Threats in the digital age cyber security - 2012
-
Upload
meda-conferences -
Category
Technology
-
view
354 -
download
1
description
Transcript of Threats in the digital age cyber security - 2012
Threats in the digital age –Cyber Security
Martin Borrett, Director of the IBM Institute for Advanced Security, Europe
© 2012 IBM Corporation
IBM’s Definition of Cyber Security
Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack
© 2012 IBM Corporation2
organisation and its assets from electronic attack
to minimise the risk of business disruption.
The planet is getting more instrumented, interconnected, and
intelligent creating new Cyber Security challenges
SmartSupply Chains
SmartCountries
SmartRetail
Smart WaterManagement
SmartWeather
SmartEnergy Grids
© 2012 IBM Corporation3
Smart Oil FieldTechnologies
SmartRegions
SmartHealthcare
Smart TrafficSystems
SmartCities
SmartFood Systems
INSTRUMENTED INTERCONNECTED INTELLIGENT
Threats becoming increasingly sophisticated
Recent Cyber Security Attacks Implications
� Given the sophistication of the
attacks, all 5 phases of APT are
relevant from a defence
perspective and offer opportunities
to detect an attack; the earlier an
APT is detected, the better
� Persistence of APT requires
AuroraStuxnet
© 2012 IBM Corporation4
1. Reconnaissance
2. Initial Infection
3. Lateral Expansion
4. Subversion of Mission Critical Assets, Exfiltration of Very Sensitive Data
5. Clean up
Advanced Persistent Threat (APT)Lifecycle
� Persistence of APT requires
continuous monitoring of critical
assets in order to detect deviations
from normal behaviour
� Fine-grained, multi-tier containment
(“defence in depth”) is key; network
boundaries as well as critical
assets within the network have to
be protected
By managing security for customers across the world, IBM has a clear and current picture of threats and attacks
9 Security Research Centres
9 Security Operations
Centres
11 Security Solution Development
Centres++ ++133
Monitored Countries
3 Branches of the Institute for
Advanced Security (“IAS”)
IAS Americas
IAS Europe
© 2012 IBM Corporation5
IBM has the unmatched global and local expertise to deliver complete solutions – and manage the cost and complexity of security
�20,000 devices under contract
�4,000 MSS clients worldwide
�13 billion events managed per day IASAsia Pacific
IBM X-Force
Gathers evidence of threats that affect Internet security to help customers and the public understand the changing nature of the threat landscape and what might be done to mitigate it
� New Attack Activity
– Rise in Shell Command Injection attacks
– Rise in phishing based malware distribution and click fraud
© 2012 IBM Corporation6
– Rise in phishing based malware distribution and click fraud
� Progress in Internet Security
– Fewer exploit releases and web application vulnerabilities
– Better patching
� The Challenge of Mobile and the Cloud
– Mobile exploit disclosures up
– Cloud requires new thinking
– Social Networking no longer fringe pastime
Source: IBM Full Year X-Force 2011 Trend and Risk Report
Use the IBM Cyber Security Lifecycle to detect and respond at a
faster pace than attackers LayersRisk
• Balance threat and response
Service management
• ProcessTechnology
• Security, network, systems
�Understand and baseline the IT and security landscape
© 2012 IBM Corporation7
Maturity
Threat Tempo
Response Tempo
IBM Success Stories
© 2012 IBM Corporation88
IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework
� Only vendor in the market with end-to-end coverage of the security foundation
� 6K+ security engineers and consultants
© 2012 IBM Corporation9
Intelligence ● Integration ● Expertise
� Award-winning X-Force® research
� Largest vulnerability database in the industry
IBM Institute for Advanced Securityhttp://www.instituteforadvancedsecurity.com/
© 2012 IBM Corporation