Take your SOC Beyond SIEM

1. Take your SOC beyond SIEM Tom Springer May 9, 2018 North American Digital Development Representative IBM #QRADAR bit.ly/IBMSecurityTom

2. 2 IBM Security Today’s security challenges COMPLIANCE HUMAN ERROR SKILLS GAP ADVANCED ATTACKS INNOVATION TIME

3. 3 IBM Security Todays security operations priorities Security Orchestration and Analytics Advance and Persistent Threats Insider Threats Critical Data Protection Secure the Cloud Manage Vulnerability Risk Incident Response Compliance

4. 4 IBM Security Event Correlation and Log Management IBM QRadar Security Intelligence SIEM LAYER Incident Response Orchestration Cognitive Security Threat Intelligence Hunting User and Entity Behavior ABOVE THE SIEM New Security Operations Tools BELOW THE SIEM IBM QRadar – An integrated ‘Above SIEM’ solution for the SOC

5. Securing the enterprise

6. 6 IBM Security Advanced Threat Detection : How can organizations… Address these concerns: • Identify threats in real time and escalate to identify the most critical ones to focus on • Detect long and slow attacks • Avoid alert fatigue and minimize the chance of missing alerts in the noise of event data • Identify threat actors, malware, campaigns and the attack vectors exploited in the face of skills and knowledge gaps and ever growing threat variety

7. 7 IBM Security Detecting Advanced and persistent threats with deep Network Insights and AI SINGLE, REAL-TIME ATTACK VIEW Intelligently gathers all attack related activities into a single pain of glass and updates in real time as attack unfolds minimizing noise BUSINESS DRIVEN PRIORITIZATION Automatically adjusts severity based on business impact, and evidence as attack progresses COGNITIVE ANALYSIS Accelerates alert triage and threat discovery with cognitive incident analysis COMPREHENSIVE INVESTIGATION Enables full forensics analysis of log, network PCAP, and Endpoint data from single screen Asset Database Vulnerability Data Network Behaviour Analytics Threat Intelligence Cognitive Analysis Event has been triggered against a high profile asset Asset is vulnerable to this specific attack Network analytics detects abnormal behaviour Outbound connection has connected to a known ‘bad’ site Watson reveals wider campaign, Malware other IOCs INCIDENT ALERT

8. 8 IBM Security Insider Threats : How can organizations… Address these concerns: • Have credentials been stolen via phishing or malware account takeover • Are credentials being misused • Are there double earners and career jumpers stealing customer data and/or intellectual property • Are users performing activities that are putting themselves and the organization at increased risk

9. 9 IBM Security Identify insider threats with behavioral analytics IDENTIFY AT RISK USERS Account takeover, disgruntled employees, malware actions STREAMLINED INCIDENT INVESTIGATIONS Immediate insights into risky user behaviors, action and activity history 360°ANALYSIS Performs analysis of activities at the end point, insights from network data, and cloud activities FAST TIME TO VALUE Deploys in minutes from the IBM App Exchange and leverages existing QRadar data sets immediately Behavioural and peer group analytics Network Threat Analytics Machine Learning Cloud Analytics Cognitive Analysis Unusual resource access Sensitive customer data copied Unusual amounts of data copied to file sharing/social media Abnormal salesforce Account access Watson reveals account compromised by spyware Risk Level

10. 10 IBM Security Cloud Security : How can organizations… Address these concerns: • What cloud services are being used and who is using them • Identify malicious and suspicious activities in cloud services • Insider threats and stolen credentials being used to access cloud services • Copying of sensitive and customer data to unapproved cloud services

11. 11 IBM Security Securing the cloud with end to end visibility IDENTIFY CLOUD APPS BEING USED Analyses proxy logs, with threat intelligence from IBM X-Force, combined with asset and use data to determine who is using what, how much they are using, and how risky it is BUSINESS APPS VISIBILITY Native cloud usage collection enabling visibility into what is going on in my environment (O365, Salesforce, AWS, etc.) and if it is it malicious QUICKLY FIND THREATS IN THE CLOUD Immediately discovers malicious activities in the cloud using out of the box analytics and Apps from the App Exchange Entity behavioural Analytics X-Force Threat Intell Network Threat Analytics Machine Learning User Behaviour Analysis Discover cloud services What Risk do they pose Is customer, sensitive, potentially malicious data being transferred Office 365 access location abnormal User account has been compromised Risk Level

12. 12 IBM Security Critical Data : How can organizations… Address these concerns: • What data do I have • Where is it • What is the nature of it, is it critical, PII or sensitive data • What systems and users can access it • Is it at risk to exploitation, exfiltration and compromise

13. 13 IBM Security Critical data protection and GDPR with Network Insights and behavioral profiling FIND IT Automatically identifies servers, services, databases, apps, and devices through real-time behavioral profiling of log, flow and vulnerability data. WHO CAN ACCESS IT Collects infrastructure topology configuration determining who is allowed to access servers, services and apps WHERE DOES IT GO Utilizes network insights to track network communications, behavior and content to identify critical data movement and exfiltration IDENTIFY EXFILTRATION Analyses DLP, network insights, threat intelligence and user behaviors to highlight risky data transfer Behavioural Analytics and Profiling Vulnerability Scanning and Integration x-Force Threat Intell Network Threat Analytics Context Driven prioritization Discover File, Database And Applications Identify Vulnerability Risk Entities being accessed by potentially malicious sources Personal Identification and business data detected within network Security incident detected Severity automatically increased Risk Level

14. Ensuring customer success

15. 15 IBM Security Advanced Threat Detection Insider Threat Securing the Cloud Risk and Vuln Management A security operations platform for todays and tomorrows needs Critical Data Protection Compliance Incident Response Fast to deploy, easy to manage, and focused on your success

16. 16 IBM Security Learn more about IBM Security countries where IBM delivers managed security services industry analyst reports rank IBM Security as a LEADER fastest growing of the Top 5 security vendors clients protected including… 133 25 No. 1 12K+ 90% of the Fortune 100 companies Join IBM X-Force Exchange xforce.ibmcloud.com Visit our website ibm.com/security Watch our videos on YouTube IBM Security Channel Read new blog posts SecurityIntelligence.com Follow us on Twitter @ibmsecurity

17. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2017. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU

Take your SOC Beyond SIEM

Take your SOC Beyond SIEM

Recomendados

Más contenido relacionado

Was ist angesagt?

Was ist angesagt?(20)

Similar a Take your SOC Beyond SIEM

Similar a Take your SOC Beyond SIEM(20)

Último

Último(20)

Take your SOC Beyond SIEM