Digitalni imuni sistem Dejan Vukovic - IBM · IBM QRadar® User Behavior Analytics shares Guardium...

IBMSecurityVašdigitalniimunisistem

DejanVukovićSecurityBULeaderSouthEastEuropeIBMSecurity

2 IBM Security

Compliance vs Risk based approach

& o  ZakonoinformacionojbezbednosE,

ZakonotajnosEpodataka,ZakonozasEElicnihpodataka,PropisiizoblasEsupervizijeinformacionihsistemafinansijskihinsEtucija…

o  ISO27001;ISO9001..o  GDPR,NISdirecEve…

3 IBM Security

A healthy immune system is…

Intelligent

Organized

Instantly recognizes an

invader

Efficient

Takes action to block or destroy the

threat

Global Threat Intelligence

Consulting Services | Managed Services

Data access control

Data monitoring

Antivirus Endpoint patching and management

Malware protection

Application security

management

Application scanning

Log, flow and data analysis

Vulnerability assessment

Anomaly detection

Security research

Entitlements and roles Identity management

Privileged identity management

Access management

Firewalls

Incident and threat management

Virtual patching

Sandboxing

Network visibility

Content security

Device management

Transaction protection Fraud protection

Criminal detection

Cloud

Endpoint

Identity and

Access

Applications

Data

Mobile Network

Advanced Fraud

Security Intelligence

trigger

A security immune system is integrated and intelligent…

5 IBM Security

A Global Leader in Enterprise Security

•  #1 in enterprise security software and services*

•  8,000+ employees

•  12,000+ customers

•  133 countries

•  3,500+ security patents

•  20 acquisitions since 2002

*According to Technology Business Research, Inc. (TBR) 2016

6 IBM Security

SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security

MaaS360 Trusteer Mobile

Trusteer Rapport

Trusteer Pinpoint

INFORMATION RISK AND PROTECTION

AppScan

Guardium

Cloud Security

Privileged Identity Manager Identity Governance and Access

Cloud Identity Service Key Manager

zSecure

IBM has the world’s broadest and deepest security portfolio

X-Force Exchange

QRadar Incident Forensics BigFix Network Protection XGS

App Exchange

SECURITY OPERATIONS AND RESPONSE

QRadar Vulnerability / Risk Manager Resilient Incident Response

QRadar User Behavior Analytics

i2 Enterprise Insight Analysis QRadar Advisor with Watson

QRadar SIEM

7 IBM Security

How it works: Four use cases tell the story

The failed compliance audit

The drive-by download

The insider threat The potential for fraud

Every organization faces its own security challenges. The following use cases offer a brief glimpse into how the IBM Security immune system would help identify and respond to those challenges.

8 IBM Security

A case in point: The drive-by download There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example… …of how one such attack might be played out, and the solutions that can break the attack chain in real time. Here’s how it all begins

9 IBM Security

A case in point: The drive-by download There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example of how one such attack might be played out…and the solutions that can break the attack chain in real time.

The break-in An account manager stuck in traffic in a taxi signs on to the company intranet and does a little work. A drive-by download infects his laptop, which has not been updated with the latest patches. IBM BigFix® would allow the company’s security team to discover unmanaged endpoints (like this employee’s laptop) and get real-time visibility into vulnerabilities and endpoints that are noncompliant.

The connection

See the big picture

1 2 3 4 5 6 The expansion

The details in the data

The cutoff

1

10 IBM Security

A case in point: The drive-by download There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example of how one such attack might be played out…and the solutions that can break the attack chain in real time.

The connection By the time the account executive and his unpatched laptop reach the airport, the download has already latched onto the company’s network and infects its internal system as part of a botnet. With IBM Security Network Protection (XGS) the company could gain visibility into network traffic and actively block communication with the botnet’s command and control server, based on intelligence from IBM X-Force® Exchange, as well as zero day exploit traffic…and then send data to IBM QRadar® SIEM for anomaly detection.

The break-in

See the big picture



The cutoff

2

11 IBM Security

A case in point: The drive-by download

The expansion Without those safeguards in place, the company unwittingly lets the attack continue, targeting internal email sent to high-profile employees. At this point, IBM QRadar® SIEM could still help halt the attack by correlating network traffic flows and security events from other security controls—and external intelligence on botnets from IBM X-Force® Exchange—into a list of priority offenses.

There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example of how one such attack might be played out…and the solutions that can break the attack chain in real time.

The break-in

The connection

See the big picture

1 2 3 4 5 6 The details in the data

The cutoff

3

12 IBM Security


The details in the data The attackers soon come within striking distance, gaining the

authorization needed to access company resources. IBM QRadar® Incident Forensics can now reconstruct

abnormal user and database activity from network packet data. Investigators can discover less obvious data

connections and hidden relationships across multiple IDs.


The break-in

The connection

See the big picture


The cutoff

4

13 IBM Security


The cutoff If attackers get far enough in to begin siphoning out company data, the IBM Resilient® Incident Response Platform™ could help the

security team analyze, respond to, resolve and mitigate the incident…taking action to prevent or mitigate damage.


The break-in

The connection

See the big picture



5

14 IBM Security



Trusteer Rapport

Trusteer Pinpoint


AppScan

Guardium

Cloud Security


Cloud Identity Service Key Manager

zSecure


X-Force Exchange


App Exchange





QRadar SIEM

Back to index

15 IBM Security

A case in point: The insider threat Attacks are most likely to come from insiders acting either maliciously or inadvertently. Who are they? Insiders include employees, contractors, business partners or clients who can access your assets. Follow the process

16 IBM Security

A case in point: The insider threat Attacks are most likely to come from insiders acting either maliciously or inadvertently. Who are they? Insiders include employees, contractors, business partners or clients who can access your assets.

Privileged identity management With multiple locations in urban and suburban settings, this company employs part-time workers, short-term contractors, regular employees and several levels of management personnel—all who need access to company systems and data. IBM Security Privileged Identity Manager helps prevent advanced insider threats with a centralized approach to managing access to privileged accounts. Each time sensitive data is accessed, the session is recorded to provide an audit trail. Also, IBM Security Guardium® cross-references that information as it audits user access.

Activity monitoring

Security intelligence and analytics

Identity governance

See the big picture

1 2 3 4 5 1

17 IBM Security


Activity monitoring IBM Security Guardium can also identify suspicious behavior and block illicit data and file access in real time. For example, the system responds when a part-time employee downloads several large files onto a thumb drive. IBM QRadar® User Behavior Analytics shares Guardium data to focus on individual usage patterns to determine if systems or credentials have been compromised. The two programs can continuously exchange data to fine- tune analytics and sharpen identification of anomalous activities.



Identity governance

See the big picture

1 2 3 4 5 2

18 IBM Security


Security intelligence and analytics IBM QRadar® SIEM uses analytics to correlate IBM Privileged Identity Manager credentials with IBM Security Guardium® activities to trigger alerts. And IBM MaaS360® lets the company manage and safeguard its mobile devices, applications and content while maintaining data security and personal privacy.


Activity monitoring

Identity governance

See the big picture

1 2 3 4 5 3

19 IBM Security


Identity governance IBM Security Identity Governance and Intelligence helps IT

managers and auditors govern insider access and helps ensure regulatory compliance across the organization. It does this by

combining intelligence- and business-driven identity governance with end-to-end user lifecycle management. What’s more, it

checks for segregation of duties violations.


Activity monitoring


See the big picture

1 2 3 4 5 4

20 IBM Security


A case in point: The insider threat

X-Force Exchange


App Exchange





QRadar SIEM

Cloud Identity Service


Trusteer Rapport

Trusteer Pinpoint


AppScan

Guardium

Cloud Security


Key Manager

zSecure

Back to index

21 IBM Security

A case in point: The potential for fraud

The very consumer conveniences that help banks stay competitive make them highly vulnerable to cyber attacks and fraud. Where is the risk? ATMs, credit cards, online banking and mobile banking apps. Learn what happens behind the scenes

22 IBM Security

A case in point: The potential for fraud The very consumer conveniences that help banks stay competitive make them highly vulnerable to cyber attacks and fraud. Where is the risk? ATMs, credit cards, online banking and mobile banking apps.

11 Protecting customers from fraud

Exercising necessary caution

See the big picture

Logging in A banking customer wants to move money from one account to another via mobile phone. During the few seconds it takes for her to log in using her online ID and security code, IBM Security Access Manager (ISAM) validates the password, determines her location and identifies the IP address for her device. All this helps determine that the customer is who she says she is.

2 3 4

23 IBM Security


1See the big picture

Protecting customers from fraud Next, IBM Trusteer® solutions help figure out whether she is a true customer or a fraudster by determining whether the device she is using is valid, analyzing her behavior and helping to verify that neither her credentials nor her phone have been compromised. If there are any doubts, Trusteer can restrict functions such as transferring funds behind the scenes—without alerting a potential fraudster.

2 3 4 Logging in

2 Exercising necessary caution

24 IBM Security


1See the big picture

Exercising necessary caution Under certain circumstances, the customers’ actions might be

subjected to additional scrutiny to protect both the bank and herself. For example, for large transfers IBM Security Access

Manager (ISAM) can enforce additional rules such as a second authorization—or prevent the transaction all together.

2 3 4 Logging in Protecting customers

from fraud

3

25 IBM Security


A case in point: The potential for fraud

X-Force Exchange


App Exchange





QRadar SIEM

Cloud Identity Service


Trusteer Rapport

Trusteer Pinpoint


AppScan

Guardium

Cloud Security


Key Manager

zSecure

Back to index

26 IBM Security

A case in point: The failed compliance audit Despite best efforts, a company fails a regulator-led audit. Why? New rules were not embedded in its security compliance environment. See how the story unfolds

27 IBM Security

A case in point: The failed compliance audit Despite best efforts, a company fails a regulator-led audit. Why? New rules were not embedded in its security compliance environment.

1 1 Remediation Ongoing

monitoring Continuous improvement

See the big picture

Gap assessment The failure triggers an automatic security immune system response, which calls upon IBM Security Strategy, Risk and Compliance Services to help evaluate the audit findings and more. Security Framework and Risk Assessment from IBM provides a list of existing gaps, priorities according to business impact, and a set of recommended solutions.

2 3 4 5

28 IBM Security

A case in point: The failed compliance audit

2 2 Gap assessment Ongoing

monitoring Continuous improvement

See the big picture

Despite best efforts, a company fails a regulator-led audit. Why? New rules were not embedded in its security compliance environment.

Remediation Deployment and Migration Services from IBM help the company implement the necessary risk management solutions and align its governance practices. Remediation measures also establish new metrics for better visibility into company controls.

1 3 4 5

29 IBM Security


3 3 Gap assessment Remediation

Ongoing monitoring IBM Automated IT Risk Management Services allow the company to automatically monitor its new metrics. This cost-effective solution helps align multiple aspects of a security program, helping identify control and compliance gaps and facilitating quick resolution.

Continuous improvement

See the big picture


1 4 5 2

30 IBM Security


4 4 Remediation Ongoing

monitoring

Continuous improvement With help from IBM Security Strategy and Planning Services

and IBM Security Architecture and Program Design Services, the company can be assured that key compliance measures will

be continuously monitored, evaluated and approved.

See the big picture

Gap assessment


1 3 5 2

31 IBM Security



Security Framework and Risk Assessment

Deployment and Migration Services

Automated IT Risk Management

Services

Strategy and Planning Services

Architecture and Program Design

Back to index

Digitalni imuni sistem Dejan Vukovic - IBM · IBM QRadar® User Behavior Analytics shares Guardium...

Documents

Transcript of Digitalni imuni sistem Dejan Vukovic - IBM · IBM QRadar® User Behavior Analytics shares Guardium...