What Are The Drone Anti-jamming Systems Technology?
Presentación AMIB Los Cabos
1. La seguridad y los requerimientos regulatorios en las Casas de Bolsa Mexicanas Juan Carlos Carrillo Security Sales Leader viernes 9 de julio de 2010
2. agenda 6 5 IBM Security Framework 4 La regulación y los riesgos para Casas de Bolsa 2 X-Force® 2009 Trend & Risk Report Highlights 1 3 IBM ISS security consulting solutions IBM ISS product solutions IBM ISS service solutions
9. Application & Processes: Web App Vulnerabilities Continue to Dominate Security and Spending are Unbalanced “ The cleanup cost for fixing a bug in a homegrown Web application ranges anywhere from $400 to $4,000 to repair, depending on the vulnerability and the way it's fixed.” -Darkreading.com
21. IBM ISS Solutions 07/09/10 IBM has the unmatched local and global expertise to deliver complete solutions and manage the cost and complexity of security. In addition, X-force, IBM ISS’ security and development organization, is one of the best-known commercial groups in the world. It discovers 30-60% of all vulnerabilities and captures more than 2 billion events per day
24. ¿Cuánto vale su identidad? “ La identidad de Everardo Rodríguez fue robada, pero se la devolvieron”
25. Un Club Para Evitar http://www.privacyrights.org/ar/ChronDataBreaches.htm Organización Registros Comprometidos Colorado Health Dept 1,600 Eastman Kodak 5,800 MCI 16,500 Bank of America 18,000 CA Dept Health Services 21,600 Oklahoma State University 37,000 US Department of Justice 80,000 Univ of California, Berkley 98,400 San Jose Medical Center 185,000 ChoicePoint 145,000
33. Performance Flexibility: IPS beyond the perimeter “… It is important to mandate that all ingress (inbound) traffic run through a segment of inline network intrusion protection. Trace packet flows to ensure that each packet entering your network passes through at least one IPS sensor… ”
38. Case Study in Proventia ESC Savings: Financial Customer Moved from low 80% success rate to 95% success rate with real-time reporting ~5 minutes 1 4 1 week for all infrastructure 800 90,000 After Proventia ESC Key Matrix Before Proventia ESC The Results # of Managed Endpoints 40,000 out of 90,000 50K unknown endpoints Uncovered 50K previously unknown endpoints # of Locations 100+ Expanded locations by 700 Time to Install 8+ months for all infrastructure Saved more than 7 months for new agent installation # of Required Administrators 20 Reduced required admins by 1/5th # of Dedicated Servers 25 Reduced dedicated servers by 24 Time to complete an enterprise wide full discovery, remediation and reporting cycle ~7 days Saved 6 days, 23 hours, and 55 minutes for enterprise wide discovery…
42. Source: IBM Internet Security Systems, 2008 Security Management Monthly Annual Assumes full security staff of 10 providing 24x7x35 coverage, managing 12 HA Firewalls and 6 IDS engines, attending 2 training classes/yr, 20% employee turnover, equipment costs allocated over 3 years, and maintenance costing15% of total equipment costs. In this example, leveraging a managed protection provider yields a 55% savings over in-house security In-house ISS Managed Security Cost Savings $82,592 $37,671 $44,921 $995,102 $452,051 $543,051 Cost Savings at a Glance
To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
Speaker’s notes: We take data from a lot of various disciplines including the Web filtering database second only to Google that provides analysis for more than 9 billion Web sites and images, we also see what kind of intrusion attempts the managed services team sees across its customer base currently tracking at 150 million per day, we have more than 40 million documented spam attacks, and 40,000 documented vulnerabilities from both internal research and external disclosures. This report is unique in the fact that the sources listed above provide varying perspectives on the threat landscape to together provide a cohesive look at the industry based on factual data from the various research functions within the broader X-force team and databases.
Speaker’s notes: Let’s explore the key findings of the report – all mapped back to the IBM Security Framework. The full X-Force Trend & Threat Report is available for download at: http://www-935.ibm.com/services/us/iss/xforce/trendreports/
Speaker’s notes: One of the things that we did this year was to take a slightly differently look at how the vulnerabilities are classified and how they are rated by criticality. We’ve noticed that the traditional way to categorize vulnerabilities is not the same criteria by which a hacker or crime organization might classify the vulnerability. What may appear to rate “high” on a traditional scale may never be exploited because it has too small a target audience or doesn’t provide the appropriate financial payout. The grid on the right hand side of the screen shows the Exploitability Probability Quadrant, on the Y axis is the total opportunity size whereas the X axis shows the cost to exploit the vulnerability. Ideally, the criminal community will look for an exploit that falls in the upper right hand “sweet spot” of a vulnerability that is cheap to exploit with lots of targets or opportunity that can result in a high payout.
Speaker’s notes: This slide breaks down the motivation of an attacker. You can see that “gain access” and “data manipulation” still rank extremely high as far as motivation for criminal organizations. Gaining access to a system provides an attacker complete control over the affected system, which would allow them to steal data, manipulate the system, or launch other attacks from that system. The category of data manipulation took a plunge but still higher in comparison to 2006 and 2007
To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
MOVED THE TEXT AT BOTTOM TO THE LEFT
Data from PRIVACY RIGHTS CLEARINGHOUSE A Chronology of Data Breaches Reported Since the ChoicePoint Incident (http://www.privacyrights.org/ar/ChronDataBreaches.htm)
PAPB (PCI Application Assessments) these are slightly different than the full assessment.
To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
Architecture of PAM (with highly efficient software) gives Proventia the capacity (CPU utilization) to add new modules of protection without degrading core IPS security effectiveness Client Benefits Security convergence eliminates the costs of deploying and managing point products Increasing value of existing Proventia IPS deployments Example: Proventia Content Analyzer added in Q1 2008 for data security Example: Proventia Web application security add Q2 2009
To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
There’s always something of our VSOC platform the customer can use… it’s just a question of asking him what they currently have in place security wise and adding our options. Some might have a NOC in place… NOC <> SOC NOC Merely handles fixed procedures, SOC looks at the possible impact and results of some events All customers’ answers can be address with some service… This is VSOC, the combination of all these concepts – it’s a whole platform. - Left side of the screen, all full blown services by managed products. Customer typically has nothing yet and needs it all. - Right side; the customer might have some products, people, procedures and need parts of the whole services. They’ll want to keep the existing services etc, but need something extra. You’re thus enabling the customer to do the work – whereas they can add something of VSOC Customer might have logs, but nothing to store/analyze them… then why bother keeping logs… We can offer them log management services where we can import logs from about anything. XFTAS is free when you buy anything else, this however might be the only thing they need. Governments love this as they already have something inhouse and can use the intelligence from ISS in addition to their internal service. - The middle part is the initial screen of the portal – don’t sell the customer a single part from the right or left, sell them what they need… The system is the same, same backend – can scale on to any other service.
This chart is just an example of the cost savings clients find they gain by choosing to partner with us for MSS vs. doing it in-house. Many clients calculate a savings of up to 55%.
To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text
To replace the title / subtitle with your own: Click on the title block -> select all the text by pressing Ctrl+A -> press Delete key -> type your own text