SlideShare ist ein Scribd-Unternehmen logo

4 undeniable truths about advanced threat protection

Als PPTX, PDF herunterladen
IBM Security
IBM Security

Are you prepared for the next attack targeting your organization? Multi-faceted, persistent threats continue to increase and evolve, evading traditional stand-alone security technologies and forcing a critical need for an integrated, multi-dimensional approach. Today’s targeted attacks require the ability to disrupt the attack lifecycle in order to prevent further compromise. Join IBM Security expert, Kevin Skapinetz, as we discuss new strategies to address these sophisticated threats, and introduce IBM Threat Protection System, which incorporates the ability to continuously prevent, detect and respond to these types of attacks. View the full on-demand webcast: http://securityintelligence.com/events/undeniable-truths-advanced-threat-protection/#.VMvUF_Mo6Mo

Technologie
1 von 17
© 2014 IBM Corporation IBM Security 1© 2014 IBM Corporation 4 Undeniable Truths about Advanced Threat Protection Kevin Skapinetz Director of Strategy and Product Marketing
© 2014 IBM Corporation IBM Security 2 We are in an era of continuous breaches Attackers are relentless, victims are targeted, and the damage toll is rising Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014 Operational Sophistication IBM X-Force declared Year of the Security Breach Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 500,000,000+ records were leaked, while the future shows no sign of change 2011 2012 2013 Note: Size of circle estimates relative impact of incident in terms of cost to business. 2011 2012 2013
© 2014 IBM Corporation IBM Security 3 And the cost of a data breach is on the rise, with customers at risk 2014 Cost of Data Breach Study From Ponemon Institute, sponsored by IBM
© 2014 IBM Corporation IBM Security 4 Security is a board room discussion, and security leaders are more accountable than ever before Your Board and CEO demand a strategy Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, inte grity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation CEO CFO/COO CIO CHRO CMO Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
© 2014 IBM Corporation IBM Security 5 Threats have evolved… …yet the majority of security teams are still using siloed, discrete defenses Are security teams up for the challenge? Broad Attacks Indiscriminate malware, spam and DoS activity Targeted Attacks Advanced, persistent, organized, and politically or financially motivated o Build multiple perimeters o Protect all systems o Use signature-based methods o Periodically scan for known threats o Read the latest news o Shut down systems o Assume constant compromise o Prioritize high-risk assets o Use behavioral-based methods o Continuously monitor activity o Consume real-time threat feeds o Gather, preserve, retrace evidence Requiring a new approach to protection… Tactical Approach Compliance-driven, Reactionary Strategic Approach Intelligence-driven, Continuous New threats require new thinking, but most are defending against yesterday’s attacks
© 2014 IBM Corporation IBM Security 6 Four truths about advanced threat protection Despite increasing challenges, organizations can protect themselves by adopting the right strategy 1 Prevention is mandatory Traditional methods of prevention have often failed, leaving many to believe detection is the only way forward. This is a dangerous proposition. 2 Security Intelligence is the underpinning Specialized knowledge in one domain is not enough. It takes enterprise-wide visibility and maximum use of data to stop today’s threats. 3 Integration enables protection The best defense is relentless improvement. Technologies must seamlessly integrate with processes and people across the entire lifecycle of attacks. 4 Openness must be embraced Security teams need the ability to share context and invoke actions between communities of interest and numerous new and existing security investments.
© 2014 IBM Corporation IBM Security 7 Introducing the IBM Threat Protection System A dynamic, integrated system to disrupt the lifecycle of advanced attacks and help prevent loss Made possible by the following: Accelerated Roadmap Significant investment across 10 development labs to fast-track advanced threat protection offerings Unique Integrations Strategic focus on connecting IBM products to streamline intelligence sharing and take action New Partnerships Coordinated outreach across the industry to bring together interoperable products for our customers
© 2014 IBM Corporation IBM Security 8 © 2014 IBM Corporation8 Exploit Disruption Prevent malware installs • Verify the state of applications • Block exploit attempts used to deliver malware Prevent mutated exploits • Verify the state of network protocols • Block unknown exploits with behavioral heuristics Malware Quarantine Prevent control channels • Stop direct outbound malware communications • Protect against process hijacking Prevent active beaconing • Stop malware and botnet control traffic with real-time reputation and SSL inspection User Protection Prevent malicious apps • Block access to malicious websites • Protect against web application misuse Prevent credential loss • Block keyloggers • Stop credential use on phishing sites • Limit reuse of passwords On the Endpoint Trusteer Apex Malware Protection On the Network IBM Security Network Protection XGS Focus on critical points in the attack chain with preemptive defenses on both the endpoint and network
© 2014 IBM Corporation IBM Security 9 © 2014 IBM Corporation9 Continuously monitor security-relevant activity from across the entire organization Pre-Attack Analytics Predict and prioritize security weaknesses before adversaries do • Use automated vulnerability scans and rich security context • Emphasize high- priority, unpatched, or defenseless assets requiring attention IBM Security QRadar Vulnerability Manager Real-time Attack Analytics Detect activity and anomalies outside normal behavior • Correlate and baseline massive sets of data • From logs, events, flows, user activity, assets, locations, v ulnerabilities, external threats, and more IBM Security QRadar SIEM IBM Security QRadar Security Intelligence Platform
© 2014 IBM Corporation IBM Security 10 © 2014 IBM Corporation10 Rapid Response Integrations Quickly expand security coverage to prevent further harm • Share indicators across control points • Dynamically apply customized rules IBM Security Framework Integrations Quickly investigate breaches, retrace activity, and learn from findings to remediate weaknesses Help prepare for and withstand security breaches more effectively • Gain access to key resources that can enable faster recovery and help reduce incident business impact Emergency Response Services IBM Emergency Response Services Post-Attack Incident Forensics Reduce the time to fully discover what happened and when it occurred • Index and reconstruct attack activity and content from full-packet network data • Apply search engine technology and advanced visualizations IBM Security QRadar Incident Forensics
© 2014 IBM Corporation IBM Security 11 Leverage threat intelligence with product integrations that draw upon human and machine-generated information Global Threat Intelligence X-Force Intelligence Network • Combines the renowned expertise of X-Force with Trusteer malware research • Catalog of 70K+ vulnerabilities, 22B+ web pages, and data from 100M+ endpoints • Intelligence databases dynamically updated on a minute-by-minute basis Web App Control URL/Web Filtering IP/Domain Reputation Exploit Triage Malware Analysis Zero-day Research Real-time sharing of Trusteer intelligence NEW
© 2014 IBM Corporation IBM Security 12 Share, analyze, and act upon information gathered from an ecosystem of third-party products Security Partner Ecosystem and Integrations IBM works with a broad set of technology vendors who provide complementary solutions and are integrated with our security products Strengthen the threat protection lifecycle • Leverage a vibrant ecosystem of security products • Increase visibility, collapse information silos, and provide insights on advanced attacks Ready for IBM Security Intelligence Partner Ecosystem 90+ vendors and 400+ products Trend Micro Deep Security IBM XGS Quarantine and Blocking FireEye Web Malware Protection System IBM XGS Quarantine and Blocking Damballa Failsafe IBM XGS Quarantine and Blocking Palo Alto Firewalls Trusteer Apex integration Planned Advanced Threat Protection Integrations: Additional Example QRadar Partners:
© 2014 IBM Corporation IBM Security 13 Examples of breaking the attack chain through integrated intelligence ATTACK CHAIN Gather Internal system attempts to access and export data from critical resources XGS prevents the remote exploit from reaching the vulnerable browser and alerts QRadar to the intrusion attempt Apex prevents malware from installing, shares an event to QRadar through the cloud, and enforces an XGS quarantine rule XGS prevents the attempt to scan internal systems, while QRadar detects abnormal traffic patterns on the network QRadar detects user logins and database activity revealing abnormal access to sensitive servers QRadar detects the slow data transfer, sends a quarantine rule to XGS, while Incident Forensics investigates attack activity Break-in Attacker sends a phishing email to an unsuspecting user, a link is clicked, an exploit is sent to the browser Latch-on Remote employee executes untrusted code from an attachment, which tries to download and install malware Expand Attacker finds a way in and tries to search for usernames and passwords to access critical systems Exfiltrate Malware made its way through an unprotected system and attempts to quietly siphon out data
© 2014 IBM Corporation IBM Security 14 IBM is uniquely positioned to offer integrated protection Open Integrations Smarter Prevention Security Intelligence Continuous Response Global Threat Intelligence 1 2 3 5 4 Ready for IBM Security Intelligence Ecosystem New functionality from partners including FireEye, TrendMicro, Damb alla and other protection vendors NEW IBM X-Force Threat Intelligence New virtual real-time sharing of Trusteer threat intelligence from 100M+ endpoints with X-Force NEW IBM Emergency Response Services IBM Security QRadar Incident Forensics Integrated forensics module with full packet search and visual reconstruction of threat actor relationships NEW Increased global coverage and expertise related to malware analysis and forensics NEW Trusteer Apex Endpoint Malware Protection IBM Security Network Protection XGS Java Lockdown Protection - granular control of untrusted code, cloud-based file inspection, and QRadar integration NEW Advanced Threat Quarantine integration from QRadar and third-party products, inclusion of Trusteer intelligence into XGS NEW IBM Security QRadar Security Intelligence Data Node appliance, new flow and event APIs, and vulnerability management improvements NEW Threat Monitoring and Intelligence Services Managed SIEM enhancements, new cyber threat intelligence NEW
© 2014 IBM Corporation IBM Security 15 IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Advanced threats Cloud Mobile Compliance and Fraud Mega trends Intelligence. Integration. Expertise.
© 2014 IBM Corporation IBM Security 16 For more information… And visit us on SecurityIntelligence.com Facebook https://facebook.com/secintelligence Website /protection-ibm.com/security/threat YouTube IBMSecuritySolutionsyoutube.com/user/ Twitter https://twitter.com/IBMSecurity
© 2014 IBM Corporation IBM Security 17 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Empfohlen

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
OPNFV
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
InnoTech
 
InduSoft System security webinar 2012
InduSoft System security webinar 2012InduSoft System security webinar 2012
InduSoft System security webinar 2012
AVEVA
 
Amien Harisen - APT1 Attack
Amien Harisen - APT1 AttackAmien Harisen - APT1 Attack
Amien Harisen - APT1 Attack
Indonesia Honeynet Chapter
 
Security best practices
Security best practicesSecurity best practices
Security best practices
AVEVA
 

Empfohlen

IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
OPNFV
 
Crack the Code
Crack the CodeCrack the Code
Crack the Code
InnoTech
 
InduSoft System security webinar 2012
InduSoft System security webinar 2012InduSoft System security webinar 2012
InduSoft System security webinar 2012
AVEVA
 
Amien Harisen - APT1 Attack
Amien Harisen - APT1 AttackAmien Harisen - APT1 Attack
Amien Harisen - APT1 Attack
Indonesia Honeynet Chapter
 
Security best practices
Security best practicesSecurity best practices
Security best practices
AVEVA
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
IBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
IBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
IBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Weitere ähnliche Inhalte

Mehr von IBM Security

Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 

Mehr von IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

4 undeniable truths about advanced threat protection

  • 1. © 2014 IBM Corporation IBM Security 1© 2014 IBM Corporation 4 Undeniable Truths about Advanced Threat Protection Kevin Skapinetz Director of Strategy and Product Marketing
  • 2. © 2014 IBM Corporation IBM Security 2 We are in an era of continuous breaches Attackers are relentless, victims are targeted, and the damage toll is rising Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2014 Operational Sophistication IBM X-Force declared Year of the Security Breach Near Daily Leaks of Sensitive Data 40% increase in reported data breaches and incidents Relentless Use of Multiple Methods 500,000,000+ records were leaked, while the future shows no sign of change 2011 2012 2013 Note: Size of circle estimates relative impact of incident in terms of cost to business. 2011 2012 2013
  • 3. © 2014 IBM Corporation IBM Security 3 And the cost of a data breach is on the rise, with customers at risk 2014 Cost of Data Breach Study From Ponemon Institute, sponsored by IBM
  • 4. © 2014 IBM Corporation IBM Security 4 Security is a board room discussion, and security leaders are more accountable than ever before Your Board and CEO demand a strategy Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, inte grity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation CEO CFO/COO CIO CHRO CMO Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
  • 5. © 2014 IBM Corporation IBM Security 5 Threats have evolved… …yet the majority of security teams are still using siloed, discrete defenses Are security teams up for the challenge? Broad Attacks Indiscriminate malware, spam and DoS activity Targeted Attacks Advanced, persistent, organized, and politically or financially motivated o Build multiple perimeters o Protect all systems o Use signature-based methods o Periodically scan for known threats o Read the latest news o Shut down systems o Assume constant compromise o Prioritize high-risk assets o Use behavioral-based methods o Continuously monitor activity o Consume real-time threat feeds o Gather, preserve, retrace evidence Requiring a new approach to protection… Tactical Approach Compliance-driven, Reactionary Strategic Approach Intelligence-driven, Continuous New threats require new thinking, but most are defending against yesterday’s attacks
  • 6. © 2014 IBM Corporation IBM Security 6 Four truths about advanced threat protection Despite increasing challenges, organizations can protect themselves by adopting the right strategy 1 Prevention is mandatory Traditional methods of prevention have often failed, leaving many to believe detection is the only way forward. This is a dangerous proposition. 2 Security Intelligence is the underpinning Specialized knowledge in one domain is not enough. It takes enterprise-wide visibility and maximum use of data to stop today’s threats. 3 Integration enables protection The best defense is relentless improvement. Technologies must seamlessly integrate with processes and people across the entire lifecycle of attacks. 4 Openness must be embraced Security teams need the ability to share context and invoke actions between communities of interest and numerous new and existing security investments.
  • 7. © 2014 IBM Corporation IBM Security 7 Introducing the IBM Threat Protection System A dynamic, integrated system to disrupt the lifecycle of advanced attacks and help prevent loss Made possible by the following: Accelerated Roadmap Significant investment across 10 development labs to fast-track advanced threat protection offerings Unique Integrations Strategic focus on connecting IBM products to streamline intelligence sharing and take action New Partnerships Coordinated outreach across the industry to bring together interoperable products for our customers
  • 8. © 2014 IBM Corporation IBM Security 8 © 2014 IBM Corporation8 Exploit Disruption Prevent malware installs • Verify the state of applications • Block exploit attempts used to deliver malware Prevent mutated exploits • Verify the state of network protocols • Block unknown exploits with behavioral heuristics Malware Quarantine Prevent control channels • Stop direct outbound malware communications • Protect against process hijacking Prevent active beaconing • Stop malware and botnet control traffic with real-time reputation and SSL inspection User Protection Prevent malicious apps • Block access to malicious websites • Protect against web application misuse Prevent credential loss • Block keyloggers • Stop credential use on phishing sites • Limit reuse of passwords On the Endpoint Trusteer Apex Malware Protection On the Network IBM Security Network Protection XGS Focus on critical points in the attack chain with preemptive defenses on both the endpoint and network
  • 9. © 2014 IBM Corporation IBM Security 9 © 2014 IBM Corporation9 Continuously monitor security-relevant activity from across the entire organization Pre-Attack Analytics Predict and prioritize security weaknesses before adversaries do • Use automated vulnerability scans and rich security context • Emphasize high- priority, unpatched, or defenseless assets requiring attention IBM Security QRadar Vulnerability Manager Real-time Attack Analytics Detect activity and anomalies outside normal behavior • Correlate and baseline massive sets of data • From logs, events, flows, user activity, assets, locations, v ulnerabilities, external threats, and more IBM Security QRadar SIEM IBM Security QRadar Security Intelligence Platform
  • 10. © 2014 IBM Corporation IBM Security 10 © 2014 IBM Corporation10 Rapid Response Integrations Quickly expand security coverage to prevent further harm • Share indicators across control points • Dynamically apply customized rules IBM Security Framework Integrations Quickly investigate breaches, retrace activity, and learn from findings to remediate weaknesses Help prepare for and withstand security breaches more effectively • Gain access to key resources that can enable faster recovery and help reduce incident business impact Emergency Response Services IBM Emergency Response Services Post-Attack Incident Forensics Reduce the time to fully discover what happened and when it occurred • Index and reconstruct attack activity and content from full-packet network data • Apply search engine technology and advanced visualizations IBM Security QRadar Incident Forensics
  • 11. © 2014 IBM Corporation IBM Security 11 Leverage threat intelligence with product integrations that draw upon human and machine-generated information Global Threat Intelligence X-Force Intelligence Network • Combines the renowned expertise of X-Force with Trusteer malware research • Catalog of 70K+ vulnerabilities, 22B+ web pages, and data from 100M+ endpoints • Intelligence databases dynamically updated on a minute-by-minute basis Web App Control URL/Web Filtering IP/Domain Reputation Exploit Triage Malware Analysis Zero-day Research Real-time sharing of Trusteer intelligence NEW
  • 12. © 2014 IBM Corporation IBM Security 12 Share, analyze, and act upon information gathered from an ecosystem of third-party products Security Partner Ecosystem and Integrations IBM works with a broad set of technology vendors who provide complementary solutions and are integrated with our security products Strengthen the threat protection lifecycle • Leverage a vibrant ecosystem of security products • Increase visibility, collapse information silos, and provide insights on advanced attacks Ready for IBM Security Intelligence Partner Ecosystem 90+ vendors and 400+ products Trend Micro Deep Security IBM XGS Quarantine and Blocking FireEye Web Malware Protection System IBM XGS Quarantine and Blocking Damballa Failsafe IBM XGS Quarantine and Blocking Palo Alto Firewalls Trusteer Apex integration Planned Advanced Threat Protection Integrations: Additional Example QRadar Partners:
  • 13. © 2014 IBM Corporation IBM Security 13 Examples of breaking the attack chain through integrated intelligence ATTACK CHAIN Gather Internal system attempts to access and export data from critical resources XGS prevents the remote exploit from reaching the vulnerable browser and alerts QRadar to the intrusion attempt Apex prevents malware from installing, shares an event to QRadar through the cloud, and enforces an XGS quarantine rule XGS prevents the attempt to scan internal systems, while QRadar detects abnormal traffic patterns on the network QRadar detects user logins and database activity revealing abnormal access to sensitive servers QRadar detects the slow data transfer, sends a quarantine rule to XGS, while Incident Forensics investigates attack activity Break-in Attacker sends a phishing email to an unsuspecting user, a link is clicked, an exploit is sent to the browser Latch-on Remote employee executes untrusted code from an attachment, which tries to download and install malware Expand Attacker finds a way in and tries to search for usernames and passwords to access critical systems Exfiltrate Malware made its way through an unprotected system and attempts to quietly siphon out data
  • 14. © 2014 IBM Corporation IBM Security 14 IBM is uniquely positioned to offer integrated protection Open Integrations Smarter Prevention Security Intelligence Continuous Response Global Threat Intelligence 1 2 3 5 4 Ready for IBM Security Intelligence Ecosystem New functionality from partners including FireEye, TrendMicro, Damb alla and other protection vendors NEW IBM X-Force Threat Intelligence New virtual real-time sharing of Trusteer threat intelligence from 100M+ endpoints with X-Force NEW IBM Emergency Response Services IBM Security QRadar Incident Forensics Integrated forensics module with full packet search and visual reconstruction of threat actor relationships NEW Increased global coverage and expertise related to malware analysis and forensics NEW Trusteer Apex Endpoint Malware Protection IBM Security Network Protection XGS Java Lockdown Protection - granular control of untrusted code, cloud-based file inspection, and QRadar integration NEW Advanced Threat Quarantine integration from QRadar and third-party products, inclusion of Trusteer intelligence into XGS NEW IBM Security QRadar Security Intelligence Data Node appliance, new flow and event APIs, and vulnerability management improvements NEW Threat Monitoring and Intelligence Services Managed SIEM enhancements, new cyber threat intelligence NEW
  • 15. © 2014 IBM Corporation IBM Security 15 IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Advanced threats Cloud Mobile Compliance and Fraud Mega trends Intelligence. Integration. Expertise.
  • 16. © 2014 IBM Corporation IBM Security 16 For more information… And visit us on SecurityIntelligence.com Facebook https://facebook.com/secintelligence Website /protection-ibm.com/security/threat YouTube IBMSecuritySolutionsyoutube.com/user/ Twitter https://twitter.com/IBMSecurity
  • 17. © 2014 IBM Corporation IBM Security 17 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.