IBM approach to Cyber Security · enterprise web applications and services • Entitlement...
Transcript of IBM approach to Cyber Security · enterprise web applications and services • Entitlement...
© 2015 IBM Corporation
Security has an intrinsic value, how to mitigate risks
Domenico RaguseoManager of Europe Technical Sales and Solutions
Follow @domenicoraguseoContact [email protected] https://www.linkedin.com/in/draguseo
IBM approach to Cyber Security
2© 2015 IBM Corporation
SQL Injection
Dos or Ddos
Malware or Botnet
Scanning
Spam
Command and Control
Watering Hole
Disefranchised
Vulnerabilities ( i.e ShellShock ... )
3© 2015 IBM Corporation
Security teams are using multiple sources of intelligence
65%of enterprise firms use external threat intelligence
to enhance their security decision making 1
However, security teams lack critical support to make the most of these resources
It takes too long to make information actionable
Data is gathered from untrusted sources
Analysts can’t separatethe signal from the noise
1 Source: ESG Global
4© 2015 IBM Corporation
Backed by the reputation and scale of IBM X-Force
Introducing IBM X-Force Exchange
Research and collaboration platform and API
Security Analysts and Researchers
Security Operations
Centers (SOCs)
Security Products and Technologies
OPENa robust platform with access to a wealth of threat intelligence data
SOCIALa collaborative platform for sharing threat intelligence
ACTIONABLEan integrated solution to help quickly stop threats
A new platform to consume, share, and act on threat intelligence
IBM X-Force Exchange is:
5© 2015 IBM Corporation
OPEN
A robust platform with access to a wealth of threat intelligence data
• Over 700 terabytes of machine-generated intelligence from crawler robots, honeypots, darknets, and spamtraps
• Multiple third party and partner sources of intelligence
• Up to thousands of malicious indicators classified every hour
Quickly gain access to threat data from curated
sources:
Leverage the scale of IBM Security and partner ecosystem
Human intelligence adds context to machine-
generated data:
• Insights from security experts, including industry peers, IBM X-Force, and IBM Security professionals
• Collaborative interface to organize and annotate findings, bringing priority information to the forefront
6© 2015 IBM Corporation
IBM Security Network Protection
XGSIBM Security QRadar Security Intelligence
IBM Security Trusteer Apex
Malware Protection
ACTIONABLEAn integrated solution to help quickly stop threats
STIX / TAXII(future feature)
API
• Integration between IBM Security products and X-Force Exchange-sourced actionable intelligence
• Designed for third-party integration with planned future support for STIX and TAXII, the established standard for automated threat intelligence sharing
• Leverage the API to connect threat intelligence to security products
Push intelligence to enforcement
points for timely protection
3rd Party Products
7© 2015 IBM Corporation
SOCIALA collaborative platform for sharing threat intelligence
Add context to threats
via peer collaboration
• Connect with industry peers to validate findings
• Share a collection of Indicators of Compromise (IOCs) to aid in forensic investigations
Discovers a new malware domain and marks it as malicious in the X-Force Exchange
INCIDENTRESPONDE
R
1
Finds the domain and applies blocking rules to quickly stop malicious traffic. Shares with his CISO using the Exchange
SECURITYANALYST
2
Adds the domain to a public collection named “Malicious Traffic Sources Targeting Financial Industry” to share with industry peersCISO
3
For the first time, clients can interact with IBM X-Force security researchers and experts directly
IBM X-FORCE
4
8© 2015 IBM Corporation
IBM Security Systems division is created
IBM Security Investment
• 6,000+ IBM Security experts worldwide• 3,000+ IBM security patents• 4,000+ IBM managed security
services clients worldwide• 25 IBM Security Labs worldwide
IBM Security: Market-changing milestones
Managed Security Services
Mainframeand Server
Security
SOA Managementand Security
Network Intrusion
Prevention
DatabaseMonitoring
Access Management
ApplicationSecurity
ComplianceManagement
1976
Resource Access
Control Facility(RACF) is created, eliminating the
need for each application to imbed security
1999
Dascom is
acquired for access management
capabilities
2006
Internet
Security Systems, Inc. is acquired for
security research and network
protection capabilities
2007
Watchfire is
acquired for security and compliance
capabilities
Consul is acquired for risk management capabilities
Princeton Softech
is acquired for data management capabilities
2008
Encentuate
is acquired for enterprise single-sign-on
capabilities
2009
Ounce Labs
is acquired for application security capabilities
Guardium
is acquired
for enterprise
database
monitoring
and protection
capabilities
2010
Big Fix is
acquired for endpoint security management
capabilities
NISC is acquired for informationand analytics
management capabilities
2011
Q1 Labs is
acquired for
security
intelligence
capabilities
2005
DataPower is
acquired for SOA management
and security capabilities
2013
Trusteer is
acquired for
mobile and
application
security,
counter-fraud
and malware
detection
2002
Access360
is acquired for identity management
capabilities
MetaMergeis acquired for directory
integration capabilities
Identity Management
AdvancedFraud Protection
SecurityAnalytics
SecurityIntelligence
2013
Trusteer is acquired for
mobile and application security, counter-fraud
and malware detection
2014
Crossidea is acquired
for ID Governance ID Governance
9© 2015 IBM Corporation
Helping customers to protect from advance fraud, malware, mobile and application attacks
Helping financial institutions to protect customer
transactions from advanced frauds
Helping financial institutions to protect customer
transactions from advanced frauds
Enterprise-wide solutions for helping secure the privacy
and integrity of trusted information in your data center
Reducing the cost of developing more secure applications
Help guard against sophisticated attacks with insight into users, content and applications
JK
2012-0
4-2
6
IBM Security Framework
10© 2015 IBM Corporation
Helping customers to protect from advance fraud, malware, mobile and application attacks
Security Intelligence and Analytics
Portfolio Overview
QRadar SIEM
• Integrated log, threat, compliance management
• Asset profiling and flow analytics
• Offense management and workflow
QRadar Risk Manager
• Predictive threat modeling and simulation
• Scalable configuration monitoring and audit
• Advanced threat and impact analysis
QRadar Log Manager
• Turnkey log management
• Upgradeable to enterprise SIEM
Vulnerability Manager
Forensic
JK
2012-0
4-2
6
11© 2015 IBM Corporation
Helping financial institutions to protect customer transactions from advanced frauds
Advanced Fraud ProtectionPortfolio Overview
Trusteer Pinpoint Malware
• 100% accurate clientless detection of active MitB
malware on users’ devices
• Minimum impact on existing infrastructure
Trusteer Pinpoint ATO
• Detect and protect from Account Take Over frauds
• Conclusive criminal access detection by correlating device fingerprint and account compromise history
• Minimum impact on existing infrastructure
Trusteer Rapport
• Compact software agent that prevents malware and Phishing attacks
Trusteer Mobile
•Endpoint solutions for detecting malware, jailbreak, and other mobile risk factors
•Out-of-Band Authentication
JK
2012-0
4-2
6
12© 2015 IBM Corporation
Manage and extend enterprise identity context across security domains with comprehensive Identity
Intelligence
Portfolio Overview
IBM Security Identity Manager *
• Automate the creation, modification, and termination of users throughout the lifecycle
• Identity control including role management and auditing
IBM Security Access Manager Family *
• Automates sign-on and authentication to enterprise web applications and services
• Entitlement management for fine-grained access enforcement
IBM Security zSecure suite *
• User friendly layer over RACF to improve administration and reporting
• Monitor, audit and report on security events and exposures on mainframes
IBM Security Identity Governance
PeopleJK
2012-0
4-2
6
13© 2015 IBM Corporation
Data
Enterprise-wide solutions for helping secure the privacy and integrity of trusted information in your data center
Portfolio Overview
IBM InfoSphere Guardium Product Family
• Database Activity Monitoring – continuously monitor and block unauthorized access to
databases
• Privileged User Monitoring – detect or block malicious or unapproved activity by DBAs, developers and outsourced personnel
• Database Leak Prevention – help detect and block leakage in the data center
• Database Vulnerability Assessment – scan databases to detect vulnerabilities and take action
• Audit and Validate Compliance – simplify SOX, PCI-DSS, and Data Privacy processes with pre-configured reports and automated workflows
IBM Security Key Lifecycle Manager
• Centralize and automate the encryption key management process
• Simplify administration with an intuitive user interface for configuration and management J
K 2
012-0
4-2
6
14© 2015 IBM Corporation
Applications
Reducing the cost of developing more secure applicationsPortfolio Overview
AppScan Enterprise Edition
• Enterprise-class solution for application security testing and risk management with governance and collaboration
• Multi-user solution providing simultaneous security scanning and centralized reporting
AppScan Standard Edition
• Desktop solution to automate web application security testing for IT Security, auditors, and penetration testers
AppScan Source Edition
• Adds source code analysis to AppScan Enterprise with static application security testing
JK
2012-0
4-2
6
15© 2015 IBM Corporation
Help guard against sophisticated attacks with insight into users, content and applications
Infrastructure (Network)
Portfolio Overview
IBM Security Network Intrusion Prevention (IPS)
• Delivers Advanced Threat Detection and Prevention to help stop targeted attacks against high value assets
• Proactively improves protection with IBM Virtual Patch® technology
• Helps protect web applications from threats such as SQL Injection and Cross-site Scripting attacks
• Integrated Data Loss Prevention (DLP) monitors data security risks throughout your network
• Provides Ahead of the Threat® protection backed by world renowned IBM X-Force Research
IBM Security SiteProtector
• Provides central management of security devices to control policies, events, analysis and reporting for your business
Endpoint Management & Fiberlink
JK
2012-0
4-2
6
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied.
IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or
representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products,
programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are
trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper
access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT
ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security