SlideShare ist ein Scribd-Unternehmen logo
1 von 30
© 2012 IBM Corporation
IBM Security Systems
1© 2012 IBM Corporation
IBM Security Systems
Rohit Nagarajan
Strategy and Business Development Leader
April 2013
© 2013 IBM Corporation
IBM Security Systems
2
Agenda
WHY
is this attending this session a good investment of your time
WHAT
are the real threats that we are see out there
HOW
can IBM & GBM help protect you from this scourge
© 2012 IBM Corporation
IBM Security Systems
3 IBM Security Systems
137,400,000
© 2012 IBM Corporation
IBM Security Systems
4 IBM Security Systems
…Number of cyber-attacks
witnessed by IBM in 2012
© 2012 IBM Corporation
IBM Security Systems
5 IBM Security Systems
Most Attacked Industries
© 2012 IBM Corporation
IBM Security Systems
6 IBM Security Systems
© 2013 IBM Corporation
IBM Security Systems
7
Who’s attacking you?
National
Security
Nation-state
actors
Stuxnet
Espionage,
Activism
Competitors and
Hacktivists
Aurora
Monetary
Gain
Organized
crime
Zeus
Revenge,
Curiosity
Insiders and
Script-kiddies
Code Red
© 2013 IBM Corporation
IBM Security Systems
8
Fingers are being pointed…
© 2013 IBM Corporation
IBM Security Systems
9
© 2013 IBM Corporation
IBM Security Systems
10 © 2013 IBM Corporation10
Why should you be
concerned?
© 2012 IBM Corporation
IBM Security Systems
11 IBM Security Systems
2011: “The year of the targeted attack”
Source: IBM X-Force®
Research 2011 Trend and Risk Report
Marketing
Services
Online
Gaming
Online
Gaming
Online
Gaming
Online
Gaming
Central
Government
Gaming
Gaming
Internet
Services
Online
Gaming
Online
Gaming
Online
Services
Online
Gaming
IT
Security
Banking
IT
Security
Government
Consulting
IT
Security
Tele-
communic
ations
Enter-
tainment
Consumer
Electronics
Agriculture
Apparel
Insurance
Consulting
Consumer
Electronics
Internet
Services
Central
Govt
Central
Govt
Central
Govt
Attack Type
SQL Injection
URL Tampering
Spear Phishing
3rd
Party Software
DDoS
SecureID
Trojan Software
Unknown
Size of circle estimates relative impact of
breach in terms of cost to business
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Entertainment
Defense
Defense
Defense
Consumer
Electronics
Central
Government
Central
Government
Central
Government
Central
Government
Central
Government
Central
Government
Central
Government
Consumer
Electronics
National
Police
National
Police
State
Police
State
Police
Police
Gaming
Financial
Market
Online
Services
Consulting
Defense
Heavy
Industry
Entertainment
Banking
2011 Sampling of Security Incidents by Attack Type, Time and Impact
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Threats Operational Security Emerging Trends
© 2012 IBM Corporation
IBM Security Systems
12 IBM Security Systems
2012: The explosion of breaches continues!
Source: IBM X-Force®
Research 2012 Trend and Risk Report
2012 Sampling of Security Incidents by Attack Type, Time and Impact
Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
Threats Operational Security Emerging Trends
© 2013 IBM Corporation
IBM Security Systems
13 IBM Security Systems
Plenty of proof points amongst your peers
© 2013 IBM Corporation
IBM Security Systems
14 © 2013 IBM Corporation14
X-Force 2012 Report
Summary
© 2012 IBM Corporation
IBM Security Systems
15 IBM Security Systems
IBM X-Force
The mission of X-Force is to:
 Monitor and evaluate the
rapidly changing threat landscape
 Research new attack techniques
and develop protection for
tomorrow’s security challenges
 Educate our customers and
the general public
The mission of X-Force is to:
 Monitor and evaluate the
rapidly changing threat landscape
 Research new attack techniques
and develop protection for
tomorrow’s security challenges
 Educate our customers and
the general public
© 2012 IBM Corporation
IBM Security Systems
16 IBM Security Systems
What are we seeing? Key Findings from the 2012 Trend Report
 Software vulnerability disclosures up in 2012
 Web application vulnerabilities surge upward
 Content Management Systems plug-ins provide soft target
 Social Media leveraged for enhanced spear-phishing
techniques and intelligence gathering
 Mobile Security should be more secure than traditional user
computing devices by 2014
 40% increase in breach events for 2012
 Sophistication is not always about technology
 SQL Injection, DDoS, Phishing activity increased from 2011
Threats
and Activity
Operational
Security
Emerging
Trends
© 2013 IBM Corporation
IBM Security Systems
17 © 2013 IBM Corporation17
IBM’s Security Strategy
© 2013 IBM Corporation
IBM Security Systems
18
Intelligence
Integration
Expertise
IBM delivers solutions across a security framework
© 2013 IBM Corporation
IBM Security Systems
19
Thinking differently about security
Then Now
Collect and Analyze Everything
People
Data
Applications
Infrastructure
Administration
Basic-
control
Bolt-on
Thicker
walls
Insight
Laser-
focused
Built-in
Smarter
defenses
© 2013 IBM Corporation
IBM Security Systems
20
Logs
Events Alerts
Configuration
information
System
audit trails
External
threat feeds
E-mail and
social activity
Network flows
and anomalies
Identity
context
Business
process data
Malware
information
Now: Intelligence
•Real-time monitoring
•Context-aware anomaly
detection
•Automated correlation and
analytics
Then: Collection
•Log collection
•Signature-based detection
Security Intelligence
© 2013 IBM Corporation
IBM Security Systems
21
Cloud security is a key concern as
customers rethink how IT resources are
designed, deployed and consumed
Cloud Computing
In 2013 we will continue to focus on solving the big problems
Regulatory and compliance pressures are
mounting as companies store more data
and can become susceptible to audit
failures
Regulation and Compliance
Sophisticated, targeted attacks designed
to gain continuous access to critical
information are increasing in severity and
occurrence
Advanced Threats
Securing employee-owned devices and
connectivity to corporate applications are
top of mind as CIOs broaden support for
mobility
Mobile Computing
Advanced Persistent Threats
Stealth Bots Targeted Attacks
Designer Malware Zero-days
Enterprise
Customers
GLBAGLBA
© 2013 IBM Corporation
IBM Security Systems
22 © 2013 IBM Corporation22
Advanced Persistent Threats
© 2013 IBM Corporation
IBM Security Systems
23 IBM Security Systems
Attackers follow a 5-Stage attack chain
11
Break-in
Spear phishing and remote
exploits to gain access
Command
& Control (CnC)
22
Latch-on
Malware and backdoors
installed to establish a foothold
33
Expand
Reconnaissance and
lateral movement to increase
access and maintain a presence
44
Gather
Acquisition and aggregation
of confidential data
Command
& Control (CnC)
55
Exfiltrate
Data exfiltration to
external networks
© 2013 IBM Corporation
IBM Security Systems
24 IBM Security Systems
IBM’s approach to defending against APTs
Security Analytics
Leverage Security
Intelligence to
correlate and
analyze activity
across the entire
enterprise…
Extend with Big Data
capabilities for
analyzing
unstructured data…
Utilize Emergency
Response Services
for breach or for
assessment of risk
Security Analytics
Leverage Security
Intelligence to
correlate and
analyze activity
across the entire
enterprise…
Extend with Big Data
capabilities for
analyzing
unstructured data…
Utilize Emergency
Response Services
for breach or for
assessment of risk
Break-inBreak-in11
Network and Endpoint Security Use adaptive
threat protection and endpoint management to
reduce risks and fend off attacks
Network and Endpoint Security Use adaptive
threat protection and endpoint management to
reduce risks and fend off attacks
Latch-onLatch-on22
Network Security Use SIEM and adaptive threat
protection to help identify and stop attackers
from gaining a foothold
Network Security Use SIEM and adaptive threat
protection to help identify and stop attackers
from gaining a foothold
ExpandExpand33
Secure Users Leverage strong identity
management to enforce access policies and
monitor for suspicious behavior
Secure Users Leverage strong identity
management to enforce access policies and
monitor for suspicious behavior
GatherGather44
Data Security Embed security deep into data
repositories with data activity monitoring; apply
fine-grained access controls
Data Security Embed security deep into data
repositories with data activity monitoring; apply
fine-grained access controls
ExfiltrateExfiltrate55
Network Security Proactively monitor network
traffic for common exfiltration tactics; block in
real-time
Network Security Proactively monitor network
traffic for common exfiltration tactics; block in
real-time
© 2013 IBM Corporation
IBM Security Systems
25 © 2013 IBM Corporation25
Cloud Security
© 2012 IBM Corporation
IBM Security Systems
26
Mapping your cloud security priorities to IBM capabilities
Key security focus:
Compliance and Governance
Harden exposed applications
Securely federate identity
Deploy access controls
Encrypt communications
Manage application policies
Key security focus:
Infrastructure and Identity
Manage datacenter identities
Secure virtual machines
Patch default images
Monitor logs on all resources
Network isolation
Key security focus:
Applications and Data
Secure shared databases
Encrypt private information
Build secure applications
Keep an audit trail
Integrate existing security
Key security focus:
Data and Compliance
Isolate cloud tenants
Policy and regulations
Manage security operations
Build compliant data centers
Offer backup and resiliency
Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud
26
Infrastructure as a Service
(IaaS): Cut IT expense and
complexity through cloud
data centers
Platform-as-a-Service
(PaaS): Accelerate time
to market with cloud platform
services
Innovate
business models by
becoming a cloud
service provider
Software as a Service
(SaaS): Gain immediate
access with business
solutions on cloud
IBM Identity and Access
Management Suite
Identity integration, provision users to
SaaS applications
IBM Endpoint Manager
Patch and configuration
management of VMs
IBM
Network IPS
Protect and monitor your
network infrastructure
IBM QRadar
Security Intelligence
Total visibility into
virtual and cloud environments
IBM AppScan Suite
Scan apps deployed on the cloud for
vulnerabilities
IBM Guardium Suite
Protect and monitor access
to shared databases
IBM Virtual Server
Protection for VMware
Protect VMs from
advanced threats
© 2013 IBM Corporation
IBM Security Systems
27 © 2013 IBM Corporation27
Securing the Mobile Enterprise
© 2012 IBM Corporation
IBM Security Systems
28
Securing the Mobile Enterprise with IBM Solutions
© 2013 IBM Corporation
IBM Security Systems
29
Expertise: At IBM, the world is our Security lab
6,000 researchers, developers and subject matter experts
working security initiatives worldwide
© 2012 IBM Corporation
IBM Security Systems
30
ibm.com/security
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013Andris Soroka
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
IBM Security Software Solutions - Powerpoint
 IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017Bill Chamberlin
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderCSI Solutions
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 

Was ist angesagt? (20)

Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
 
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
DSS @CERT.LV_ISACA_2013_Conference - IBM X Force Report 2013
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
IBM Security Software Solutions - Powerpoint
 IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Security
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!
 
Cyber security
Cyber securityCyber security
Cyber security
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services Provider
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence Index
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
 

Ähnlich wie IBM security systems overview v1.0 - rohit nagarajan

Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorIBMGovernmentCA
 
Big Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceBig Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceIBM Danmark
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyAndris Soroka
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9UISGCON
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Eventcalebbarlow
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM Security
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
IBM InterConnect 2013 Security Keynote
IBM InterConnect 2013 Security KeynoteIBM InterConnect 2013 Security Keynote
IBM InterConnect 2013 Security KeynoteIBM Events
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowIBM Security
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will failIBM Security
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...IBM Sverige
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 

Ähnlich wie IBM security systems overview v1.0 - rohit nagarajan (20)

IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
 
Big Data - Amplifying Security Intelligence
Big Data - Amplifying Security IntelligenceBig Data - Amplifying Security Intelligence
Big Data - Amplifying Security Intelligence
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
Adrian Aldea - IBM X-Force 2013 Mid-Year Trend and Risk Report #uisgcon9
 
Rochester Security Event
Rochester Security EventRochester Security Event
Rochester Security Event
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
IBM InterConnect 2013 Security Keynote
IBM InterConnect 2013 Security KeynoteIBM InterConnect 2013 Security Keynote
IBM InterConnect 2013 Security Keynote
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will fail
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
Enhancing your Organization's Security IQ to Meet Emerging Threats & New Real...
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
 

Kürzlich hochgeladen

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 

Kürzlich hochgeladen (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 

IBM security systems overview v1.0 - rohit nagarajan

  • 1. © 2012 IBM Corporation IBM Security Systems 1© 2012 IBM Corporation IBM Security Systems Rohit Nagarajan Strategy and Business Development Leader April 2013
  • 2. © 2013 IBM Corporation IBM Security Systems 2 Agenda WHY is this attending this session a good investment of your time WHAT are the real threats that we are see out there HOW can IBM & GBM help protect you from this scourge
  • 3. © 2012 IBM Corporation IBM Security Systems 3 IBM Security Systems 137,400,000
  • 4. © 2012 IBM Corporation IBM Security Systems 4 IBM Security Systems …Number of cyber-attacks witnessed by IBM in 2012
  • 5. © 2012 IBM Corporation IBM Security Systems 5 IBM Security Systems Most Attacked Industries
  • 6. © 2012 IBM Corporation IBM Security Systems 6 IBM Security Systems
  • 7. © 2013 IBM Corporation IBM Security Systems 7 Who’s attacking you? National Security Nation-state actors Stuxnet Espionage, Activism Competitors and Hacktivists Aurora Monetary Gain Organized crime Zeus Revenge, Curiosity Insiders and Script-kiddies Code Red
  • 8. © 2013 IBM Corporation IBM Security Systems 8 Fingers are being pointed…
  • 9. © 2013 IBM Corporation IBM Security Systems 9
  • 10. © 2013 IBM Corporation IBM Security Systems 10 © 2013 IBM Corporation10 Why should you be concerned?
  • 11. © 2012 IBM Corporation IBM Security Systems 11 IBM Security Systems 2011: “The year of the targeted attack” Source: IBM X-Force® Research 2011 Trend and Risk Report Marketing Services Online Gaming Online Gaming Online Gaming Online Gaming Central Government Gaming Gaming Internet Services Online Gaming Online Gaming Online Services Online Gaming IT Security Banking IT Security Government Consulting IT Security Tele- communic ations Enter- tainment Consumer Electronics Agriculture Apparel Insurance Consulting Consumer Electronics Internet Services Central Govt Central Govt Central Govt Attack Type SQL Injection URL Tampering Spear Phishing 3rd Party Software DDoS SecureID Trojan Software Unknown Size of circle estimates relative impact of breach in terms of cost to business Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Entertainment Defense Defense Defense Consumer Electronics Central Government Central Government Central Government Central Government Central Government Central Government Central Government Consumer Electronics National Police National Police State Police State Police Police Gaming Financial Market Online Services Consulting Defense Heavy Industry Entertainment Banking 2011 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Threats Operational Security Emerging Trends
  • 12. © 2012 IBM Corporation IBM Security Systems 12 IBM Security Systems 2012: The explosion of breaches continues! Source: IBM X-Force® Research 2012 Trend and Risk Report 2012 Sampling of Security Incidents by Attack Type, Time and Impact Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Threats Operational Security Emerging Trends
  • 13. © 2013 IBM Corporation IBM Security Systems 13 IBM Security Systems Plenty of proof points amongst your peers
  • 14. © 2013 IBM Corporation IBM Security Systems 14 © 2013 IBM Corporation14 X-Force 2012 Report Summary
  • 15. © 2012 IBM Corporation IBM Security Systems 15 IBM Security Systems IBM X-Force The mission of X-Force is to:  Monitor and evaluate the rapidly changing threat landscape  Research new attack techniques and develop protection for tomorrow’s security challenges  Educate our customers and the general public The mission of X-Force is to:  Monitor and evaluate the rapidly changing threat landscape  Research new attack techniques and develop protection for tomorrow’s security challenges  Educate our customers and the general public
  • 16. © 2012 IBM Corporation IBM Security Systems 16 IBM Security Systems What are we seeing? Key Findings from the 2012 Trend Report  Software vulnerability disclosures up in 2012  Web application vulnerabilities surge upward  Content Management Systems plug-ins provide soft target  Social Media leveraged for enhanced spear-phishing techniques and intelligence gathering  Mobile Security should be more secure than traditional user computing devices by 2014  40% increase in breach events for 2012  Sophistication is not always about technology  SQL Injection, DDoS, Phishing activity increased from 2011 Threats and Activity Operational Security Emerging Trends
  • 17. © 2013 IBM Corporation IBM Security Systems 17 © 2013 IBM Corporation17 IBM’s Security Strategy
  • 18. © 2013 IBM Corporation IBM Security Systems 18 Intelligence Integration Expertise IBM delivers solutions across a security framework
  • 19. © 2013 IBM Corporation IBM Security Systems 19 Thinking differently about security Then Now Collect and Analyze Everything People Data Applications Infrastructure Administration Basic- control Bolt-on Thicker walls Insight Laser- focused Built-in Smarter defenses
  • 20. © 2013 IBM Corporation IBM Security Systems 20 Logs Events Alerts Configuration information System audit trails External threat feeds E-mail and social activity Network flows and anomalies Identity context Business process data Malware information Now: Intelligence •Real-time monitoring •Context-aware anomaly detection •Automated correlation and analytics Then: Collection •Log collection •Signature-based detection Security Intelligence
  • 21. © 2013 IBM Corporation IBM Security Systems 21 Cloud security is a key concern as customers rethink how IT resources are designed, deployed and consumed Cloud Computing In 2013 we will continue to focus on solving the big problems Regulatory and compliance pressures are mounting as companies store more data and can become susceptible to audit failures Regulation and Compliance Sophisticated, targeted attacks designed to gain continuous access to critical information are increasing in severity and occurrence Advanced Threats Securing employee-owned devices and connectivity to corporate applications are top of mind as CIOs broaden support for mobility Mobile Computing Advanced Persistent Threats Stealth Bots Targeted Attacks Designer Malware Zero-days Enterprise Customers GLBAGLBA
  • 22. © 2013 IBM Corporation IBM Security Systems 22 © 2013 IBM Corporation22 Advanced Persistent Threats
  • 23. © 2013 IBM Corporation IBM Security Systems 23 IBM Security Systems Attackers follow a 5-Stage attack chain 11 Break-in Spear phishing and remote exploits to gain access Command & Control (CnC) 22 Latch-on Malware and backdoors installed to establish a foothold 33 Expand Reconnaissance and lateral movement to increase access and maintain a presence 44 Gather Acquisition and aggregation of confidential data Command & Control (CnC) 55 Exfiltrate Data exfiltration to external networks
  • 24. © 2013 IBM Corporation IBM Security Systems 24 IBM Security Systems IBM’s approach to defending against APTs Security Analytics Leverage Security Intelligence to correlate and analyze activity across the entire enterprise… Extend with Big Data capabilities for analyzing unstructured data… Utilize Emergency Response Services for breach or for assessment of risk Security Analytics Leverage Security Intelligence to correlate and analyze activity across the entire enterprise… Extend with Big Data capabilities for analyzing unstructured data… Utilize Emergency Response Services for breach or for assessment of risk Break-inBreak-in11 Network and Endpoint Security Use adaptive threat protection and endpoint management to reduce risks and fend off attacks Network and Endpoint Security Use adaptive threat protection and endpoint management to reduce risks and fend off attacks Latch-onLatch-on22 Network Security Use SIEM and adaptive threat protection to help identify and stop attackers from gaining a foothold Network Security Use SIEM and adaptive threat protection to help identify and stop attackers from gaining a foothold ExpandExpand33 Secure Users Leverage strong identity management to enforce access policies and monitor for suspicious behavior Secure Users Leverage strong identity management to enforce access policies and monitor for suspicious behavior GatherGather44 Data Security Embed security deep into data repositories with data activity monitoring; apply fine-grained access controls Data Security Embed security deep into data repositories with data activity monitoring; apply fine-grained access controls ExfiltrateExfiltrate55 Network Security Proactively monitor network traffic for common exfiltration tactics; block in real-time Network Security Proactively monitor network traffic for common exfiltration tactics; block in real-time
  • 25. © 2013 IBM Corporation IBM Security Systems 25 © 2013 IBM Corporation25 Cloud Security
  • 26. © 2012 IBM Corporation IBM Security Systems 26 Mapping your cloud security priorities to IBM capabilities Key security focus: Compliance and Governance Harden exposed applications Securely federate identity Deploy access controls Encrypt communications Manage application policies Key security focus: Infrastructure and Identity Manage datacenter identities Secure virtual machines Patch default images Monitor logs on all resources Network isolation Key security focus: Applications and Data Secure shared databases Encrypt private information Build secure applications Keep an audit trail Integrate existing security Key security focus: Data and Compliance Isolate cloud tenants Policy and regulations Manage security operations Build compliant data centers Offer backup and resiliency Cloud Enabled Data Center Cloud Platform Services Cloud Service Provider Business Solutions on Cloud 26 Infrastructure as a Service (IaaS): Cut IT expense and complexity through cloud data centers Platform-as-a-Service (PaaS): Accelerate time to market with cloud platform services Innovate business models by becoming a cloud service provider Software as a Service (SaaS): Gain immediate access with business solutions on cloud IBM Identity and Access Management Suite Identity integration, provision users to SaaS applications IBM Endpoint Manager Patch and configuration management of VMs IBM Network IPS Protect and monitor your network infrastructure IBM QRadar Security Intelligence Total visibility into virtual and cloud environments IBM AppScan Suite Scan apps deployed on the cloud for vulnerabilities IBM Guardium Suite Protect and monitor access to shared databases IBM Virtual Server Protection for VMware Protect VMs from advanced threats
  • 27. © 2013 IBM Corporation IBM Security Systems 27 © 2013 IBM Corporation27 Securing the Mobile Enterprise
  • 28. © 2012 IBM Corporation IBM Security Systems 28 Securing the Mobile Enterprise with IBM Solutions
  • 29. © 2013 IBM Corporation IBM Security Systems 29 Expertise: At IBM, the world is our Security lab 6,000 researchers, developers and subject matter experts working security initiatives worldwide
  • 30. © 2012 IBM Corporation IBM Security Systems 30 ibm.com/security © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Hinweis der Redaktion

  1. Findings from XF 2012 Annual Trend and Risk Report Covers latest security threats that have occurred so far this year as well as trends that we track over time in our different research groups Provides information in the areas of safe security practices when it comes to operating network infrastructures and in writing secure software And we cover what we think are new and emerging technologies that press into the current enterprise infrastructure that demands attention either due to adoption rates – or sheer overloads as is the case we are seeing with the adoption of mobile technology The report helps the reader better understand areas of risk, and provides education for areas of focus and improvement
  2. Here are the 4 things that I want you to take away from this session After you walk out of this room, I hope you will be excited enough to ask every single customer of your’s just one question – “what’s your security strategy?”
  3. Number of cyber-attacks witnessed on average per day in 2012
  4. Data and analysis based on IBM Cyber Security Intelligence & Response Team customer monitoring and consulting data from the year 2012. IBM Managed Security Services (MSS) monitors tens of billions of events per day for more than 3,700 clients in more than 130 countries, 24 hours a day, and 365 days a year. This data and analysis excludes inadvertent data disclosures by non-malicious insiders, routine malware detected or spam.
  5. Number of cyber-attacks witnessed on average per day in 2012
  6. Number of cyber-attacks witnessed on average per day in 2012
  7. Let ’s talk about some major trends and challenges that are shaping our clients’ challenges and our strategy.
  8. This chart is from the 2011 report – which we called the Year of the Targeted Attack Highlights the activity that was covered in the press last year Color of circles represent tech means used by attackers to breach these customers The size of the circle is a very rough estimate of the possible financial impact that might have occurred based on what was reported publically This chart is meant to represent the volume of activity that is happening out there – you can see it is quite heavy considering this is a mere sampling of what was probably actually going on This attack activity is driving discussions at the board level of organizations and its asking executives in companies to determine where they are prepared for these types of events where one to occur on their networks In 2012 the attack trend continues Most recent example announced publically last week by Adobe – an APT to their network As we move forward we’ll discuss we’ll discuss some of the specific attack activity and the methods used by attackers to breach systems and networks
  9. Open Security Foundation reported 40% increase in breach events for 2012 that cover loss, theft, and exposure of personally identifiable information
  10. Let ’s talk about some major trends and challenges that are shaping our clients’ challenges and our strategy.
  11. Advanced Security and Threat Research, which includes the X-Force team, is the foundation for many of the pillars in the security product portfolio. As the team tasked with staying on top of the latest threats and vulnerabilities, the information it provides is a critical aspect of providing protection to the other parts of the framework. The rest of this deck will talk to the specific capabilities of this team, as well as some specific integration points between the X-Force research and the products to which they add value.
  12. Let ’s talk about some major trends and challenges that are shaping our clients’ challenges and our strategy.
  13. People Then: Administration Identity management Cost control Now: Insight Identify and monitor highest risk users Know who has access to sensitive data and systems Baseline normal behavior Prioritize privileged identities Data Then: Basic Control Simple access controls and encryption Now: Laser Focus Discover and protect high-value data Understand who is accessing the data, at what time of day, from where, and in what role Baseline normal behavior Applications Then: Bolt-on Periodic scanning of Web applications Now: Built-in Harden applications with access to sensitive data Scan source and real-time Baseline normal application behavior and alert Infrastructure Then: Thicker Walls Firewalls, manual patching, and antivirus Focus on perimeter security Now: Smarter Defenses Baseline system and network behavior Analyze unknown threats using advanced heuristics Expand coverage into cloud and mobile environments
  14. Industry unique compliance NERC CIPs (version 3 to version 4 and/or 5) California privacy + data security (and other state PUCs) Looming Federal legislation (Cybersecurity Act of 2012) Privacy, information governance and data security Classification and protection of utility and customer data, including customer usage data Increased awareness of Cyber security risks With Stuxnet and variants widely reported, and the recent Basecamp publication of control system vulnerabilities and exploits, it ’s becoming clear that cyber threats are no longer an IT-only problem Management seeks more visibility in this area (e.g., situational awareness, intelligence, forensics, etc.)
  15. Let ’s talk about some major trends and challenges that are shaping our clients’ challenges and our strategy.
  16. Let ’s talk about some major trends and challenges that are shaping our clients’ challenges and our strategy.
  17. Main Point:
  18. Let ’s talk about some major trends and challenges that are shaping our clients’ challenges and our strategy.