IBM Security Services: Enabling Innovation with Confidence Through Proactive Risk Management

IBM Security Services
Enabling innovation with confidence

© 2012 IBM Corporation

IBM Security Systems

The enterprise today

2 © 2012 IBM Corporation


IBM is well qualified to secure the enterprise.

One of the largest and most complex internal IT infrastructures in the world
 2,000-plus major sites  400,000-plus employees  800,000-plus traditional
 170-plus countries  About 200,000-plus endpoints
contractors  About 50 percent of employees
are mobile

Major employee sites
Customer fulfillment
Manufacturing
Employee Service Centers
IBM Research Centers
IBM Internal Data Centers


Chief executive officers are under increasing pressure to deliver
transformative business value—with limited resources available.

Increased risk Budgetary constraints

40% 71%
of Fortune 500 and of the average IT
popular web sites budget is dedicated to
Mobile in the contain a vulnerability2 ongoing operations4
enterprise Social business

90% 74%
of enterprise use
of organizations will
support corporate social media today
apps on a personal to communicate
devices by 20146 with clients7

Innovation in Exploding data
the cloud growth

60%
of chief information Aging Infrastructure
2.7ZB
of digital content in

71%
officers view cloud 2012, a 50% increase
computing as critical from 20113
to their plans5 of data centers are
over 7 years old1
Sources: 1The Essential CIO: Insights from the Global Chief Information Officer Study, May 2011, 2IBM X-Force® Mid-year 2011 Trend and Risk Report, September 2011, 3IDC, “IDC
Predictions 2012: Competing for 2020” by Frank Gens December 2011, IDC #231720, Volume:1, 4Based on IBM Research, 5McKinsey How IT is managing new demands 2011, 6Gartner
predicts that by 2014, “90% of organizations will support corporate applications on a personal devices.”, 7Forrsights Business Decision-Makers Survey, Q4 2011


In IBM’s recent 2012 Chief Information Security Officer Study,
security leaders shared their views on how the landscape is
changing.

Nearly two-thirds say Two-thirds expect
senior executives are to spend more on
paying more attention security over the next
to security issues. two years.

External threats More than one-half say
are rated as a bigger mobile security
is their greatest near-
challenge than
internal threats, new term technology
technology or compliance. concern.

Source: IBM 2012 CISO Assessment y http://www.ibm.com/smarterplanet/us/en/business_resilience_management/article/security_essentials.html



The changing dynamics of
securing the enterprise



Think like a security expert.

Security risk exists when …

Threat Vulnerability Impact

Can exploit And cause

(Actor) (Weakness) (Loss)

Security Risk Management is the application of control to detect
and block the threat, to detect and fix a vulnerability, or to respond to
incidents (impacts) when all else fails.



Today’s threats (actors) are more sophisticated.
Threat Type % of Incidents Threat Profile
 Sophisticated tradecraft
 Foreign intelligence agencies, organized crime groups
 National  Well financed and often acting for profit
Advanced,
governments Equals less  Target technology as well as information
Persistent
 Organized crime than 10  Target and exploit valuable data
Threat /
 Industrial spies percent  Establish covert presence on sensitive networks
Mercenary
 Terrorist cells  Difficult to detect
 Increasing in prevalence

 “White hat” and  Inexperienced-to-higher-order skills
“black hat”  Target known vulnerabilities
Equals less  Prefer denial of service attacks BUT use malware as
hackers
Hacktivist than 10 means to introduce more sophisticated tools
 “Protectors of
percent  Detectable, but hard to attribute
“Internet
freedoms”  Increasing in prevalence

 Inexperienced or opportunistic behavior
t ca p ml a t ne o P

 Acting for thrills, bragging rights
 Worm and virus  Limited funding
Opportunist writers 20 percent
t

 Target known vulnerabilities
 Script Kiddie  Use viruses, worms, rudimentary Trojans, bots
 Easily detected
I i

 No funding
 Insiders -  Causes harm inadvertently by unwittingly carrying
Inadvertent
employees, viruses, or posting, sending or losing sensitive data
Actor 60 percent
contractors,  Increasing in prevalence with new forms of mobile
outsourcers access and social business
Source: Government Accountability Office (GAO), Department of Homeland Security's (DHS's) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434


Here are the top reasons why compromises occur.

End users and endpoints Infrastructure

 Double-clicking “on anything”  Connecting systems and virtual images to the
 Disabling endpoint security settings Internet before hardening them
 Using vulnerable, legacy software and  Connecting test systems to the Internet with
hardware default accounts or passwords
 Failing to update or patch systems/applications
 Failing to install security patches
on a timely basis.
 Failing to install anti-virus  Failing to implement or update virus detection
 Failing to report lost or stolen device software
 Connecting endpoint to a network from an  Using legacy or end-of-life software and hardware
insecure access point (such as Starbucks)  Running unnecessary services
 Using a second access point (such as  Using insecure back-end management software
AirCard), creating a bypass  Failing to remove old/unused user accounts
 Using weak or default passwords, or using  Implementing firewalls with rules that don't stop
business passwords for personal use malicious or dangerous incoming or outgoing traffic
 Revealing passwords over the phone  Failing to segment network and/or adequately
monitor/block malicious traffic with IDS/IPS 1

Up to 80-90 percent of all security incidents can be easily avoided!2
1
Intrusion detection system and intrusion protection system’ 2Based on IBM X-Force® Trend Report, 2011



Number of vulnerabilities increase radically with emergence of new
business models and technologies.

Adopting new business models and Exponentially growing and interconnected
embracing new technologies digital universe

Bring your Employees,
own IT customers, 30 billion RFID1 1 billion
contractors, tags (products, workers will
outsourcers passports, be remote
buildings and or mobile
animals)

 1 billion mobile
Mobility 1 trillion connected Internet users
Social business objects (cars,  30 percent
appliances, cameras) growth of 3G
devices
33 percent of all new business
software spending will be
Cloud and virtualization
Software as a Service
Source: IBM X-Force® Trend Report, 2011



Here is the anatomy of a targeted attack.

 Adversary compromises endpoint used by a  With credentials and command and control
systems administrator with undetectable malware. malware, adversary impersonates the Sys Admin
– The malware has two components: to gain privileged access to systems and data.
1) A keystroke logger to capture credentials  Data is stolen, and production systems are further
2) Command and control capability compromised.

APT1 and hacker,
Privileged user Contractors Suppliers
or activist
People
Employees Consultants Customers

Endpoints

Applications Web applications System applications Mobile apps

Infrastructure Customer environment

Data Structured Unstructured At rest In motion

1
Advanced persistent threat (APT)



Here is the anatomy of a denial-of-service attack.

 Hacktivist or other adversary launches concurrent attacks from multiple worldwide locations
 Attacks intended to saturate network connections and disable web presence
 Results in lost business opportunities and brand impact

DDoS1
Master Zombies flooding
Data center

1
Distributed denial of service (DDoS)



Security essentials for chief
information officers (CIOs)



IBM developed ten essential practices required to achieve better
security intelligence.
1.
2. Bu
Ma cu ild
Essential practices
inc nag ma lture a ris
int ide e na an k-a
ell nts sec ge d wa
3. ige w ur me re
De nc ith ity nt
so fen e gr sy
cia d t ea ste
l w he te r m
or mo
kp
4. lac bile 6.
Co
Se e an
b y cu r d ac ntro
de ity- as ces l ne

Mat
sig ric ted su s a tw
oma re nd or
n hs Aut

urit
re k
er
vic M anu
a
sil hel

y
es l ie n p

ba s
, Ba
ce
Rea

ed a
si c

Pro
5.
ctiv

Au 7.
fic

ppr
Ad

O
“h tom
e

ien

ptim
of dre
d
yg a

oac
t

intell urity
ien te vir clou ss n

Sec
ize
Pro

e” sec

igen

h
tua d e
ur liz and w co
acti

ce
ity a ti mp
ve

8. on lex
Ma i ty
se nag
cu e
10 rity th
.M 9. co ird-p
an Be mp a
life a
ge an tter lia rty
cy d p se nc
cle th r o cu e
ei tec re
de t p da
nti riv ta
ty ac
y


Essential practice 1:
Build a risk-aware culture and management system.

Actions to help get you there:
Does your company culture enforce  Expand the mission of enterprise security from IT shop to
and track the right risk adverse managing IT risk across the company, driven by a leader with
behaviors? a strategic, enterprise-wide purview .
 Design an organization structure and governance model that
In using technology, everyone within a enables more proactive identification and management of
company has the potential to infect the risks.
enterprise, whether it’s from clicking a  Communicate and educate to raise awareness of potential
dubious attachment or failing to install cyber risks.
a security patch on a smart phone.  Build a management system enabled by digestible policies,
measurements and appropriate tools.
Building a risk-aware culture involves
setting out the risks and goals, and IBM Offerings
spreading the word about them.
 Governance and organizational design
Management needs to push this  Risk management assessment and program development
change relentlessly from the top down,  Security metrics assessment and definition
while also implementing tools to track  Policy development
progress.
 Security awareness program
 Chief information security officer (CISO) on demand
 Enterprise security architecture design



Manage security incidents with greater intelligence

How can you use security intelligence  Build a skilled incident management and response team
to benefit your business? with sufficient resources to conduct the forensics
required.
Imagine that two similar security  Develop a unified incident handling policy and process.
incidents take place, one in Brazil and
 Leverage consistent tools and security intelligence for
the other in Pittsburgh. They may be incident management and investigative forensics.
related. But without the security
intelligence to link them, an important IBM Offerings
pattern could go unnoticed.  Incident response program development
A company-wide effort to implement  Emergency response services
intelligent analytics and automated  Forensics solution implementation
response capabilities is essential.  Security Information and event management (SIEM)
Creating an automated and unified  IBM X-Force® Threat Analysis Service
system enables an enterprise to better
monitor its operations — and respond
more quickly.



Defend the mobile and social workplace.

What should you consider when  Enable employees to bring their own devices and
securing your workplace? leverage use of social media while providing them the
capabilities to segment business and personal data and
Employees bring growing numbers of protect the enterprise’s data assets.
their own devices to work and  Secure end-user computing platform to fit a risk profile
increasingly leverage social media in based on an employee’s role.
their communications. Each work  Automate endpoint security settings enforcement across
station, laptop, or smart phone provides workstations, mobile devices and desktop cloud images.
a potential opening for malicious attacks.  Isolate business, client and personal data and protect it.
Settings on devices cannot be left to
individuals or autonomous groups, but IBM Offerings
instead must be subject to centralized
 Mobile and endpoint assessment and strategy
management and enforcement.
 Endpoint and server solution implementation
Securing the workforce means finding  Mobile device security management
the right balance between openness and
risk management.



Security-rich services, by design.

What does “secure by design”  Assess where your optimal points of quality inspection
mean to my business? should be.
 Reduce the cost of delivering secure solutions by
Imagine if automobile companies embedding security in the design process.
manufactured their cars without seat
 Use tools to scale adoption and to track compliance.
belts or airbags, and then added them
 Proactively uncover vulnerabilities and weaknesses
later. It would be both senseless and
through ethical hacking and penetration testing.
outrageously expensive.
In much the same way, one of the IBM Offerings
biggest vulnerabilities in information
systems comes from implementing  Security-rich engineering design and development
services first, then adding on security  Penetration testing
as an afterthought.  Application source code assessment
 Hosted application security management
The best solution is to build in security
from the beginning, and carry out  Hosted vulnerability management
regular automated tests to track
compliance.



Automate security “hygiene.”

What are the risks of continuous  Register all IT infrastructure components in a
patching and the use of legacy centralize inventory and aggressively retire legacy
software? components.
 Integrate compliance data for end-to-end visibility.
People stick with old software programs
 Automate patch management and encourage a culture
because they know them, and they are of diligence to help ensure that the infrastructure will
comfortable with them. But managing protect against the current threats.
updates on a variety of software can be  Identify opportunities to outsource routine monitoring
next to impossible. functions.
With a hygienic, security-rich system, IBM Offerings
administrators can keep track of every
 Infrastructure health assessment and outsourcing
program that is running and be confident
that it is current, and can have a  Endpoint and server solution implementation
comprehensive system in place to install  Hosted vulnerability management
updates and patches as they are released.
This “hygiene” process should be routine
and embedded in the foundation of
systems administration.



Control network access and help assure resilience.

How can managed services help  Optimize existing investments and leverage new technologies
me strengthen controls for network to monitor and protect against threats.
access?  Detect and block malicious network activity using a combination
of logging, monitoring and advanced analytics solutions.
Imagine the IT infrastructure of a  Prioritize what you need to control and what you do not need
company as a giant hotel with over to control.
 Optimize network infrastructure to improve both performance
65,000 doors and windows. While the
and risk management.
public is allowed to enter through the
lobby, guest room access would be
IBM Offerings
controlled by registration and guest
keys.  Network security assessment
 Managed intrusion detection system and intrusion
The same is true of data. Network protection system (IDP and IPS)
security tools provide organizations  Managed firewall
with a way to control access to the  Managed secure web gateway
“rooms” where confidential data and  Managed unified threat management (UTM)
critical systems are stored..  Hosted email and web security
 Security Information and event management (SIEM)
 Secure log management
 Managed Distributed Denial of Service (DDoS) protection
 Managed network access control



Address new complexity of cloud and virtualization.

How can you embrace cloud  Develop a strategy for better securing your own cloud
technology while reducing risk? services.
 Assess the security controls of other cloud providers
Cloud computing promises enormous to protect your data.
efficiencies. But it can come with some
 Understand the strengths and vulnerabilities of your
risk. If an enterprise is migrating certain cloud architecture, programs, policies and practices.
IT services to a cloud computing, it will
 Build cloud services that employ a higher level of
be in close quarters with lots of others— control and confidence.
possibly including individuals who may
have malicious intent.
IBM Offerings
To thrive in this environment,
 Cloud security strategy and assessment
organizations must have the tools and
procedures to isolate and protect  Hosted vulnerability management
themselves, and to monitor potential  Hosted application security management
threats.  Managed firewall
 Managed intrusion prevention and detection systems (IPDS)
 Security information and event management (SIEM)
 Secure log management



Manage third-party security compliance.

Are your security policies and  Integrate security as a part of mergers and acquisitions.
safeguards compliant today?  Assess vendors’ security and risk policies and practices,
and educate them on compliance.
An enterprise’s culture of security
 Assess conformance with process and data protection
must extend beyond company walls,
requirements of industry requirements and regulations
and establish best practices among such as PCI1, GLBA2, HIPAA3, SOX4, NERC-CIP5.
its contractors and suppliers.
 Manage the vendor risk lifecycle.
Security, like excellence, should
be infused in the entire partner IBM Offerings
ecosystem. Numerous cases have
shown how the carelessness of one  Third-party compliance assessment
company can have a deleterious  PCI1, GLBA2, HIPAA3, SOX4, NERC-CIP5
effect on many.

1
Payment card industry (PCI), 2Gramm-Leach-Bliley Act (GLBA), 3Health Insurance Portability and Accountability Act (HIPAA), 4Sarbanes-Oxley (SOX),
5
North American Electric Reliability Corporation-Critical Infrastructure Protection (N ERC-CIP)



Better secure data and protect privacy.

How can you improve the protection Identify the value of your confidential data and the
of your critical data?
Assess gaps and define a data protection strategy that
Every company has critical information,
Perhaps its scientific and technical data,
Design a robust data management architecture that
or maybe its documents regarding
possible mergers and acquisitions, or
Deploy and manage leading data protection technologies.
clients’ non-public financial information.

Each enterprise should carry out an IBM Offerings
inventory, with the critical data getting
special treatment. Each priority item  Data security and privacy strategy and assessment
should be guarded, tracked and  Data loss prevention
encrypted as if the company’s survival  Data encryption
hinged on it. In some cases, that may be  Database security assessment and architecture
the case.  Big Data security architecture
 Database auditing and monitoring
 Data masking



Manage the identity lifecycle.

What value does managing the identity  Develop an optimized identity and access
and access of users bring to my management strategy.
business?  Implement standard, policy based control
mechanisms and more intelligent monitoring.
Managing who has access to critical data
 Centralize and automate separation of duties
is essential element of security. For management.
example, imagine that a contractor gets
 Adopt a desktop and web single-sign-on solution.
hired full time. Six months pass and he
or she gets a promotion. A year later, a
competitor hires him or her. How does IBM Offerings
the system treat that person over time?  Identity management assessment and strategy
It must first give limited access to data,  Identity solution Implementation
then open more doors before finally  Role analytics
denying access to him or her.  Two-factor authentication
This is managing the identity life cycle.  Public key infrastructure (PKI) deployment
It’s vital. Companies that mismanage it
are operating without enough information,
and could be vulnerable to intrusions.


Option 1

Enterprise Governance, Risk and Compliance Management

GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2)

IBM Security Portfolio
Security Intelligence, Analytics, and Governance, Risk, and Compliance
QRadar SIEM QRadar Log Manager QRadar Risk Manager

Risk and Compliance Services Privacy and Audit Services Managed and Cloud-based SIEM

Security
Operational IT Security Domains and Capabilities Consulting

People Data Applications Infrastructure
Network Endpoint

Identity and Access Guardium AppScan Enterprise, Network Endpoint
Management Suite Database Security Standard and Source Intrusion Prevention Manager (BigFix) Managed
and Cloud
Federated InfoSphere Optim DataPower SiteProtector Virtualization and Services
Identity Manager Data Masking Security Gateway Management System Server Security

Enterprise Key Lifecycle Security QRadar Network Mainframe Security
Single Sign-On Manager Policy Manager Anomaly Detection (zSecure, RACF) X-Force
and IBM
Dynamic and Static Managed Firewall, Infrastructure Research
Authentication and Encryption and DLP
Application Security Intrusion Prevention, Testing and Incident
Deployment Services Deployment Services
Assessments UTM Services Response

Mobile Device
Identity Hosting Hosted Web and Application Security Vulnerability v12-12
Security
Services Email Security Management - SaaS Management
Management

Products Services

Option 2

Enterprise Governance, Risk and Compliance Management

GRC Platform (OpenPages) Risk Analytics (Algorithmics) Investigation Management (i2)

IBM Security Portfolio
Security Intelligence, Analytics, and Governance, Risk, and Compliance
QRadar SIEM QRadar Log Manager QRadar Risk Manager
Risk and Compliance Services Privacy and Audit Services Managed and Cloud-based SIEM

Security
Operational IT Security Domains and Capabilities Consulting
People Data Applications Network
Infrastructure Endpoint

Identity and Access Guardium AppScan Enterprise, Network Endpoint
Management Suite Database Security Standard and Source Intrusion Prevention Manager (BigFix) Managed
and Cloud
Federated InfoSphere Optim DataPower SiteProtector Virtualization and Services
Identity Manager Data Masking Security Gateway Management System Server Security

Enterprise Key Lifecycle Security QRadar Network Mainframe Security
Single Sign-On Manager Policy Manager Anomaly Detection (zSecure, RACF) X-Force
and IBM
Dynamic and Static Managed Firewall, Infrastructure Research
Authentication and Encryption and DLP
Application Security Intrusion Prevention, Testing and Incident
Deployment Services Deployment Services
Assessments UTM Services Response

Mobile Device
Identity Hosting Hosted Web and Application Security Vulnerability v12-12
Security
Services Email Security Management - SaaS Management
Management

Products Services

Option 3

Putting it all together – The Security Framework
Enterprise governance, risk and compliance management

Open pages Algorithmics i2 Corporation

Security Portfolio
IT security and compliance analytics & reporting
Security information and event Advanced analytics (Streams, SPSS, Penetration
management etc.) Testing & red team exercise

Security
IT infrastructure – operational security domains consulting

People Data Applications Infrastructure

AppScan Anti-malware
Identity and access Guardium
source code Network IDS and gateway Implemen-
management suite database security
scanning host based IPS tation
services
Federated AppScan application zSecure
Optim data masking Mainframe Securtiy
identity manager security assessment

Network firewall Server security
Enterprise Key Lifecycle Worklight mobile (Tivoli Endpoint
Single Sign-On Management application security Manager) Managed
services
Web application DDOS protection
Encryption
Role based firewall Mobile endpoint
analytics/SOD management ((Tivoli
checking Endpoint Manager)
Data loss prevention AppScan on demand Content filtering
(network & endpoint) software as a service



IBM is helping to solve essential security challenges—worldwide.

Better secure data and Control network access and Defend mobile and social
protect privacy help assure resilience workplace

A large Canadian pharmaceutical A Danish dairy company protects A leading manufacturer in India
company improves its ability to users and its infrastructure from identifies potential security
protect against internal and malicious content and limits threats, strengthens its security
external threats with an IBM administration levels and improves customer
Information Security Assessment confidence

Address new complexity of
Manage third-party security cloud and virtualization
compliance An urban services organization in
A US Retailer identifies gaps to achieve Portugal, improves employee
Payment Card Industry (PCI) compliance productivity through e-mail filtering
and cloud/managed security
services

Security-rich services by design
A bank in Kuwait gains a better Build a risk-aware culture
view of its security posture and An Austrian bank
network vulnerabilities by conglomerate establishes a
conducting real-world security consistent security policy with
testing IBM Security Services



Why IBM ?



IBM can provide unmatched global coverage and security awareness.

Security Operations Centers

Security Research Centers

Security Solution Development Centers

Institute for Advanced Security Branches

10B analyzed web pages and Worldwide managed
IBM Research images security services coverage
 20,000-plus devices under contract
150M intrusion attempts daily
 3,300 GTS1 service delivery experts
40M span and phishing attacks  3,700-plus MSS2 clients worldwide
46K documented vulnerabilities  15B-plus events managed per day
and millions of unique malware  1,000-plus security patents
samples  133 monitored countries (MSS)

1
IBM Global Technology Services (GTS); 2Managed Security Services (MSS)



We continue to research, test and publish focused approaches to
IT security that align with both executive and technical needs.

Finding a Strategic Voice IBM Institute for Advanced Security
IBM 2012 CISO Global Security Leaders Share intelligence
Assessment and collaborate

IBM 2012 Global Chief Executive Officer Study
Security Intelligence and Compliance Analytics



Thank you for your time today.

For more information:
 IBM Security

Contact:
 [Insert presenter name]
 [Insert presenter work phone]
 [Insert presenter e-mail address]



Trademarks and notes

IBM Corporation 2012
 IBM, the IBM logo, ibm.com and X-Force are trademark Web site], are trademarks or registered
trademarks of International Business Machines Corporation in the United States, other countries, or both.
If these and other IBM trademarked terms are marked on their first occurrence in this information with the
appropriate symbol (® or ™), these symbols indicate US registered or common law trademarks owned by
IBM at the time this information was published. Such trademarks may also be registered or common law
trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and
trademark information” at: www.ibm.com/legal/copytrade.shtml.
 Other company, product and service names may be trademarks or service marks of others.
 The performance data discussed herein is presented as derived under specific operating conditions.
Actual results may vary.
 References in this publication to IBM products or services do not imply that IBM intends to make them
available in all countries in which IBM operates.
 THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY,
EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-
INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements
under which they are provided.


IBM Security Services: Enabling Innovation with Confidence Through Proactive Risk Management

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (8)

Ähnlich wie IBM Security Services: Enabling Innovation with Confidence Through Proactive Risk Management

Ähnlich wie IBM Security Services: Enabling Innovation with Confidence Through Proactive Risk Management (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

IBM Security Services: Enabling Innovation with Confidence Through Proactive Risk Management

Hinweis der Redaktion