Weitere ähnliche Inhalte
Ähnlich wie IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
Ähnlich wie IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi (20)
Mehr von IBM Switzerland (20)
Kürzlich hochgeladen (20)
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
- 1. © 2013 IBM Corporation
IBM Security Strategy
Tom Turner, Vice President of Marketing
7. Mai 2013
- 2. © 2013 IBM Corporation
Bring your
own IT
Social
business
Cloud and
virtualization
1 billion mobile
workers
1 trillion
connected
objects
Innovative technology changes everything
- 3. © 2013 IBM Corporation
Motivations and sophistication are rapidly evolving
National
Security
Nation-state
actors
Stuxnet
Espionage,
Activism
Competitors and
Hacktivists
Aurora
Monetary
Gain
Organized
crime
Zeus
Revenge,
Curiosity
Insiders and
Script-kiddies
Code Red
- 5. © 2013 IBM Corporation
Security challenges are a complex, four-dimensional puzzle
that requires a new approach
Applications
Web
Applications
Systems
Applications
Web 2.0 Mobile
Applications
Infrastructure
Datacenters PCs Laptops Mobile Cloud Non-traditional
Data At rest In motionUnstructuredStructured
People
Hackers Suppliers
Consultants Terrorists
Employees Outsourcers
Customers
Employees
Unstructured
Web 2.0Systems
Applications
Outsourcers
Structured In motion
Customers
Mobile
Applications
- 6. © 2013 IBM Corporation
Thinking differently about security
Then Now
Collect and Analyze Everything
People
Data
Applications
Infrastructure
Administration
Basic-
control
Bolt-on
Thicker
walls
Insight
Laser-
focused
Built-in
Smarter
defenses
- 7. © 2013 IBM Corporation
c69d172078b439545dfff28f3d3aacc1
51e65e6c798b03452ef7ae3d03343d8f
6bb6b9ce713a00d3773cfcecef515e02
c5907f5e2b715bb66b7d4b87ba6e91e7
bf30759c3b0e482813f0d1c324698ae8
6391908ec103847c69646dcbc667df42
23c4dc14d14c5d54e14ea38db2da7115
208066ea6c0c4e875d777276a111543e
00b3bd8d75afd437c1939d8617edc22f
01e22cce71206cf01f9e863dcbf0fd3f
117.0.178.252
83.14.12.218
94.23.71.55
103.23.244.254
62.28.6.52
202.231.248.207
175.106.81.66
217.112.94.236
119.252.46.32
180.214.243.243
dogpile.com
kewww.com.cn
ynnsuue.com
wpoellk.com
moveinent.com
moptesoft.com
varygas.com
earexcept.com
fullrow.com
colonytop.com
ynnsuue.com
117.0.178.252
51e65e6c798b03452ef7ae3d03343d8f
6bb6b9ce713a00d3773cfcecef515e02
Domain IP Address File Checksum
IBM Security Systems
Now: Situational Awareness
• Consume real-time intelligence about the
latest threats
• Correlate alerts against external behavior
and reputation
• Proactively block bad domains, IP address
and malware
Then: Reaction
• Read about the latest threats from
blogs and news
• Match against known signatures
and bad actors
Monitor Everything
Advanced Research
- 8. © 2013 IBM Corporation
ADP
Strengthens security with identity management initiative
Business need:
Manual identity management processes made it time-consuming and costly to
track when and if access rights are revoked.
Solution:
With a view to becoming “identity aware”, ADP worked with IBM Business Partner
Pontis Research and IBM to automate processes for user account provisioning,
de-provisioning and access management in its Active Directory, remote access
and facility management systems.
- 9. © 2013 IBM Corporation
ADP
Strengthens security with identity management initiative
Benefits:
Vastly increases security by reducing time to revoke
access from weeks to seconds
Reduces administration and help-desk costs while
enhancing visibility of user access
Provides zero-day and zero-based provisioning and
federated access to resources
Enables identity awareness
“IBM separated itself
from the crowd. IBM
Security Identity
Manager was up and
running within two
days even though we
gave each vendor a
week to complete the
Proof of Concept.“
Kyle F. Kennedy,
Director of Global
Directory and Identity
Services, ADP
- 10. © 2013 IBM Corporation10
Cisco
Scaling application vulnerability management across a large enterprise
Business need:
With a small security team and an application portfolio of nearly 2,500 applications,
security staff worried they were becoming a “bottleneck” in application security
testing.
Solution:
Using IBM® Security AppScan® Enterprise, Cisco empowered its developers and
QA personnel to test applications and address security issues before deployment.
- 11. © 2013 IBM Corporation11
Cisco
Scaling application vulnerability management across a large enterprise
Benefits:
Drove a 33 percent decrease in number of security
issues found; reduced post-deployment remediation
costs significantly; freed security experts to focus on
deep application vulnerability assessments
Scaling application vulnerability scanning across a large
enterprise
"AppScan helped us
create a self-service
model. We could take
the product and put it
in the hands of the
developers and QA
testers so that they
could identify and fix
security
vulnerabilities before
production."
Sujata Ramamoorthy,
Director, Information
Security, Cisco
- 12. © 2013 IBM Corporation
Logs
Events Alerts
Configuration
information
System
audit trails
External
threat feeds
E-mail and
social activity
Network flows
and anomalies
Identity
context
Business
process data
Malware
information
Now: Intelligence
•Real-time monitoring
•Context-aware anomaly detection
•Automated correlation and analytics
Then: Collection
•Log collection
•Signature-based detection
Security Intelligence
- 13. © 2013 IBM Corporation
Business challenge:
Detect wide range of security threats affecting public-
facing Web applications
Help identify subtle changes in user behavior that
could indicate fraud or misuse
Solution: (QRadar SIEM, QFlow, X-Force, Network IPS)
Real-time correlation of hundreds of data sources, anomaly
detection to help identify “low and slow” threats, flexibility for easy
customization and expansion
Saved 50-80% on
staffing vs. alternative
solutions
Reduces one billion
incidents per day to
20-30 investigations
Optimize risk management
Equifax
Hardening defenses against threats and fraud
- 15. © 2013 IBM Corporation
Intelligence
Integration
Expertise
IBM delivers solutions across a security framework
- 16. © 2013 IBM CorporationProducts Services
Intelligence: A comprehensive portfolio of products and services
New in 2012
- 17. © 2013 IBM Corporation
Customize protection capabili-
ties to block specific vulner-
abilities using scan results
Converge access management
with web service gateways
Link identity information with
database security
Stay ahead of the changing
threat landscape
Designed to help detect the
latest vulnerabilities, exploits
and malware
Add security intelligence to
non-intelligent systems
Consolidate and correlate siloed
information from hundreds of
sources
Designed to help detect, notify
and respond to threats missed
by other security solutions
Automate compliance tasks and
assess risks
Integration: Increase security, collapse silos, and reduce complexity
JK2012-04-26
- 18. © 2013 IBM Corporation
Expertise: At IBM, the world is our Security lab
6,000 researchers, developers and subject matter experts
working security initiatives worldwide
- 19. © 2013 IBM Corporation
IBM Security Research
Dr. Andreas Wespi
CTO Office, IBM SWG Europe
7. Mai 2013
- 20. © 2013 IBM Corporation20
IBM Security Research
Watson
Cryptography Virtualization, Cloud
Biometrics Information Security
Security Analytics Ethical Hacking
Security Engineering Secure Hardware
Zurich
Cryptography Authentication Solutions
Virtualization, Cloud Key Management
Security Analytics Storage Security
Privacy Business Processes
Haifa
Information Security
Tokyo
Security Services
China
Internet of Things
- 21. © 2013 IBM Corporation
21
Sophisticated attackers are bypassing traditional
security defenses
• Attack related to article about
Wen Jiabao, China’s prime minister
• Attack was not detected for 4 months
• 45 pieces of malware used, only one
detected by anti-virus system
• All employee passwords stolen
• Computers of 53 employees accessed
• University computers used as proxies
- 22. © 2013 IBM Corporation
Break-in
Spoofed email with malicious file
attachment sent to users
Latch-on
Anomalous system behavior
and network communications
Expand
Device contacting internal hosts in
strange patterns
Gather
Abnormal user behavior and data
access patterns
Exfiltrate
Movement of data in chunks or
streams to unknown hosts
The anatomy of an Advanced Persistent Threat
Command
& Control (CnC)
Command
& Control (CnC)
1
2
3
4
5
- 23. © 2013 IBM Corporation
Initiatives Differentiating Capabilities
1. Identify mission-critical enterprise assets and very
sensitive data
Automate the discovery of high value assets: Enterprise
Information Security Management (EISM)
2. Build fine-grained perimeters Security Technologies for Converged Infrastructure
(Pure Systems) and Software Defined Environments
3. Monitor access paths to high value assets to develop
situational awareness and close the loop
Cybersecurity Analytics for Networks, Devices, Usage
and Entitlements, Social Networks, Applications and
Business Processes
4. End-to-end Security Mobile Security and Data-centric Security for the
Contextual Enterprise
5. Secure by Design Fully Homomorphic Encryption, Privacy, and Security
Engineering
23
Evolution and Demonstration of Differentiating Capabilities
Enterprise Data Center Network Cloud Operating Environment Smarter Planet
IBM Research’s Cybersecurity Agenda
- 24. © 2013 IBM Corporation24
1. Enterprise Information Security Management (EISM)
Identifying very sensitive data in the enterprise
SPI
SPI Patent
Confidential
Create Taxonomy
based on data business value
Interview subject matter experts
to prioritize data classes
(Semi-) automatically classify
data across all storage
instances
Objective
Apply the same protection level irrespective of the data location
- 25. © 2013 IBM Corporation25
3. Cybersecurity Analytics Platform
Dash-boarding,
Visualizing and Reporting
Stored Data &
Threat ProfilesStreaming Threats
Real-time
Security Software
+
10-40-100
Gb/S 100% packet Inspection
Real-time
Analytics
Massive (pbyte)
Scale Analytics Engine
- 26. © 2013 IBM Corporation26
Security Analytics is becoming a Big Data problem
- 27. © 2013 IBM Corporation27
Monitor system behavior across multiple layers
Real-Time Operation
Behavior Classification
Reputation Propagation
Risk Scoring
Data Aggregation
Historical Analysis / Model Building
Predictive Models
Benign & Malicious
Behavior Models
Forensic Analysis
Social
User
NetDev
Assets
Fraud
Data in motion
Data
Data at rest
- 28. © 2013 IBM Corporation
28
5. Secure by Design
Fully homomorphic encryption
• Fully homomorphic encryption is a privacy
enabling technology
• Allows encrypted user data to be processed
without the server knowing or reading the content
• Results returned to authorized user for decryption
• Privacy-enhanced cloud services, privacy
preserving aggregation for smarter planet
Craig Gentry
a 35-year-old IBM researcher,
solved this 30-year cryptographic problem
2010 ACM Distinguished Dissertation Award
2010 Best Paper Award – IACR Crypto
2010 Privacy Enhancing Technology Award
2009 Privacy Innovation Award from the
Intl. Association of Privacy Professionals
- 29. © 2013 IBM Corporation
Customer projects
Creating an impact for our
clients
Advanced Security Solutions
First-Of-A-Kind Projects
Collaborative Research
Collaborating to change the
way the world works
EU FP7 Projects
Standardization
Academic Research
Discovering the answers to
our greatest challenges
Security Foundations
(Cryptography, Distributed
Systems, )
IBM Security Research
From theory to practice or vice versa
29
IBM Research
Impact for IBM’s products and services