Digitalni imuni sistem Dejan Vukovic - IBM · IBM QRadar® User Behavior Analytics shares Guardium...
Transcript of Digitalni imuni sistem Dejan Vukovic - IBM · IBM QRadar® User Behavior Analytics shares Guardium...
IBMSecurityVašdigitalniimunisistem
DejanVukovićSecurityBULeaderSouthEastEuropeIBMSecurity
2 IBM Security
Compliance vs Risk based approach
& o ZakonoinformacionojbezbednosE,
ZakonotajnosEpodataka,ZakonozasEElicnihpodataka,PropisiizoblasEsupervizijeinformacionihsistemafinansijskihinsEtucija…
o ISO27001;ISO9001..o GDPR,NISdirecEve…
3 IBM Security
A healthy immune system is…
Intelligent
Organized
Instantly recognizes an
invader
Efficient
Takes action to block or destroy the
threat
Global Threat Intelligence
Consulting Services | Managed Services
Data access control
Data monitoring
Antivirus Endpoint patching and management
Malware protection
Application security
management
Application scanning
Log, flow and data analysis
Vulnerability assessment
Anomaly detection
Security research
Entitlements and roles Identity management
Privileged identity management
Access management
Firewalls
Incident and threat management
Virtual patching
Sandboxing
Network visibility
Content security
Device management
Transaction protection Fraud protection
Criminal detection
Cloud
Endpoint
Identity and
Access
Applications
Data
Mobile Network
Advanced Fraud
Security Intelligence
trigger
A security immune system is integrated and intelligent…
5 IBM Security
A Global Leader in Enterprise Security
• #1 in enterprise security software and services*
• 8,000+ employees
• 12,000+ customers
• 133 countries
• 3,500+ security patents
• 20 acquisitions since 2002
*According to Technology Business Research, Inc. (TBR) 2016
6 IBM Security
SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security
MaaS360 Trusteer Mobile
Trusteer Rapport
Trusteer Pinpoint
INFORMATION RISK AND PROTECTION
AppScan
Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access
Cloud Identity Service Key Manager
zSecure
IBM has the world’s broadest and deepest security portfolio
X-Force Exchange
QRadar Incident Forensics BigFix Network Protection XGS
App Exchange
SECURITY OPERATIONS AND RESPONSE
QRadar Vulnerability / Risk Manager Resilient Incident Response
QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
7 IBM Security
How it works: Four use cases tell the story
The failed compliance audit
The drive-by download
The insider threat The potential for fraud
Every organization faces its own security challenges. The following use cases offer a brief glimpse into how the IBM Security immune system would help identify and respond to those challenges.
8 IBM Security
A case in point: The drive-by download There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example… …of how one such attack might be played out, and the solutions that can break the attack chain in real time. Here’s how it all begins
9 IBM Security
A case in point: The drive-by download There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example of how one such attack might be played out…and the solutions that can break the attack chain in real time.
The break-in An account manager stuck in traffic in a taxi signs on to the company intranet and does a little work. A drive-by download infects his laptop, which has not been updated with the latest patches. IBM BigFix® would allow the company’s security team to discover unmanaged endpoints (like this employee’s laptop) and get real-time visibility into vulnerabilities and endpoints that are noncompliant.
The connection
See the big picture
1 2 3 4 5 6 The expansion
The details in the data
The cutoff
1
10 IBM Security
A case in point: The drive-by download There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example of how one such attack might be played out…and the solutions that can break the attack chain in real time.
The connection By the time the account executive and his unpatched laptop reach the airport, the download has already latched onto the company’s network and infects its internal system as part of a botnet. With IBM Security Network Protection (XGS) the company could gain visibility into network traffic and actively block communication with the botnet’s command and control server, based on intelligence from IBM X-Force® Exchange, as well as zero day exploit traffic…and then send data to IBM QRadar® SIEM for anomaly detection.
The break-in
See the big picture
1 2 3 4 5 6 The expansion
The details in the data
The cutoff
2
11 IBM Security
A case in point: The drive-by download
The expansion Without those safeguards in place, the company unwittingly lets the attack continue, targeting internal email sent to high-profile employees. At this point, IBM QRadar® SIEM could still help halt the attack by correlating network traffic flows and security events from other security controls—and external intelligence on botnets from IBM X-Force® Exchange—into a list of priority offenses.
There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example of how one such attack might be played out…and the solutions that can break the attack chain in real time.
The break-in
The connection
See the big picture
1 2 3 4 5 6 The details in the data
The cutoff
3
12 IBM Security
A case in point: The drive-by download
The details in the data The attackers soon come within striking distance, gaining the
authorization needed to access company resources. IBM QRadar® Incident Forensics can now reconstruct
abnormal user and database activity from network packet data. Investigators can discover less obvious data
connections and hidden relationships across multiple IDs.
There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example of how one such attack might be played out…and the solutions that can break the attack chain in real time.
The break-in
The connection
See the big picture
1 2 3 4 5 6 The expansion
The cutoff
4
13 IBM Security
A case in point: The drive-by download
The cutoff If attackers get far enough in to begin siphoning out company data, the IBM Resilient® Incident Response Platform™ could help the
security team analyze, respond to, resolve and mitigate the incident…taking action to prevent or mitigate damage.
There are countless ways in which determined hackers might go about stealthily breaking into systems. Here is an example of how one such attack might be played out…and the solutions that can break the attack chain in real time.
The break-in
The connection
See the big picture
1 2 3 4 5 6 The expansion
The details in the data
5
14 IBM Security
SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security
MaaS360 Trusteer Mobile
Trusteer Rapport
Trusteer Pinpoint
INFORMATION RISK AND PROTECTION
AppScan
Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access
Cloud Identity Service Key Manager
zSecure
A case in point: The drive-by download
X-Force Exchange
QRadar Incident Forensics BigFix Network Protection XGS
App Exchange
SECURITY OPERATIONS AND RESPONSE
QRadar Vulnerability / Risk Manager Resilient Incident Response
QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
Back to index
15 IBM Security
A case in point: The insider threat Attacks are most likely to come from insiders acting either maliciously or inadvertently. Who are they? Insiders include employees, contractors, business partners or clients who can access your assets. Follow the process
16 IBM Security
A case in point: The insider threat Attacks are most likely to come from insiders acting either maliciously or inadvertently. Who are they? Insiders include employees, contractors, business partners or clients who can access your assets.
Privileged identity management With multiple locations in urban and suburban settings, this company employs part-time workers, short-term contractors, regular employees and several levels of management personnel—all who need access to company systems and data. IBM Security Privileged Identity Manager helps prevent advanced insider threats with a centralized approach to managing access to privileged accounts. Each time sensitive data is accessed, the session is recorded to provide an audit trail. Also, IBM Security Guardium® cross-references that information as it audits user access.
Activity monitoring
Security intelligence and analytics
Identity governance
See the big picture
1 2 3 4 5 1
17 IBM Security
A case in point: The insider threat Attacks are most likely to come from insiders acting either maliciously or inadvertently. Who are they? Insiders include employees, contractors, business partners or clients who can access your assets.
Activity monitoring IBM Security Guardium can also identify suspicious behavior and block illicit data and file access in real time. For example, the system responds when a part-time employee downloads several large files onto a thumb drive. IBM QRadar® User Behavior Analytics shares Guardium data to focus on individual usage patterns to determine if systems or credentials have been compromised. The two programs can continuously exchange data to fine- tune analytics and sharpen identification of anomalous activities.
Privileged identity management
Security intelligence and analytics
Identity governance
See the big picture
1 2 3 4 5 2
18 IBM Security
A case in point: The insider threat Attacks are most likely to come from insiders acting either maliciously or inadvertently. Who are they? Insiders include employees, contractors, business partners or clients who can access your assets.
Security intelligence and analytics IBM QRadar® SIEM uses analytics to correlate IBM Privileged Identity Manager credentials with IBM Security Guardium® activities to trigger alerts. And IBM MaaS360® lets the company manage and safeguard its mobile devices, applications and content while maintaining data security and personal privacy.
Privileged identity management
Activity monitoring
Identity governance
See the big picture
1 2 3 4 5 3
19 IBM Security
A case in point: The insider threat Attacks are most likely to come from insiders acting either maliciously or inadvertently. Who are they? Insiders include employees, contractors, business partners or clients who can access your assets.
Identity governance IBM Security Identity Governance and Intelligence helps IT
managers and auditors govern insider access and helps ensure regulatory compliance across the organization. It does this by
combining intelligence- and business-driven identity governance with end-to-end user lifecycle management. What’s more, it
checks for segregation of duties violations.
Privileged identity management
Activity monitoring
Security intelligence and analytics
See the big picture
1 2 3 4 5 4
20 IBM Security
SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security
A case in point: The insider threat
X-Force Exchange
QRadar Incident Forensics BigFix Network Protection XGS
App Exchange
SECURITY OPERATIONS AND RESPONSE
QRadar Vulnerability / Risk Manager Resilient Incident Response
QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
Cloud Identity Service
MaaS360 Trusteer Mobile
Trusteer Rapport
Trusteer Pinpoint
INFORMATION RISK AND PROTECTION
AppScan
Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access
Key Manager
zSecure
Back to index
21 IBM Security
A case in point: The potential for fraud
The very consumer conveniences that help banks stay competitive make them highly vulnerable to cyber attacks and fraud. Where is the risk? ATMs, credit cards, online banking and mobile banking apps. Learn what happens behind the scenes
22 IBM Security
A case in point: The potential for fraud The very consumer conveniences that help banks stay competitive make them highly vulnerable to cyber attacks and fraud. Where is the risk? ATMs, credit cards, online banking and mobile banking apps.
11 Protecting customers from fraud
Exercising necessary caution
See the big picture
Logging in A banking customer wants to move money from one account to another via mobile phone. During the few seconds it takes for her to log in using her online ID and security code, IBM Security Access Manager (ISAM) validates the password, determines her location and identifies the IP address for her device. All this helps determine that the customer is who she says she is.
2 3 4
23 IBM Security
A case in point: The potential for fraud The very consumer conveniences that help banks stay competitive make them highly vulnerable to cyber attacks and fraud. Where is the risk? ATMs, credit cards, online banking and mobile banking apps.
1See the big picture
Protecting customers from fraud Next, IBM Trusteer® solutions help figure out whether she is a true customer or a fraudster by determining whether the device she is using is valid, analyzing her behavior and helping to verify that neither her credentials nor her phone have been compromised. If there are any doubts, Trusteer can restrict functions such as transferring funds behind the scenes—without alerting a potential fraudster.
2 3 4 Logging in
2 Exercising necessary caution
24 IBM Security
A case in point: The potential for fraud The very consumer conveniences that help banks stay competitive make them highly vulnerable to cyber attacks and fraud. Where is the risk? ATMs, credit cards, online banking and mobile banking apps.
1See the big picture
Exercising necessary caution Under certain circumstances, the customers’ actions might be
subjected to additional scrutiny to protect both the bank and herself. For example, for large transfers IBM Security Access
Manager (ISAM) can enforce additional rules such as a second authorization—or prevent the transaction all together.
2 3 4 Logging in Protecting customers
from fraud
3
25 IBM Security
SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security
A case in point: The potential for fraud
X-Force Exchange
QRadar Incident Forensics BigFix Network Protection XGS
App Exchange
SECURITY OPERATIONS AND RESPONSE
QRadar Vulnerability / Risk Manager Resilient Incident Response
QRadar User Behavior Analytics
i2 Enterprise Insight Analysis QRadar Advisor with Watson
QRadar SIEM
Cloud Identity Service
MaaS360 Trusteer Mobile
Trusteer Rapport
Trusteer Pinpoint
INFORMATION RISK AND PROTECTION
AppScan
Guardium
Cloud Security
Privileged Identity Manager Identity Governance and Access
Key Manager
zSecure
Back to index
26 IBM Security
A case in point: The failed compliance audit Despite best efforts, a company fails a regulator-led audit. Why? New rules were not embedded in its security compliance environment. See how the story unfolds
27 IBM Security
A case in point: The failed compliance audit Despite best efforts, a company fails a regulator-led audit. Why? New rules were not embedded in its security compliance environment.
1 1 Remediation Ongoing
monitoring Continuous improvement
See the big picture
Gap assessment The failure triggers an automatic security immune system response, which calls upon IBM Security Strategy, Risk and Compliance Services to help evaluate the audit findings and more. Security Framework and Risk Assessment from IBM provides a list of existing gaps, priorities according to business impact, and a set of recommended solutions.
2 3 4 5
28 IBM Security
A case in point: The failed compliance audit
2 2 Gap assessment Ongoing
monitoring Continuous improvement
See the big picture
Despite best efforts, a company fails a regulator-led audit. Why? New rules were not embedded in its security compliance environment.
Remediation Deployment and Migration Services from IBM help the company implement the necessary risk management solutions and align its governance practices. Remediation measures also establish new metrics for better visibility into company controls.
1 3 4 5
29 IBM Security
A case in point: The failed compliance audit
3 3 Gap assessment Remediation
Ongoing monitoring IBM Automated IT Risk Management Services allow the company to automatically monitor its new metrics. This cost-effective solution helps align multiple aspects of a security program, helping identify control and compliance gaps and facilitating quick resolution.
Continuous improvement
See the big picture
Despite best efforts, a company fails a regulator-led audit. Why? New rules were not embedded in its security compliance environment.
1 4 5 2
30 IBM Security
A case in point: The failed compliance audit
4 4 Remediation Ongoing
monitoring
Continuous improvement With help from IBM Security Strategy and Planning Services
and IBM Security Architecture and Program Design Services, the company can be assured that key compliance measures will
be continuously monitored, evaluated and approved.
See the big picture
Gap assessment
Despite best efforts, a company fails a regulator-led audit. Why? New rules were not embedded in its security compliance environment.
1 3 5 2
31 IBM Security
A case in point: The failed compliance audit
SECURITY TRANSFORMATION SERVICES Management consulting | Systems integration | Managed security
Security Framework and Risk Assessment
Deployment and Migration Services
Automated IT Risk Management
Services
Strategy and Planning Services
Architecture and Program Design
Back to index