2b potpuna zastita sa ibm resenjima dusan milidrag

© 2012 IBM Corporation

IBM Security Systems

1© 2012 IBM Corporation

Potpuna zaštita sa IBM rešenjima

Dušan MilidragSecurity Systems SEE [email protected]



2

Solving a security issue is a complex, four-dimensional puzzle

People

Data

Applications

Infrastructure

Employees Hackers Outsourcers Suppliers

Systems applications

Web applications Web 2.0 Mobile apps

Structured Unstructured At rest In motion

Consultants Terrorists Customers

JK 2012-04-26



3

Motivation and sophistication is evolving rapidly

Adversary

Espionage,Political Activism

Monetary Gain

Revenge

Curiosity

National Security

1995 – 20051st Decade of the

Commercial Internet

2005 – 20152nd Decade of the

Commercial InternetMotive

Script-kiddies or hackers

Insiders, using inside information

Organized criminals with sophisticated tools

Competitors, hacktivists

Nation-state actors

JK 2012-04-26



4

IT Security is a board room discussion

Business results

Sony estimates potential $1B long term impact –$171M / 100 customers*

Supply chain

Epsilon breach impacts 100 national brands

Legal exposure

TJX estimates $150M class action settlement in release of credit / debit card info

Impact of hacktivism

Lulzsec 50-day hack-at-will spree impacts Nintendo, CIA, PBS, UK NHS, UK SOCA, Sony …

Audit risk

Zurich Insurance PLcfined £2.275M ($3.8M) for the loss and exposure of 46K customer records

Brand image

HSBC data breach discloses 24K private banking customers

*Sources for all breaches shown in speaker notes

JK 2012-04-26



5

JK 2012-04-26

IBM Security: Delivering intelligence, integration and expertiseacross a comprehensive framework

Intelligence ● Integration ● Expertise

� End-to-end coverage of the security foundation

� 6K+ security engineers and consultants

� Award-winning X-Force®

research

� Large vulnerability database

IBM Security



6

JK 2012-04-26

Source: IBM X-Force® 2011 Trend and Risk Report

Total Visibility : Product Portfolio, Services and Research

Security Systems portfolio



7

Expertise : Global coverage and security awareness

� 20,000+ devices under contract

� 3,700+ MSS clients worldwide

� 13B+ events managed per day

� 1,000+ security patents� 133 monitored countries (MSS)

� 20,000+ devices under contract

� 3,700+ MSS clients worldwide

� 13B+ events managed per day

� 1,000+ security patents� 133 monitored countries (MSS)

World Wide Managed Security Services Coverage

Security Operations Centers

Security Research Centers

Security Solution Development Centers

Institute for Advanced Security Branches

IBM Research14B analyzed Web pages & images

40M spam & phishing attacks

54K documented vulnerabilities

Billions of intrusion attempts daily

Millions of unique malware samples

JK 2012-04-26



8

� Customize protection to block specific vulnerabilities using scan results

� Converge access management with web service gateways

� Link identity information with database security

� Stay ahead of the changing threat landscape

� Detect the latest vulnerabilities, exploits and malware

� Add security intelligence to non-intelligent systems

� Consolidate and correlate siloed information from hundreds of sources

� Detect, notify and respond to threats missed by other security solutions

� Automate compliance tasks and assess risks

Integration : Increased security, collapsed silos, reduced complexityJK

2012-04-26



99

IBM Security Systems Portfolio



10

People

Manage and extend enterprise identity context acros s security domains with comprehensive Identity Intell igence

Portfolio Overview

IBM Security Identity Manager *• Automate the creation, modification, and

termination of users throughout the lifecycle

• Identity control including role management and auditing

IBM Security Access Manager Family *• Automates sign-on and authentication to enterprise

web applications and services • Entitlement management for fine-grained access

enforcement

IBM Security zSecure suite *• User friendly layer over RACF to improve

administration and reporting

• Monitor, audit and report on security events and exposures on mainframes

People

* Solution package purchase options available

JK 2012-04-26



11

Data

Enterprise-wide solutions for helping secure the pr ivacy and integrity of trusted information in your data c enter

Portfolio Overview

IBM InfoSphere Guardium Product Family•Database Activity Monitoring – continuously monitor and block unauthorized access to databases

•Privileged User Monitoring – detect or block malicious or unapproved activity by DBAs, developers and outsourced personnel

•Database Leak Prevention – help detect and block leakage in the data center

•Database Vulnerability Assessment – scan databases to detect vulnerabilities and take action

•Audit and Validate Compliance – simplify SOX, PCI-DSS, and Data Privacy processes with pre-configured reports and automated workflows

IBM Security Key Lifecycle Manager

•Centralize and automate the encryption key management process

•Simplify administration with an intuitive user interface for configuration and management JK

2012-04-26



12

Applications

Reducing the cost of developing more secure applicat ions Portfolio Overview

AppScan Enterprise Edition

•Enterprise-class solution for application security testing and risk management with governance and collaboration

•Multi-user solution providing simultaneous security scanning and centralized reporting

AppScan Standard Edition

•Desktop solution to automate web application security testing for IT Security, auditors, and penetration testers

AppScan Source Edition

• Adds source code analysis to AppScan Enterprise with static application security testing

JK 2012-04-26



13

Help guard against sophisticated attacks with insig ht into users, content and applications

Infrastructure (Network)

Portfolio Overview

IBM Security Network Intrusion Prevention (IPS)

•Delivers Advanced Threat Detection and Prevention to help stop targeted attacks against high value assets

•Proactively improves protection with IBM Virtual Patch® technology

•Helps protect web applications from threats such as SQL Injection and Cross-site Scripting attacks

•Integrated Data Loss Prevention (DLP) monitors data security risks throughout your network

•Provides Ahead of the Threat® protection backed by world renowned IBM X-Force Research

IBM Security SiteProtector

•Provides central management of security devices to control policies, events, analysis and reporting for your business

JK 2012-04-26



14

Infrastructure (Endpoint and Server)

Helping endpoints, servers, and mobile devices rema in compliant, updated, and protected

Portfolio Overview

IBM Endpoint Manager for Security and Compliance

•Addresses distributed environments with endpoint and security management in a single solution

IBM Endpoint Manager for Core Protection

•Helps protect endpoints from malware and other threats in real-time

IBM Endpoint Manager for Mobile Devices

• Manage and help secure traditional endpoints as well as iOS, Android, Symbian, and Microsoft devices

IBM Security Server Protection

• Helps provide multilayered protection against threats, supporting a broad range of operating systems

IBM Security Virtual Server Protection for VMware

• Helps provide dynamic security for virtualization with VM rootkit detection, auditing, network intrusion prevention

JK 2012-04-26



15

Helping customers optimize security with additional context, automation and integration

Security Intelligence and Analytics

Portfolio Overview

QRadar SIEM•Integrated log, threat, compliance management

•Asset profiling and flow analytics

•Offense management and workflow

QRadar Risk Manager•Predictive threat modeling and simulation

•Scalable configuration monitoring and audit•Advanced threat and impact analysis

QRadar Log Manager• Turnkey log management

• Upgradeable to enterprise SIEM

Network Activity Collectors (QFlow / VFlow)

•Network analytics, behavior and anomaly detection

•Fully integrated with SIEM

JK 2012-04-26



16

Key Advantages• Real-time activity correlation based on advanced in-

memory technology and widest set of contextual data

• Flow capture and analysis that delivers Layer 7 content visibility and supports deep forensic examination

• Intelligent incident analysis that reduces false positives and manual effort

• Unique combination of fast free-text search and analysis of normalized data

• Scalability for world’s largest deployments, using an embedded database and unified data architecture



17

• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM

• Integrated log, threat, risk & compliance mgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflow

• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis

• Network analytics• Behavior and anomaly detection• Fully integrated with SIEM

• Layer 7 application monitoring• Content capture• Physical and virtual environments

SIEM

Log Management

Risk Management

Network Activity & Anomaly Detection

Network and Application

Visibility



18

Fully Integrated Security Intelligence

• Turnkey log management• SME to Enterprise• Upgradeable to enterprise SIEM

• Integrated log, threat, risk & compliance mgmt.• Sophisticated event analytics• Asset profiling and flow analytics• Offense management and workflow

• Predictive threat modeling & simulation• Scalable configuration monitoring and audit• Advanced threat visualization and impact analysis

• Network analytics• Behavior and anomaly detection• Fully integrated with SIEM

• Layer 7 application monitoring• Content capture• Physical and virtual environments

SIEM

Log Management

Risk Management

Network Activity & Anomaly Detection

Network and Application

Visibility

One Console Security

Built on a Single Data Architecture



19

Analysts: Gartner, Forrester, NSS Labs, IDC…

� Analysts recognize our products and portfolio, the most recent one for SIEM:



20

Helping solve customer challenges

Major UtilityCompany

Discovered 500 hosts with “Here You Have” virus, which other solutions missed

IDENTIFYING SOPHISTICATED THREATS

Fortune 500 Energy Company

2 billion logs and events per day reduced to 25 high priority offenses

CONSOLIDATING DATA SILOS

Branded Apparel Maker

Discovered a trusted insider stealing and destroying key data

DETECTING INSIDER FRAUD

$100B Diversified Corporation

Automated the policy monitoring and evaluation process for configuration change in the infrastructure

HELPING PREDICT RISKS AGAINST THE ENTERPRISE

Industrial Distributor

Real-time extensive monitoring of network activity, in addition to PCI mandates

ADDRESSING REGULATORY MANDATES

JK 2012-04-26



21

Prediction & Prevention Reaction & RemediationSIEM. Log Management.

Network and Host Intrusion Prevention. Network Anomaly Detection.

Packet Forensics. Data Loss Prevention. Database Activity Monitoring.

Incident Response.

Risk Management. Vulnerability Management. Configuration Monitoring. Patch Management.

X-Force Research and Threat Intelligence.Database Vulnerability Assessment.

Reporting and Scorecards. Compliance Management.

What are the external and internal threats?

Are we configuredto help protect against

these threats?

What is happening right now?

What was the impact?

IBM Security Intelligence

Attack SophisticationIBM is helping clients combat advanced threats with pre- and post-exploit intelligence and action

JK 2012-04-26



22

Data ExplosionIntegrating across IT silos with Security Intelligence solutions

Extensive Data Sources

Deep Intelligence

Exceptionally Accurate and Actionable Insight+ =

Event Correlation

Activity Baselining & Anomaly Detection

• Logs• Flows

• IP Reputation• Geo Location

• User Activity• Database Activity• Application Activity• Network Activity

Database Activity

Servers & Hosts

User Activity

Vulnerability Info

Configuration Info

Suspected Incidents

Offense Identification• Credibility• Severity• Relevance

Security Devices

Network & Virtual Activity

Application Activity

JK 2012-04-26



23

DeviceInventory

Security PolicyManagement

Device andData Wipe

Anti-Jailbreakand Anti-Root

IBM Mobile Security Software

Lifecycle Management Mobile Enterprise Services (MES)

Endpoint Management Hosted Mobile DeviceSecurity Management

Security Rich ConnectivitySecurity for Enterprise Smartphone and Tablets

IBM MobileSecurity Services

Consumerization of ITIBM is converging traditional endpoint and mobile security management into a single solution with complementary services

JK 2012-04-26



24

IdentityFederation

Web ApplicationScanning

VirtualizationSecurity

NetworkSecurity

Image & Patch Management

DatabaseMonitoring

IBM Security Intelligence

Cloud SecurityOur approach to help clients adopt cloud with flexible, layered security across the entire cloud infrastructure

JK 2012-04-26



25

JK 2012-04-26

Source: IBM X-Force® 2011 Trend and Risk Report

Total Visibility : Product Portfolio, Services and Research

Security Systems portfolio



26

Security Intelligence

Going Forward…..



27

ibm.com/security

© Copyright IBM Corporation 2012. All rights reserv ed. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

[email protected]

2b potpuna zastita sa ibm resenjima dusan milidrag

Business

Transcript of 2b potpuna zastita sa ibm resenjima dusan milidrag