Info
Configuration Info
Security Devices
Network & Virtual Activity
Application Activity
© 2013 IBM Corporation21
Tutti i domini alimentano la Security Intelligence
Endpoint Management vulnerabilities enrich QRadar’s
vulnerability database
AppScan Enterprise
AppScan vulnerability results feed QRadar SIEM for improved
asset risk assessment
Tivoli Endpoint Manager
Guardium Identity and Access Management
IBM Security NetworkIntrusion Prevention System
Flow data into QRadar turns NIPS
devices into activity sensors
Identity context for all security domains w/ QRadar as the dashboard
Database assets, rule logic and database activity information
Correlate new threats based on X-Force IP reputation feeds
Hundreds of 3rd party information sources
Luigi PerroneIBM SWG - Security Systems & z/OS Security
IBM QradarLa Security Intelligence per la protezione dei Data Center
© 2013 IBM Corporation23
� Qradar overview
� Demo
� Considerazioni finali
Agenda
© 2013 IBM Corporation24
Perché una Security Intelligence ?
• Risposta alle esigenze di auditing
• Automazione e snellimento dei processi di raccolta eventi
• Collezionamento eventi multi-sorgente
• Gestione e archiviazione sicura dei dati di log (conformità alle normative)
• Aggregazione dati e correlazione eventi
• Monitor ed analisi dati per:
- identificazione scoperture/anomalie di sicurezza
- attivazione allarmi
- avvio processi investigativi
- report di conformità
© 2013 IBM Corporation25
Le fasi che riguardano il ciclo di vita degli eventi
© 2013 IBM Corporation26
1 - Un efficiente gestione degli eventi
Forte acquisizione, profonda analisi, elevata reattività
Event Flows Log Event
jflow
sflow
nflow
qflow
syslog
snmp
odbc wmi
ftp/sftpsnare
wincollectjdbc
IDS-IPSFirewallSwitch-Router
• Auto-discovery of log sources
• Auto-discovery of applications
• Auto-discovery of assets
• Auto-grouping of assets
• Centralized log management
VA Scanner
Server DatabaseApplications
• Registrazione in tempo reale
• Facilità di configurazione
• Modalità agent-less
• Integrazione standard di molteplici dispositivi
MONITOR & ASSET DISCOVERY
© 2013 IBM Corporation27
2 - Un potente motore di elaborazione e correlazione
Auto-tuning
Auto-detect threats Thousands of pre-defined rules
Easy-to-use event filtering
Advanced security analytics
ANALYSYS
Un potente motore di correlazione analisi investigativa e reportistica avanzata per l’identificazione di eventi critici e loro immediata risoluzione
© 2013 IBM Corporation28
3 - Allarmi in tempo reale e profondità investigativa• Controllo chiaro e completo di tutte le attività di rete con monitoraggio in
tempo reale
• Avvisi ed individuazione di eventi insoliti rispetto alla condizione di normalità
• Analisi investigativa e reportistica avanzata
• Report di sicurezza standard integrati e di facile personalizzazione
• Thousands of predefined reports
• Asset-based prioritization
• Auto-update of threats
• Auto-response
• Directed remediation
ACTIONS & REPORTS
© 2013 IBM Corporation29
Qradar: le componenti
• Turnkey log management
• Upgradeable to enterprise SIEM
• Sophisticated event analytics
• Asset profiling and flow analytics
• Network analytics
• Behavioral and anomaly detection
• Predictive threat modeling & simulation
• Scalable configuration monitoring & audit
• Event processors
• Network activity processors
• Layer 7 application monitoring
• Content capture
Log Management
SIEM
Network Activity and Anomaly Detection
Risk Management
Scale
Visibility
© 2013 IBM Corporation30
© 2013 IBM Corporation31
Salvatore SollamiIBM Security Systems Technical Sales and Solutions
Next Generation IPS
© 2013 IBM Corporation33
The challenging state of network security
Social media sites present productivity, privacy and security risks including new threat vectors
SOCIAL NETWORKING
Streaming media sites are
consuming large amounts of
bandwidth
STREAMING MEDIA
Point solutions are siloed with
minimal integration or data sharing
POINT SOLUTIONSURL Filtering • IDS / IPS
IM / P2P • Web App Protection Vulnerability Management
Increasingly sophisticated attacks are using multiple attack vectors and increasing risk exposure
SOPHISTICATED ATTACKS
Stealth Bots • Targeted Attacks Worms • Trojans • Designer Malware
© 2013 IBM Corporation34
Network Defense: Traditional solutions not up to today’s challenges
Internet
Firewall/VPN – port
and protocol filtering
Web Gateway – securing
web traffic only, port 80 / 443
Email Gateway – message
and attachment security only
� Threats continue to evolve and standard methods of detection are not enough
� Streaming media sites and Web applications introduce new security challenges
� Basic “Block Only” mode limits innovative use of streaming and new Web apps
� Poorly integrated solutions create “security sprawl”, lower overall levels of security, and raise cost and complexity
Requirement: Multi-faceted Protection
� 0-day threat protection tightly integrated with other technologies i.e. network anomaly detection
� Ability to reduce costs associated with non-business use of applications
� Controls to restrict access to social media sites by a user’s role and business need
� Augment point solutions to reduce overall cost and complexity
Stealth Bots
Worms, Trojans
Targeted Attacks
Designer Malware
Current Limitations
Everything Else
Multi-faceted Network Protection– security for all traffic,
applications and users
© 2013 IBM Corporation35
Block attachments on all outgoing emails and chats
Allow marketing and sales teams to access social networking sites
Advanced inspection of web application traffic destined to my web servers
Allow, but don’t inspect, traffic to financial and medical sites
Block known botnet servers and phishing sites
A more strict security policy is applied to traffic from countries where I do not do business
Client-Side Protection
Network
Awareness
Reputation
Web Protection
Botnet Protection
Web Category Protection
Access Control
Protocol Aware Intrusion
Protection
Web ApplicationsNon-web Applications
The Need to Understand the Who, What, and When
Server
Geography
User or Group
Reputation
Network
172.29.230.15, Bob, Alice 80, 443, 21, webmail, social networks
Who What PolicyTraffic Controls
July
© 2013 IBM Corporation36
Advanced Threat Protection
Platform
Ability to prevent sophisticated
threats and detect abnormal
network behavior by leveraging
an extensible set of network
security capabilities - in
conjunction with real-time threat
information and Security
Intelligence
Expanded X-Force
Threat Intelligence
Increased coverage of world-wide
threat intelligence harvested by
X-Force and the consumption of
this data to make smarter and
more accurate security decisions
across the IBM portfolio
Security Intelligence Integration
Tight integration between the
Advanced Threat Protection
Platform and QRadar Security
Intelligence platform to provide
unique and meaningful ways to
detect, investigate and remediate
threats
Vulnerability Data Malicious Websites Malware Information IP Reputation
Intrusion
Prevention
Content and Data
Security
Web Application
Protection
Network Anomaly
DetectionIBM Network
Security
Threat Intelligenceand Research
Advanced
Threat ProtectionPlatform
Application
Control
The Advanced Threat Protection Platform
Log Manager SIEMNetwork
Activity MonitorRisk Manager
SecurityIntelligence
Platform
Vulnerability Manager
NEW
© 2013 IBM Corporation37
Next Generation Network IPS
© 2013 IBM Corporation38
Understanding who, what, and when
� Immediately discover which applications and
web sites are being
accessed
� Quickly Identify misuse by application, website,
user, and group
� Understand who and what are consuming
bandwidth on the network
� Superior detection of advanced threats through integration with
QRadar for network
anomaly and event details Network flows can be sent to QRadar for enhanced analysis, correlation and anomaly detection
Identity context ties users and groups with their network activity -going beyond IP address only policies
Application context fully classifies network traffic, regardless of port, protocol or evasion techniques
Increase Security Reduce Costs Enable Innovation
© 2013 IBM Corporation39
Ensure appropriate
application and network use
Understand the
Who, What and When for all
network activity
Extensible, 0-Day protection
powered
by X-Force®
Next Gen IPS: IBM Security Network Protection
XGS 5100
PROVEN SECURITY ULTIMATE VISIBILITY COMPLETE CONTROL
IBM Security Network Protection XGS 5100
builds on the proven security of IBM intrusion prevention solutions by delivering the
addition of next generation visibility and control to help balance security and business
requirements
NEW WITH XGS NEW WITH XGS
© 2013 IBM Corporation40
Proven Security: Extensible, 0-Day Protection Powered by X-Force®
IBM Security Network Protection XGS 5000
IBM Security Threat Protection – Backed by X-Force®
– 15 years+ of vulnerability research and development
– Trusted by the world’s largest enterprises and government agencies
– True protocol-aware intrusion prevention, not reliant on signatures
– Specialized engines
• Exploit Payload Detection
• Web Application Protection
• Content and File Inspection
Ability to protect against the threats of today and tomorrow
� Next Generation IPS powered
by X-Force® Research
protects weeks or even months
“ahead of the threat”
� Full protocol, content and
application aware protection
goes beyond signatures
� Expandable protection
modules defend against
emerging threats such as
malicious file attachments and
Web application attacks
© 2013 IBM Corporation41
QRadar Network Anomaly Detection� QRadar Network Anomaly Detection is a
purpose built version of QRadar for IBM’s intrusion prevention portfolio
� The addition of QRadar’s behavioral analytics and real-time correlation helps better detect and prioritize stealthy attacks
� Supplements visibility provided by IBM
Security Network Protection’s Local
Management (LMI)
� Integration with IBM Security Network Protection including the ability to send
network flow data from XGS to QRadar
© 2013 IBM Corporation42
IBM X-Force® ThreatInformation Center
Real-time Security Overvieww/ IP Reputation Correlation
Identity and User Context
Real-time Network Visualizationand Application Statistics
InboundSecurity Events
© 2013 IBM Corporation43
IBM Security Network Protection XGS 5100IBM Security Network Protection XGS 5100
The XGS 5100: The Best Solution for Threat Prevention
Internet
Firewall/VPN – port
and protocol filtering
Web Gateway – securing
web traffic only, port 80 / 443
Email Gateway – message
and attachment security only
Everything Else
Better Network Control
�Natural complement to current Firewall and VPN
�Not rip-and-replace – works with your existing network and security infrastructure
�More flexibility and depth in security and control over users, groups, networks and applications
Better Threat Protection
�True Protocol aware Network IPS
�Higher level of overall security and protection
�More effective against 0-day attacks
�Best of both worlds – true protocol and heuristic-based protection with customized signature support
Stealth Bots
Worms, Trojans
Targeted Attacks
Designer Malware
Proven Security Ultimate Visibility Complete Control