Cio ciso security_strategyv1.1

1. IBM Security Systems Agenda  The Security Landscape  Security Capabilities  Strategic Direction • Security Intelligence • Advanced Threats • Mobile Security • Cloud Computing © 2011 IBM Corporation

2. IBM Security Systems Solving a security issue is a complex, four-dimensional puzzle Employees Hackers Outsourcers Outsourcers Suppliers People Consultants Terrorists Customers Customers Data Structured Structured Unstructured Unstructured At rest In motion In motion Systems Systems Web Mobile Applications Web 2.0 Web 2.0 Mobile apps applications Applications Applications Applications Infrastructur e Attempting to protect the perimeter is not enough – siloed point products JK 2012-04-26 and traditional defenses cannot adequately secure the enterprise © 2011 IBM Corporation

3. IBM Security Systems Security teams must shift from a conventional “defense-in-depth” mindset and begin thinking like an attacker… Audit, Patch & Block Detect, Analyze & Remediate Think like a defender, Think like an attacker, defense-in-depth mindset counter intelligence mindset  Protect all assets  Protect high value assets  Emphasize the perimeter  Emphasize the data  Patch systems  Harden targets and weakest links  Use signature-based detection  Use anomaly-based detection  Scan endpoints for malware  Baseline system behavior  Read the latest news  Consume threat feeds  Collect logs  Collect everything  Conduct manual interviews  Automate correlation and analytics  Shut down systems  Gather and preserve evidence Broad Targete d © 2011 IBM Corporation

4. IBM Security Systems …By identifying and combining subtle indicators of targeted attacks  User behaves in risky manner 1 Spear phishing  Receives enterprise e-mail from and 0-day attack personal social network  Anomalous device and network Backdoor or behavior 2 malware is  DNS query to known malicious Command installed & Control (CnC) hosts  Abnormal traffic patterns  Anomalous user behavior 3 Lateral movement  Device is contacting new hosts  Anomalous network pattern  Anomalous user behavior 4 Data acquisition  Data access patterns abnormal and aggregation  Data rapidly aggregating  Movement of valuable data 5  Users accessing too many Data exfiltration Command resources & Control (CnC)  Device contacting unknown hosts © 2011 IBM Corporation

5. IBM Security Systems IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework IBM Security Systems  IBM Security Framework built on the foundation of COBIT and ISO standards  End-to-end coverage of the security domains  Managed and Professional Services to help clients secure the enterprise © 2011 IBM Corporation

7. IBM Security Systems Integration: Increase security, collapse silos, and reduce complexity  Consolidate and correlate  Customize protection  Stay ahead of the changing siloed information from capabilities to block specific threat landscape vulnerabilities using scan hundreds of sources  Designed to help detect the results  Designed to help detect, notify latest vulnerabilities, exploits  Converge access and respond to threats missed and malware management with web service by other security solutions  Add security intelligence to gateways  Automate compliance tasks non-intelligent systems  Link identity information with and assess risks JK 2012-04-26 database security © 2011 IBM Corporation

8. IBM Security Systems IBM Identity and Access Management Vision Key Themes Standardized IAM Secure Cloud, Mobile, Insider Threat and Compliance Social Interaction and IAM Governance Management Enhance context-based access Continue to develop Privileged Identity Expand IAM vertically to provide control for cloud, mobile and Management (PIM) capabilities identity and access intelligence SaaS access, as well as and enhanced Identity and Role to the business; Integrate integration with proofing, management horizontally to enforce user validation and authentication access to data, app, and solutions infrastructure © 2011 IBM Corporation

9. IBM Security Systems Data Security Vision Across Multiple Deployment Models Key Themes Reduced Total Cost Enhanced Compliance Dynamic of Ownership Management Data Protection Expanded support for databases and Enhanced Database Vulnerability Data masking capabilities for unstructured data, automation, Assessment (VA) and Database databases (row level, role level) handling and analysis of large Protection Subscription Service and for applications (pattern volumes of audit records, and (DPS) with improved update based, form based) to safeguard new preventive capabilities frequency, labels for specific sensitive and confidential data regulations, and product integrations © 2011 IBM Corporation

10. IBM Security Systems Application Security Vision Key Themes Coverage for Mobile Simplified interface and Security Intelligence applications and accelerated ROI Integration new threats New capabilities to improve customer Automatically adjust threat levels Continue to identify and reduce risk time to value and consumability based on knowledge of by expanding scanning with out-of-the-box scanning, application vulnerabilities by capabilities to new platforms static analysis templates and integrating and analyzing scan such as mobile, as well as ease of use features results with SiteProtector and introducing next generation the QRadar Security Intelligence dynamic analysis scanning and Platform glass box testing © 2011 IBM Corporation

11. IBM Security Systems Threat Protection Vision Security Network Intelligence Risk Log Manager SIEM Activity Future Platform Manager Monitor Threat Intelligence Vulnerability Data Malicious Websites Malware Information IP Reputation and Research Advanced Threat Content Web Network Intrusion Protection and Data Application Anomaly Future Prevention Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration Helps to prevent sophisticated threats Increased coverage of world-wide Tight integration between the and detect abnormal network threat intelligence harvested by Advanced Threat Protection behavior by using an extensible X-Force and the consumption of Platform and QRadar Security set of network security this data to make smarter and Intelligence platform to provide capabilities - in conjunction with more accurate security decisions unique and meaningful ways to real-time threat information and detect, investigate and Security Intelligence remediate threats © 2011 IBM Corporation

12. IBM Security Systems Infrastructure Protection – Endpoint and Server Vision Key Themes Security for Expansion of Security Intelligence Mobile Devices Security Content Integration Provide security for and manage Continued expansion of security Improved usage of analytics - traditional endpoints alongside configuration and vulnerability providing valuable insights to mobile devices such as Apple content to increase coverage for meet compliance and IT security iOS, Google Android, Symbian, applications, operating systems, objectives, as well as further and Microsoft Windows Phone - and industry best practices integration with SiteProtector using a single platform and the QRadar Security Intelligence Platform © 2011 IBM Corporation

13. IBM Security Systems Expertise: New services organization designed to help the CISO Managed and Professional Services to help clients assess their security maturity, identify areas of vulnerability, and design and deploy internal and/or managed security solutions The 10 Security Essentials for the CIO are customer on-ramps building a more optimized security posture Essential Practices © 2011 IBM Corporation

14. IBM Security Systems Solutions for the full Security Intelligence timeline Are we configured What are the external and What is happening right to protect against What was the impact? internal threats? now? these threats? Prediction & Prevention Reaction & Remediation Risk Management. Vulnerability Management. Network and Host Intrusion Prevention. Configuration and Patch Management. Network Anomaly Detection. Packet Forensics. X-Force Research and Threat Intelligence. Database Activity Monitoring. Data Leak Prevention. Compliance Management. Reporting and Scorecards. SIEM. Log Management. Incident Response. © 2011 IBM Corporation

15. IBM Security Systems Security Intelligence: Integrating across IT silos with Security Intelligence solutions Security Devices Servers & Hosts Event Correlation • Logs • IP Reputation Network & Virtual Activity • Flows • Geo Location Database Activity Offense Identification Activity Baselining & Anomaly • Credibility Detection • Severity Application Activity • Relevance • User Activity Configuration Info • Database Activity • Application Activity Vulnerability Info • Network Activity User Activity Suspected Incidents Extensive Data Deep Exceptionally Accurate and Sources + Intelligence = Actionable Insight JK 2012-04-26 © 2011 IBM Corporation

16. IBM Security Systems Security Intelligence: QRadar provides security visibility IBM X-Force® Threat Real-time Security Overview Information Center w/ IP Reputation Correlation Identity and Real-time Network Visualization User Context and Application Statistics Inbound Security Events © 2011 IBM Corporation

18. IBM Security Systems Advanced Persistent Threat (APT) is different 1 Advanced – Exploiting unreported vulnerabilities – Advanced, custom malware is not detected by antivirus products – Coordinated, researched attacks using multiple vectors 2 Persistent – Attacks lasting for months or years – Attackers are dedicated to the target – they will get in Threat 3 – Targeted at specific individuals and groups within an organization, aimed at compromising confidential information – Not random attacks – they are “out to get you” 4 Responding is different too – Watch, Wait, Plan … and call the FBI © 2011 IBM Corporation

19. IBM Security Systems Advanced Threat: The challenging state of network security Increasingly sophisticated attacks SOPHISTICATED are using multiple attack vectors ATTACKS and increasing risk exposure Stealth Bots • Targeted Attacks Worms • Trojans • Designer Malware Streaming media sites are STREAMING consuming large amounts of MEDIA bandwidth Social media sites present SOCIAL productivity, privacy and security NETWORKING risks including new threat vectors POINT Point solutions are siloed with URL Filtering • IDS / IPS SOLUTIONS minimal integration or data sharing IM / P2P • Web App Protection Vulnerability Management © 2011 IBM Corporation

20. IBM Security Systems Network Defenses: Not up to today’s challenges Current Limitations Internet  Threats continue to evolve and standard methods Stealth Bots of detection are not enough Worms, Trojans Targeted Attacks  Streaming media sites and Web applications Designer Malware introduce new security challenges  Basic “Block Only” mode limits innovative use of Firewall/VPN – port streaming and new Web apps and protocol filtering  Poorly integrated solutions create “security sprawl”, lower overall levels of security, and raise cost and complexity Requirement: Multi-faceted Protection Email Gateway – message Web Gateway – securing  0-day threat protection tightly integrated with and attachment security only web traffic only, port 80 / 443 other technologies i.e. network anomaly detection Everything Else  Ability to reduce costs associated with non- business use of applications  Controls to restrict access to social media sites Multi-faceted by a user’s role and business need Network Protection  Eliminate point solutions to reduce overall cost – security for all traffic, applications and users and complexity © 2011 IBM Corporation

21. IBM Security Systems IBM Advanced Threat Protection 3 Our strategy is to protect our customers with advanced threat protection at the network layer - by strengthening and integrating network security, analytics and threat Intelligence capabilities 1. Advanced Threat Protection Platform 1 Evolves Intrusion Prevention to become a Threat Protection Platform – providing packet, content, file and session inspection to stop threats from entering the network 2. QRadar Security Intelligence Platform Builds tight integration between the Network Security products, X-Force intelligence feeds and QRadar Security Intelligence Users Infrastructure products with purpose-built analytics and reporting for threat detection and remediation 3. X-Force Threat Intelligence Increases aperture of threat intelligence information and feedback loops for our products. Leverages the existing X-Force web and email filtering data, but also expands into additional IP Reputation data sets 2 © 2011 IBM Corporation

22. IBM Security Systems Advanced Threats: IBM’s vision for Threat Security Intelligence Network Activity Log Manager SIEM Risk Manager Platform Monitor Threat Intelligence Vulnerability Malicious Malware IP and Research Data Websites Information Reputation Advanced Threat Content Web Network Intrusion Application Protection and Data Application Anomaly Prevention Control Platform Security Protection Detection IBM Network Security Advanced Threat Expanded X-Force Security Intelligence Protection Platform Threat Intelligence Integration • Leverage extensible set of • World-wide threat intelligence • Tight integration between the network security capabilities harvested by X-Force® Advanced Threat Protection Platform and QRadar Security • Granular application control • Consumption of this data to make Intelligence platform to provide • Combine with real-time threat smarter and more accurate unique and meaningful ways to information and Security security decisions help detect, investigate and Intelligence remediate threats © 2011 IBM Corporation

23. IBM Security Systems Ultimate Visibility: Understanding Who, What and When  Immediately discover which applications and web sites are being accessed  Identify misuse by application, website, and Flows Network Traffic and user B ye yee yee plo plo plo Em Em Em n o i t a c i l p p A d o o G  Understand who and what e AC n o i t a c i l p p A d o o G are consuming bandwidth n o i t a c i l p p A d a B  SIEM integration for anomaly detection and event correlation “We were able to detect Network flows can be Identity context ties Application context the Trojan “Poison Ivy” sent to QRadar for users and groups with fully classifies network within the first three hours enhanced analysis, their network activity - traffic, regardless of of deploying IBM Security correlation and going beyond IP port, protocol or anomaly detection address only policies evasion techniques Network Protection” – Australian Hospital Increase Security Reduce Costs Enable Innovation © 2011 IBM Corporation

25. IBM Security Systems Mobile OS Vulnerabilities and Exploits Continued interest in Mobile vulnerabilities as enterprise users bring smartphones and tablets into the work place Attackers finally warming to the opportunities these devices represent © 2011 IBM Corporation

26. IBM Security Systems Enterprises face mobile security challenges  Multiple device platforms and variants Adapting to BYOD and the  Managed devices (B2E) consumerization of IT  Data separation and protection  Threat protection  Identity of user and devices Enabling secure  Authentication, authorization and federation transactions to enterprise  User policies applications and data  Secure connectivity  Application life-cycle Developing secure  Vulnerability and penetration testing applications  Application management  Application policies  Policy management: location, geo, roles, Designing and instituting response, time policies an adaptive security  Security Intelligence posture  Reporting © 2011 IBM Corporation

27. IBM Security Systems A simplified view of mobile device lifecycle management Mobile User Signs Up Mobile for On-line User Loses Access Mobile Device Application User Developers Accesses Develop Corporate Mobile Apps E-mail Mobile Client Gets Updates Build Secure Register the Securely Connect Monitor / Patch Lock / Wipe Mobile Apps Device the Device the Device the Device IBM Worklight Tivoli Endpoint IBM Mobile Tivoli Endpoint Tivoli Endpoint IBM Security Manager for Mobile Lotus Connect Manager for Mobile Manager for Mobile AppScan © 2011 IBM Corporation

28. IBM Security Systems Mobility: Thinking through mobile security Over the Network At the Device For the Mobile App and Enterprise Manage device Secure Access Secure Application Set appropriate security policies • Properly identify mobile users and Utilize secure coding practices • Register • Compliance • Wipe • devices • Allow or deny access • Identify application vulnerabilities • Lock Connectivity Update applications Secure Data Monitor & Protect Integrate Securely Data separation • Leakage • Identify and stop mobile threats • Secure connectivity to enterprise Encryption Log network access, events, and applications and services anomalies Application Security Manage Applications Offline authentication • Secure Connectivity Manage applications and enterprise Application level controls Secure Connectivity from devices app store Internet Corporate Intranet Strategy  Safe usage of smartphones and tablets in the enterprise Security Manage Mobile  Secure transactions enabling customer confidence ment IBM and  Visibility and security of enterprise mobile platform © 2011 IBM Corporation

31. IBM Security Systems Cloud: Clients are concerned about changes that cloud adoption brings to their visibility and risk posture Private cloud Hybrid IT Public cloud In a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning IT resources increases – affecting all aspects of security  Network & workload isolation  Compliance & certifications  Virtual infrastructure protection & integrity  Data jurisdiction & data security  Identity integration & privileged access  Visibility & transparency into security posture  Vulnerability management & compliance  Identity federation & access  Auditing & logging  Need for Service Level Agreements (SLAs) Clients want more visibility, confidence in their compliance posture, and integration with existing security infrastructure © 2011 IBM Corporation

32. IBM Security Systems Cloud: Each pattern has its own set of key security concerns Infrastructure as a Platform-as-a-Service Innovate Software as a Service Service (IaaS): Cut IT (PaaS): Accelerate time business models (SaaS): Gain immediate expense and complexity to market with cloud by becoming a cloud access with business through cloud data centers platform services service provider solutions on cloud Cloud Enabled Cloud Platform Cloud Service Business Solutions Data Center Services Provider on Cloud Integrated service Pre-built, pre-integrated IT Advanced platform for Capabilities provided to management, automation, infrastructures tuned to creating, managing, and consumers for using a provisioning, self service application-specific needs monetizing cloud services provider’s applications Key security focus: Key security focus: Key security focus: Key security focus: Infrastructure & Identity Applications & Data Data & Compliance Compliance & Auditing  Manage identities  Secure shared databases  Isolate cloud tenants  Harden applications  Secure virtual machines  Encrypt private information  Policy and regulations  Securely federate identity  Patch default images  Build secure applications  Manage operations  Deploy access controls  Monitor all logs  Keep an audit trail  Build secure data  Encrypt communications  Network isolation  Integrate existing security centers  Manage app policies  Offer backup and resiliency Security Intelligence – threat intelligence, user activity monitoring, real time insights © 2011 IBM Corporation

33. IBM Security Systems Cloud: Our focus is in two areas of cloud security 1 Security from the Cloud 2 Security for the Cloud Cloud-based Public cloud Security Services Off premise Use cloud to deliver security Secure usage of Public as-a-Service – focusing on Cloud applications – services such as vulnerability focusing on Audit, Access and scanning, web and email Secure Connectivity security, etc. Securing the Private Cloud Private cloud stack – focusing on building On premise security into the cloud infrastructure and its workloads © 2011 IBM Corporation

34. IBM Security Systems Cloud: Leverage solutions in each area of cloud risk IBM QRadar Security Intelligence Total visibility into virtual and cloud environments IBM Identity and Access IBM AppScan Suite Management Suite Scan cloud deployed Identity integration, provision web services users to SaaS applications and applications for Desktop single sign on vulnerabilities supporting desktop virtualization Securing Cloud with IBM Security Systems People ● Data ● Apps ● Infrastructure Security Intelligence IBM InfoSphere IBM Endpoint Manager Guardium Suite Patch and configuration Protect and monitor management of VMs access to shared IBM databases Network IPS IBM Virtual Server Protect and monitor Protection for VMware access to shared Protect VMs from databases advanced threats 2011 IBM Corporation ©

35. IBM Security Systems Security Intelligence is enabling progress to optimized security Security Intelligence: Information and event management Advanced correlation and deep analytics Security Intelligence External threat research Optimize d Role based Advanced network analytics Secure app monitoring Data flow analytics engineering Identity governance processes Forensics / data Data governance mining Privileged user Fraud detection controls Secure systems Database Virtualization User provisioning vulnerability security monitoring Application firewall Proficien Access mgmt Asset mgmt t Access monitoring Source code Strong scanning Endpoint / network authentication Data loss security prevention management Encryption Application Perimeter security Basic Centralized directory Access control scanning Anti-virus People Data Applications Infrastructure © 2012 IBM Corporation

Cio ciso security_strategyv1.1

Du liest eine Vorschau.

Hier ansehen

Cio ciso security_strategyv1.1

Weitere Verwandte Inhalte

Diashows für Sie (20)

Andere mochten auch (20)

Ähnlich wie Cio ciso security_strategyv1.1 (20)