3 Steps to Security Intelligence - How to Build a More Secure Enterprise
-
Upload
ibm-security-systems -
Category
Technology
-
view
2.123 -
download
1
description
Transcript of 3 Steps to Security Intelligence - How to Build a More Secure Enterprise
Three Steps to Security IntelligenceHow To Build a More Secure Enterprise
Brendan HanniganGeneral Manager, IBM Security Systems
© 2013 IBM Corporation
2
Evolving Threat Landscape
Evolving CISO Landscape
3
CISO Challenge: Competing priorities
Sorry, no applicants found
ITSecurityJobs.com
83% of
enterprises have difficulty filling security roles
increase in Web application vulnerabilities from 2011 to 2012
14%
Increase in compliance mandates
Common Vulnerabilitiesand Exposures
4
CISO Challenge: Inadequate tools
85 tools from
0 out of 46vendors detected
malware
45 vendors
Source: IBM client example
5
RISK
CISO Challenge: Business pressures
of CISOs are concerned about Cloud and mobile security
of organizations are using at least one cloud platform
70%
75%+
6
stolen from bank accounts in Operation High Roller
of C-level execs say that negligent insiders are their biggest concern
increasein critical
web browser vulnerabilities
59%43%
INTERNAL EXTERNAL PAYOFFS
$78M
CISO Challenge: Evolving Threats
7
Advantage: Attacker
8
1 2 3
InnovationIntelligenceFocus
9
Focus
USERS
ASSETSTRANSACTIONS
10
USERS
60,000 employeesProvisioning took up to 2 weeks
No monitoring of privileged users
Focus on users,not devices
Implement identity intelligence
Pay special attentionto trusted insiders
Privilege Identity Management
Monitoring and same-day
de-provisioningfor 100+ privileged users
Source: IBM client example
11
ASSETS
critical databases
$21MSaved
2,000Secured
in compliance costs
Database Access and Monitoring
Thousands of databases containingHR, ERP, credit card, and other PII
in a world where 98%of breaches hit databases
Discover critical business data
Harden and secure repositories
Monitor and prevent unauthorized access
Source: IBM client example
12
30 Million customers in an industry where$3.4B industry losses from online fraud
85% of breaches go undetected
TRANSACTIONS
Identify most critical transactions
Monitor sessions, access, and devices
Look for anomalies and attacks
Advanced Fraud Protection
Zero instances of fraudon over 1 million customer endpoints
reportedSource: IBM client example
13
Intelligence
ANALYTICS
VISIBILITYINTEGRATION
14
Context, clustering, baselining,machine learning, and heuristics
Identify entire classes of Mutated threats
by analyzing 250+ protocols and file types ANALYTICS
Patternmatching
Don’t rely on signature detection
Use baselines and reputation
Identifyoutliers
15
Reduce 2 Billion logs and events per day
to 25 high priority offenses
Get full coverage,No more blind spots
Reduce and prioritize alerts
Continuousmonitoring
VISIBILITY
Source: IBM client example
16
IDENTITY INTELLIGENC
E
SECURITY INTELLIGENC
E
THREAT INTELLIGENC
E
IntegratedPlatforms
Eliminate silos and point solutions
Build upon a common platform
Share informationbetween controls
Monitor threats across 8 Million subscribers
with an integrated PlatformINTEGRATION
SiloedPoint Products
Source: IBM client example
17
CLOUD
MOBILE
Innovation
18
Cloud-enhanced SecurityAutomated, customizable,
and elastic
Cloud is an opportunity for enhanced security
Traditional SecurityManual
and static
19
Mobility is the opportunity to get security right
Network and Access
Control
FraudProtection
Applicationand DataSecurity
EndpointManagement
20
Intelligence
Integration
Expertise
IBM Security Framework
Professional, Managed,and Cloud Services
21
Advanced Threat ProtectionStaying ahead of sophisticated attacks
Defense Strategy
Break-in1
Latch-on2
Expand3
Gather4
Exfiltrate5
Attack Chain IBM Capabilities and Services
AnalyzeQRadar Security IntelligenceX-Force Threat Intelligence
Remediate Emergency Response Services
DetectNetwork ProtectionInfoSphere GuardiumTrusteer Apex
HardenQRadar Vulnerability ManagerEndpoint ManagerAppScan
22
CISO: Checkmate!
Analytics-powered securityLeaning forward.
Felix Mohan
Bharti Airtel Limited
© 2013 IBM Corporation
24
Align. Make intelligent.
Third-party risk
Advanced attacksRegulatory compliance
Voice to data shiftCompetitive pressure
Disruptive technologies
Automation
Optimization
Culture
Competency
Communication
Intelligence
Aggravators
Concerns
Align. Make
intelligent.
Business-aligned
Analytics-driven
25
Airtel intelligence structure.
Technology Interaction
Information Integration
Analytics
ContextSecurity devices
Network devices
Events
Flows
Contextual assessmentsBetter risk managementPrioritized and actionable intelligence
Broader and deeper vulnerability insightBetter protection from advanced attacks
Quicker response
QFlow and VFlow CollectorVulnerability Manager
Risk Manager
SIEM
QRadar
X-Force external threat feed
Trusteer* (2014) Openpages*, BigInsights* (2015-16)
26
Understand. Prioritize. Act.Advanced threat protection
Risk management
Compliance Resource optimization
Fraud protection
Simulate “what ifs” for risk impactRemediate zero-days and new security threatsMonitor asset profiles & behaviour continuouslyVisualize traffic patterns and connectionsComply with regulatory mandates and policiesPrioritize vulnerability remediationProtect transactionsCarry out advanced incident analysis & forensicsOptimize resources and efforts
We are moving from dousing fires to ensuring they don’t happen in the first place!
Vulnerability scan data
Configuration data
Event data Activity
dataContext
Network topology
#IBMINTERCONNECT
© 2013 IBM Corporation
Thank You
28
10+ demos 5 appliances
• Visit the Security Intelligence area in the Solution Center
• Meet experts from the IBM Security Singapore Lab
• Solution Center Sessions: Enhancing IBM Security solutions with Trusteer fraud detection capabilities
• Technical Session: Dedicated Security track featuring Identity and Access Management, Security Intelligence, Mobile Security, and more
Also, don’t miss customer speakers including YaData and Asian Paints
Don’t miss…
All
Day 1
Day 2
29
DisclaimerPlease Note:
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
30
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.