Mobile, Cloud, Advanced Threats: A Unified Approach to ...€¦ · IBM Security 7 Description •...

© 2013 IBM Corporation

IBM Security

1 © 2013 IBM Corporation

Mobile, Cloud, Advanced Threats:

A Unified Approach to Security

David Druker, Ph.D.

Senior Security Solution Architect

IBM


IBM Security

2

Business…

Security for Business


IBM Security

3

Common Business Functions

Manufacturing or some other type of production

Sales & distribution, both retail and through channels

Marketing

Management and administration

Finance, accounting and legal

Human Resources

Information Technology (IT)

How Much Security?


IBM Security

4


IBM Security

5

IBM Security Framework


IBM Security

6

Description • Network

• Servers

• Endpoints (clients)

Security • Load balancing

• Firewall

• Intrusion Prevention

• Network

• Endpoints

• Endpoint management

Infrastructure


IBM Security

7

Description • Employees

• Contractors & partners

• Customers

• Customers of partners

Security • Identity management

• Role management

• User provisioning

• Privileged identity

management

• Governance

• Entitlements

• AAA

• Authentication

• Authorization

• Auditing

• Identity federation

• Single sign-on

People


IBM Security

8

Description • System apps

• Traditional Web apps

• Web 2.0 apps

Security • Discovery

• Scanning & pentesting

• Static

• Dynamic

• Vulnerability analysis

• Runtime enforcement of

entitlements

Applications


IBM Security

9

Description • SQL databases

• Non-relational databases

• Big data stores

• Unstructured data


• Data classification


• Activity monitoring

• Data masking

• Encryption management

Data


IBM Security

10

Description • Information & insight

from all security data

• Mathematical analyses

of all relevant data

Security • Security Information and

Event Management

• Network flow analysis

• Vulnerability scanning

• Event correlation

• Attack identification

• Anomaly Detection

Security Intelligence and Analytics


IBM Security

11

Interrelated Technology Domains & Unpredictable Attack Paths

Applications Web

Applications Systems

Applications Web 2.0 Mobile

Applications

Infrastructure

Datacenters PCs Laptops Mobile Cloud Non-traditional

Data At rest In motion Unstructured Structured

People Hackers Suppliers

Consultants Terrorists

Employees Outsourcers

Customers

Employees

Unstructured

Web 2.0 Systems Applications

Outsourcers

Structured In motion

Customers

Mobile

Applications

…require unified security approaches.


IBM Security

12

Unified (Integrated) Security

Other internal

and external

data sources


IBM Security

13

Optimized

Security Intelligence:

Flow analytics / predictive analytics

Security information and event management

Log management

Identity governance

Fine-grained entitlements

Privileged user management

Data flow analytics

Data governance

Encryption key management

Fraud detection

Vulnerability correlation

Hybrid scanning

Multi-faceted network protection

Anomaly detection

Hardened systems

Proficient

User provisioning

Access management

Strong authentication

Data masking / redaction

Database activity monitoring

Data loss prevention

Web application protection

Source code scanning

Virtualization security

Asset management

Endpoint / network security management

Basic Directory

management

Encryption

Database access control

Application scanning

Perimeter security

Anti-virus

People Data Applications Infrastructure

How Much Security: Security Maturity Model


IBM Security

14

Cloud security is a key concern as customers

rethink how IT resources are designed,

deployed and consumed

Cloud Computing

Trends Driving Security Innovation

Regulatory and compliance pressures are

mounting as companies store more data and

can become susceptible to audit failures

Regulation and Compliance

Sophisticated, targeted attacks designed to

gain continuous access to critical information

are increasing in severity and occurrence

Advanced Threats

Securing employee-owned devices and

connectivity to corporate applications are top

of mind as CIOs broaden support for mobility

Mobile Computing

Advanced Persistent Threats

Stealth Bots Targeted Attacks

Designer Malware Zero-days

Enterprise

Customers


IBM Security

15

Cloud Computing &

Mobile Devices

New Requirements?


IBM Security

16

Description • Network

• Servers

• Endpoints (clients)

• Cloud

• Mobile devices

Security • Load balancing

• Firewall

• Intrusion Prevention

• Network

• Endpoints

• Endpoint management

• Hypervisor protection

• Mobile connection

security

• Mobile device

management

Infrastructure with Cloud and Mobile


IBM Security

17

Description • Employees

• Contractors & partners

• Customers

• Customers of partners

• Cloud & Mobile users

Security • Identity management

• Role management

• User provisioning

• Privileged ID management

• Governance

• Entitlements

• AAA at runtime

• Authentication

• Authorization

• Auditing

• Identity federation

• Single sign-on

• Context-based authentication

& authorization

People with Cloud and Mobile


IBM Security

18

Description • System apps

• Traditional Web apps

• Web 2.0 apps

• Public & private cloud

apps

• Mobile apps


• Scanning & pentesting

• Static

• Dynamic


• Runtime enforcement of

entitlements

• Cloud app discovery

• Mobile app scanning

• Mobile app secure

containers

• Mobile app registration

Applications with Cloud and Mobile


IBM Security

19

Description • SQL databases

• Non-relational databases

• Big data stores

• Unstructured data

• Data in clouds and

across clouds

• Data in compromised

mobile devices


• Data classification


• Activity monitoring

• Data masking

• Encryption management

• Cloud DB activity

monitoring

• Secure mobile data design

Data with Cloud and Mobile


IBM Security

20

Description • Information & insight from all

security data

• Mathematical analyses of all

relevant data

• Separate and combine

cloud instance data

• Identify attacks against

mobile infrastructure

Security • Security Information and Event

Management

• Network flow analysis

• Vulnerability scanning

• Event correlation

• Attack identification

• Anomaly Detection

• Collect data from elastic

cloud infrastructure

• Identify mobile attacks

Security Intelligence and Analytics with Cloud and Mobile


IBM Security

21

Resources

ibm.com/security

Security Architecture

– Using the IBM Security Framework and IBM Security Blueprint to Realize Business-

Driven Security, IBM Redbook

– Open Enterprise Security Architecture, The Open Group

IBM Institute for Advanced Security

IBM Security YouTube Channel

IBM X-Force

IBM Cloud Security

IBM Mobile Security

IBM Managed Security Services

IBM Security Intelligence with Big Data

IBM MobileFirst Security

IBM developerWorks Security

http://ibm.com/security

http://www.redbooks.ibm.com/redpieces/abstracts/sg248100.html



https://www2.opengroup.org/ogsys/catalog/G112

http://instituteforadvancedsecurity.com/

http://www.youtube.com/ibmsecuritysolutions

http://www.ibm.com/security/xforce/



http://www-03.ibm.com/security/cloud/

http://www.ibm.com/security/mobile/

http://www.ibm.com/services/us/en/it-services/security-services.html

http://www-03.ibm.com/security/solution/intelligence-big-data/?lc=http://www-03.ibm.com/security/solution/intelligence-big-data/&ecLink=Solution web page&ecwtmsite=Emailcmp&ecGroup=SWGIMCOMM&ecTitle=Information Management News Flash: IBM Security Intelligence with Big Data&ecAuthor=IM_Communications&ecCampaign=IM_News_Flash:_IBM_Security_Intelligence_with_Big_Data&ecDistlist=Laverty Team_Diane Combined 001 -- Members = 500&ecDLsize=500&ecDate=2013-02-04&ecDBid=872571ED:006FF57B&lc=http://www-03.ibm.com/security/solution/intelligence-big-data/&ecLink=solution web page&ecwtmsite=Emailcmp&ecGroup=SWGIMCOMM&ecTitle=Big Data in Action - February 2013&ecAuthor=IBM_Big_Data&ecCampaign=Big_Data_in_Action_-_February_2013&ecDistlist=Big Data in Action 013 -- Members = 500&ecDLsize=500&ecDate=2013-02-14&ecDBid=87256BEB:0054A3B5

http://www.ibm.com/mobilefirst/us/en/why-ibm-for-mobile/security.html




http://www.ibm.com/developerworks/security/





IBM Security

22 © 2013 IBM Corporation

Resources &

Backup Slides


IBM Security

23


IBM Security

24


IBM Security

25


IBM Security

26


IBM Security

27


IBM Security

28


IBM Security

29


IBM Security

30


IBM Security

31


IBM Security

32


IBM Security

33

Browser Network

IPS

SSO

Proxy

Database

Monitor

Vulnerability

Scanner

Security Intelligence

Endpoint Manager

DB

Console

Database Web

App


IBM Security

34

Network

IPS

SSO

Proxy Browser

Database

Monitor

Vulnerability

Scanner

Security Intelligence

Endpoint Manager

DB

Console

Database Web

App


IBM Security

35

IBM

Network

IPS

IBM

Security

Web

Gateway

Browser

IBM

Guardium

IBM

AppScan

Enterprise

IBM QRadar

IBM

Endpoint Manager

DB

Console

Database Web

App


IBM Security

36

Database Web

App

Compute Cloud

Instance

Private

Cloud

IBM

Network

IPS

IBM

Access

Manager

Security

Web

Gateway

Cloud DMZ

IBM

Guardium IBM

AppScan Ent

IBM

QRadar IBM

Endpt Mgr

DB

Console

Security Mgmt

Cloud Instance

Guardium

S-TAP

EPM

Agent

Browser

Mobile

Device


IBM Security Systems

37

ibm.com/security

© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response

to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated

or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure

and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to

be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,

products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Mobile, Cloud, Advanced Threats: A Unified Approach to ...€¦ · IBM Security 7 Description •...

Documents

Transcript of Mobile, Cloud, Advanced Threats: A Unified Approach to ...€¦ · IBM Security 7 Description •...