IBM Internet Security Services · PDF fileIBM Internet Security Services Massimo Nardone ... ...
Transcript of IBM Internet Security Services · PDF fileIBM Internet Security Services Massimo Nardone ... ...
IBM Global Technology Services
© Copyright IBM Corporation 2007
IBM Internet Security Services
Massimo NardoneAdvisory IT Security Architect & Finnish Invention Development Team (FIDT) leaderIBM Global Technology Services, Security & [email protected]
2
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
IBM Global Security Presence
� Over 4700 ICT-security professionals
� 14 Security Operations Centers (SOC)
� 450 security intelligence analysts
� Own security research and development- IBM Security Research
- IBM ISS X-Force
� Physically isolated and protected environments with stand-alone working capabilities for over 60 days
� 24/7/365 operating monitoring and management
� Over 400 million information sources
� Product independent services
� Founding member in several IT-security organisations- CERT/CC
- NIST
- MITRE
- FIRST
IBM Research Division
Established: 1995Employees: 40
Established: 1972Employees: 400
Established: 1982Employees: 200
Established: 1961Employees: 1750
Established: 1998Employees: 60
ZürichBeijing
Austin Delhi
Tokyo
Established: 1955Employees: 300 Established: 1995
Employees: 90
1952San JoseCalifornia
Established: 1986Employees: 500
Almaden Watson
Haifa
3
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
IBM Professional Security Services offerings
� Comprehensive, enterprisewide security consulting services- Assessment
� Penetration testing, application security assessments, information security assessments, peripheralcomponent interconnect (PCI) assessments
- Design
� Policy design, network security architecture design,security workshops
- Deployment and migration
� Deployment and migration for IBM products
- Manage and support
� Emergency response, forensic analysis,staff augmentation
- Education
� Product training, security awareness program
4
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
IBM Information Security Framework
5
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Your environment is changing
New technologies
Evolving business models and value nets
Regulatory compliance mandates growing
Margin pressures
Primary focus: revenue growth
Risks are growing faster than investments for the protection
6
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
The state of evolving threats
7
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
IBM Internet Security Systems X-Force research and development team
� The IBM Internet Security Systems X-Force® R&D team: the world’s leading enterprise security organization research and development team closely observed and recorded new vulnerabilities and the status of varying threats throughout the year. 2006 was a record year on many security fronts. - The core of all IBM Internet Security Systems products
and services
- Focus is on analyzing and researching vulnerabilities to develop preemptive protection technologies
- The IBM ISS X-Force has been cataloguing, analyzing and researching vulnerability disclosures since 1997. The X-Force database is the largest, most authoritative database in the world, with more than 30,000 security vulnerabilities catalogued.
- With 7,247 vulnerabilities disclosed in 2006, total vulnerability count increased nearly 40 percent over the previous year. Since the turn of the millennium, there has been a 261 percent increase in vulnerabilities, an average of 23 percent per annum. This trend is expected to continue throughout 2007.
8
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
� There were a total of 7,247 vulnerabilities in 2006, which represents a 39.5 percent increase over 2005.� June was the busiest month of the year with 696 vulnerabilities.� Week 46 (the week before Thanksgiving) was the busiest week of 2006 for new vulnerabilities.� The most popular day for vulnerability disclosures was Tuesday.� Weekend disclosure of vulnerabilities in 2006 more than doubled that of 2005 to reach 17.6 percent of all
disclosures.� “High impact” vulnerabilities continue to decrease as a percentage of total vulnerabilities in 2006.� 3 percent of vulnerabilities under the Common Vulnerability Scoring System (CVSS) were evaluated as
being “critical impact” vulnerabilities with� a score of 10.� The top three vulnerable vendors in 2006 were Microsoft, Oracle and Apple.� The top 10 vulnerable software vendors accounted for 14 percent of all 2006 vulnerabilities.� 17 percent of the vulnerabilities identified within the top 10 vulnerable vendors’ products were un-patched
at the end of 2006. This contrasts with� 65 percent un-patched for all other vulnerabilities recorded in the year.� 88.4 percent of all 2006 vulnerabilities could be exploited remotely.� Over half (50.6 percent) of 2006 vulnerabilities would allow an attacker to gain access to the host after
successful exploitation.
Vulnerabilities and trends: 2006 End-of-the-Year Highlights
Vulnerabilities:
9
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Per Annum Vulnerability Count: The year-on-year increase in vulnerabilities
10
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Manage – enforce and automate� Protect systems� Manage users� Establish trust and compliance� Manage threats
Manage – enforce and automate� Protect systems� Manage users� Establish trust and compliance� Manage threats
Understand – across the extended enterprise� Assess and identify threats� Identify business impacts� Determine implications of compliance� Evaluate alternatives
Understand – across the extended enterprise� Assess and identify threats� Identify business impacts� Determine implications of compliance� Evaluate alternatives
The IT Security solutions enable organizations to assess, understand,mitigate and manage security risks.
Mitigate – anticipate and plan� Establish and implement governance� Define effective standards, principles and policies� Define integrated management processes and
practices� Establish compliance strategies� Ensure adequate scope of plans� Choose and implement appropriate IT
architecture, technology and organization
Mitigate – anticipate and plan� Establish and implement governance� Define effective standards, principles and policies� Define integrated management processes and
practices� Establish compliance strategies� Ensure adequate scope of plans� Choose and implement appropriate IT
architecture, technology and organization
IBM Internal Use Only
11
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Who is IBM Internet Security Systems?
� Founded 1994, 1400 employees
� Most respected Security Company world wide
� Most respected Security Knowledge world wide (X-Force)
� Pioneer in Vulnerability Assessment
� Pioneer in Intrusion Detection and in IntrusionPrevention
� First and most comprehensive Security Platform
� Protection of Network, Server, Desktop combined withPSS and MSS
� Acquired by IBM on August 23, 2006
Internet Security Systems’ (ISS) preemptive, integrated
product and service security solutions deliver effective
visibility, integrity and protection at all levels of the
enterprise: network, server and desktop.
IBM ISS’ PRODUCTS• Proventia Network Intrusion Prevention System • Proventia Network Multi-Function Security• Proventia Network Anomaly Detection System• Proventia Network Enterprise Scanner• Proventia Web Filter• Proventia Mail Filter• Proventia Server Intrusion Prevention System• Proventia Desktop Endpoint Security• Proventia Management SiteProtector
IBM ISS’ PROFESSIONAL SERVICES• ISS’ Information Security Assessment• ISS’ Penetration Testing• ISS’ Security Awareness Training• ISS’ Application Assessment• ISS’ Policy Development• ISS’ Regulatory Compliance Strategy• ISS’ Technology Implementation Planning• ISS’ Network Architecture Design Services• ISS’ Emergency Response• ISS’ Deployment Consulting• ISS’ Vertical & Regulatory Quickstart Program• ISS’ Staff Augmentation
IBM ISS’ MANAGED SERVICES• ISS’ Managed Protection Services• ISS’ Managed & Monitored Firewall Services• ISS’ Managed IDS & IPS Services.• ISS’ Vulnerability Management Service• ISS’ X-Force Threat Analysis Service
12
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
IBM Internet Security Systems protection platform
Security intelligence,
services and
infrastructure
The world’s leading enterprise security research
and development team
IBM Internet Security Systems security operations centers(infrastructure monitoring and mgmt.)
Among the most advanced and complete security architectures ever developed—delivering preemptive security
13
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Carrier cloud Enterprise
Hosted environment
Local areanetwork(LAN)
Perimeter
Service providernetwork
Web serverMail server
• Intrusion prevention• Firewall• Universal threat
management
• Host protection(server and desktop)
• Layer 4 – 7 protection(content, URL, Web)
• Intrusion prevention• Anomaly detection service• Vulnerability management• Remediation• Compliance and risk
management• Vulnerability protection service
Enhancing security with the IBM Internet Security Systems protection platform
14
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
ISS Value Proposition: IBM Managed Security Services
� Monitoring and Management- FireWall and VPN
- Intrusion Detection
- Intrusion Prevention
- Anti-Virus
� X-Force Security Intelligence
� Vulnerability scanning and analysis
� Vulnerability management
� e-Mail filtering and protection
� Web filtering and protection
� Virtual Security Operations Center
15
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Global Managed Service Savings Report
5-30%24.4%Secure E-mail / Message Management
5-30%16.7%Anti-Virus Management
5-30%13.4%Security Incident Management
5-30%10.3%Vulnerability Scanning
5-30%17.1%Managed Intrusion Detection
5-30%15.8%Managed Firewall
Span of Savings
Average SavingsSecurity
������������� ��������������������������������������������������������������������
Cost savings thru Managed Security Services
16
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
The Next Generation of Managed Security Services (MSS)
17
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Managed Security Services� Outsourcing the most
complicated IT security operations
� Keeping the control of own environment
� Enhancing the capabilites of current IT security environment
� Managing security thru business operations requirements
� Pro-active operations and fast adaptability for new situations
� Strong change management process
� Flexible reporting for both technical and management purposes
DA
TA W
AR
EH
OU
SE
INTE
LLIGE
NC
E A
ND
AN
ALY
SIS
Vulnerability Scanning
Anti-Virus
Vulnerability Assessment
Health Checking
Intrusion Detection
Incident Management
Vulnerability Advisories
Normalization, summarization and correlation
IP Profiler
Attack Classification
Attack Epidemiology
Data Visualization
Dashboard
Vulnerability Scanning
Intrusion Detection and Protection
SIA / ISA
Zurich Clustering Engine
Data feeds are added with analytical information
Data is used to answer business risk management questionsRaw data is collected
from information sources
18
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Vulnerability Scanning
� Scans devices on automated basis for proactive vulnerability discovery and correlation
� Checks services running on a system and any vulnerabilities that may be present
� Correlates against customer specific compliance and IBM vulnerability database
� Comprehensive reporting
� Possibility to use one-time or annual scans
� Expandable to vulnerability management and/or professional ethical hacking service
19
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Schedule automated scans to
identify OS's, applications, and their respective vulnerabilities.
X-Force® Threat Analysis and Vulnerability Management Services
Scan results dynamically
reconfigure the customer's XFTAS
alerting preferences, providing real-time
alert notifications for actionable
vulnerabilities.
Remediation workflow mgmt. features of the VMS service allow for generation of tickets for vulnerable assets
with powerful grouping and prioritization
capabilities.
Validated remediation
tasks have been completed byre-scanning of
vulnerable assets.
Vulnerability Management
20
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Intrusion Detection and Prevention
� Monitors attacks directed against and/or via the customer
� Prevents attacks (Prevention)
� Delivers clear security reports designed to enable business decisions on security defenses
� Monitors intrusions 24x7x365 within the IBM Security Operations Centers
� Attack visualization
� Fast reaction times and SLA
� Support for existing components
21
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
ISS provides the ability to manage,
monitor, or view all of the customer's firewall, IDS and
IPS devices.
Security Event & Log Management Services & Managed Intrusion Detection/Prevention Services or Managed Firewall Services
Provide customers with a consolidated security view and
full reporting capabilities.
Customers can access secure
log/event archival of all aggregated
security events for up to 7 years.
Customer can leverage combined
trouble ticketing capabilities to track
issue resolution transparently
across managed and unmanaged
devices.
IDS/IPS log management service
22
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Scan network to detect vulnerabilities.
Use the Virtual-SOC portal to request application of patch
updates to protect entire network or individual servers.
Managed Protection Services with Vulnerability Management Services
Upon receipt of the patch request, an ISS SOC analyst will
implement an IPS rule, if applicable; to block access to the specific
vulnerability and apply protection for the system until it is patched.
Virtual Patching techonology (IPS)
23
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Security Intelligence and Profiling� Delivers daily threat report generated
from intelligence gathering, vendor and security web sites
� Compiles monthly Security Threats and Attack Trends report
� Web portal with catalog of analyzed threats with customer preferred options
� Critical alerts 24/7 on high-risk threats via personal contacting methods
� Technical analysis and consulting of high-risk threats
� Security advisories outlining vulnerabilities and solutions
� Analysis of unreliable network sources and destinations
24
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
The Next Generation of MSSIBM offers a Virtual-SOC (Security Operations Center) for the customers
� Open vendor architecture
� Consolidated security view
� Powerful query and reporting
� Automated analyses
� Unlimited log archive
� Ganular permissions system
� Guaranteed availability
� Intergrated ticketing and workflow
� Integrated security intelligence
25
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
What is a Virtual-SOC and what does it do?� Virtual-SOC is the engine enabling Managed Security Services and the delivery of
Protection on-Demand by combining advanced analysis and correlation capabilities, artificial intelligence, industryleading security expertise, and a high impact Web-based management portal in a single unified system.
� Virtual-SOC allows you to- optimize resources and reduce complexity
- enforce security policy
- improve overall security posture
� Virtual-SOC offers- Tangible platform for Protection On-Demand (PoD)
- Brings all security data together, managed and unmanaged
- MSS offerings can be activated when, where and how they are needed
- Delivers customers a decade of best practices and expertise
- Blends tickets, logs, and workflow from the SOC and the customer
26
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
IBM Internet Security Systems: Virtual-SOC
27
IBM Global Technology Services
© Copyright IBM Corporation 2007
� IBM Corporation
Thank you.
���������