Weitere ähnliche Inhalte
Ähnlich wie Security Intelligence
Ähnlich wie Security Intelligence (20)
Mehr von IBMGovernmentCA (20)
Kürzlich hochgeladen (20)
Security Intelligence
- 1. IBM Security Systems
Take the Red Pill: Becoming One
with Your Computing Environment
using Security Intelligence
Chris Poulin
Security Strategist, IBM
Reboot Privacy & Security
Conference 2013
© 2012 IBM Corporation
1 © 2012 IBM Corporation
- 2. IBM Security Systems
Securing Information Resources is a Multi-Dimensional Puzzle
Employees Hackers Outsourcers
Outsourcers Suppliers
People
Consultants Terrorists Customers
Customers
Data Structured
Structured Unstructured
Unstructured At rest In motion
In motion
Systems
Systems Web Mobile
Applications Applications
Web2.0
Web 2.0 Mobile apps
applications
Applications Applications
Infrastructure
It is no longer possible to define and protect the perimeter, but demands a focus on
JK 2012-04-26
protecting data. Point products are not sufficient to protect the enterprise.
2 © 2012 IBM Corporation
- 3. IBM Security Systems
Getting Intimate with Your Computing Environment
How well do you know:
Applications? Owners? Activity patterns?
Where sensitive data resides?
Network activity patterns?
3 © 2012 IBM Corporation
- 5. IBM Security Systems
How to Get There: Security Intelligence
Users & Identities
Security Devices
Event Correlation
Servers & Hosts • Logs • IP Reputation
• Flows • Geo Location
Network & Virtual Activity Offense Identification
Activity Baselining & Anomaly • Credibility
Vulnerability Info Detection • Severity
• Relevance
• User Activity
Application Activity • Database Activity
• Application Activity
Database Activity • Network Activity
Configuration Info
Suspected Incidents
Extensive Data Deep Exceptionally Accurate and
Sources + Intelligence = Actionable Insight
5 © 2012 IBM Corporation
- 6. IBM Security Systems
What is Security Intelligence?
Security Intelligence
--noun
1.the real-time collectionnormalization andanalytics of the
collection,normalization
collectionnormalization, analytics
analytics
data generated by users, applications and infrastructure that
impacts the IT security and risk posture of an enterprise
Security Intelligence provides actionable and comprehensive
insight for managing risks and threats from protection and
detection through remediation
6 © 2012 IBM Corporation
- 7. IBM Security Systems
Activity and Data Access Monitoring
Visualize Data Risks
Automated charting and reporting
on potential attacks
Correlate System, Application,
& Network Activity
Enrich security alerts with anomaly
detection and flow analysis
Detect suspicious activity before it leads to a breach
360-degree visibility helps distinguish true breaches from benign activity, in real time
7 © 2012 IBM Corporation
- 11. IBM Security Systems
Data Leakage
Who is responsible for the data leak?
Alert on data patterns, such as credit
card number, in real time.
11 © 2012 IBM Corporation
- 15. IBM Security Systems
Customize Your Network Landscape for Contextual Visibility
Customize Segment & System
Names for Quick Identification
15 © 2012 IBM Corporation
- 18. IBM Security Systems
User Activity Monitoring to Combat Advanced Persistent Threats
User & Application
Activity Monitoring alerts
on a user anomaly for
Oracle database access.
Identify the user, normal
access behavior, and the
anomaly behavior – with
all source & destination
information to quickly
resolve the threat.
18 © 2012 IBM Corporation
- 19. IBM Security Systems
Baselining Complex Patterns
Complex patterns can be baselined
Anomalies take into account historical data—continuously
May incorporate seasonality
19 © 2012 IBM Corporation
- 20. IBM Security Systems
Configuration & Risk
Network topology and open
paths of attack add context
Rules can take exposure
into account to:
• Prioritize offenses and
remediation
• Enforce policies
• Play out what-if scenarios
20 © 2012 IBM Corporation
- 21. IBM Security Systems
Security Intelligence Timeline
Prediction & Prevention Reaction & Remediation
Risk Management. Vulnerability Management. SIEM. Log Management. Incident Response.
Configuration Monitoring. Patch Management. Network and Host Intrusion Prevention.
X-Force Research and Threat Intelligence. Network Anomaly Detection. Packet Forensics.
Compliance Management. Reporting and Scorecards. Database Activity Monitoring. Data Loss Prevention.
21 © 2012 IBM Corporation
- 22. IBM Security Systems
Security Intelligence Wrap-Up
Monitor all activity and correlate in real time
Reduce cost & complexity, lower TCO, compliance
Detect policy violations
Baseline against reality (CMDB)
Social media, P2P, etc.
Detect suspicious behavior
Privileged actions from a contractor’s workstation
DNS communications with external system
Detect APTs
File accesses out of the norm—behavior anomaly detection
Least used applications or external systems; occasional traffic
Detect fraud
Baseline credit pulls or trading volumes, and detect anomalies
Correlate eBanking PIN change with large money transfers
Forensic evidence for prosecution
Impact analysis
Change & configuration management
22 © 2012 IBM Corporation
- 23. IBM Security Systems
IBM’s Security Intelligence, Analytics and Big Data portfolio
IBM SPSS IBM i2
4 unified product family to
3 Analyst Notebook
help capture, predict, helps analysts investigate
discover trends, and fraud by discovering
automatically deliver patterns and trends
high-volume, optimized across volumes of data
decisions
IBM QRadar
1 Security Intelligence
unified architecture for collecting, storing, IBM Big Data Platform (Streams, Big Insights, Netezza)
analyzing and querying log, threat, 2 addresses the speed and flexibility required for customized data
vulnerability and risk related data exploration, discovery and unstructured analysis
23 © 2012 IBM Corporation
- 24. IBM Security Systems
https://www14.software.ibm.com/webapp/iwm/web/signup.do?source=swg-Tivoli_Organic&S_PKG=ov7304
Thank You!
24 © 2012 IBM Corporation
- 25. IBM Security Systems
ibm.com/security
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is
provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to,
these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its
suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials
to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities
referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a
commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International
Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of
others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper
access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to
or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure
can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will
25 necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT © 2012 IBM Corporation
WARRANT
THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.